You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2007/03/18 21:12:12 UTC
DO NOT REPLY [Bug 41883] New: - use abstract wrapper instead of plain X509Certificate during client authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41883>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41883
Summary: use abstract wrapper instead of plain X509Certificate
during client authentication
Product: Tomcat 6
Version: unspecified
Platform: Other
OS/Version: other
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: hauser@acm.org
After a client certificate authentication, the certificate is in
org.apache.catalina.Globals.CERTIFICATES_ATTR
As per the object oriented coding and design principles, I'd expect that a cert
would also entail methods to e.g. check the its CRL status, etc.
java.security.cert.X509Certificate unfortunately doesn't.
In order to enable programmers to use smarter extensions of the certificate
object, I suggest
1) Tomcat to use an extension of the X509Certificate object that has a
constructor with the X509Certificate as an argument
2) add an attribute in the server.xml's Connector element such that another
implementation can be specified - e.g. "X509CertClass"
(http://tomcat.apache.org/tomcat-5.5-doc/config/http.html#SSL%20Support)
This allows to use such a smarter certificate implementation in
org.apache.catalina.authenticator.SSLAuthenticator as well as later on in the
business logic, e.g. accessed via the httpServletRequest of an MVC framework
such as struts, by simply putting that implementation into
CATALINA_HOME/common/[lib/classes]
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41883] - use abstract wrapper instead of plain X509Certificate during client authentication
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41883>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41883
------- Additional Comments From hauser@acm.org 2007-03-18 13:14 -------
The abstract class all extended X509Certificate implementations would have to
extend could be as simple as
public abstract class X509CertificateExtensible extends X509Certificate {
private static final long serialVersionUID = 1L;
protected X509Certificate javaCert = null;
static Log log = LogFactory.getLog(X509CertificateExtensible.class);
public X509CertificateExtensible(X509Certificate javaCert) {
this.javaCert = javaCert;
}
I am happy to provide a baseline wrapper that basically just maintains backward
compatibility.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41883] - use abstract wrapper instead of plain X509Certificate during client authentication
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41883>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41883
hauser@acm.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From hauser@acm.org 2007-03-19 01:30 -------
see also Bug 34643
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org