Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id A0CFD200C4E for ; Fri, 21 Apr 2017 08:55:10 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 9F69B160BA2; Fri, 21 Apr 2017 06:55:10 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E8389160B97 for ; Fri, 21 Apr 2017 08:55:09 +0200 (CEST) Received: (qmail 6759 invoked by uid 500); 21 Apr 2017 06:55:08 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 6748 invoked by uid 99); 21 Apr 2017 06:55:08 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Apr 2017 06:55:08 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id D4CFA1A0483 for ; Fri, 21 Apr 2017 06:55:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.766 X-Spam-Level: X-Spam-Status: No, score=0.766 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, HTML_OBFUSCATE_10_20=1.162, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.796, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id QL6SX3IQ6y7l for ; Fri, 21 Apr 2017 06:55:05 +0000 (UTC) Received: from mail-ua0-f176.google.com (mail-ua0-f176.google.com [209.85.217.176]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 404095F477 for ; Fri, 21 Apr 2017 06:55:05 +0000 (UTC) Received: by mail-ua0-f176.google.com with SMTP id j59so30663793uad.0 for ; Thu, 20 Apr 2017 23:55:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=yeHUlYc4EJPt5BvyfKbPWf+sk8AREUOWwCRSKnY5MFw=; b=jy5PGvt5mLJ3vZV/FOzxqJlInLr/JdU2oNhcD22vx4rAwbnVxWCKwojoHp/Mt1bc+c Pxd1UljuEs5Id+W1Nba5V8YRFRdyVCnMU6a/jkR/aLtnOvrrXksBVCVSlYg5Ry/7e1Id gJOzqzH5f7DNOofIKj5DWgtXQr55eedxUZNkBIl9hafQSLO/+woe5wXNmwEIrQcCApuV CtiNgJZ8nxduHxGqiuGoaCvv0H0crLyvjTDqlX5cvjlEMSQDMWLOt9XxqhYUn1JVeQSZ FxpWwGeMgM7flcru0g3KEYM5nkoM/ukoC47G9NG6Ddi9LE8JgaubrKhGmiVnzWkhIwzj Wr9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=yeHUlYc4EJPt5BvyfKbPWf+sk8AREUOWwCRSKnY5MFw=; b=DoAGyOtwixlkrnj+K+YZ2jOykWZTexX78hA7rVrr1CQoBvJnzaJfLx8gqbr30vG6Va R+sjJ91qbC4WNfeqA5dYUv7GKIGtkoY/Uu+QwwkLMIT9UjEHKFyXk9eeKrbUOkurcFsr a3Jo+Y/uRutL4QZgnh71aANV//F46Cxa7csZE1I2eZe0kSs2vRUOAT77fh3YczGuzJMI lyfS6Ewpv/ujSp8sLCab1plNOmpaBcoU9VmUCOT7ksOWhSW3xMQTVUvY9TzA6E/9YH4K eAlPPOvGyICfutnfKMBk4ql10sj1CQogK1vaeKxQOKZ8VRKfpxLlrsAz5LKoJWP3dhVc CRiQ== X-Gm-Message-State: AN3rC/5zoTPZ6AKzHSK2Hn6I/GJo/lejcY8Qz4GKse5DOO+HvqVgsjiv 6o4u3nfSjH1hbRUtOWC1do/0uxMDAtu5 X-Received: by 10.176.83.61 with SMTP id x58mr4983299uax.33.1492757704459; Thu, 20 Apr 2017 23:55:04 -0700 (PDT) MIME-Version: 1.0 Received: by 10.176.94.160 with HTTP; Thu, 20 Apr 2017 23:55:04 -0700 (PDT) In-Reply-To: <55240ebb-ebfa-bb7a-4dbc-2be5abcb36a2@christopherschultz.net> References: <55240ebb-ebfa-bb7a-4dbc-2be5abcb36a2@christopherschultz.net> From: "Lucas S. Silva" Date: Fri, 21 Apr 2017 08:55:04 +0200 Message-ID: Subject: Re: Extended Validation Certificates Support JNDIRealm To: Tomcat Users List Content-Type: multipart/alternative; boundary=94eb2c19105eb5cc34054da7bcb6 archived-at: Fri, 21 Apr 2017 06:55:10 -0000 --94eb2c19105eb5cc34054da7bcb6 Content-Type: text/plain; charset=UTF-8 Hi Christopher, Thanks for the reply. My end goal is to check the certificates OID I did some research and I found that in the RealmBase there is a method authenticate(X509Certificate [] certs) and int the X509Certificate there is public abstract String getSigAlgOID() https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/realm/RealmBase.html#authenticate(java.security.cert.X509Certificate[]) I suspect those should help me checking the certificate Assurance Levels? Thanks, Lucas On 20 April 2017 at 19:50, Christopher Schultz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Lucas, > > On 4/20/17 1:12 PM, Lucas S. Silva wrote: > > I am trying to implement a custom JNDIRealm that will do some > > validations based on the Extended Validation Certificates like the > > OID it this supported by tomcat? > > The term "Extended Validation" has a special meaning when you are > talking about X.509 certificates. What do you mean, here, > specifically, when you say "Extended Validation Certificates"? > > > Or I will just get whatever the LDAP server supports? I could not > > find which method I would have to overwrite to get the extended > > validation certificates:> > > https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/realm > /JNDIRealm.html > > What, > > > specifically, are you trying to accomplish? > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJY+PTWAAoJEBzwKT+lPKRYkBkQALUuoaZzZzK4DsogcSqIu1/Y > gh7xaJFg7iHkM2Jd9oFp/MDLT+PINv3AuYqJ083jGJ3KOgbGR4qovGfboIL1HUMY > P0w/wwXqhPISUiRnjEmiCf4zQMvdnOdhbcfs269qCTwtAMWNZ/wJVrtFEntYiVhD > c2voTvYkYs7iiqPCgETFa2fblgfTQ8jcd0AuDge+VV3vWTi6wNGsclpiERZ73M9g > 7lYHginS605cUo7KgBTEH4nqWyQIaIVWEdU+2O7ZFz1PBJrSo/+ez8Rh/mV3Ld98 > xfuoLLM3CRH7rU65Y3DOrzCQ4z4UKlQ5e4NTb0GZEs42TBf6x0VDzzqcNCcg892d > 4UNfTQ9VqdZMrPEzyklytYVC32P6aUbF6GYb74GvhLAIxkEV3aoAYGt6QxCTEkoq > 2opD4mEDibPT3gb1M2/f9zjq9zJ4FSsv4EdFDiDWffcR6CDscl8kT0gRnMYZKFWk > mirLjnSPxXtwx3ClYGlMvQwfZi6qULgrCaMfWqYIejJN7wQA8J8u6NA2kjVn9wTA > cCJKQAzsw9zUv1eCmBsJv66lvfzyOUJLVxTeJ3wmg6ShcTee0DgcVBVT3nggMmFa > F8586TLqqi8Xie/HHRCd+JrfVGlJpPPj6btpaBehyMoyj6G/SiZwmCH9TX0UADi5 > Ra6J6JO46bahywrEDt+r > =jHk3 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --94eb2c19105eb5cc34054da7bcb6--