OpenSSL to JNA

[wolf....@gmx.net]

Hi everybody,

I`m currently writing a Java OpenSSL port and I want to donate that code to the JNA project. The base for the implementation is of course the JNA library. 

With my API I`m currently writing it is possible to do everything what you can to with OpenSSL in c native code (generating keys, ocsp, certificate stuff etc.).

What do you think?

[Daniel Doubrovkine]

I think that if the library you wrote is more than the mappings, you should consider making that its own project. However, if it fits the Win32 model where we have a combination of platform mappings and Util classes, then maybe JNA. Either way it would be very useful IMO, so thank you.

--
You received this message because you are subscribed to the Google Groups "Java Native Access" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jna-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

dB. | Moscow - Geneva - Seattle - New York
code.dblock.org - @dblockdotorg - artsy.net - github/dblock

[wolf....@gmx.net]

It`s the mapping of structs and the library function definition, by the way windows is only one platform supported by openssl. But it contains a lot (structs, functions, test, etc.), I`m working on these since weeks and I like to give it to a community where this work can grow. I could make a fork, upload my code and then you can think about. What do you think?

By the way, there is currently no Java API supporting OpenSSL, this could make the JNA project more prominent :-).

[Marco Trudel]

Just curious: Why do you need openSSL? See e.g.
http://stackoverflow.com/questions/5416194/openssl-with-java

On 12.11.2014 15:02, wolf....@gmx.net wrote:
> It`s the mapping of structs and the library function definition, by the
> way windows is only one platform supported by openssl. But it contains a
> lot (structs, functions, test, etc.), I`m working on these since weeks
> and I like to give it to a community where this work can grow. I could
> make a fork, upload my code and then you can think about. What do you think?
>
> By the way, there is currently no Java API supporting OpenSSL, this
> could make the JNA project more prominent :-).
>
> Am Mittwoch, 12. November 2014 13:06:43 UTC+1 schrieb Daniel Doubrovkine:
>
> I think that if the library you wrote is more than the mappings, you
> should consider making that its own project. However, if it fits the
> Win32 model where we have a combination of platform mappings and
> Util classes, then maybe JNA. Either way it would be very useful
> IMO, so thank you.
>

> On Wed, Nov 12, 2014 at 3:55 AM, <wolf....@gmx.net <javascript:>> wrote:
>
> Hi everybody,
>
> I`m currently writing a Java OpenSSL port and I want to donate
> that code to the JNA project. The base for the implementation is
> of course the JNA library.
> With my API I`m currently writing it is possible to do
> everything what you can to with OpenSSL in c native code
> (generating keys, ocsp, certificate stuff etc.).
> What do you think?
>
> --
> You received this message because you are subscribed to the
> Google Groups "Java Native Access" group.
> To unsubscribe from this group and stop receiving emails from

> it, send an email to jna-users+...@googlegroups.com <javascript:>.

> For more options, visit https://groups.google.com/d/optout

> <https://groups.google.com/d/optout>.

>
>
>
>
> --
>
> dB. | Moscow - Geneva - Seattle - New York

> code.dblock.org <http://code.dblock.org/> - @dblockdotorg
> <http://twitter.com/#!/dblockdotorg> - artsy.net
> <http://artsy.net/> - github/dblock <https://github.com/dblock>

>
> --
> You received this message because you are subscribed to the Google
> Groups "Java Native Access" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jna-users+...@googlegroups.com

> <mailto:jna-users+...@googlegroups.com>.

[wolf....@gmx.net]

I know that thread. By the way I`m writing a JNA/Open SSL library which is used by an OpenSSL JSSE Provider to provide TLS1.2 feature to a Java 1.6 environment. My customer want to support Windows XP systems with Java 1.6 where TLS 1.1/1.2 is not supported. OpenSSL is the industry standard solution of all crpyto tasks. And it is much faster and flexible as bouncycastle and Java buildin crpyto stuff.

It is an alternative as bouncycastle is!

[Daniel Doubrovkine]

On Windows I would highly recommend to use the Win32 CryptoAPI, Java or not. It has very deep integration in every version of the OS, can be hardware accelerated, you never have to manage keys yourself, etc.

To unsubscribe from this group and stop receiving emails from it, send an email to jna-users+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

dB. | Moscow - Geneva - Seattle - New York

[Marco Trudel]

On 12.11.2014 15:56, wolf....@gmx.net wrote:
> I know that thread. By the way I`m writing a JNA/Open SSL library which
> is used by an OpenSSL JSSE Provider to provide TLS1.2 feature to a Java
> 1.6 environment. My customer want to support Windows XP systems with
> Java 1.6 where TLS 1.1/1.2 is not supported. OpenSSL is the industry
> standard solution of all crpyto tasks. And it is much faster and
> flexible as bouncycastle and Java buildin crpyto stuff.

I see. Openssl is rather big (~20k LOC with comments and macros). Did
you consider wrapping it automatically? E.g. with:
- https://code.google.com/p/jnaerator/
- https://www.mtsystems.ch

I created the Java wrapper for the whole openssl interface [1]:
https://www.mtsystems.ch/tmp/openssl-java.zip
Took me 5 minutes :-)

Cheers!
Marco

[1] https://www.mtsystems.ch/tmp/openssl.c

> It is an alternative as bouncycastle is!
>
> Am Mittwoch, 12. November 2014 15:11:58 UTC+1 schrieb Marco Trudel:
>
> Just curious: Why do you need openSSL? See e.g.
> http://stackoverflow.com/questions/5416194/openssl-with-java
> <http://stackoverflow.com/questions/5416194/openssl-with-java>
>

> > an email to jna-users+...@googlegroups.com <javascript:>
> > <mailto:jna-users+...@googlegroups.com <javascript:>>.

> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --

[wolf....@gmx.net]

I`ve to support a jre 1.6 running at least on a windows xp system with TLS 1.1/1.2 which is not supported by microsoft so far. I know that windows xp ran out of support, but the customer is king.

On windows the crypto api is propably the best solution, but openssl runs on every platform (win, linux, mac, aix, hpux etc) and on all x-os systems it is the default crypto provider.

By the way I create all my certificates and keys with it.

It comes with an build-in OCSP server and client, without it would be very hard for me to write a OCSP client for our customer.

[wolf....@gmx.net]

Yes I`m using JNAerator for many years now, it`s a great tool and saves a lot of time. But unfortunately a code generator tool can not always generate compileable code and definitely not runable code.

[Marco Trudel]

On 13.11.2014 09:20, wolf....@gmx.net wrote:
> Yes I`m using JNAerator for many years now, it`s a great tool and saves
> a lot of time. But unfortunately a code generator tool can not always

> generate compilable code and definitely not runnable code.

Well, that's the difference between a free tool like JNAerator and a
commercial service like mtSystems. It's certainly possible to
automatically create compilable and runnable code, JNAerator is just not
there yet. But we are. See openssl-java.zip (you're just missing our
base library) or our online demo and translated (not just wrapped) programs.
The openssl wrapper would have cost you 199$. My guess is that this is
cheaper, faster and more correct than weeks of effort for a manual
wrapping ;-)

Cheers!
Marco

> Am Mittwoch, 12. November 2014 17:35:36 UTC+1 schrieb Marco Trudel:
>

> <http://artsy.net> <http://artsy.net>