You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Timothy Ward <tw...@gmail.com> on 2023/06/11 21:19:49 UTC
Get Client Certificate Information
Tomcat 10.1 setup using certificateVerification="required" on Windows
Server 2019, is there a way to get the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN
via a CGI perl script? I think I have the SSLValve valve implemented, but
there is nothing for sure that tells me that it is.
The browser prompts for the pin and authenticates just fine, I just need a
way to get some of the client certificate information.
Thanks,
Tim
Re: Get Client Certificate Information
Posted by Timothy Ward <tw...@gmail.com>.
I'm attempting to run this from within Oracle 19c, so I believe that is
throwing a whole other wrinkle in there.
On Wed, Jun 21, 2023 at 1:48 PM Mark Thomas <ma...@apache.org> wrote:
>
>
> On 21/06/2023 18:29, Timothy Ward wrote:
> > I tried the following:
> >
> > import javax.servlet.http.HttpServletRequest;
>
> If you are using the Java EE imports ...
>
> > import javax.security.cert.Certificate;
> > import javax.security.cert.X509Certificate;
> >
> > X509Certificate[] certs = (X509Certificate[])
> >
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>
> ... you should be using the Java EE attribute names. Replace "jakarta"
> with "javax".
>
> It should still compile though, even with the wrong attribute name. Is
> the ORDS related? I'm not familiar with that tool so I don't know what
> might be going on.
>
> Mark
>
> >
> > and I'm getting:
> >
> > [Error] (1: 0): GrabCert:33: error: cannot find symbol,
> > [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> >
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> > [Error] (1: 0): ^,
> > [Error] (1: 0): symbol: method getHttpServletRequest(),
> > [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
> >
> > I've tried various other versions as well after googling it and haven't
> > been able to get anything to compile.
> >
> > On Mon, Jun 12, 2023 at 12:11 PM Mark Thomas <ma...@apache.org> wrote:
> >
> >> On 12/06/2023 12:00, Timothy Ward wrote:
> >>> Changing the CGI Servlet may be the easiest route, but if I wanted to
> use
> >>> it as intended, I'm guessing I would use the original Java code that
> you
> >>> sent below?
> >>>
> >>> X509Certificate[] certs =
> >>>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>
> >>>
> >>> I would just have to figure out how to do that within Oracle.
> >>
> >> That should get you the value with ORDS (I've never used ORDS). I don't
> >> think you'll be able to pass it to the CGI though.
> >>
> >> Mark
> >>
> >>
> >>>
> >>> On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas <ma...@apache.org> wrote:
> >>>
> >>>> If you decide to go the route of modifying Tomcat's CGI servlet, this
> is
> >>>> probably where you'll want to add the TLS info:
> >>>>
> >>>>
> >>>>
> >>
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> >>>>
> >>>> You should be able to copy the source of Tomcat's CGI servlet, modify
> as
> >>>> required and then just deploy it as part of the web application the
> same
> >>>> way you would any other servlet.
> >>>>
> >>>> Mark
> >>>>
> >>>>
> >>>> On 12/06/2023 10:41, Timothy Ward wrote:
> >>>>> I'm converting an application from using Oracle Http Server which is
> a
> >>>>> version of Apache so I was just trying to keep the code close to the
> >>>> same.
> >>>>>
> >>>>> It is going to use Tomcat and ORDS. We've got ORDS working and are
> >> just
> >>>>> setting up Tomcat to do the SSL stuff we needed to do.
> >>>>>
> >>>>> I was using the SSLOptions +StdEnvVars settings that would set the
> >>>>> variables I needed as environment variables that I could then pick up
> >> in
> >>>>> Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
> >>>>>
> >>>>> So, I guess if there is a different way of doing that without using
> CGI
> >>>>> Environment variables I can try that. I'm just having issues finding
> >> any
> >>>>> useful examples of what I want to do.
> >>>>>
> >>>>> Thanks for your help, it is really appreciated.
> >>>>>
> >>>>> On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org>
> wrote:
> >>>>>
> >>>>>> The information you are looking for is not made available via
> Tomcat's
> >>>>>> standard CGI servlet. You would need to extend it and add the
> >>>>>> certificate information as an additional environment variable (or
> >>>>>> variables).
> >>>>>>
> >>>>>> Do you need to use CGI? It is fairly unusual to see CGI mention on
> >> this
> >>>>>> list these days.
> >>>>>>
> >>>>>> Mark
> >>>>>>
> >>>>>>
> >>>>>> On 11/06/2023 22:56, Timothy Ward wrote:
> >>>>>>> Doesn't seem to work via perl, where would I have to use that line
> of
> >>>>>> code?
> >>>>>>>
> >>>>>>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> >>>>>> martynas@atomgraph.com>
> >>>>>>> wrote:
> >>>>>>>
> >>>>>>>> You can get client certificates from ServletRequest:
> >>>>>>>>
> >>>>>>>> X509Certificate[] certs =
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> >>>>>>>>
> >>>>>>>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <
> >> twardbiteme1@gmail.com
> >>>>>
> >>>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>> Tomcat 10.1 setup using certificateVerification="required" on
> >> Windows
> >>>>>>>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> >>>>>>>> SSL_CLIENT_I_DN
> >>>>>>>>> via a CGI perl script? I think I have the SSLValve valve
> >>>> implemented,
> >>>>>>>> but
> >>>>>>>>> there is nothing for sure that tells me that it is.
