Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Sender: jfclere@vtxrm2.bcn.fsc.net
Message-ID: <3C5AA9E5.B943294E@fujitsu-siemens.com>
Date: Fri, 01 Feb 2002 15:44:53 +0100
From: jean-frederic clere <jfrederic.clere@fujitsu-siemens.com>
Reply-To: jfrederic.clere@fujitsu-siemens.com
MIME-Version: 1.0
To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
Subject: Re: Client Certificates working with mod_jk but not with mod_webapp
References: <OFEE987E0A.9DF316DD-ON41256B52.0064F994@commaro.com>
 <1012541561.3c5a2879f3e9a@192.168.0.2>
Content-Type: multipart/mixed;
 boundary="------------6688CA12866DB8B07A6A5999"

--------------6688CA12866DB8B07A6A5999
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Markus Maeder wrote:
> 
> Hi
> 
> Some days ago I posted following message in tomcat-user and had one reply
> stating he is having the same problem.
> 
> I'd like to fix this problem. Is there somebody already working on this? If not,
> which source should I get to track down the problem?

What is the problem? It works well on my tests, try the test application I have
attached to the mail..

> 
> Markus
> 
> My message in tomcat-user:
> --- Markus Maeder <mmaeder@oase.ch> wrote:
> > Hi!
> >
> > I was playing around with Tomcat 4.0.1 and couldn't
> > get the client certificates
> > from apache through mod_webapp. So I tried Tomcat
> > 4.0.2 b2 and the build from
> > January 27. I even compiled a new mod_webapp
> > (1.0.2-tc402).
> >
> > Then I tried ajp13 and mod_jk. This is working fine
> > after I changed my code
> > (working in Tomcat 3.2x) from
> >
> > String certAttribute =
> > "javax.servlet.request.X509Certificate";
> > X509Certificate certificate =
> >
> (java.security.cert.X509Certificate)request.getAttribute(certAttribute);
> >
> > To version for Tomcat 4:
> > String certAttribute =
> > "javax.servlet.request.X509Certificate";
> > X509Certificate certificate[] =
> >
> (java.security.cert.X509Certificate[])request.getAttribute(certAttribute);
> >
> > As I think I missed something in the configuration
> > of mod_webapp, I wonder, if
> > somebody has a working configuration for getting
> > client certificates with
> > mod_webapp, apache 1.3 and mod_ssl.
> >
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
--------------6688CA12866DB8B07A6A5999
Content-Type: text/plain; charset=us-ascii;
 name="X509.java"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="X509.java"

/*
 * ====================================================================
 *
 * The Apache Software License, Version 1.1
 *
 * Copyright (c) 1999 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution, if
 *    any, must include the following acknowlegement:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowlegement may appear in the software itself,
 *    if and wherever such third-party acknowlegements normally appear.
 *
 * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
 *    Foundation" must not be used to endorse or promote products derived
 *    from this software without prior written permission. For written
 *    permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache"
 *    nor may "Apache" appear in their names without prior written
 *    permission of the Apache Group.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 *
 * [Additional notices, if required by prior licensing conditions]
 *
 */

// If this class were in a package, it would need to go in the
// corresponding subdirectory

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.security.cert.X509Certificate;


/**
 * Simple servlet to test SSL User Certificate.
 * (From the well known HelloWorldExample.java).
 *
 * @author Jean-Frederic Clere jfclere@apache.org
 */

public final class X509 extends HttpServlet {


    /**
     * Respond to a GET request for the content produced by
     * this servlet.
     *
     * @param request The servlet request we are processing
     * @param response The servlet response we are producing
     *
     * @exception IOException if an input/output error occurs
     * @exception ServletException if a servlet error occurs
     */
    public void doGet(HttpServletRequest request,
                      HttpServletResponse response)
      throws IOException, ServletException {

	response.setContentType("text/html");
	PrintWriter writer = response.getWriter();

	writer.println("<html>");
	writer.println("<head>");
	writer.println("<title>X509 Application Servlet Test Page</title>");
	writer.println("</head>");
	writer.println("<body bgcolor=white>");

	writer.println("<h1>Sample Application Servlet</h1>");
	writer.println("This is the output of a servlet that is part of");
	writer.println("the X509 test application.  It displays the");
	writer.println("request headers from the request we are currently");
	writer.println("processing.");

	writer.println("<table border=\"0\" width=\"100%\">");
	Enumeration names = request.getHeaderNames();
	while (names.hasMoreElements()) {
	    String name = (String) names.nextElement();
	    writer.println("<tr>");
	    writer.println("  <th align=\"right\">" + name + ":</th>");
	    writer.println("  <td>" + request.getHeader(name) + "</td>");
	    writer.println("</tr>");
	}
	writer.println("</table>");

	writer.println("<h1>User certificate information</h1>");
        writer.println("<hr>");

	Object object = request.getAttribute("javax.servlet.request.X509Certificate");
	if (object!=null)
          writer.println("object is :" + object.getClass());

	// Get the first certificate.
	X509Certificate jsseCerts[] = (X509Certificate [])
          request.getAttribute("javax.servlet.request.X509Certificate");
        if ( jsseCerts != null) {
          X509Certificate cert = jsseCerts[0];
          writer.println("Issuer: " + cert.getIssuerDN());
          writer.println("<br>");
          writer.println("SujectDN: " + cert.getSubjectDN());
	  writer.println("<hr>");
	  writer.println(cert); // .toString());
	} else {
          writer.println("NO user certificate<br>");
	}
        writer.println("<hr>");

	writer.println("<h1>Other SSL information</h1>");

        writer.println("cipher_suite: " +
          request.getAttribute("javax.servlet.request.cipher_suite"));
        writer.println("<br>");

        writer.println("key_size: " +
          request.getAttribute("javax.servlet.request.key_size"));
        writer.println("<br>");

        writer.println("ssl_session: " +
          request.getAttribute("javax.servlet.request.ssl_session"));
        writer.println("<br>");

        writer.println("isSecure: " +
          request.isSecure());
        writer.println("<br>");

        writer.println("getScheme: " +
          request.getScheme());

	writer.println("</body>");
	writer.println("</html>");

    }


}


--------------6688CA12866DB8B07A6A5999
Content-Type: text/plain; charset=us-ascii

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
--------------6688CA12866DB8B07A6A5999--