You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/25 09:46:51 UTC
[5/6] directory-kerberos git commit: Clean up not-commons-ssl library,
removing many unwanted and not much relevant
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/pkcs8.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/pkcs8.html b/3rdparty/not-yet-commons-ssl/docs/pkcs8.html
deleted file mode 100644
index 2119983..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/pkcs8.html
+++ /dev/null
@@ -1,156 +0,0 @@
-<html>
-<head>
-<title>Decrypting PKCS #8 and OpenSSL Private Keys with Java</title>
-<style type="text/css">
-h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-li.top { margin-top: 10px; }
-ul.openssl { float: left; width: 100px; margin-top: 8px; }
-ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="index.html">main</a> |
-<a href="ssl.html">ssl</a> |
-<span class="hl" href="pkcs8.html">pkcs8</span> |
-<a href="pbe.html">pbe</a> |
-<a href="rmi.html">rmi</a> |
-<a href="utilities.html">utilities</a> |
-<a href="source.html">source</a> |
-<a href="javadocs/">javadocs</a> |
-<a href="download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>PKCS #8 / OpenSSL Encrypted Keys</em></h2>
-<br/>
-<h3>Java 1.3 Compatible! (with <a href="http://java.sun.com/products/jce/index-122.html">jce1_2_2.jar</a>) (or <a href="http://bouncycastle.org/latest_releases.html">bcprov-jdk13.jar</a>)</h3>
-<p>Commons-SSL includes support for extracting private keys from PKCS #8 files.
-We also support the OpenSSL formats ("traditional SSLeay"). The private keys can be in PEM (base64)
-or DER (raw ASN.1 - a binary format).
-</p>
-<p>The code works with Java 1.3 (+JCE), 1.4, 5.0, 6.0, but not all of the ciphers and hashes are available
-until Java 5.0 (unless you use BouncyCastle). Fortunately the most common formats [OpenSSL MD5 with 3DES], [PKCS #8 V1.5 MD5 with DES], [PKCS #8 V2.0 HmacSHA1 with 3DES]
-work with all versions of Java, including Java 1.3.</p>
-<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>pkcs8 example:</b></u>
-
-FileInputStream in = new FileInputStream( "/path/to/pkcs8_private_key.der" );
-
-<em style="color: green;">// If the provided InputStream is encrypted, we need a password to decrypt</em>
-<em style="color: green;">// it. If the InputStream is not encrypted, then the password is ignored</em>
-<em style="color: green;">// (can be null). The InputStream can be DER (raw ASN.1) or PEM (base64).</em>
-PKCS8Key pkcs8 = new PKCS8Key( in, "changeit".toCharArray() );
-
-<em style="color: green;">// If an unencrypted PKCS8 key was provided, then this actually returns</em>
-<em style="color: green;">// exactly what was originally passed in (with no changes). If an OpenSSL</em>
-<em style="color: green;">// key was provided, it gets reformatted as PKCS #8 first, and so these</em>
-<em style="color: green;">// bytes will still be PKCS #8, not OpenSSL.</em>
-byte[] decrypted = pkcs8.getDecryptedBytes();
-PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec( decrypted );
-
-<em style="color: green;">// A Java PrivateKey object is born.</em>
-PrivateKey pk = null;
-if ( pkcs8.isDSA() )
-{
- pk = KeyFactory.getInstance( "DSA" ).generatePrivate( spec );
-}
-else if ( pkcs8.isRSA() )
-{
- pk = KeyFactory.getInstance( "RSA" ).generatePrivate( spec );
-}
-
-<em style="color: green;">// For lazier types:</em>
-pk = pkcs8.getPrivateKey();
-</pre>
-<br clear="all"/>
-<p>Both RSA and DSA keys are supported. Here is a list of supported formats:</p>
-<ul>
-<li class="top"><b>OpenSSL "Traditional SSLeay Compatible Format"</b><ul>
-<li>Unencrypted PEM or DER</li>
-<li>Encrypted PEM:<br/>
-<ul class="openssl"><li>des</li><li>des2</li><li>des3</li><li>blowfish</li></ul>
