----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
Victor (and everybody),
My configuration is Linux RedHat 5.2, Apache 1.3.6, OpenSSL 1-0.9.3a, Mod_SSL
2.3.
Here is the complete code listing for a very simple servlet that displays
information about the client's certificate. When I install this servlet in a
zone that is defined in my httpd.conf file as an SSL-authenticated location, it
works perfectly. Here is the relevant section from httpd.conf:
<Location /servlets>
SSLOptions +FakeBasicAuth
SSLVerifyClient require
SSLVerifyDepth 1
SSLRequireSSL
</Location>
and here is the servlet:
import java.io.*;
import java.lang.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class GetCertInfo extends HttpServlet
{
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException
{
res.setContentType("text/html");
PrintWriter out = res.getWriter();
BufferedReader in = req.getReader();
StringBuffer content = new StringBuffer();
content.append(
"<HTML><BODY>Some useful info about the client certificate:<BR>" +
"<BR>User = " +
(String)req.getAttribute("org.apache.jserv.SSL_CLIENT_S_DN_CN") +
"<BR>Cipher = " +
(String)req.getAttribute("org.apache.jserv.SSL_CIPHER") +
"<BR>SessionID = " +
(String)req.getAttribute("org.apache.jserv.SSL_SESSION_ID") +
"<BR>ClientSN = " +
(String)req.getAttribute("org.apache.jserv.SSL_SESSION_ID") +
"</BODY></HTML>");
out.println(content.toString());
}
}
To see the list of all environment variables that SSL keeps track of, see the
excellent documentation by Ralf S. Engelschall at http://www.openssl.org.
I hope this is helpful.
Bob Dana
____________________Reply Separator____________________
Subject: RE: extracting the Subject from a X.509 client certificate
Author: Victor Granic <[EMAIL PROTECTED]>
Date: 3/8/00 3:21 PM
Hi Bob!
Thanks for the quick response. I modified the entry in the code but
I'm still not getting the information. With respect to the servlet
and certificate code, what import statements do you include? I'm
wondering where getAttibute() extacts that string from.
Thanks again,
Victor
: -----Original Message-----
: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
: Sent: Wednesday, March 08, 2000 5:59 PM
: To: Victor Granic
: Subject: Re:extracting the Subject from a X.509 client certificate
:
:
: Victor,
:
: I have a very similar configuration to yours (except that I
: run RedHat Linux
: 5.2,) and this works for me:
:
: req.getAttribute("org.apache.jserv.SSL_CIPHER");
:
: Good luck.
:
: Bob Dana
:
:
: ____________________Reply Separator____________________
: Subject: extracting the Subject from a X.509 client certificate
: Author: Victor Granic <[EMAIL PROTECTED]>
: Date: 3/8/00 5:15 PM
:
: ----------------------------------------------------------------
: BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
: WHEN YOU POST, include all relevant version numbers, log files,
: and configuration files. Don't make us guess your problem!!!
: ----------------------------------------------------------------
:
: Hello.
:
: I'm attempting to authenticate clients connecting to my Web
: server using
: X.509
: certificates. Here is what I have installed:
:
: Apache 1.3.6
: OpenSSL 0.9.3
: Apache Jserv 1.1
:
: running on:
: Solaris 7 (sparc)
:
:
: SSL is working and servlets are working, but when I try to
: access the client
: cert with
: the follwing code, I receive null for the cipherSuite:
:
:
: public void service(HttpServletRequest req,
: HttpServletResponse res)
: throws ServletException, IOException
: {
: String msg = "<PRE>";
:
: // Get the Cipher Suite in use
: String cipherSuite = (String)
: req.getAttribute("java.net.ssl.cipher_suite");
: msg += "Cipher Suite: " + cipherSuite + "\n";
:
: // Get the client's certificate if there are any
: if (cipherSuite != null) {
: X509Certificate certChain[] =
: (X509Certificate[])
: req.getAttribute("java.net.ssl.peer_certificates");
: if (certChain != null) {
: for (int i = 0; i < certChain.length; i++) {
: msg += "Client Certificate " + i + ":\n";
: msg += certChain[i].toString() + "\n";
: }
: }
: }
: // write the message to the output stream
: ServletOutputStream out = res.getOutputStream();
: out.print(msg);
: out.close();
:
:
: Pointers, code, URLs or anything else that moves me in the
: direction of
: getting
: this working would be hugely appreciated.
:
: Thanks,
:
: Victor
:
:
: --
: --------------------------------------------------------------
: Please read the FAQ! <http://java.apache.org/faq/>
: To subscribe: [EMAIL PROTECTED]
: To unsubscribe: [EMAIL PROTECTED]
: Archives and Other: <http://java.apache.org/main/mail.html>
: Problems?: [EMAIL PROTECTED]
:
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
