On Wed, 2006-05-03 at 17:25 -0700, Julius Davies wrote: > Hi, Httpclient, > > My employer (Credit Union Central of British Columbia) has given me > permission to donate some code to Apache. This code comes from my > earlier attempt on this list to get HTTPClient to accept self-signed > certificates. > > Here's the code: > http://juliusdavies.ca/commons-ssl/ > >
Hi Julius, Starting a whole new project within Jakarta Commons is a difficult proposition. You will have submit a formal sub-project proposal for consideration and that involves a lot of work and certain preconditions. Please refer to the Jakarta Subproject Proposals [1] for details If you do not mind donating just certain pieces rather than the whole thing, I am sure we can find home for most of those classes within HttpComponents (proper or contrib) Cheers, Oleg [1] http://jakarta.apache.org/site/newproject.html > The way it works looks like this: > > SSLClient client = new SSLClient(); > client.addTrustMaterial( TrustMaterial.CACERTS ); > client.addTrustMaterial( new TrustMaterial( "/path/to/cert.pem" ) ); > SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 ); > > I put in a createSocket() that takes a timeout integer value to make > your life easier. > > I've put in a "ping" utility I'm finding very handy. It writes "HEAD / > HTTP/1.1" on a socket and then spits out any errors, including > certificate chains (in Base64 PEM format). It's the default class in > the manifest, so all you need to use it is run: > > java -jar commons-ssl.jar > > Here's what it spits out if you don't specify any options: > > ============================================================== > Usage: java -jar commons-ssl.jar [options] > Options: (*=required) > * -t --target [hostname[:port]] default port=443 > -b --bind [hostname[:port]] default port=0 "ANY" > -c --client-cert [path to client certificate] *.jks or *.pfx > -p --password [client cert password] > > Example: > > java -jar commons-ssl.jar -t cucbc.com:443 -c ./client.pfx -p `cat ./pass.txt` > ============================================================== > > Here's what it spits out after a successful run: > > $ java -jar commons-ssl.jar -t www.cucbc.com > > Writing: > ================================================================================ > HEAD / HTTP/1.1 > Host: www.cucbc.com > > Reading: > ================================================================================ > HTTP/1.1 200 OK > Date: Thu, 04 May 2006 00:22:27 GMT > Server: Apache/2.0.46 (Red Hat) > Accept-Ranges: bytes > Connection: close > Content-Type: text/html; charset=UTF-8 > > Server Certificate for: [www.cucbc.com/64.114.5.46:443] > ================================================================================ > s.0: CN=www.cucbc.com, O=Credit Union Central of British Columbia, > L=Vancouver, ST=British Columbia, C=CA > i.0: [EMAIL PROTECTED], CN=Thawte Premium Server CA, OU=Certification > Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA > -----BEGIN CERTIFICATE----- > MIIDdjCCAt+gAwIBAgIDIhV6MA0GCSqGSIb3DQEBBAUAMIHOMQswCQYDVQQGEwJa > QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb > BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0 > aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBT > ZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5j > b20wHhcNMDUxMTEwMTkxMzE3WhcNMDYxMTEwMTkxMzE3WjCBhzELMAkGA1UEBhMC > Q0ExGTAXBgNVBAgTEEJyaXRpc2ggQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZl > cjExMC8GA1UEChMoQ3JlZGl0IFVuaW9uIENlbnRyYWwgb2YgQnJpdGlzaCBDb2x1 > bWJpYTEWMBQGA1UEAxMNd3d3LmN1Y2JjLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB > jQAwgYkCgYEAr6PzKwELErUMueWqE7c+BDw9Cp2zNyivHmLWKpL/82xQCq+VG6Nx > OFVpg7rLMMgkbabFD5F8bC63ALaURfxtggWBOCpaHhr78F25rolWPRfpaGtjXeMk > Of3t/LeGImdljAqetHft51i6SE1EKxD8du9eTN7wNI7Sj8olgHY2MgkCAwEAAaOB > pjCBozAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQAYDVR0fBDkwNzA1 > oDOgMYYvaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJD > QS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50 > aGF3dGUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAl0DrUmw2 > 2+ua2oh1mpxcqOlHAhW3DJvHd2dXYrEYivd0cJ1mFJahfGDfbM2VuFkKgTgKF3Wu > /fzH8AERAuYz80WGifvXk3U3CgxOT0Cuv2MzaNMUuNw76iZmNjD9Rfh3flA+HWZj > kkpeS0oIu2QDgK1tN3TAfGWMaU9p50r5W9E= > -----END CERTIFICATE----- > > It even prints out the certificates if the SSL handshake fails, so that > can be very handy when you've got miscreant client certificates or typos > in your truststores! > > If you would like to read the code, or try playing with it, please check > out this URL: > > http://juliusdavies.ca/commons-ssl/ > > Unfortunately I haven't included a build script yet, but just going into > the "org/apache/commons/ssl" directory and typing "javac *.java" does > the trick. There are no dependencies at this time (for now I've stolen > Base64.java from commons-codec!). > > > What should I do to try and get a new "commons-ssl" project started? If > this code is accepted, I would like to bring HTTPClient's "contrib-ssl" > into the HTTPClient 4.0 branch, and depend on "commons-ssl". > > Sorry if I'm a little breathless. I'm pretty excited. > > > > yours, > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