> >>>>>>>>>
> >>>>>>>>> The browser prompts for the pin and authenticates just fine, I
> just
> >>>>>> need
> >>>>>>>> a
> >>>>>>>>> way to get some of the client certificate information.
> >>>>>>>>>
> >>>>>>>>> Thanks,
> >>>>>>>>> Tim
> >>>>>>>>
> >>>>>>>>
> >> ---------------------------------------------------------------------
> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Get Client Certificate Information
Posted by Mark Thomas <ma...@apache.org>.
On 21/06/2023 18:29, Timothy Ward wrote:
> I tried the following:
>
> import javax.servlet.http.HttpServletRequest;
If you are using the Java EE imports ...
> import javax.security.cert.Certificate;
> import javax.security.cert.X509Certificate;
>
> X509Certificate[] certs = (X509Certificate[])
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
... you should be using the Java EE attribute names. Replace "jakarta"
with "javax".
It should still compile though, even with the wrong attribute name. Is
the ORDS related? I'm not familiar with that tool so I don't know what
might be going on.
Mark
>
> and I'm getting:
>
> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> [Error] (1: 0): ^,
> [Error] (1: 0): symbol: method getHttpServletRequest(),
> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
>
> I've tried various other versions as well after googling it and haven't
> been able to get anything to compile.
>
> On Mon, Jun 12, 2023 at 12:11 PM Mark Thomas <ma...@apache.org> wrote:
>
>> On 12/06/2023 12:00, Timothy Ward wrote:
>>> Changing the CGI Servlet may be the easiest route, but if I wanted to use
>>> it as intended, I'm guessing I would use the original Java code that you
>>> sent below?
>>>
>>> X509Certificate[] certs =
>>>
>> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>>
>>>
>>> I would just have to figure out how to do that within Oracle.
>>
>> That should get you the value with ORDS (I've never used ORDS). I don't
>> think you'll be able to pass it to the CGI though.
>>
>> Mark
>>
>>
>>>
>>> On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas <ma...@apache.org> wrote:
>>>
>>>> If you decide to go the route of modifying Tomcat's CGI servlet, this is
>>>> probably where you'll want to add the TLS info:
>>>>
>>>>
>>>>
>> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
>>>>
>>>> You should be able to copy the source of Tomcat's CGI servlet, modify as
>>>> required and then just deploy it as part of the web application the same
>>>> way you would any other servlet.
>>>>
>>>> Mark
>>>>
>>>>
>>>> On 12/06/2023 10:41, Timothy Ward wrote:
>>>>> I'm converting an application from using Oracle Http Server which is a
>>>>> version of Apache so I was just trying to keep the code close to the
>>>> same.
>>>>>
>>>>> It is going to use Tomcat and ORDS. We've got ORDS working and are
>> just
>>>>> setting up Tomcat to do the SSL stuff we needed to do.
>>>>>
>>>>> I was using the SSLOptions +StdEnvVars settings that would set the
>>>>> variables I needed as environment variables that I could then pick up
>> in
>>>>> Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
>>>>>
>>>>> So, I guess if there is a different way of doing that without using CGI
>>>>> Environment variables I can try that. I'm just having issues finding
>> any
>>>>> useful examples of what I want to do.
>>>>>
>>>>> Thanks for your help, it is really appreciated.
>>>>>
>>>>> On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
>>>>>
>>>>>> The information you are looking for is not made available via Tomcat's
>>>>>> standard CGI servlet. You would need to extend it and add the
>>>>>> certificate information as an additional environment variable (or
>>>>>> variables).
>>>>>>
>>>>>> Do you need to use CGI? It is fairly unusual to see CGI mention on
>> this
>>>>>> list these days.
>>>>>>
>>>>>> Mark
>>>>>>
>>>>>>
>>>>>> On 11/06/2023 22:56, Timothy Ward wrote:
>>>>>>> Doesn't seem to work via perl, where would I have to use that line of
>>>>>> code?
>>>>>>>
>>>>>>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
>>>>>> martynas@atomgraph.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> You can get client certificates from ServletRequest:
>>>>>>>>
>>>>>>>> X509Certificate[] certs =
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>
>> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>
>> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
>>>>>>>>
>>>>>>>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <
>> twardbiteme1@gmail.com
>>>>>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Tomcat 10.1 setup using certificateVerification="required" on
>> Windows
>>>>>>>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
>>>>>>>> SSL_CLIENT_I_DN
>>>>>>>>> via a CGI perl script? I think I have the SSLValve valve
>>>> implemented,
>>>>>>>> but
>>>>>>>>> there is nothing for sure that tells me that it is.
>>>>>>>>>
>>>>>>>>> The browser prompts for the pin and authenticates just fine, I just
>>>>>> need
>>>>>>>> a
>>>>>>>>> way to get some of the client certificate information.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Tim
>>>>>>>>
>>>>>>>>
>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Get Client Certificate Information
Posted by Timothy Ward <tw...@gmail.com>.
The compile actually created 4 .class files:
CGIServlet$CGIEnvironment.class
CGIServlet$CGIRunner.class
CGIServlet$HTTPHeaderInputStream.class
CGIServlet.class
So, I combined them into CGIServlet.jar....
I'll look at ant deploy.
On Thu, Jun 22, 2023 at 5:29 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Timothy,
>
> On 6/22/23 14:01, Timothy Ward wrote:
> > I am trying to go the route of modifying the CGIServlet from: h
> > ttps://
> github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> > <
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> >
> >
> > I got it to compile with my changes and then all the .class files are in
> a
> > CGIServlet.jar file.
