RE: RE: extracting the Subject from a X.509 client certificat

Victor Granic Thu, 9 Mar 2000 15:56:16 -0800
----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files.  Don't make us guess your problem!!!
----------------------------------------------------------------

The addition of the <Location> tag in my httpd.conf file was the missing
link.  My servlet successfully retrieved the SSL_CLIENT_DN variable.

Thanks, Bob!

Victor

p.s. Jean-Luc also pointed out that only two SSL variables are currently
retrievable:  SSL_CLIENT_DN and SSL_CLIENT_IDN (although I haven't tested 
the latter)


:  -----Original Message-----
:  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
:  Sent: Thursday, March 09, 2000 8:41 AM
:  To: Victor Granic
:  Cc: [EMAIL PROTECTED]
:  Subject: Re:RE: extracting the Subject from a X.509 client certificat
:  
:  
:  ----------------------------------------------------------------
:  BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
:  WHEN YOU POST, include all relevant version numbers, log files,
:  and configuration files.  Don't make us guess your problem!!!
:  ----------------------------------------------------------------
:  
:  Victor (and everybody),
:  
:  My configuration is Linux RedHat 5.2, Apache 1.3.6, OpenSSL 
:  1-0.9.3a, Mod_SSL
:  2.3.
:  
:  Here is the complete code listing for a very simple servlet 
:  that displays
:  information about the client's certificate.  When I install 
:  this servlet in a
:  zone that is defined in my httpd.conf file as an 
:  SSL-authenticated location, it
:  works perfectly.  Here is the relevant section from httpd.conf:
:  
:  <Location /servlets>
:          SSLOptions +FakeBasicAuth
:          SSLVerifyClient require
:          SSLVerifyDepth  1
:          SSLRequireSSL
:  </Location>
:  
:  
:  and here is the servlet:
:  
:  import java.io.*;
:  import java.lang.*;
:  import javax.servlet.*;
:  import javax.servlet.http.*;
:  
:  public class GetCertInfo extends HttpServlet
:  {
:  
:     public void doGet(HttpServletRequest req, HttpServletResponse res)
:        throws ServletException, IOException
:     {
:  
:        res.setContentType("text/html");
:        PrintWriter out = res.getWriter();
:        BufferedReader in = req.getReader();
:  
:        StringBuffer content = new StringBuffer();
:        content.append(
:             "<HTML><BODY>Some useful info about the client 
:  certificate:<BR>" +
:             "<BR>User = " +
:             
:  (String)req.getAttribute("org.apache.jserv.SSL_CLIENT_S_DN_CN") +
:             "<BR>Cipher = " +
:             (String)req.getAttribute("org.apache.jserv.SSL_CIPHER") +
:             "<BR>SessionID = " +
:             
:  (String)req.getAttribute("org.apache.jserv.SSL_SESSION_ID") +
:             "<BR>ClientSN = " +
:             
:  (String)req.getAttribute("org.apache.jserv.SSL_SESSION_ID") +
:             "</BODY></HTML>");
:  
:        out.println(content.toString());
:     }
:  
:  }
:  
:  
:  To see the list of all environment variables that SSL keeps 
:  track of, see the
:  excellent documentation by Ralf S. Engelschall at 
:  http://www.openssl.org.
:  
:  I hope this is helpful.
:  
:  Bob Dana
:  
:  ____________________Reply Separator____________________
:  Subject:    RE: extracting the Subject from a X.509 client 
:  certificate
:  Author: Victor Granic <[EMAIL PROTECTED]>
:  Date:       3/8/00 3:21 PM
:  
:  Hi Bob!
:  
:  Thanks for the quick response.  I modified the entry in the code but
:  I'm still not getting the information.  With respect to the servlet
:  and certificate code, what import statements do you include?  I'm 
:  wondering where getAttibute() extacts that string from.
:  
:  Thanks again,
:  
:  Victor
:  
:  
:  
:  :   -----Original Message-----
