tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig...@locus.apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves CertificatesValve.java
Date Wed, 20 Sep 2000 06:05:35 GMT
craigmcc    00/09/19 23:05:35

  Modified:    catalina/src/share/org/apache/catalina/valves
                        CertificatesValve.java
  Log:
  Calculate the set of java.security.cert.X509Certificate certificates
  (converting from the JSSE internal format), and cache them in the
  SSLSession so that they do not have to be recalculated.
  
  Catalina now conforms to the servlet spec requirements regarding client
  certificates.
  
  Revision  Changes    Path
  1.2       +41 -9     jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/CertificatesValve.java
  
  Index: CertificatesValve.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/CertificatesValve.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- CertificatesValve.java	2000/09/09 03:20:52	1.1
  +++ CertificatesValve.java	2000/09/20 06:05:34	1.2
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/CertificatesValve.java,v
1.1 2000/09/09 03:20:52 craigmcc Exp $
  - * $Revision: 1.1 $
  - * $Date: 2000/09/09 03:20:52 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/CertificatesValve.java,v
1.2 2000/09/20 06:05:34 craigmcc Exp $
  + * $Revision: 1.2 $
  + * $Date: 2000/09/20 06:05:34 $
    *
    * ====================================================================
    *
  @@ -65,10 +65,12 @@
   package org.apache.catalina.valves;
   
   
  +import java.io.ByteArrayInputStream;
   import java.io.IOException;
   import javax.net.ssl.SSLPeerUnverifiedException;
   import javax.net.ssl.SSLSession;
   import javax.net.ssl.SSLSocket;
  +import java.security.cert.CertificateFactory;
   import javax.security.cert.X509Certificate;
   import javax.servlet.ServletException;
   import org.apache.catalina.Globals;
  @@ -86,7 +88,7 @@
    * exposed as a request attribute.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.1 $ $Date: 2000/09/09 03:20:52 $
  + * @version $Revision: 1.2 $ $Date: 2000/09/20 06:05:34 $
    */
   
   public final class CertificatesValve
  @@ -163,24 +165,54 @@
        */
       private void expose(Request request, Request actual) {
   
  +	// Ensure that this request came in on an SSLSocket
           if (actual.getSocket() == null)
               return;
           if (!(actual.getSocket() instanceof SSLSocket))
               return;
           SSLSocket socket = (SSLSocket) actual.getSocket();
  +
  +	// Look up the current SSLSession
           SSLSession session = socket.getSession();
           if (session == null)
               return;
  -        X509Certificate certs[] = null;
  +
  +	// If we have cached certificates, return them
  +	Object cached = session.getValue(Globals.CERTIFICATES_ATTR);
  +	if (cached != null) {
  +	    request.getRequest().setAttribute(Globals.CERTIFICATES_ATTR,
  +	                                      cached);
  +	    return;
  +        }
  +
  +	// Convert JSSE's certificate format to the ones we need
  +        X509Certificate jsseCerts[] = null;
  +	java.security.cert.X509Certificate x509Certs[] = null;
           try {
  -            certs = session.getPeerCertificateChain();
  -        } catch (SSLPeerUnverifiedException e) {
  +            jsseCerts = session.getPeerCertificateChain();
  +	    if (jsseCerts == null)
  +	        jsseCerts = new X509Certificate[0];
  +	    x509Certs =
  +              new java.security.cert.X509Certificate[jsseCerts.length];
  +	    for (int i = 0; i < x509Certs.length; i++) {
  +		byte buffer[] = jsseCerts[i].getEncoded();
  +		CertificateFactory cf =
  +		  CertificateFactory.getInstance("X.509");
  +		ByteArrayInputStream stream =
  +		  new ByteArrayInputStream(buffer);
  +		x509Certs[i] = (java.security.cert.X509Certificate)
  +		  cf.generateCertificate(stream);
  +	    }
  +        } catch (Throwable t) {
               return;
           }
  -        if ((certs == null) || (certs.length < 1))
  -            return;
   
  -        request.getRequest().setAttribute(Globals.CERTIFICATES_ATTR, certs);
  +	// Expose these certificates as a request attribute
  +        if ((x509Certs == null) || (x509Certs.length < 1))
  +            return;
  +        session.putValue(Globals.CERTIFICATES_ATTR, x509Certs);
  +        request.getRequest().setAttribute(Globals.CERTIFICATES_ATTR,
  +                                          x509Certs);
   
       }
   
  
  
  

Mime
View raw message