> >
> > This may sound stupid, but I've looked around, but for the life of me I
> > don't know what to do with the jar file now.
>
> It would be best to replace CGIServlet.class in catalina.jar. Remember
> it's actually org/apache/catalina/servlets/CGIServlet.class in the JAR
> file.
>
> If you are building Tomcat from source, if you just run "ant deploy"
> you'll get a catalina.jar file that already has everything you need. In
> fact, you'll get a Tomcat deployment (in output/build) that you can use
> directly if you'd like.
>
> -chris
>
> > On Thu, Jun 22, 2023 at 10:04 AM Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> >> Timothy,
> >>
> >> On 6/21/23 16:56, Timothy Ward wrote:
> >>> import javax.servlet.http.HttpServletRequest;
> >>> import javax.security.cert.Certificate;
> >>> import javax.security.cert.X509Certificate;
> >>>
> >>> public class GrabCert extends Object
> >>> {
> >>> public static String getCommonName()
> >>> {
> >>> try
> >>> {
> >>> X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>> }
> >>> catch (Exception ex)
> >>> {
> >>> System.out.println("Exception caught in getCommonName:");
> >>> ex.printStackTrace();
> >>> }
> >>> }
> >>> }
> >>>
> >>> This end up getting:
> >>>
> >>> [Error] (1: 0): GrabCert:48: error: cannot find symbol
> >>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>> [Error] (1: 0): ^
> >>> [Error] (1: 0): symbol: method HttpServletRequest()
> >>> [Error] (1: 0): location: class GrabCert
> >>> [Error] (1: 0): 1 error
> >>
> >> Yeah, that method just doesn't exist. Your GrabCert class I guess needs
> >> a getHttpServletRequest method, and something needs to inject the
> >> request into the object as well.
> >>
> >> I think your class needs a lot more support than what you have there.
> >>
> >> -chris
> >>
> >>> On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
> >>> chris@christopherschultz.net> wrote:
> >>>
> >>>> Timothy,
> >>>>
> >>>> On 6/21/23 13:55, Timothy Ward wrote:
> >>>>> Not sure it's lined up right, lost in copy/paste I think, the ^ seems
> >> to
> >>>> be
> >>>>> initially under the (X509Certificate[]) right before the
> >>>>> getHttpServletRequest(), so I thought it didn't like the
> >>>>> getHttpServletRequest itself, maybe it doesn't like the getAttribute
> >>>> method.
> >>>>
> >>>> The compiler tells you 100% it's getHttpServletRequest.
> >>>>
> >>>> You didn't post the rest of the code, so we have no idea what kind of
> >>>> class this code exists in. My guess is that whatever class this code
> is
> >>>> in does not have a getHttpServletRequest() method to call.
> >>>>
> >>>> If you can post more code, we may be able to help.
> >>>>
> >>>> -chris
> >>>>
> >>>>> On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com>
> >>>> wrote:
> >>>>>
> >>>>>>
> >>>>>>
> >>>>>>> On Jun 21, 2023, at 11:29 AM, Timothy Ward <twardbiteme1@gmail.com
> >
> >>>>>> wrote:
> >>>>>>>
> >>>>>>> I tried the following:
> >>>>>>>
> >>>>>>> import javax.servlet.http.HttpServletRequest;
> >>>>>>> import javax.security.cert.Certificate;
> >>>>>>> import javax.security.cert.X509Certificate;
> >>>>>>>
> >>>>>>> X509Certificate[] certs = (X509Certificate[])
> >>>>>>>
> >>>>>>
> >>>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>>>>>
> >>>>>>> and I'm getting:
> >>>>>>>
> >>>>>>> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
> >>>>>>> [Error] (1: 0): X509Certificate[] certs =
> (X509Certificate[])
> >>>>>>>
> >>>>>>
> >>>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> >>>>>>> [Error] (1: 0):
> >> ^,
> >>>>>>> [Error] (1: 0): symbol: method getHttpServletRequest(),
> >>>>>>> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1
> error
> >>>>>>>
> >>>>>>
> >>>>>> If I lined that up correctly, it seems to be pointing at
> >> “getAttribute”.
> >>>>>> Is your getHttpServletRequest giving you what you expect?
> >>>>>>
> >>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
Re: Get Client Certificate Information
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Timothy,
On 6/22/23 14:01, Timothy Ward wrote:
> I am trying to go the route of modifying the CGIServlet from: h
> ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> <https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771>
>
> I got it to compile with my changes and then all the .class files are in a
> CGIServlet.jar file.
>
> This may sound stupid, but I've looked around, but for the life of me I
> don't know what to do with the jar file now.
It would be best to replace CGIServlet.class in catalina.jar. Remember
it's actually org/apache/catalina/servlets/CGIServlet.class in the JAR file.
If you are building Tomcat from source, if you just run "ant deploy"
you'll get a catalina.jar file that already has everything you need. In
fact, you'll get a Tomcat deployment (in output/build) that you can use
directly if you'd like.