:  :   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
:  :   Sent: Wednesday, March 08, 2000 5:59 PM
:  :   To: Victor Granic
:  :   Subject: Re:extracting the Subject from a X.509 client 
:  certificate
:  :   
:  :   
:  :   Victor,
:  :   
:  :   I have a very similar configuration to yours (except that I 
:  :   run RedHat Linux
:  :   5.2,) and this works for me:
:  :   
:  :   req.getAttribute("org.apache.jserv.SSL_CIPHER");
:  :   
:  :   Good luck.
:  :   
:  :   Bob Dana
:  :   
:  :   
:  :   ____________________Reply Separator____________________
:  :   Subject:    extracting the Subject from a X.509 client 
:  certificate
:  :   Author: Victor Granic <[EMAIL PROTECTED]>
:  :   Date:       3/8/00 5:15 PM
:  :   
:  :   ----------------------------------------------------------------
:  :   BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
:  :   WHEN YOU POST, include all relevant version numbers, log files,
:  :   and configuration files.  Don't make us guess your problem!!!
:  :   ----------------------------------------------------------------
:  :   
:  :   Hello.
:  :   
:  :   I'm attempting to authenticate clients connecting to my Web 
:  :   server using
:  :   X.509 
:  :   certificates.  Here is what I have installed:
:  :   
:  :   Apache 1.3.6
:  :   OpenSSL 0.9.3
:  :   Apache Jserv 1.1
:  :   
:  :   running on:
:  :   Solaris 7 (sparc)
:  :   
:  :   
:  :   SSL is working and servlets are working, but when I try to 
:  :   access the client
:  :   cert with 
:  :   the follwing code, I receive null for the cipherSuite:
:  :   
:  :   
:  :       public void service(HttpServletRequest req, 
:  :   HttpServletResponse res)
:  :       throws ServletException, IOException
:  :       {
:  :           String msg = "<PRE>";
:  :   
:  :           // Get the Cipher Suite in use
:  :           String cipherSuite = (String)
:  :   req.getAttribute("java.net.ssl.cipher_suite");
:  :           msg += "Cipher Suite: " + cipherSuite + "\n";
:  :   
:  :           // Get the client's certificate if there are any
:  :           if (cipherSuite != null) {
:  :               X509Certificate certChain[] = 
:  :                   (X509Certificate[])
:  :   req.getAttribute("java.net.ssl.peer_certificates");
:  :               if (certChain != null) {
:  :                   for (int i = 0; i < certChain.length; i++) {
:  :                       msg += "Client Certificate " + i + ":\n";
:  :                       msg += certChain[i].toString() + "\n";
:  :                   }
:  :               }
:  :           }
:  :           // write the message to the output stream
:  :           ServletOutputStream out = res.getOutputStream();
:  :           out.print(msg);
:  :           out.close();
:  :   
:  :   
:  :   Pointers, code, URLs or anything else that moves me in the 
:  :   direction of
:  :   getting
:  :   this working would be hugely appreciated.
:  :   
:  :   Thanks,
:  :   
:  :   Victor
:  :   
:  :   
:  :   --
:  :   --------------------------------------------------------------
:  :   Please read the FAQ! <http://java.apache.org/faq/>
:  :   To subscribe:        [EMAIL PROTECTED]
:  :   To unsubscribe:      [EMAIL PROTECTED]
:  :   Archives and Other:  <http://java.apache.org/main/mail.html>
:  :   Problems?:           [EMAIL PROTECTED]
:  :   
:  
:  
:  --
:  --------------------------------------------------------------
:  Please read the FAQ! <http://java.apache.org/faq/>
:  To subscribe:        [EMAIL PROTECTED]
:  To unsubscribe:      [EMAIL PROTECTED]
:  Archives and Other:  <http://java.apache.org/main/mail.html>
:  Problems?:           [EMAIL PROTECTED]
:  


--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]
RE: RE: extracting the Subject from a X.509 client certificat

Reply via email to