-<ul class="openssl"><li>aes128</li><li>aes192</li><li>aes256</li></ul>
-<ul class="openssl"><li>rc2-40</li><li>rc2-64</li><li>rc2-128</li></ul>
-<br clear="all"/>
-<dl style="margin-top: 1em; width: 600px;"><dt>Note:</dt><dd>OpenSSL "traditional SSLeay" format does not allow encrypted keys to be encoded in DER. Only
-unencrypted keys can be encoded in DER.</dd></dl></li>
-</ul>
-</li>
-<li class="top"><b>PKCS #8 (Unencrypted)</b>
-<ul><li>PEM or DER</li></ul></li>
-<li class="top"><b>PKCS #8 with PKCS #5 Version 1.5 Encryption</b>
-<ul><li>PEM or DER:
-<ul class="pkcs8">
-<li>MD2 with DES</li>
-<li>MD2 with RC2-64</li>
-</ul>
-<ul class="pkcs8">
-<li>MD5 with DES</li>
-<li>MD5 with RC2-64</li>
-</ul>
-<ul class="pkcs8">
-<li>SHA1 with DES</li>
-<li>SHA1 with RC2-64</li>
-</ul>
-<br clear="all"/>
-</li></ul></li>
-<li class="top"><b>PKCS #8 with PKCS #5 Version 1.5 Encryption and PKCS #12 Key Derivation</b>
-<ul><li>PEM or DER:
-<ul class="pkcs8">
-<li>SHA1 with 3DES</li>
-<li>SHA1 with 2DES</li>
-</ul>
-<ul class="pkcs8">
-<li>SHA1 with RC2-128</li>
-<li>SHA1 with RC2-40</li>
-</ul>
-<ul class="pkcs8">
-<li>SHA1 with RC4-128</li>
-<li>SHA1 with RC4-40</li>
-</ul>
-<br clear="all"/>
-</li></ul></li>
-<li class="top"><b>PKCS #8 with PKCS #5 Version 2.0 Encryption and HmacSHA1</b>
-<ul><li>PEM or DER:
-<ul class="pkcs8">
-<li>DES</li>
-<li>3DES</li>
-<li>Blowfish</li>
-</ul>
-<ul class="pkcs8">
-<li>AES-128</li>
-<li>AES-192</li>
-<li>AES-256</li>
-</ul>
-<ul class="pkcs8">
-<li>RC2-40</li>
-<li>RC2-64</li>
-<li>RC2-128</li>
-</ul>
-<br clear="all"/>
-</li></ul></li></ul>
-<hr/>
-<p>
-Here are links to the raw samples and test results:
-<ol>
-<li><a href="samples/rsa_result.html">2048 Bit RSA</a></li>
-<li><a href="samples/dsa_result.html">2048 Bit DSA</a></li>
-</ol>
-</p>
-<p>The samples were all generated using OpenSSL's
-<code>rsa</code>, <code>genrsa</code>, <code>dsa</code>, <code>gendsa</code>, <code>dsaparam</code>
-and <code>pkcs8</code> commands. We're curious to know if
-PKCS #8 keys created by other programs will also work, but OpenSSL is all we have to play
-with at the moment.</p>
-<p>The password to decrypt the samples is always "changeit", and they all have the same RSA or DSA
-key.</p>
-
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/rmi.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/rmi.html b/3rdparty/not-yet-commons-ssl/docs/rmi.html
deleted file mode 100644
index 6d7b2b6..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/rmi.html
+++ /dev/null
@@ -1,102 +0,0 @@
-<html>
-<head>
-<title>Not-Yet-Commons-SSL - RMI over SSL Java Example</title>
-<style type="text/css">
-h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-li.top { margin-top: 10px; }
-ul.openssl { float: left; width: 100px; margin-top: 8px; }
-ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
-ol.points li { margin-top: 8px; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="index.html">main</a> |
-<a href="ssl.html">ssl</a> |
-<a href="pkcs8.html">pkcs8</a> |
-<a href="pbe.html">pbe</a> |
-<span class="hl" href="rmi.html">rmi</span> |
-<a href="utilities.html">utilities</a> |
-<a href="source.html">source</a> |
-<a href="javadocs/">javadocs</a> |
-<a href="download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>RMI over SSL <em style="color: red; font-weight: normal;">(experimental)</em></h2>
-<br/><b>3 points to consider:</b>
-<ol class="points">
-<li>To run the RMI-SSL server, you must invoke <code>LocateRegistry.createRegistry( 1099 )</code>
-from within your own application. You must do this AFTER calling <code>RMISocketFactory.setSocketFactory( impl )</code>.