-chris
> On Thu, Jun 22, 2023 at 10:04 AM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Timothy,
>>
>> On 6/21/23 16:56, Timothy Ward wrote:
>>> import javax.servlet.http.HttpServletRequest;
>>> import javax.security.cert.Certificate;
>>> import javax.security.cert.X509Certificate;
>>>
>>> public class GrabCert extends Object
>>> {
>>> public static String getCommonName()
>>> {
>>> try
>>> {
>>> X509Certificate[] certs = (X509Certificate[])
>>>
>> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>> }
>>> catch (Exception ex)
>>> {
>>> System.out.println("Exception caught in getCommonName:");
>>> ex.printStackTrace();
>>> }
>>> }
>>> }
>>>
>>> This end up getting:
>>>
>>> [Error] (1: 0): GrabCert:48: error: cannot find symbol
>>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
>>>
>> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>> [Error] (1: 0): ^
>>> [Error] (1: 0): symbol: method HttpServletRequest()
>>> [Error] (1: 0): location: class GrabCert
>>> [Error] (1: 0): 1 error
>>
>> Yeah, that method just doesn't exist. Your GrabCert class I guess needs
>> a getHttpServletRequest method, and something needs to inject the
>> request into the object as well.
>>
>> I think your class needs a lot more support than what you have there.
>>
>> -chris
>>
>>> On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
>>> chris@christopherschultz.net> wrote:
>>>
>>>> Timothy,
>>>>
>>>> On 6/21/23 13:55, Timothy Ward wrote:
>>>>> Not sure it's lined up right, lost in copy/paste I think, the ^ seems
>> to
>>>> be
>>>>> initially under the (X509Certificate[]) right before the
>>>>> getHttpServletRequest(), so I thought it didn't like the
>>>>> getHttpServletRequest itself, maybe it doesn't like the getAttribute
>>>> method.
>>>>
>>>> The compiler tells you 100% it's getHttpServletRequest.
>>>>
>>>> You didn't post the rest of the code, so we have no idea what kind of
>>>> class this code exists in. My guess is that whatever class this code is
>>>> in does not have a getHttpServletRequest() method to call.
>>>>
>>>> If you can post more code, we may be able to help.
>>>>
>>>> -chris
>>>>
>>>>> On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com>
>>>> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>>> On Jun 21, 2023, at 11:29 AM, Timothy Ward <tw...@gmail.com>
>>>>>> wrote:
>>>>>>>
>>>>>>> I tried the following:
>>>>>>>
>>>>>>> import javax.servlet.http.HttpServletRequest;
>>>>>>> import javax.security.cert.Certificate;
>>>>>>> import javax.security.cert.X509Certificate;
>>>>>>>
>>>>>>> X509Certificate[] certs = (X509Certificate[])
>>>>>>>
>>>>>>
>>>>
>> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>>>>>>
>>>>>>> and I'm getting:
>>>>>>>
>>>>>>> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
>>>>>>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
>>>>>>>
>>>>>>
>>>>
>> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
>>>>>>> [Error] (1: 0):
>> ^,
>>>>>>> [Error] (1: 0): symbol: method getHttpServletRequest(),
>>>>>>> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
>>>>>>>
>>>>>>
>>>>>> If I lined that up correctly, it seems to be pointing at
>> “getAttribute”.
>>>>>> Is your getHttpServletRequest giving you what you expect?
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Get Client Certificate Information
Posted by Timothy Ward <tw...@gmail.com>.
I am trying to go the route of modifying the CGIServlet from: h
ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
<https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771>
I got it to compile with my changes and then all the .class files are in a
CGIServlet.jar file.
This may sound stupid, but I've looked around, but for the life of me I
don't know what to do with the jar file now.
On Thu, Jun 22, 2023 at 10:04 AM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Timothy,
>
> On 6/21/23 16:56, Timothy Ward wrote:
> > import javax.servlet.http.HttpServletRequest;
> > import javax.security.cert.Certificate;
> > import javax.security.cert.X509Certificate;
> >
> > public class GrabCert extends Object
> > {
> > public static String getCommonName()
> > {
> > try
> > {
> > X509Certificate[] certs = (X509Certificate[])
> >
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> > }
> > catch (Exception ex)
> > {
> > System.out.println("Exception caught in getCommonName:");
> > ex.printStackTrace();
> > }
> > }
> > }
> >
> > This end up getting:
> >
> > [Error] (1: 0): GrabCert:48: error: cannot find symbol
> > [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> >
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> > [Error] (1: 0): ^
> > [Error] (1: 0): symbol: method HttpServletRequest()
> > [Error] (1: 0): location: class GrabCert
> > [Error] (1: 0): 1 error
>
> Yeah, that method just doesn't exist. Your GrabCert class I guess needs
> a getHttpServletRequest method, and something needs to inject the
> request into the object as well.
>
> I think your class needs a lot more support than what you have there.
>
> -chris
>
> > On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> >> Timothy,
> >>
> >> On 6/21/23 13:55, Timothy Ward wrote:
> >>> Not sure it's lined up right, lost in copy/paste I think, the ^ seems
> to
> >> be
> >>> initially under the (X509Certificate[]) right before the
> >>> getHttpServletRequest(), so I thought it didn't like the
> >>> getHttpServletRequest itself, maybe it doesn't like the getAttribute
> >> method.
> >>
> >> The compiler tells you 100% it's getHttpServletRequest.
> >>
> >> You didn't post the rest of the code, so we have no idea what kind of
> >> class this code exists in. My guess is that whatever class this code is
> >> in does not have a getHttpServletRequest() method to call.
> >>
> >> If you can post more code, we may be able to help.
