{"id":15022534,"url":"https://github.com/puppetlabs/jvm-ssl-utils","last_synced_at":"2025-12-12T01:30:22.948Z","repository":{"id":13295130,"uuid":"15981160","full_name":"puppetlabs/jvm-ssl-utils","owner":"puppetlabs","description":"SSL certificate management on the JVM","archived":false,"fork":false,"pushed_at":"2025-03-12T17:53:01.000Z","size":802,"stargazers_count":19,"open_issues_count":2,"forks_count":34,"subscribers_count":160,"default_branch":"main","last_synced_at":"2025-03-28T06:08:56.635Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Clojure","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/puppetlabs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-01-16T21:14:02.000Z","updated_at":"2025-03-12T17:52:59.000Z","dependencies_parsed_at":"2025-01-15T03:54:01.858Z","dependency_job_id":"32ef54d8-47a7-453b-ae6f-f017ff04a55b","html_url":"https://github.com/puppetlabs/jvm-ssl-utils","commit_stats":{"total_commits":398,"total_committers":38,"mean_commits":"10.473684210526315","dds":0.8090452261306533,"last_synced_commit":"84bec206a5393678d9f84ee9a436cc5bedd13121"},"previous_names":["puppetlabs/jvm-certificate-authority"],"tags_count":44,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fjvm-ssl-utils","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fjvm-ssl-utils/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fjvm-ssl-utils/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fjvm-ssl-utils/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/puppetlabs","download_url":"https://codeload.github.com/puppetlabs/jvm-ssl-utils/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247135144,"owners_count":20889421,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-24T19:58:05.277Z","updated_at":"2025-12-12T01:30:22.883Z","avatar_url":"https://github.com/puppetlabs.png","language":"Clojure","funding_links":[],"categories":[],"sub_categories":[],"readme":"# jvm-ssl-utils\n\n[![Build Status](https://travis-ci.org/puppetlabs/jvm-ssl-utils.png?branch=master)](https://travis-ci.org/puppetlabs/jvm-ssl-utils)\n\nSSL certificate management on the JVM.\n\n## Installation\n\nAdd the following dependency to your `project.clj` file:\n\n[![Clojars Project](http://clojars.org/puppetlabs/ssl-utils/latest-version.svg)](http://clojars.org/puppetlabs/ssl-utils)\n\n## Handling X.509 certificate extensions\n\nX.509 certificates and certificate requests can optionally contain a list of\nextensions which may further specify how the certificate is to be used. Each of\nthe functions which either return or accept X.509 extensions expect them to\nbe a list of maps. Each map contains the following keys:\n\n* `oid` A string containing the extension's OID.\n* `critical` A boolean which is true if the extension is marked as critical.\n* `value` A primitive value, or data structure representing the data contained\n          in the extension. The exact format of the `value` data is dependent\n          upon the OID of the extension, which are described below.\n\n### Supported extensions and their data structures\n\nCurrently only a subset of the defined X.509 extensions are supported by this\nlibrary, more will be supported in the future. Note that in the Java API all\nmap keys are snake-cased strings, in the Clojure API all map keys are kebab-cased\nkeywords.\n\n#### Subject Key Identifier: `2.5.29.14`\n\nWhen writing a _Subject Key Identifier_ extension, set the `value` key of the\nextension map to an instance of the subject's `java.security.PublicKey`. When\nextension is written to the certificate or certificate request then the SHA-1\nhash of the key will be computed and written to the object.\n\nWhen a _Subject Key Identifier_ extensions is read from a certificate its value\nis a byte array containing the SHA-1 hash.\n\n#### Key Usage: `2.5.29.15`\n\nKey usage is defined by a set of keywords which indicate how the certificate is\nto be used. The following keywords are used:\n\n| Keyword              | Meaning                                                                                   |\n|----------------------|-------------------------------------------------------------------------------------------|\n| `:digital-signature` | The public key can be used for encrypting data.                                           |\n| `:non-repudiation`   | The public key is used to verify digital signatures.                                      |\n| `:key-encipherment`  | The certificate will be used with a protocol that encrypts keys.                          |\n| `:data-encipherment` | The public key is used for encrypting user data.                                          |\n| `:key-agreement`     | The sender and receiver of the public key need to derive the key without using encryption.|\n| `:key-cert-sign`     | The subject public key is used to verify a signature on certificates.                     |\n| `:crl-sign`          | The subject public key is to verify a signature on a CRL.                                 |\n| `:encipher-only`     | The public key is to be used only for enciphering data while performing key agreement.    |\n| `:decipher-only`     | The public key is to be used only for deciphering data while performing key agreement.    |\n\n#### Subject Alternative Names: `2.5.29.17`\n\nThis extensions is represented as a map where each key is name type, and the\nvalue is a list of names of that type to be aliased. The following hash keys\ncorrespond to the listed types.\n\n| Key               | Type                                     |\n|-------------------|------------------------------------------|\n| `:rfc822-name`    | An RFC822 compliant e-mail address       |\n| `:dns-name`       | A host name which can be resolved by DNS |\n| `:directory-name` | A fully-qualified DN                     |\n| `:uri`            | A URI                                    |\n| `:ip`             | An IP address                            |\n\nFor example:\n\n```clojure\n(let [exts [;; Subject alternative DNS names\n            {:oid      \"2.5.29.17\"\n             :value    {:dns-name [\"aliasname1.domain.tld\"\n                                   \"aliasname2.domain.tld\"]}\n             :critical false}\n            ;; Issuer alternative DNS name\n            {:oid      \"2.5.29.18\"\n             :value    {:dns-name [\"aliasname3.domain.tld\"}\n             :critical false}]])\n```\n\n#### Issuer Alternative Names: `2.5.29.18`\n\nThe format of this extension is the same as `Subject Alternative Names` above.\n\n#### Basic Constraints: `2.5.29.19`\n\nDefines basic constraints for the certificate as a map with these two keys:\n\n| Key                    | Type    | Value                                                                                                                                |\n|------------------------|---------|--------------------------------------------------------------------------------------------------------------------------------------|\n| `:is-ca`               | boolean | True if the subject may act as a CA.                                                                                                 |\n| `:path-len-constraint` | integer | If this is a CA cert, the max certification path length.  A value of nil or absence of this key indicates that no length is imposed. |\n\n#### CRL Number: `2.5.29.20`\n\nThe value of this extension is a `java.math.BigInteger` representing the\nsequence number for a CRL (Certificate Revocation List).\n\n#### Authority Key Identifier: `2.5.29.35`\n\nWhen writing this extension to a certificate the value should be a map\nwhich contains one of the following combinations of keys (with corresponding\nvalues):\n\n* `:public-key`\n* `:serial-number` and `:issuer-dn`\n* `:public-key`, `:serial-number`, and `:issuer-dn`\n\nThese keys are defined as:\n\n| Key              | Type                    | Value                                    |\n|------------------|-------------------------|------------------------------------------|\n| `:public-key`    | java.security.PublicKey | CA's public key.                         |\n| `:issuer-dn`     | string                  | A Distinguished Name identifying the CA. |\n| `:serial-number` | java.math.BigInteger    | CA's serial number.                      |\n\nWhen this extension is read back from a certificate, it will be a map containing\nthe following keys.  Note that if the corresponding value for any key was not\nspecified, it will be set to nil.\n\n| Key                    | Type                 | Value                                                          |\n|------------------------|----------------------|----------------------------------------------------------------|\n| `:key-identifier`      | byte vector          | A byte array containing the SHA-1 hash of the CA's public key. |\n| `:issuer`              | string               | A Distinguished Name identifying the CA.                       |\n| `:serial-number`       | java.math.BigInteger | CA's serial number.                                            |\n\n#### Extended Key Usage: `2.5.29.37`\n\n#### Netscape Certificate Comment: `2.16.840.1.113730.1.13`\n\nThe value of this extension is a string containing a comment about the certificate.\n\n## License\n\nSee [LICENSE](LICENSE) file.\n\n## Support\n\nPlease log issues in the GitHub issue tracker.\n\nWe use semantic version numbers for our releases, and recommend that users stay\nas up-to-date as possible by upgrading to patch releases and minor releases as\nthey become available.\n\nBugfixes and ongoing development will occur in minor releases for the current\nmajor version. Security fixes will be backported to a previous major version on\na best-effort basis, until the previous major version is no longer maintained.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuppetlabs%2Fjvm-ssl-utils","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpuppetlabs%2Fjvm-ssl-utils","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuppetlabs%2Fjvm-ssl-utils/lists"}