-RMISocketFactoryImpl will open the registry on 1099, and will open anonymous RMI servers (where port 0 is
-specified) on port 31099.
-RMI-SSL, as shown here, doesn't work with <code>$JAVA_HOME/bin/rmiregistry</code>.
-<br/>See the example code below for help with <code>RMISocketFactory.setSocketFactory( impl )</code>.
-</li>
-<li>To run the RMI-SSL client, you need to find an RMI-SSL server to connect to. See #1, above. ;-)</li>
-<li>If you don't manage to find an RMI-SSL server, then the RMI-SSL client will automatically downgrade itself
-to plain-socket. There is an important security consideration to consider regarding this: RMISocketFactoryImpl
-at this time only guarantees the security of the registry and the server sockets it opens. Client sockets
-it creates might be plain-socket.</li>
-</ol>
-
-<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>RMI over SSL Example</b></u>
-
-import org.apache.commons.ssl.RMISocketFactoryImpl;
-
-<em style="color: green;">// RMISocketFactoryImpl tries to detect plain sockets, so you should be able to use</em>
-<em style="color: green;">// this even in situations where not all of the RMI servers you are talking to are</em>
-<em style="color: green;">// using SSL.</em>
-RMISocketFactoryImpl impl = new RMISocketFactoryImpl();
-
-<em style="color: green;">// Let's change some settings on our default SSL client.</em>
-SSLClient defaultClient = (SSLClient) impl.getDefaultClient();
-client.setCheckHostname( false );
-client.setCheckCRL( true );
-client.setCheckExpiry( false );
-
-<em style="color: green;">// By default we trust Java's "cacerts", as well as whatever cert is on localhost:1099,</em>
-<em style="color: green;">// so this is redundant: (Trusting localhost:1099 is some commons-ssl magic).</em>
-client.addTrustMaterial( TrustMaterial.DEFAULT );
-
-<em style="color: green;">// But if we had used setTrustMaterial() instead of addTrustMaterial(), we would (probably)</em>
-<em style="color: green;">// no longer trust localhost:1099! Using set instead of add causes all previous "adds" to</em>
-<em style="color: green;">// to be thrown out.</em>
-
-<em style="color: green;">// Meanwhile, RMI calls to rmi://special.com:1099/ need to trust a self-signed certificate,</em>
-<em style="color: green;">// but we don't want to pollute our default trust with this shoddy cert. So only calls</em>
-<em style="color: green;">// specifically to "special.com" (any port) will use this.</em>
-SSLClient specialClient = new SSLClient();
-TrustMaterial tm = new TrustMaterial( "special.pem" );
-specialClient.addTrustMaterial( tm );
-<em style="color: green;">// Here's where the special cert gets associated with "special.com":</em>
-impl.setClient( "special.com", specialClient );
-
-
-<em style="color: green;">// We're might also want to be an RMI server ourselves!</em>
-<em style="color: green;">// By default commons-ssl looks for "~/.keystore" and tries password "changeit",</em>
-<em style="color: green;">// but we can change things if we want:</em>
-SSLServer server = (SSLServer) impl.getDefaultServer();
-tm = new TrustMaterial( "trust_only_these_client_certs.pem" );
-KeyMaterial km = new KeyMaterial( "/path/to/myKey.p12", "password".toCharArray() );
-server.setTrustMaterial( tm );
-server.setKeyMaterial( km );
-<em style="color: green;">// This particular RMI server will only accept connections with client certs!</em>
-server.setNeedClientAuth( true );
-
-<em style="color: green;">// Finally, we tell Java to use our new RMI socket factory!</em>
-RMISocketFactory.setSocketFactory( impl );</pre>
-<br clear="all">
-<pre>
-<!-- make the page scroll a little more -->
-
-</pre>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/roadmap.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/roadmap.html b/3rdparty/not-yet-commons-ssl/docs/roadmap.html
deleted file mode 100644
index 3962540..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/roadmap.html
+++ /dev/null
@@ -1,86 +0,0 @@
-<html>
-<head>
-<title>Not-Yet-Commons-SSL - Downloads, Features, Future Directions</title>
-<style type="text/css">
-dl, h1, h2, h3, h4 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-td.v { text-align: center; }
-dt { padding: 8px 0 8px 5px; }
-dd { padding-left: 15px; }
-li { padding-bottom: 6px; }
-tr.released td, tr.released th { background-color: yellow; font-weight: bold; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="index.html">main</a> |
-<a href="ssl.html">ssl</a> |
-
-<a href="pkcs8.html">pkcs8</a> |
-<a href="pbe.html">pbe</a> |
-<a href="rmi.html">rmi</a> |
-<a href="utilities.html">utilities</a> |
-<a href="source.html">source</a> |
-<a href="javadocs/">javadocs</a> |
-
-<span class="hl" href="download.html">download</span>
-</div>
-<br clear="all"/>
-<hr/>
-<h1>This page is out of date. These days we just do maintenance releases to fix bugs reported on the mailing list.