> >>
> >> -chris
> >>
> >>> On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com>
> >> wrote:
> >>>
> >>>>
> >>>>
> >>>>> On Jun 21, 2023, at 11:29 AM, Timothy Ward <tw...@gmail.com>
> >>>> wrote:
> >>>>>
> >>>>> I tried the following:
> >>>>>
> >>>>> import javax.servlet.http.HttpServletRequest;
> >>>>> import javax.security.cert.Certificate;
> >>>>> import javax.security.cert.X509Certificate;
> >>>>>
> >>>>> X509Certificate[] certs = (X509Certificate[])
> >>>>>
> >>>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>>>
> >>>>> and I'm getting:
> >>>>>
> >>>>> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
> >>>>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> >>>>>
> >>>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> >>>>> [Error] (1: 0):
> ^,
> >>>>> [Error] (1: 0): symbol: method getHttpServletRequest(),
> >>>>> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
> >>>>>
> >>>>
> >>>> If I lined that up correctly, it seems to be pointing at
> “getAttribute”.
> >>>> Is your getHttpServletRequest giving you what you expect?
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Get Client Certificate Information
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Timothy,
On 6/21/23 16:56, Timothy Ward wrote:
> import javax.servlet.http.HttpServletRequest;
> import javax.security.cert.Certificate;
> import javax.security.cert.X509Certificate;
>
> public class GrabCert extends Object
> {
> public static String getCommonName()
> {
> try
> {
> X509Certificate[] certs = (X509Certificate[])
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> }
> catch (Exception ex)
> {
> System.out.println("Exception caught in getCommonName:");
> ex.printStackTrace();
> }
> }
> }
>
> This end up getting:
>
> [Error] (1: 0): GrabCert:48: error: cannot find symbol
> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> [Error] (1: 0): ^
> [Error] (1: 0): symbol: method HttpServletRequest()
> [Error] (1: 0): location: class GrabCert
> [Error] (1: 0): 1 error
Yeah, that method just doesn't exist. Your GrabCert class I guess needs
a getHttpServletRequest method, and something needs to inject the
request into the object as well.
I think your class needs a lot more support than what you have there.
-chris
> On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Timothy,
>>
>> On 6/21/23 13:55, Timothy Ward wrote:
>>> Not sure it's lined up right, lost in copy/paste I think, the ^ seems to
>> be
>>> initially under the (X509Certificate[]) right before the
>>> getHttpServletRequest(), so I thought it didn't like the
>>> getHttpServletRequest itself, maybe it doesn't like the getAttribute
>> method.
>>
>> The compiler tells you 100% it's getHttpServletRequest.
>>
>> You didn't post the rest of the code, so we have no idea what kind of
>> class this code exists in. My guess is that whatever class this code is
>> in does not have a getHttpServletRequest() method to call.
>>
>> If you can post more code, we may be able to help.
>>
>> -chris
>>
>>> On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com>
>> wrote:
>>>
>>>>
>>>>
>>>>> On Jun 21, 2023, at 11:29 AM, Timothy Ward <tw...@gmail.com>
>>>> wrote:
>>>>>
>>>>> I tried the following:
>>>>>
>>>>> import javax.servlet.http.HttpServletRequest;
>>>>> import javax.security.cert.Certificate;
>>>>> import javax.security.cert.X509Certificate;
>>>>>
>>>>> X509Certificate[] certs = (X509Certificate[])
>>>>>
>>>>
>> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>>>>
>>>>> and I'm getting:
>>>>>
>>>>> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
>>>>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
>>>>>
>>>>
>> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
>>>>> [Error] (1: 0): ^,
>>>>> [Error] (1: 0): symbol: method getHttpServletRequest(),
>>>>> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
>>>>>
>>>>
>>>> If I lined that up correctly, it seems to be pointing at “getAttribute”.
>>>> Is your getHttpServletRequest giving you what you expect?
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Get Client Certificate Information
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Cris,
On 6/29/23 08:34, Berneburg, Cris J. - US wrote:
> Hi Timothy
>
> Sorry, I'm a little late to the party for a reply.
>
> On an older project, when pulling cert info (using javax), we grabbed it from the session, not the request, even though the attribute name says "request".
>
> HttpSession session = httpRequest.getSession();
> Object rawSubject = session.getAttribute ( "javax.servlet.request.X509Certificate" );
>
> Not sure if that's relevant to or helps with your situation.
Your application must have done something like this, because what you
have above isn't required by anything in the spec. Only the request is
mentioned in the specs.
-chris
> -----Original Message-----
> From: Timothy Ward <tw...@gmail.com>
> Sent: Wednesday, June 21, 2023 4:57 PM
> To: Tomcat Users List <us...@tomcat.apache.org>
> Subject: Re: Get Client Certificate Information
>
> EXTERNAL EMAIL - This email originated from outside of CACI. Do not click any links or attachments unless you recognize and trust the sender.
>
>
>
>
>
> import javax.servlet.http.HttpServletRequest;
> import javax.security.cert.Certificate;
> import javax.security.cert.X509Certificate;
>
> public class GrabCert extends Object
> {
> public static String getCommonName()
> {
> try
> {
> X509Certificate[] certs = (X509Certificate[]) HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> }
> catch (Exception ex)
> {
> System.out.println("Exception caught in getCommonName:");
> ex.printStackTrace();
> }
> }
> }
>
> This end up getting:
>
> [Error] (1: 0): GrabCert:48: error: cannot find symbol
> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> [Error] (1: 0): ^
> [Error] (1: 0): symbol: method HttpServletRequest()
> [Error] (1: 0): location: class GrabCert
> [Error] (1: 0): 1 error
>
>
> On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz < chris@christopherschultz.net> wrote:
>
>> Timothy,
>>
>> On 6/21/23 13:55, Timothy Ward wrote:
>>> Not sure it's lined up right, lost in copy/paste I think, the ^
>>> seems to
>> be
>>> initially under the (X509Certificate[]) right before the
>>> getHttpServletRequest(), so I thought it didn't like the
>>> getHttpServletRequest itself, maybe it doesn't like the getAttribute
>> method.
