Re: Get Client Certificate Information

2023-06-30 Thread Christopher Schultz
required by anything in the spec. Only the request is mentioned in the specs. -chris -Original Message- From: Timothy Ward Sent: Wednesday, June 21, 2023 4:57 PM To: Tomcat Users List Subject: Re: Get Client Certificate Information EXTERNAL EMAIL - This email originated from outside of CA

RE: Get Client Certificate Information

2023-06-29 Thread Berneburg, Cris J. - US
st Subject: Re: Get Client Certificate Information EXTERNAL EMAIL - This email originated from outside of CACI. Do not click any links or attachments unless you recognize and trust the sender. import javax.servlet.http.HttpServletRequest; import javax.security.cert

Re: Get Client Certificate Information

2023-06-22 Thread Timothy Ward
The compile actually created 4 .class files: CGIServlet$CGIEnvironment.class CGIServlet$CGIRunner.class CGIServlet$HTTPHeaderInputStream.class CGIServlet.class So, I combined them into CGIServlet.jar I'll look at ant deploy. On Thu, Jun 22, 2023 at 5:29 PM Christopher Schultz <

Re: Get Client Certificate Information

2023-06-22 Thread Christopher Schultz
Timothy, On 6/22/23 14:01, Timothy Ward wrote: I am trying to go the route of modifying the CGIServlet from: h ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771

Re: Get Client Certificate Information

2023-06-22 Thread Timothy Ward
I am trying to go the route of modifying the CGIServlet from: h ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771 I got it to compile with my changes

Re: Get Client Certificate Information

2023-06-22 Thread Christopher Schultz
Timothy, On 6/21/23 16:56, Timothy Ward wrote: import javax.servlet.http.HttpServletRequest; import javax.security.cert.Certificate; import javax.security.cert.X509Certificate; public class GrabCert extends Object { public static String getCommonName() { try {

Re: Get Client Certificate Information

2023-06-21 Thread Timothy Ward
import javax.servlet.http.HttpServletRequest; import javax.security.cert.Certificate; import javax.security.cert.X509Certificate; public class GrabCert extends Object { public static String getCommonName() { try { X509Certificate[] certs = (X509Certificate[])

Re: Get Client Certificate Information

2023-06-21 Thread Martynas Jusevičius
Sorry, getHttpServletRequest() came from my code :) It’s not a Jakarta method. In JAX-RS frameworks such as Jersey you can use @Context or @Inject annotations to get request and servlet context objects (such as HttpServletRequest):

Re: Get Client Certificate Information

2023-06-21 Thread Christopher Schultz
Timothy, On 6/21/23 13:55, Timothy Ward wrote: Not sure it's lined up right, lost in copy/paste I think, the ^ seems to be initially under the (X509Certificate[]) right before the getHttpServletRequest(), so I thought it didn't like the getHttpServletRequest itself, maybe it doesn't like the

Re: Get Client Certificate Information

2023-06-21 Thread Timothy Ward
I'm attempting to run this from within Oracle 19c, so I believe that is throwing a whole other wrinkle in there. On Wed, Jun 21, 2023 at 1:48 PM Mark Thomas wrote: > > > On 21/06/2023 18:29, Timothy Ward wrote: > > I tried the following: > > > > import javax.servlet.http.HttpServletRequest; > >

Re: Get Client Certificate Information

2023-06-21 Thread Timothy Ward
Not sure it's lined up right, lost in copy/paste I think, the ^ seems to be initially under the (X509Certificate[]) right before the getHttpServletRequest(), so I thought it didn't like the getHttpServletRequest itself, maybe it doesn't like the getAttribute method. On Wed, Jun 21, 2023 at 1:52 

Re: Get Client Certificate Information

2023-06-21 Thread Rob Sargent
> On Jun 21, 2023, at 11:29 AM, Timothy Ward wrote: > > I tried the following: > > import javax.servlet.http.HttpServletRequest; > import javax.security.cert.Certificate; > import javax.security.cert.X509Certificate; > > X509Certificate[] certs = (X509Certificate[]) >

Re: Get Client Certificate Information

2023-06-21 Thread Mark Thomas
On 21/06/2023 18:29, Timothy Ward wrote: I tried the following: import javax.servlet.http.HttpServletRequest; If you are using the Java EE imports ... import javax.security.cert.Certificate; import javax.security.cert.X509Certificate; X509Certificate[] certs = (X509Certificate[])

Re: Get Client Certificate Information

2023-06-21 Thread Timothy Ward
I tried the following: import javax.servlet.http.HttpServletRequest; import javax.security.cert.Certificate; import javax.security.cert.X509Certificate; X509Certificate[] certs = (X509Certificate[]) getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate"); and I'm

Re: Get Client Certificate Information

2023-06-12 Thread Mark Thomas
On 12/06/2023 12:00, Timothy Ward wrote: Changing the CGI Servlet may be the easiest route, but if I wanted to use it as intended, I'm guessing I would use the original Java code that you sent below? X509Certificate[] certs =

Re: Get Client Certificate Information

2023-06-12 Thread Timothy Ward
Changing the CGI Servlet may be the easiest route, but if I wanted to use it as intended, I'm guessing I would use the original Java code that you sent below? X509Certificate[] certs = (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate"); I would

Re: Get Client Certificate Information

2023-06-12 Thread Mark Thomas
If you decide to go the route of modifying Tomcat's CGI servlet, this is probably where you'll want to add the TLS info: https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771 You should be able to copy the source of Tomcat's CGI servlet, modify as

Re: Get Client Certificate Information

2023-06-12 Thread Timothy Ward
I'm converting an application from using Oracle Http Server which is a version of Apache so I was just trying to keep the code close to the same. It is going to use Tomcat and ORDS. We've got ORDS working and are just setting up Tomcat to do the SSL stuff we needed to do. I was using the

Re: Get Client Certificate Information

2023-06-12 Thread Mark Thomas
The information you are looking for is not made available via Tomcat's standard CGI servlet. You would need to extend it and add the certificate information as an additional environment variable (or variables). Do you need to use CGI? It is fairly unusual to see CGI mention on this list

Re: Get Client Certificate Information

2023-06-11 Thread Timothy Ward
Doesn't seem to work via perl, where would I have to use that line of code? On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius wrote: > You can get client certificates from ServletRequest: > > X509Certificate[] certs = > >

Re: Get Client Certificate Information

2023-06-11 Thread Martynas Jusevičius
You can get client certificates from ServletRequest: X509Certificate[] certs = (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");

Get Client Certificate Information

2023-06-11 Thread Timothy Ward
Tomcat 10.1 setup using certificateVerification="required" on Windows Server 2019, is there a way to get the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN via a CGI perl script? I think I have the SSLValve valve implemented, but there is nothing for sure that tells me that it is. The browser prompts for