On Thu, 2006-05-04 at 11:00 +0200, Ortwin Glück wrote: > Julius, > > This looks like a great contribution to HttpComponents HttpConn. Thank > you and your employer very much! I like the simple API. > > Oleg, this is not a whole project.
I thought that is what Julius would prefer. Otherwise, I am sure we can incorporate most of this code into HttpComponents Oleg > It is merely some utility classes for > which we can easily find a home. No need to start a new subproject or > even the incubator. > > First thing will be to analyze the code base, put the classes in a > meaningful SVN / package structure, eliminate the Base64 copy, then > write up API Doc. > > my CHF 0.05 > > Odi > > Julius Davies wrote: > > Hi, Httpclient, > > > > My employer (Credit Union Central of British Columbia) has given me > > permission to donate some code to Apache. This code comes from my > > earlier attempt on this list to get HTTPClient to accept self-signed > > certificates. > > > > Here's the code: > > http://juliusdavies.ca/commons-ssl/ > > > > > > The way it works looks like this: > > > > SSLClient client = new SSLClient(); > > client.addTrustMaterial( TrustMaterial.CACERTS ); > > client.addTrustMaterial( new TrustMaterial( "/path/to/cert.pem" ) ); > > SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 ); > > > > I put in a createSocket() that takes a timeout integer value to make > > your life easier. > > > > I've put in a "ping" utility I'm finding very handy. It writes "HEAD / > > HTTP/1.1" on a socket and then spits out any errors, including > > certificate chains (in Base64 PEM format). It's the default class in > > the manifest, so all you need to use it is run: > > > > java -jar commons-ssl.jar > > > > Here's what it spits out if you don't specify any options: > > > > ============================================================== > > Usage: java -jar commons-ssl.jar [options] > > Options: (*=required) > > * -t --target [hostname[:port]] default port=443 > > -b --bind [hostname[:port]] default port=0 "ANY" > > -c --client-cert [path to client certificate] *.jks or *.pfx > > -p --password [client cert password] > > > > Example: > > > > java -jar commons-ssl.jar -t cucbc.com:443 -c ./client.pfx -p `cat > > ./pass.txt` > > ============================================================== > > > > Here's what it spits out after a successful run: > > > > $ java -jar commons-ssl.jar -t www.cucbc.com > > > > Writing: > > ================================================================================ > > HEAD / HTTP/1.1 > > Host: www.cucbc.com > > > > Reading: > > ================================================================================ > > HTTP/1.1 200 OK > > Date: Thu, 04 May 2006 00:22:27 GMT > > Server: Apache/2.0.46 (Red Hat) > > Accept-Ranges: bytes > > Connection: close > > Content-Type: text/html; charset=UTF-8 > > > > Server Certificate for: [www.cucbc.com/64.114.5.46:443] > > ================================================================================ > > s.0: CN=www.cucbc.com, O=Credit Union Central of British Columbia, > > L=Vancouver, ST=British Columbia, C=CA > > i.0: [EMAIL PROTECTED], CN=Thawte Premium Server CA, OU=Certification > > Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, > > C=ZA > > -----BEGIN CERTIFICATE----- > > MIIDdjCCAt+gAwIBAgIDIhV6MA0GCSqGSIb3DQEBBAUAMIHOMQswCQYDVQQGEwJa > > QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb > > BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0 > > aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBT > > ZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5j > > b20wHhcNMDUxMTEwMTkxMzE3WhcNMDYxMTEwMTkxMzE3WjCBhzELMAkGA1UEBhMC > > Q0ExGTAXBgNVBAgTEEJyaXRpc2ggQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZl > > cjExMC8GA1UEChMoQ3JlZGl0IFVuaW9uIENlbnRyYWwgb2YgQnJpdGlzaCBDb2x1 > > bWJpYTEWMBQGA1UEAxMNd3d3LmN1Y2JjLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB > > jQAwgYkCgYEAr6PzKwELErUMueWqE7c+BDw9Cp2zNyivHmLWKpL/82xQCq+VG6Nx > > OFVpg7rLMMgkbabFD5F8bC63ALaURfxtggWBOCpaHhr78F25rolWPRfpaGtjXeMk > > Of3t/LeGImdljAqetHft51i6SE1EKxD8du9eTN7wNI7Sj8olgHY2MgkCAwEAAaOB > > pjCBozAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQAYDVR0fBDkwNzA1 > > oDOgMYYvaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJD > > QS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50 > > aGF3dGUuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAl0DrUmw2 > > 2+ua2oh1mpxcqOlHAhW3DJvHd2dXYrEYivd0cJ1mFJahfGDfbM2VuFkKgTgKF3Wu > > /fzH8AERAuYz80WGifvXk3U3CgxOT0Cuv2MzaNMUuNw76iZmNjD9Rfh3flA+HWZj > > kkpeS0oIu2QDgK1tN3TAfGWMaU9p50r5W9E= > > -----END CERTIFICATE----- > > > > It even prints out the certificates if the SSL handshake fails, so that > > can be very handy when you've got miscreant client certificates or typos > > in your truststores! > > > > If you would like to read the code, or try playing with it, please check > > out this URL: > > > > http://juliusdavies.ca/commons-ssl/ > > > > Unfortunately I haven't included a build script yet, but just going into > > the "org/apache/commons/ssl" directory and typing "javac *.java" does > > the trick. There are no dependencies at this time (for now I've stolen > > Base64.java from commons-codec!). > > > > > > What should I do to try and get a new "commons-ssl" project started? If > > this code is accepted, I would like to bring HTTPClient's "contrib-ssl" > > into the HTTPClient 4.0 branch, and depend on "commons-ssl". > > > > Sorry if I'm a little breathless. I'm pretty excited. > > > > > > > > yours, > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