>>
>> The compiler tells you 100% it's getHttpServletRequest.
>>
>> You didn't post the rest of the code, so we have no idea what kind of
>> class this code exists in. My guess is that whatever class this code
>> is in does not have a getHttpServletRequest() method to call.
>>
>> If you can post more code, we may be able to help.
>>
>> -chris
>>
>>> On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com>
>> wrote:
>>>
>>>>
>>>>
>>>>> On Jun 21, 2023, at 11:29 AM, Timothy Ward
>>>>> <tw...@gmail.com>
>>>> wrote:
>>>>>
>>>>> I tried the following:
>>>>>
>>>>> import javax.servlet.http.HttpServletRequest;
>>>>> import javax.security.cert.Certificate; import
>>>>> javax.security.cert.X509Certificate;
>>>>>
>>>>> X509Certificate[] certs = (X509Certificate[])
>>>>>
>>>>
>> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
>> ificate");
>>>>>
>>>>> and I'm getting:
>>>>>
>>>>> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
>>>>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
>>>>>
>>>>
>> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
>> ificate");,
>>>>> [Error] (1: 0): ^,
>>>>> [Error] (1: 0): symbol: method getHttpServletRequest(),
>>>>> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
>>>>>
>>>>
>>>> If I lined that up correctly, it seems to be pointing at “getAttribute”.
>>>> Is your getHttpServletRequest giving you what you expect?
>>>>
>>>>
>>>> -------------------------------------------------------------------
>>>> -- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ________________________________
>
> This electronic message contains information from CACI International Inc or subsidiary companies, which may be company sensitive, proprietary, privileged or otherwise protected from disclosure. The information is intended to be used solely by the recipient(s) named above. If you are not an intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please notify the sender immediately.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Get Client Certificate Information
Posted by "Berneburg, Cris J. - US" <cb...@caci.com.INVALID>.
Hi Timothy
Sorry, I'm a little late to the party for a reply.
On an older project, when pulling cert info (using javax), we grabbed it from the session, not the request, even though the attribute name says "request".
HttpSession session = httpRequest.getSession();
Object rawSubject = session.getAttribute ( "javax.servlet.request.X509Certificate" );
Not sure if that's relevant to or helps with your situation.
--
Cris Berneburg
CACI Senior Software Engineer
-----Original Message-----
From: Timothy Ward <tw...@gmail.com>
Sent: Wednesday, June 21, 2023 4:57 PM
To: Tomcat Users List <us...@tomcat.apache.org>
Subject: Re: Get Client Certificate Information
EXTERNAL EMAIL - This email originated from outside of CACI. Do not click any links or attachments unless you recognize and trust the sender.
import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;
public class GrabCert extends Object
{
public static String getCommonName()
{
try
{
X509Certificate[] certs = (X509Certificate[]) HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
}
catch (Exception ex)
{
System.out.println("Exception caught in getCommonName:");
ex.printStackTrace();
}
}
}
This end up getting:
[Error] (1: 0): GrabCert:48: error: cannot find symbol
[Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
[Error] (1: 0): ^
[Error] (1: 0): symbol: method HttpServletRequest()
[Error] (1: 0): location: class GrabCert
[Error] (1: 0): 1 error
On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz < chris@christopherschultz.net> wrote:
> Timothy,
>
> On 6/21/23 13:55, Timothy Ward wrote:
> > Not sure it's lined up right, lost in copy/paste I think, the ^
> > seems to
> be
> > initially under the (X509Certificate[]) right before the
> > getHttpServletRequest(), so I thought it didn't like the
> > getHttpServletRequest itself, maybe it doesn't like the getAttribute
> method.
>
> The compiler tells you 100% it's getHttpServletRequest.
>
> You didn't post the rest of the code, so we have no idea what kind of
> class this code exists in. My guess is that whatever class this code
> is in does not have a getHttpServletRequest() method to call.
>
> If you can post more code, we may be able to help.
>
> -chris
>
> > On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com>
> wrote:
> >
> >>
> >>
> >>> On Jun 21, 2023, at 11:29 AM, Timothy Ward
> >>> <tw...@gmail.com>
> >> wrote:
> >>>
> >>> I tried the following:
> >>>
> >>> import javax.servlet.http.HttpServletRequest;
> >>> import javax.security.cert.Certificate; import
> >>> javax.security.cert.X509Certificate;
> >>>
> >>> X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
> ificate");
> >>>
> >>> and I'm getting:
> >>>
> >>> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
> >>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
> ificate");,
> >>> [Error] (1: 0): ^,
> >>> [Error] (1: 0): symbol: method getHttpServletRequest(),
> >>> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
> >>>
> >>
> >> If I lined that up correctly, it seems to be pointing at “getAttribute”.
> >> Is your getHttpServletRequest giving you what you expect?
> >>
> >>
> >> -------------------------------------------------------------------
> >> -- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
________________________________
This electronic message contains information from CACI International Inc or subsidiary companies, which may be company sensitive, proprietary, privileged or otherwise protected from disclosure. The information is intended to be used solely by the recipient(s) named above. If you are not an intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please notify the sender immediately.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Get Client Certificate Information
Posted by Timothy Ward <tw...@gmail.com>.
import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;
public class GrabCert extends Object
{
public static String getCommonName()
{
try
{
X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
}
catch (Exception ex)
{
System.out.println("Exception caught in getCommonName:");
ex.printStackTrace();
}
}
}
This end up getting:
[Error] (1: 0): GrabCert:48: error: cannot find symbol
[Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
[Error] (1: 0): ^
[Error] (1: 0): symbol: method HttpServletRequest()
[Error] (1: 0): location: class GrabCert
[Error] (1: 0): 1 error
On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Timothy,
>
> On 6/21/23 13:55, Timothy Ward wrote:
> > Not sure it's lined up right, lost in copy/paste I think, the ^ seems to
> be
> > initially under the (X509Certificate[]) right before the
> > getHttpServletRequest(), so I thought it didn't like the
> > getHttpServletRequest itself, maybe it doesn't like the getAttribute
> method.
>
> The compiler tells you 100% it's getHttpServletRequest.
>
> You didn't post the rest of the code, so we have no idea what kind of
> class this code exists in. My guess is that whatever class this code is
> in does not have a getHttpServletRequest() method to call.
>
> If you can post more code, we may be able to help.
>
> -chris
>
> > On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com>
> wrote:
> >
> >>
> >>
> >>> On Jun 21, 2023, at 11:29 AM, Timothy Ward <tw...@gmail.com>
> >> wrote:
> >>>
> >>> I tried the following:
> >>>
> >>> import javax.servlet.http.HttpServletRequest;
> >>> import javax.security.cert.Certificate;
> >>> import javax.security.cert.X509Certificate;
> >>>
> >>> X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>
> >>> and I'm getting:
> >>>
> >>> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
> >>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> >>> [Error] (1: 0): ^,
> >>> [Error] (1: 0): symbol: method getHttpServletRequest(),
> >>> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
> >>>
> >>
> >> If I lined that up correctly, it seems to be pointing at “getAttribute”.
> >> Is your getHttpServletRequest giving you what you expect?
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Get Client Certificate Information
Posted by Martynas Jusevičius <ma...@atomgraph.com>.
Sorry, getHttpServletRequest() came from my code :) It’s not a Jakarta
method.
In JAX-RS frameworks such as Jersey you can use @Context or @Inject
annotations to get request and servlet context objects (such as
HttpServletRequest):
https://jakarta.ee/specifications/dependency-injection/2.0/apidocs/jakarta/inject/inject
On Wed, 21 Jun 2023 at 20.32, Christopher Schultz <
chris@christopherschultz.net> wrote:
> Timothy,
>
> On 6/21/23 13:55, Timothy Ward wrote:
> > Not sure it's lined up right, lost in copy/paste I think, the ^ seems to
> be
> > initially under the (X509Certificate[]) right before the
> > getHttpServletRequest(), so I thought it didn't like the
> > getHttpServletRequest itself, maybe it doesn't like the getAttribute
> method.
>
> The compiler tells you 100% it's getHttpServletRequest.
>
> You didn't post the rest of the code, so we have no idea what kind of
> class this code exists in. My guess is that whatever class this code is
> in does not have a getHttpServletRequest() method to call.
>
> If you can post more code, we may be able to help.
>
> -chris
>
> > On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com>
> wrote:
> >
> >>
> >>
> >>> On Jun 21, 2023, at 11:29 AM, Timothy Ward <tw...@gmail.com>
> >> wrote:
> >>>
> >>> I tried the following:
> >>>
> >>> import javax.servlet.http.HttpServletRequest;
> >>> import javax.security.cert.Certificate;
> >>> import javax.security.cert.X509Certificate;
> >>>
> >>> X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>
> >>> and I'm getting:
> >>>
> >>> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
> >>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> >>> [Error] (1: 0): ^,
> >>> [Error] (1: 0): symbol: method getHttpServletRequest(),
> >>> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
> >>>
> >>
> >> If I lined that up correctly, it seems to be pointing at “getAttribute”.
> >> Is your getHttpServletRequest giving you what you expect?
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Get Client Certificate Information
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Timothy,
On 6/21/23 13:55, Timothy Ward wrote:
> Not sure it's lined up right, lost in copy/paste I think, the ^ seems to be
> initially under the (X509Certificate[]) right before the
> getHttpServletRequest(), so I thought it didn't like the
> getHttpServletRequest itself, maybe it doesn't like the getAttribute method.
The compiler tells you 100% it's getHttpServletRequest.
You didn't post the rest of the code, so we have no idea what kind of
class this code exists in. My guess is that whatever class this code is
in does not have a getHttpServletRequest() method to call.
If you can post more code, we may be able to help.
-chris
> On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com> wrote:
>
>>
>>
>>> On Jun 21, 2023, at 11:29 AM, Timothy Ward <tw...@gmail.com>
>> wrote:
>>>
>>> I tried the following:
>>>
>>> import javax.servlet.http.HttpServletRequest;
>>> import javax.security.cert.Certificate;
>>> import javax.security.cert.X509Certificate;
>>>
>>> X509Certificate[] certs = (X509Certificate[])
>>>
>> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>>
>>> and I'm getting:
>>>
>>> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
>>> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
>>>
>> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
>>> [Error] (1: 0): ^,
>>> [Error] (1: 0): symbol: method getHttpServletRequest(),
>>> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
>>>
>>
>> If I lined that up correctly, it seems to be pointing at “getAttribute”.
>> Is your getHttpServletRequest giving you what you expect?
