/** * Copyright (c) 2000/2001 Thomas Kopp * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ Jigsaw SSL Support based on JSSE 1.0.2 ************************************** The classes supplied with this software bundle contain an SSL extension for the W3C Jigsaw web-server. The SSL support is implemented by delegating secure socket handling to JSSE 1.0.2. SSL support can be installed by 0. Downloading and installing the JRE 1.3.0 (or higher) runtime environment from http://java.sun.com/products 1. Downloading and installing the JSSE 1.0.2 (or higher) reference implementation from http://java.sun.com/products/jsse/ 2. Downloading and installing the Jigsaw web-server 2.0.x or 2.1.x from http://jigsaw.w3.org/ 3. Adding the enclosed jigssl.jar file to the Jigsaw class path 4. Creating a key store using the JDK 1.3.0 keytool and adding a suitable server certificate Note: This step requires a suitable JDK but may be executed on a different machine A certificate can be obtained from a CA but may be self-signed for test purposes 5. Setting suitable values for the below-cited parameters in the https-server.props file: org.w3c.jigsaw.ssl.enabled=true Explicitly enables general SSL support org.w3c.jigsaw.ssl.keystore.path= Points to the key store (cf. 4. above) org.w3c.jigsaw.ssl.keystore.password= Supplies the key store access password Finally, the socket client factory has to be set to the SSL factory: org.w3c.jigsaw.http.ClientFactory=org.w3c.jigsaw.https.socket.SSLSocketClientFactory Notes: a. This implementation also supplies property management for the above-cited parameters. b. Due to problems with existing browsers, it provides server authentication, only. A certificate chain verifier has to be added for implementing client authentication. c. This implementation is an add-on to the Jigsaw web-server in the sense that any http daemon class can be sub-classed for adding ssl support. In order to do so, sub-classing is performed using an SSLAdapter class due to multiple inheritance problems with multiple existing Jigsaw daemon classes, e.g. httpd and webdavd. The Sub-classing mechanism can be observed in the httpsd and webdavsd classes. You may report problems via email to Thomas.Kopp@Dialogika.de There is, however, no guarantee for any support in accordance with the above-cited license terms. Thomas Kopp, 8 April 2001.