-Current version is 0.3.15.</h1>
-<h3><a name="roadmap">Road Map For Future Versions</a></h3>
-<p>0.3.10 - 0.3.11 are just some feature ideas. They might not be feasible. <b style="background-color: yellow;">0.3.9 is the current version.</b></p>
-<table cellspacing="0" cellpadding="4" border="1">
-<tr><th>Version</th><th>Release Date?</th><th>Description</th></tr>
-<tr><td class="v">0.3.4</td><td class="v">Nov 2006</td><td>90% feature complete. Probably contains some bugs.</td></tr>
-
-<tr><td class="v">0.3.5</td><td class="v">Dec 2006</td><td>PKCS8Key constructor is public now. Whoops. Hostname verification
-knows about more than just CN's now - also checks subjectAlts in the server's certificate.</td></tr>
-<tr><td class="v">0.3.6</td><td class="v">Jan 2007</td><td>Fixed Java 1.4 bug with HttpsURLConnection.</td></tr>
-<tr><td class="v">0.3.7</td><td class="v">Feb 2007</td><td>40 bit and 56 bit ciphers disabled by default. RMI-SSL improved. getSSLContext() added. Various other improvements.</td></tr>
-<tr class="v"><td class="v">0.3.8</td><td class="v">Nov 2007</td><td>PBE (password-based-encryption) formally introduced and improved. 40 bit and 56 bit ciphers still disabled by default, but working better when re-enabled.</td></tr>
-
-<tr class="released"><td class="v">0.3.9</td><td class="v">May 2008</td><td>Some PBE fixes. Using latest ASN.1 code from BouncyCastle.</td></tr>
-<tr class="unreleased"><td class="v">0.3.10</td><td class="v">May 2008</td><td>
-<p>
-Socket monitoring. Make it easier for long-running server applications to warn
-about impending certificate expiries.
-</p>
-<p>
-<a href="http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol">OCSP</a> - Online Certificate Status Protocol
-</p>
-
-<p>
-NotQuiteSoEasySSLProtocolSocketFactory will trust any server The First Time, and store that server's cert on disk for future accesses.
-</p>
-</td></tr>
-<tr><td class="v">0.3.11</td><td class="v">Jun 2008</td><td><code>TrustMaterial.setAutoReload( true / false )</code>, and <code>KeyMaterial.setAutoReload( true / false )</code>,
-but only if no password, or "changeit" was provided. (Question: should this "reload" tear down all open sockets?).
