I tried the following: import javax.servlet.http.HttpServletRequest; import javax.security.cert.Certificate; import javax.security.cert.X509Certificate;
X509Certificate[] certs = (X509Certificate[]) getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate"); and I'm getting: [Error] (1: 0): GrabCert:33: error: cannot find symbol, [Error] (1: 0): X509Certificate[] certs = (X509Certificate[]) getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");, [Error] (1: 0): ^, [Error] (1: 0): symbol: method getHttpServletRequest(), [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error I've tried various other versions as well after googling it and haven't been able to get anything to compile. On Mon, Jun 12, 2023 at 12:11 PM Mark Thomas <ma...@apache.org> wrote: > On 12/06/2023 12:00, Timothy Ward wrote: > > Changing the CGI Servlet may be the easiest route, but if I wanted to use > > it as intended, I'm guessing I would use the original Java code that you > > sent below? > > > > X509Certificate[] certs = > > > (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate"); > > > > > > I would just have to figure out how to do that within Oracle. > > That should get you the value with ORDS (I've never used ORDS). I don't > think you'll be able to pass it to the CGI though. > > Mark > > > > > > On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas <ma...@apache.org> wrote: > > > >> If you decide to go the route of modifying Tomcat's CGI servlet, this is > >> probably where you'll want to add the TLS info: > >> > >> > >> > https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771 > >> > >> You should be able to copy the source of Tomcat's CGI servlet, modify as > >> required and then just deploy it as part of the web application the same > >> way you would any other servlet. > >> > >> Mark > >> > >> > >> On 12/06/2023 10:41, Timothy Ward wrote: > >>> I'm converting an application from using Oracle Http Server which is a > >>> version of Apache so I was just trying to keep the code close to the > >> same. > >>> > >>> It is going to use Tomcat and ORDS. We've got ORDS working and are > just > >>> setting up Tomcat to do the SSL stuff we needed to do. > >>> > >>> I was using the SSLOptions +StdEnvVars settings that would set the > >>> variables I needed as environment variables that I could then pick up > in > >>> Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN'); > >>> > >>> So, I guess if there is a different way of doing that without using CGI > >>> Environment variables I can try that. I'm just having issues finding > any > >>> useful examples of what I want to do. > >>> > >>> Thanks for your help, it is really appreciated. > >>> > >>> On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote: > >>> > >>>> The information you are looking for is not made available via Tomcat's > >>>> standard CGI servlet. You would need to extend it and add the > >>>> certificate information as an additional environment variable (or > >>>> variables). > >>>> > >>>> Do you need to use CGI? It is fairly unusual to see CGI mention on > this > >>>> list these days. > >>>> > >>>> Mark > >>>> > >>>> > >>>> On 11/06/2023 22:56, Timothy Ward wrote: > >>>>> Doesn't seem to work via perl, where would I have to use that line of > >>>> code? > >>>>> > >>>>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius < > >>>> marty...@atomgraph.com> > >>>>> wrote: > >>>>> > >>>>>> You can get client certificates from ServletRequest: > >>>>>> > >>>>>> X509Certificate[] certs = > >>>>>> > >>>>>> > >>>> > >> > (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate"); > >>>>>> > >>>>>> > >>>>>> > >>>> > >> > https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String) > >>>>>> > >>>>>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward < > twardbite...@gmail.com > >>> > >>>>>> wrote: > >>>>>>> > >>>>>>> Tomcat 10.1 setup using certificateVerification="required" on > Windows > >>>>>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and > >>>>>> SSL_CLIENT_I_DN > >>>>>>> via a CGI perl script? I think I have the SSLValve valve > >> implemented, > >>>>>> but > >>>>>>> there is nothing for sure that tells me that it is. > >>>>>>> > >>>>>>> The browser prompts for the pin and authenticates just fine, I just > >>>> need > >>>>>> a > >>>>>>> way to get some of the client certificate information. > >>>>>>> > >>>>>>> Thanks, > >>>>>>> Tim > >>>>>> > >>>>>> > --------------------------------------------------------------------- > >>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>>>> > >>>>>> > >>>>> > >>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>> > >>>> > >>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >