RE: SSL

Hi,
nearly a year ago I already posted a simple SSL extension for Jigsaw based
on JSSE. Enclosed, please find the modified sources, jar file and config
sample files (for an admin, an http and an https server trio). 

A special structure was necessary to have shared sources for both, the
ordinary http and the webdav daemons:

The webdavsd class goes to the new org.w3c.jigsaw.webdavsd sub-package. The
SSLSocketClientFactory class goes to the new new org.w3c.jigsaw.https.socket
sub-package. The remaining classes go the new org.w3c.jigsaw.https
sub-package. 

The SSLAdapter class is the essential part for implementing both, the
webdavsd and the httpsd daemons. The SSLProperties class implements the new
property administration tab for SSL and the SSLSocketClientFactory class
realizes the SSL protocol features (via dispatching to JSSE).

JSSE 1.0.x must be installed for using Jigsaw/SSL.
In addition, the enclosed jigssl.jar file must be installed in the Java
classpath.

The additional configuration parameters are contained in the sample config
files. The implementation supplies server authentication, only, since I had
problems to test client authentication with current web browsers.

Apart from setting parameters accordingly, a server certificate must be
generated using standard JDK security tools and put in a JKS certificate
store, which I normally install as the <Jigsaw>/Jigsaw/config/auth/certs.db
file. SSL properties can be administered using the Jigadmin for the new SSL
property tab.

The following parameters are required as SSL server properties:
"org.w3c.jigsaw.ssl.enabled", which should be set to "true",
"org.w3c.jigsaw.ssl.keystore.path", which points to the keystore file,
"org.w3c.jigsaw.ssl.keystore.password", which is set to the password for
accessing the protected keystore (containing the server certificate),
"org.w3c.jigsaw.port", which is optional and normally set to 443,
"org.w3c.jigsaw.http.ClientFactory", which should be set to
"org.w3c.jigsaw.https.socket.SSLSocketClientFactory"

Everything is sent under a BSD license model. Hence, it comes 'as is',
tested but without any warranty and you are free to do what you want ...
have fun.

Regards, Thomas.


> SSL
> 
> From: Wilson Lim (w.lim@ee.ucl.ac.uk)
> Date: Wed, Sep 05 2001
> 
> *Next message: Harmeet: "Re: SSL"
> 
>    * Previous message: Yves Lafon: "Re: mark/reset exception when using
HttpManager to send chunked messa ge"
>    * Next in thread: Harmeet: "Re: SSL"
>    * Reply: Harmeet: "Re: SSL"
>    * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>    * Other mail archives: [this mailing list] [other W3C mailing lists]
>    * Mail actions: [ respond to this message ] [ mail a new topic ]
> 
>   ------------------------------------------------------------------------
> 
> Date: Wed, 5 Sep 2001 18:04:00 -0400 (EDT)
> From: "Wilson Lim" <w.lim@ee.ucl.ac.uk>
> To: <www-jigsaw@w3.org>
> Message-ID: <PCEPJOPFNFAPNHJKHIGOIEDECFAA.w.lim@ee.ucl.ac.uk>
> Subject: SSL
> 
> Hi everybody,
> 
> Is there information on how to successfully apply the SSL component onto
the
> latest version of jigsaw?
> The only information I have is only a link to a older version of jigsaw
from
> the iaik site and some updated SSL component.
> http://jcewww.iaik.tu-graz.ac.at/products/applications/jigsaw/index.php
> 
> Thanks in advance,
> 
> Wilson
> --
> /**
> * Wilson Lim www.ee.ucl.ac.uk/~wilim; w.lim@ee.ucl.ac.uk
> * Dept. of Electronic and Electrical Engineering,
> * University College London, WC1E 7JE, U.K.
> * Tel: +44 (0)2076795765; Fax: +44 (0)2073889325
> * ICQ UIN: 252355; Location: GS207 66-72 Gower Str.
> */
> 
>   ------------------------------------------------------------------------
> 
>    * Next message: Harmeet: "Re: SSL"
>    * Previous message: Yves Lafon: "Re: mark/reset exception when using
HttpManager to send chunked messa ge"
>    * Next in thread: Harmeet: "Re: SSL"
>    * Reply: Harmeet: "Re: SSL"
>    * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>    * Other mail archives: [this mailing list] [other W3C mailing lists]
>    * Mail actions: [ respond to this message ] [ mail a new topic ]