-</td></tr>
-<tr><td class="v">0.4.0</td><td class="v">Jul 2008</td><td>Non-public code (protected, private, etc) moved into a separate "impl" package where possible.</td></tr>
-
-<tr><td class="v">0.5.0</td><td class="v">Aug 2008</td><td>API froven. All future versions must be reverse-compatible with 0.5.0 (except for any parts of 0.5.0 later found to be insecure).</td></tr>
-<tr><td class="v">0.7.0</td><td class="v">Nov 2008</td><td>JavaDocs written for all public methods and classes.</td></tr>
-<tr><td class="v">0.7.5</td><td class="v">Mar 2009</td><td>JUnit tests written for all classes.</td></tr>
-<tr><td class="v">0.9.0</td><td class="v">May 2009</td><td>First BETA release. JUnit tests passing on all targetted platforms:
-
-<ol>
-<li>Intel/AMD: (Sun, IBM, BEA) x (Linux, Mac, Windows) x (1.3, 1.4, 5, 6, 7)</li>
-<li>All of the above with and without BouncyCastle.</li>
-<li>PowerPC: Mac OS X 10.4, 10.5</li>
-<li>Linux: Latest GCJ, Kaffe, and Blackdown releases. BouncyCastle added if necessary to get tests to pass.</li>
-<li>Anyone got an IBM mainframe we can test on?</li>
-</td></tr>
-<tr><td class="v">0.9.1 - 0.9.9</td><td class="v">Aug 2009</td><td>Bug fixes.</td></tr>
-
-<tr><td class="v">1.0.0</td><td class="v">Jan 2010</td><td>Development mostly stops.</td></tr>
-</table>
-<p>The problem we're solving with Commons-SSL
-is quite small, so I don't see any reason to ever go beyond 1.0.0, except for fixing bugs.</p>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/source.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/source.html b/3rdparty/not-yet-commons-ssl/docs/source.html
deleted file mode 100644
index 6c2fc85..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/source.html
+++ /dev/null
@@ -1,38 +0,0 @@
-<html>
-<head>
-<title>Not-Yet-Commons-SSL - Source Tree</title>
-<style type="text/css">
-h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-li.top { margin-top: 10px; }
-ul.openssl { float: left; width: 100px; margin-top: 8px; }
-ul.pkcs8 { float: left; width: 200px; margin-top: 8px; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="index.html">main</a> |
-<a href="ssl.html">ssl</a> |
-<a href="pkcs8.html">pkcs8</a> |
-<a href="pbe.html">pbe</a> |
-<a href="rmi.html">rmi</a> |
-<a href="utilities.html">utilities</a> |
-<span class="hl" href="source.html">source</span> |
-<a href="javadocs/">javadocs</a> |
-<a href="download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>not-yet-commons-ssl Source Code</em></h2>
-<br clear="all">
-
-<!--#include virtual="tree.html" -->
-
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/bc5c276e/3rdparty/not-yet-commons-ssl/docs/ssl.html
----------------------------------------------------------------------
diff --git a/3rdparty/not-yet-commons-ssl/docs/ssl.html b/3rdparty/not-yet-commons-ssl/docs/ssl.html
deleted file mode 100644
index 86bfa4d..0000000
--- a/3rdparty/not-yet-commons-ssl/docs/ssl.html
+++ /dev/null
@@ -1,106 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<meta name="Author" content="Julius Davies">
-<title>Java Examples for Creating SSL/TLS Sockets</title>
-<style type="text/css">
-h1, h2, h3 { margin: 0; border: 0; padding: 0; font-size: 100%; }
-h1 { float: left; color: red; }
-b.n { font-family: arial; font-weight: bold; }
-span.hl { color: white; background-color: green; }
-div.nav { float: left; margin-left: 20px; font-weight: bold; }
-.nav a, .nav span { padding: 0 5px; }
-.nav a { color: blue; }
-</style>
-</head>
-<body>
-<h1>not-yet-commons-ssl</h1>
-<div class="nav">
-<a href="index.html">main</a> |
-<span class="hl" href="ssl.html">ssl</span> |
-<a href="pkcs8.html">pkcs8</a> |
-<a href="pbe.html">pbe</a> |
-<a href="rmi.html">rmi</a> |
-<a href="utilities.html">utilities</a> |
-<a href="source.html">source</a> |
-<a href="javadocs/">javadocs</a> |
-<a href="download.html">download</a>
-</div>
-<br clear="all"/>
-<hr/>
-<h2>Code Examples For Creating SSL Sockets</h2>
-<div style="font-family: arial; margin-top: 18px;">
-<b class="n">Note:</b>
-<br/>SSLClient <b class="n">extends</b> SSLSocketFactory
-<br/>SSLServer <b class="n">extends</b> SSLServerSocketFactory
-</div>
