tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James A. Rome" <...@y12.doe.gov>
Subject Certificate information is not transferred by Tomcat
Date Tue, 27 Jun 2000 18:20:40 GMT
Using Tomcat on IIS5, the certificate information in the stealth headers
is not transferred to Tomcat. This code works using JRun3 on the same
machine. Both servlet engines fail to put the certificate header
information into the req.getHeaderNames() Enumeration. But in JRun3,
they are at least accessible if one knows the names.

Getting this to work is vital to making client certificates work on
machines with IIS. I also tried the Tomcat code using lower-case for the
variable names, and the header requests still returned null.

Tomcat output:
==============
accept-language = en
connection = Keep-Alive
accept = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*
accept-charset = iso-8859-1,*,utf-8
host = jarhp.ciit.y12.doe.gov
accept-encoding = gzip
user-agent = Mozilla/4.73 [en] (WinNT; U)
CERT_ISSUER = null
CERT_SUBJECT = null
HTTPS_SERVER_SUBJECT = null
HTTPS_SECRETKEYSIZE = null
CERT_SERIALNUMBER = null
HTTPS = null
HTTPS_SERVER_ISSUER = null
SERVER_PORT = null
HTTPS_KEYSIZE = null

JRun3 output:
=============
ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*
ACCEPT-CHARSET = iso-8859-1,*,utf-8
CONNECTION = Keep-Alive
HOST = jarhp.ciit.y12.doe.gov
USER-AGENT = Mozilla/4.73 [en] (WinNT; U)
ACCEPT-ENCODING = gzip
ACCEPT-LANGUAGE = en
CERT_ISSUER = C=US, S=Administrator, L="Oak Ridge, TN", O=Materials
Microcharacterization Collaboratory,
OU=Center for Information Infrastructure Technology, CN=MMC CA
CERT_SUBJECT = C=US, O=Materials Microcharacterization Collaboratory,
OU=Oak Ridge National Laboratory, S=Guest,
L="Oak Ridge, TN", OID.0.9.2342.19200300.100.1.1=u4o, CN=James Rome,
E=jar@ornl.gov
HTTPS_SERVER_SUBJECT = CN=jarhp.ciit.y12.doe.gov, OU=Center for
Information Infrastructure Technology,
O=Materials Microcharacterization Collaboratory, L="Oak Ridge, TN",
S=Server, C=US
HTTPS_SECRETKEYSIZE = 1024
CERT_SERIALNUMBER = 09
HTTPS = on
HTTPS_SERVER_ISSUER = C=US, S=Administrator, L="Oak Ridge, TN",
O=Materials Microcharacterization Collaboratory,
OU=Center for Information Infrastructure Technology, CN=MMC CA
SERVER_PORT = 443
HTTPS_KEYSIZE = 128

The Servlet code to do this is:
===============================
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.security.*;
import java.security.cert.*;

public class GetCert extends HttpServlet
{

	public void init(ServletConfig config) throws ServletException
	{
		super.init(config);
	}

	public void destroy()
	{
		super.destroy();
	}

   // This version is for Microsoft IIS which does not allow direct
access to the certificate
   //
	public void doGet(HttpServletRequest servReq, HttpServletResponse
		servRes) throws IOException
	{
		ServletOutputStream out = servRes.getOutputStream();
      // Set the content type
      servRes.setContentType("text/html");
      out.println("<HTML><HEAD><TITLE>GetCert</TITLE></HEAD><BODY>");

      Enumeration e = servReq.getHeaderNames();
      while(e.hasMoreElements()) {
         String name = (String)e.nextElement();
         out.println("<B>" + name + "</B> = " + servReq.getHeader(name)
+ "<BR>");
      }
      out.println("<B>CERT_ISSUER</B> = " +
servReq.getHeader("CERT_ISSUER") + "<BR>");
      out.println("<B>CERT_SUBJECT</B> = " +
servReq.getHeader("CERT_SUBJECT") + "<BR>");
      out.println("<B>HTTPS_SERVER_SUBJECT</B> = " +
servReq.getHeader("HTTPS_SERVER_SUBJECT") + "<BR>");
      out.println("<B>HTTPS_SECRETKEYSIZE</B> = " +
servReq.getHeader("HTTPS_SECRETKEYSIZE") + "<BR>");
      out.println("<B>CERT_SERIALNUMBER</B> = " +
servReq.getHeader("CERT_SERIALNUMBER") + "<BR>");
      out.println("<B>HTTPS</B> = " + servReq.getHeader("HTTPS") +
"<BR>");
      out.println("<B>HTTPS_SERVER_ISSUER</B> = " +
servReq.getHeader("HTTPS_SERVER_ISSUER") + "<BR>");
      out.println("<B>SERVER_PORT</B> = " +
servReq.getHeader("SERVER_PORT") + "<BR>");
      out.println("<B>HTTPS_KEYSIZE</B> = " +
servReq.getHeader("HTTPS_KEYSIZE") + "<BR>");
		out.println("</BODY></HTML>");
	}
}


-- 
James A. Rome
Lockheed Martin Energy Systems
Center for Information Infrastructure Technology
1099 Commerce Park
MS 7615 Rm S22
Oak Ridge, TN 37830
Phone: (865) 574-1306
Fax:   (865) 574-7624

E-mail: jar@y12.doe.gov

Mime
View raw message