Hi,
I have prepared a patch to get the "javax.servlet.request.X509Certificate"
working with the Http10Connector.
I will commit it tomorrow (after removing the println() and retesting with JSSE
and without JSSE).
I have enclosed the patch for Http10Interceptor.java and the 2 new CertCompat
files.
I have also committed a small patch for PoolTcpConnector.java please check it...
Any comments?
Cheers
Jean-frederic
? src/share/org/apache/tomcat/util/compat/CertCompat.java
? src/share/org/apache/tomcat/util/compat/JSSECertCompat.java
Index: src/share/org/apache/tomcat/modules/server/Http10Interceptor.java
===================================================================
RCS file:
/home/cvs/mirror/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Http10Interceptor.java,v
retrieving revision 1.23
diff -u -r1.23 Http10Interceptor.java
--- src/share/org/apache/tomcat/modules/server/Http10Interceptor.java 2001/09/17
04:56:02 1.23
+++ src/share/org/apache/tomcat/modules/server/Http10Interceptor.java 2001/09/20
+17:05:46
@@ -71,6 +71,7 @@
import org.apache.tomcat.util.net.*;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.apache.tomcat.util.log.*;
+import org.apache.tomcat.util.compat.*;
/** Standalone http.
*
@@ -204,9 +205,16 @@
Http10 http=new Http10();
private boolean moreRequests = false;
Socket socket;
+ static CertCompat certcompat = CertCompat.getCertCompat();
public HttpRequest() {
super();
+ }
+ public Object getAttribute(String name) {
+ if (name.equals("javax.servlet.request.X509Certificate")) {
+ return(certcompat.getX509Certificates(socket));
+ }
+ return(super.getAttribute(name));
}
public void recycle() {
package org.apache.tomcat.util.compat;
import java.io.ByteArrayInputStream;
import java.net.Socket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.security.cert.CertificateFactory;
import javax.security.cert.X509Certificate;
public class JSSECertCompat extends CertCompat {
/** Return the client certificate.
*/
public java.security.cert.X509Certificate [] getX509Certificates(Socket s)
{
// Make sure it is a SSLSocket.
System.out.println("getX509Certificates: JSSECertCompat.java");
if (s == null)
return null;
if (!(s instanceof SSLSocket))
return null;
SSLSocket socket = (SSLSocket) s;
// Look up the current SSLSession
System.out.println("getX509Certificates: getSession");
SSLSession session = socket.getSession();
if (session == null)
return null;
// Convert JSSE's certificate format to the ones we need
System.out.println("getX509Certificates: PeerCertificateChain");
X509Certificate jsseCerts[] = null;
java.security.cert.X509Certificate x509Certs[] = null;
try {
jsseCerts = session.getPeerCertificateChain();
if (jsseCerts == null)
jsseCerts = new X509Certificate[0];
x509Certs =
new java.security.cert.X509Certificate[jsseCerts.length];
System.out.println("getX509Certificates: jsseCerts.length" +
jsseCerts.length);
for (int i = 0; i < x509Certs.length; i++) {
byte buffer[] = jsseCerts[i].getEncoded();
CertificateFactory cf =
CertificateFactory.getInstance("X.509");
ByteArrayInputStream stream =
new ByteArrayInputStream(buffer);
x509Certs[i] = (java.security.cert.X509Certificate)
cf.generateCertificate(stream);
}
} catch (Throwable t) {
System.out.println("getX509Certificates: Throwable" + t);
return null;
}
if ((x509Certs == null) || (x509Certs.length < 1))
return null;
return x509Certs;
}
}
package org.apache.tomcat.util.compat;
import java.net.Socket;
import javax.security.cert.X509Certificate;
public class CertCompat {
/** Return the client certificate.
*/
public java.security.cert.X509Certificate [] getX509Certificates(Socket s)
{
System.out.println("getX509Certificates CertCompat.java");
return null;
}
// -------------------- Factory --------------------
/** Get a compatibility helper class.
*/
public static CertCompat getCertCompat() {
return compat;
}
static CertCompat compat;
static {
init();
}
static final String JSSE_SUPPORT=
"org.apache.tomcat.util.compat.JSSECertCompat";
private static void init() {
System.out.println("init CertCompat.java");
try {
Class c=Class.forName(JSSE_SUPPORT);
compat=(CertCompat)c.newInstance();
} catch( Exception ex ) {
System.out.println("init failed: " + ex);
compat=new CertCompat();
}
}
}
