tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lucas S. Silva" <lssi...@gmail.com>
Subject Re: Extended Validation Certificates Support JNDIRealm
Date Fri, 21 Apr 2017 06:55:04 GMT
Hi Christopher,

Thanks for the reply.

My end goal is to check the certificates OID I did some research and I
found that in the
RealmBase there is a method

authenticate(X509Certificate
<http://docs.oracle.com/javase/7/docs/api/java/security/cert/X509Certificate.html?is-external=true>[]
certs)

and int the X509Certificate there is

public abstract String
<http://docs.oracle.com/javase/7/docs/api/java/lang/String.html>
getSigAlgOID()

https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/realm/RealmBase.html#authenticate(java.security.cert.X509Certificate[])

I suspect those should help me checking the certificate Assurance Levels?

Thanks,
Lucas

On 20 April 2017 at 19:50, Christopher Schultz <chris@christopherschultz.net
> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Lucas,
>
> On 4/20/17 1:12 PM, Lucas S. Silva wrote:
> > I am trying to implement a custom JNDIRealm that will do some
> > validations based on the Extended Validation Certificates like the
> > OID it this supported by tomcat?
>
> The term "Extended Validation" has a special meaning when you are
> talking about X.509 certificates. What do you mean, here,
> specifically, when you say "Extended Validation Certificates"?
>
> > Or I will just get whatever the LDAP server supports? I could not
> > find which method I would have to overwrite to get the extended
> > validation certificates:>
> > https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/realm
> /JNDIRealm.html
>
> What,
> >
> specifically, are you trying to accomplish?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJY+PTWAAoJEBzwKT+lPKRYkBkQALUuoaZzZzK4DsogcSqIu1/Y
> gh7xaJFg7iHkM2Jd9oFp/MDLT+PINv3AuYqJ083jGJ3KOgbGR4qovGfboIL1HUMY
> P0w/wwXqhPISUiRnjEmiCf4zQMvdnOdhbcfs269qCTwtAMWNZ/wJVrtFEntYiVhD
> c2voTvYkYs7iiqPCgETFa2fblgfTQ8jcd0AuDge+VV3vWTi6wNGsclpiERZ73M9g
> 7lYHginS605cUo7KgBTEH4nqWyQIaIVWEdU+2O7ZFz1PBJrSo/+ez8Rh/mV3Ld98
> xfuoLLM3CRH7rU65Y3DOrzCQ4z4UKlQ5e4NTb0GZEs42TBf6x0VDzzqcNCcg892d
> 4UNfTQ9VqdZMrPEzyklytYVC32P6aUbF6GYb74GvhLAIxkEV3aoAYGt6QxCTEkoq
> 2opD4mEDibPT3gb1M2/f9zjq9zJ4FSsv4EdFDiDWffcR6CDscl8kT0gRnMYZKFWk
> mirLjnSPxXtwx3ClYGlMvQwfZi6qULgrCaMfWqYIejJN7wQA8J8u6NA2kjVn9wTA
> cCJKQAzsw9zUv1eCmBsJv66lvfzyOUJLVxTeJ3wmg6ShcTee0DgcVBVT3nggMmFa
> F8586TLqqi8Xie/HHRCd+JrfVGlJpPPj6btpaBehyMoyj6G/SiZwmCH9TX0UADi5
> Ra6J6JO46bahywrEDt+r
> =jHk3
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message