-<pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>Client Example:</b></u>
-
-SSLClient client = new SSLClient();
-
-<em style="color: green;">// Let's trust usual "cacerts" that come with Java. Plus, let's also trust a self-signed cert</em>
-<em style="color: green;">// we know of. We have some additional certs to trust inside a java keystore file.</em>
-client.addTrustMaterial( TrustMaterial.DEFAULT );
-client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) );
-client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks", "changeit".toCharArray() ) );
-
-<em style="color: green;">// To be different, let's allow for expired certificates (not recommended).</em>
-client.setCheckHostname( true ); <em style="color: green;">// default setting is "true" for SSLClient</em>
-client.setCheckExpiry( false ); <em style="color: green;">// default setting is "true" for SSLClient</em>
-client.setCheckCRL( true ); <em style="color: green;">// default setting is "true" for SSLClient</em>
-
-<em style="color: green;">// Let's load a client certificate (max: 1 per SSLClient instance).</em>
-client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx", "secret".toCharArray() ) );
-SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );</pre>
-
-<br clear="all"><pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>Server Example (OpenSSL/Apache Style)</b></u>
-<em style="color: green;">// Compatible with the private key / certificate chain created from following the Apache2</em>
-<em style="color: green;">// TLS FAQ: "How do I create a self-signed SSL Certificate for testing purposes?"</em>
-<em style="color: green;">// <a href="http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert">http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert</a></em>
-
-SSLServer server = new SSLServer();
-
-<em style="color: green;">// Server needs some key material. We'll use an OpenSSL/PKCS8 style key (possibly encrypted).</em>
-String certificateChain = "/path/to/this/server.crt";
-String privateKey = "/path/to/this/server.key";
-char[] password = "changeit".toCharArray();
-KeyMaterial km = new KeyMaterial( certificateChain, privateKey, password );
-
-server.setKeyMaterial( km );
-
-<em style="color: green;">// These settings have to do with how we'll treat client certificates that are presented</em>
-<em style="color: green;">// to us. If the client doesn't present any client certificate, then these are ignored.</em>
-server.setCheckHostname( false ); <em style="color: green;">// default setting is "false" for SSLServer</em>
-server.setCheckExpiry( true ); <em style="color: green;">// default setting is "true" for SSLServer</em>
-server.setCheckCRL( true ); <em style="color: green;">// default setting is "true" for SSLServer</em>
-
-<em style="color: green;">// This server trusts all client certificates presented (usually people won't present</em>
-<em style="color: green;">// client certs, but if they do, we'll give them a socket at the very least).</em>
-server.addTrustMaterial( TrustMaterial.TRUST_ALL );
-SSLServerSocket ss = (SSLServerSocket) server.createServerSocket( 7443 );
-SSLSocket socket = (SSLSocket) ss.accept();</pre>
-
-<br clear="all"><pre style="border: 1px solid red; padding: 10px; float: left;"><u><b>Server Example (Traditional Java "KeyStore" Style)</b></u>
-
-SSLServer server = new SSLServer();
-
-<em style="color: green;">// Server needs some key material. We'll use a Java Keystore (.jks) or Netscape</em>
-<em style="color: green;">// PKCS12 (.pfx or .p12) file. Commons-ssl automatically detects the type.</em>
-String pathToKeyMaterial = "/path/to/.keystore";
-char[] password = "changeit".toCharArray();
-KeyMaterial km = new KeyMaterial( pathToKeyMaterial, password );
-
-server.setKeyMaterial( km );
-
-<em style="color: green;">// This server trusts all client certificates presented (usually people won't present</em>
-<em style="color: green;">// client certs, but if they do, we'll give them a socket at the very least).</em>
-server.addTrustMaterial( TrustMaterial.TRUST_ALL );
-SSLServerSocket ss = (SSLServerSocket) server.createServerSocket( 7443 );
-SSLSocket socket = (SSLSocket) ss.accept();</pre>
-
-
-<br clear="all">
-
-</body>
-</html>