Re: Get Client Certificate Information

Fri, 30 Jun 2023 12:20:15 -0700 

Cris,

On 6/29/23 08:34, Berneburg, Cris J. - US wrote:

Hi Timothy

Sorry, I'm a little late to the party for a reply.

On an older project, when pulling cert info (using javax), we grabbed it from the 
session, not the request, even though the attribute name says "request".

HttpSession session = httpRequest.getSession();
Object rawSubject = session.getAttribute ( 
"javax.servlet.request.X509Certificate" );

Not sure if that's relevant to or helps with your situation.
Your application must have done something like this, because what you have above isn't required by anything in the spec. Only the request is mentioned in the specs. 

-chris


-----Original Message-----
From: Timothy Ward <twardbite...@gmail.com>
Sent: Wednesday, June 21, 2023 4:57 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Get Client Certificate Information

EXTERNAL EMAIL - This email originated from outside of CACI. Do not click any 
links or attachments unless you recognize and trust the sender.





import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

public class GrabCert extends Object
{
  public static String getCommonName()
  {
   try
      {
       X509Certificate[] certs = (X509Certificate[]) 
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
      }
   catch (Exception ex)
        {
         System.out.println("Exception caught in getCommonName:");
         ex.printStackTrace();
        }
  }
}

This end up getting:

[Error]  (1: 0): GrabCert:48: error: cannot find symbol
[Error]  (1: 0):       X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
[Error]  (1: 0):                                                     ^
[Error]  (1: 0):   symbol:   method HttpServletRequest()
[Error]  (1: 0):   location: class GrabCert
[Error]  (1: 0): 1 error


On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz < 
ch...@christopherschultz.net> wrote:


Timothy,

On 6/21/23 13:55, Timothy Ward wrote:

Not sure it's lined up right, lost in copy/paste I think, the ^
seems to

be

initially under the (X509Certificate[]) right before the
getHttpServletRequest(), so I thought it didn't like the
getHttpServletRequest itself, maybe it doesn't like the getAttribute

method.

The compiler tells you 100% it's getHttpServletRequest.

You didn't post the rest of the code, so we have no idea what kind of
class this code exists in. My guess is that whatever class this code
is in does not have a getHttpServletRequest() method to call.

If you can post more code, we may be able to help.

-chris


On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rsarg...@xmission.com>

wrote:






On Jun 21, 2023, at 11:29 AM, Timothy Ward
<twardbite...@gmail.com>

wrote:


I tried the following:

import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate; import
javax.security.cert.X509Certificate;

X509Certificate[] certs = (X509Certificate[])




getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
ificate");


and I'm getting:

[Error]  (1: 0): GrabCert:33: error: cannot find symbol,
[Error]  (1: 0):       X509Certificate[] certs = (X509Certificate[])




getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
ificate");,

[Error]  (1: 0):                                                     ^,
[Error]  (1: 0):   symbol:   method getHttpServletRequest(),
[Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error



If I lined that up correctly, it seems to be pointing at “getAttribute”.
Is your getHttpServletRequest giving you what you expect?


-------------------------------------------------------------------
-- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




________________________________

This electronic message contains information from CACI International Inc or 
subsidiary companies, which may be company sensitive, proprietary, privileged 
or otherwise protected from disclosure. The information is intended to be used 
solely by the recipient(s) named above. If you are not an intended recipient, 
be aware that any review, disclosure, copying, distribution or use of this 
transmission or its contents is prohibited. If you have received this 
transmission in error, please notify the sender immediately.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to