I tried the following:
import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;
X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
and I'm getting:
[Error] (1: 0): GrabCert:33: error: cannot find symbol,
[Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
[Error] (1: 0): ^,
[Error] (1: 0): symbol: method getHttpServletRequest(),
[Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
I've tried various other versions as well after googling it and haven't
been able to get anything to compile.
On Mon, Jun 12, 2023 at 12:11 PM Mark Thomas <ma...@apache.org> wrote:
> On 12/06/2023 12:00, Timothy Ward wrote:
> > Changing the CGI Servlet may be the easiest route, but if I wanted to use
> > it as intended, I'm guessing I would use the original Java code that you
> > sent below?
> >
> > X509Certificate[] certs =
> >
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >
> >
> > I would just have to figure out how to do that within Oracle.
>
> That should get you the value with ORDS (I've never used ORDS). I don't
> think you'll be able to pass it to the CGI though.
>
> Mark
>
>
> >
> > On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas <ma...@apache.org> wrote:
> >
> >> If you decide to go the route of modifying Tomcat's CGI servlet, this is
> >> probably where you'll want to add the TLS info:
> >>
> >>
> >>
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> >>
> >> You should be able to copy the source of Tomcat's CGI servlet, modify as
> >> required and then just deploy it as part of the web application the same
> >> way you would any other servlet.
> >>
> >> Mark
> >>
> >>
> >> On 12/06/2023 10:41, Timothy Ward wrote:
> >>> I'm converting an application from using Oracle Http Server which is a
> >>> version of Apache so I was just trying to keep the code close to the
> >> same.
> >>>
> >>> It is going to use Tomcat and ORDS. We've got ORDS working and are
> just
> >>> setting up Tomcat to do the SSL stuff we needed to do.
> >>>
> >>> I was using the SSLOptions +StdEnvVars settings that would set the
> >>> variables I needed as environment variables that I could then pick up
> in
> >>> Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
> >>>
> >>> So, I guess if there is a different way of doing that without using CGI
> >>> Environment variables I can try that. I'm just having issues finding
> any
> >>> useful examples of what I want to do.
> >>>
> >>> Thanks for your help, it is really appreciated.
> >>>
> >>> On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
> >>>
> >>>> The information you are looking for is not made available via Tomcat's
> >>>> standard CGI servlet. You would need to extend it and add the
> >>>> certificate information as an additional environment variable (or
> >>>> variables).
> >>>>
> >>>> Do you need to use CGI? It is fairly unusual to see CGI mention on
> this
> >>>> list these days.
> >>>>
> >>>> Mark
> >>>>
> >>>>
> >>>> On 11/06/2023 22:56, Timothy Ward wrote:
> >>>>> Doesn't seem to work via perl, where would I have to use that line of
> >>>> code?
> >>>>>
> >>>>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> >>>> marty...@atomgraph.com>
> >>>>> wrote:
> >>>>>
> >>>>>> You can get client certificates from ServletRequest:
> >>>>>>
> >>>>>> X509Certificate[] certs =
> >>>>>>
> >>>>>>
> >>>>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> >>>>>>
> >>>>>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <
> twardbite...@gmail.com
> >>>
> >>>>>> wrote:
> >>>>>>>
> >>>>>>> Tomcat 10.1 setup using certificateVerification="required" on
> Windows
> >>>>>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> >>>>>> SSL_CLIENT_I_DN
> >>>>>>> via a CGI perl script? I think I have the SSLValve valve
> >> implemented,
> >>>>>> but
> >>>>>>> there is nothing for sure that tells me that it is.
> >>>>>>>
> >>>>>>> The browser prompts for the pin and authenticates just fine, I just
> >>>> need
> >>>>>> a
> >>>>>>> way to get some of the client certificate information.
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>> Tim
> >>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >>>> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