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Get Client Certificate Information
Posted by Timothy Ward <tw...@gmail.com>.
Not sure it's lined up right, lost in copy/paste I think, the ^ seems to be
initially under the (X509Certificate[]) right before the
getHttpServletRequest(), so I thought it didn't like the
getHttpServletRequest itself, maybe it doesn't like the getAttribute method.
On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent <rs...@xmission.com> wrote:
>
>
> > On Jun 21, 2023, at 11:29 AM, Timothy Ward <tw...@gmail.com>
> wrote:
> >
> > I tried the following:
> >
> > import javax.servlet.http.HttpServletRequest;
> > import javax.security.cert.Certificate;
> > import javax.security.cert.X509Certificate;
> >
> > X509Certificate[] certs = (X509Certificate[])
> >
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >
> > and I'm getting:
> >
> > [Error] (1: 0): GrabCert:33: error: cannot find symbol,
> > [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> >
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> > [Error] (1: 0): ^,
> > [Error] (1: 0): symbol: method getHttpServletRequest(),
> > [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
> >
>
> If I lined that up correctly, it seems to be pointing at “getAttribute”.
> Is your getHttpServletRequest giving you what you expect?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Get Client Certificate Information
Posted by Rob Sargent <rs...@xmission.com>.
> On Jun 21, 2023, at 11:29 AM, Timothy Ward <tw...@gmail.com> wrote:
>
> I tried the following:
>
> import javax.servlet.http.HttpServletRequest;
> import javax.security.cert.Certificate;
> import javax.security.cert.X509Certificate;
>
> X509Certificate[] certs = (X509Certificate[])
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>
> and I'm getting:
>
> [Error] (1: 0): GrabCert:33: error: cannot find symbol,
> [Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> [Error] (1: 0): ^,
> [Error] (1: 0): symbol: method getHttpServletRequest(),
> [Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
>
If I lined that up correctly, it seems to be pointing at “getAttribute”. Is your getHttpServletRequest giving you what you expect?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Get Client Certificate Information
Posted by Timothy Ward <tw...@gmail.com>.
I tried the following:
import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;
X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
and I'm getting:
[Error] (1: 0): GrabCert:33: error: cannot find symbol,
[Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
[Error] (1: 0): ^,
[Error] (1: 0): symbol: method getHttpServletRequest(),
[Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
I've tried various other versions as well after googling it and haven't
been able to get anything to compile.
On Mon, Jun 12, 2023 at 12:11 PM Mark Thomas <ma...@apache.org> wrote:
> On 12/06/2023 12:00, Timothy Ward wrote:
> > Changing the CGI Servlet may be the easiest route, but if I wanted to use
> > it as intended, I'm guessing I would use the original Java code that you
> > sent below?
> >
> > X509Certificate[] certs =
> >
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >
> >
> > I would just have to figure out how to do that within Oracle.
>
> That should get you the value with ORDS (I've never used ORDS). I don't
> think you'll be able to pass it to the CGI though.
>
> Mark
>
>
> >
> > On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas <ma...@apache.org> wrote:
> >
> >> If you decide to go the route of modifying Tomcat's CGI servlet, this is
> >> probably where you'll want to add the TLS info:
> >>
> >>
> >>
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> >>
> >> You should be able to copy the source of Tomcat's CGI servlet, modify as
> >> required and then just deploy it as part of the web application the same
> >> way you would any other servlet.
> >>
> >> Mark
> >>
> >>
> >> On 12/06/2023 10:41, Timothy Ward wrote:
> >>> I'm converting an application from using Oracle Http Server which is a
> >>> version of Apache so I was just trying to keep the code close to the
> >> same.
> >>>
> >>> It is going to use Tomcat and ORDS. We've got ORDS working and are
> just
> >>> setting up Tomcat to do the SSL stuff we needed to do.
> >>>
> >>> I was using the SSLOptions +StdEnvVars settings that would set the
> >>> variables I needed as environment variables that I could then pick up
> in
> >>> Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
> >>>
> >>> So, I guess if there is a different way of doing that without using CGI
> >>> Environment variables I can try that. I'm just having issues finding
> any
> >>> useful examples of what I want to do.
> >>>
> >>> Thanks for your help, it is really appreciated.
> >>>
> >>> On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
> >>>
> >>>> The information you are looking for is not made available via Tomcat's
> >>>> standard CGI servlet. You would need to extend it and add the
> >>>> certificate information as an additional environment variable (or
> >>>> variables).
> >>>>
> >>>> Do you need to use CGI? It is fairly unusual to see CGI mention on
> this
> >>>> list these days.
> >>>>
> >>>> Mark
> >>>>
> >>>>
> >>>> On 11/06/2023 22:56, Timothy Ward wrote:
> >>>>> Doesn't seem to work via perl, where would I have to use that line of
> >>>> code?
> >>>>>
> >>>>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> >>>> martynas@atomgraph.com>
> >>>>> wrote:
> >>>>>
> >>>>>> You can get client certificates from ServletRequest:
> >>>>>>
> >>>>>> X509Certificate[] certs =
> >>>>>>
> >>>>>>
> >>>>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> >>>>>>
> >>>>>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <
> twardbiteme1@gmail.com
> >>>
> >>>>>> wrote:
> >>>>>>>
> >>>>>>> Tomcat 10.1 setup using certificateVerification="required" on
> Windows
> >>>>>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> >>>>>> SSL_CLIENT_I_DN
> >>>>>>> via a CGI perl script? I think I have the SSLValve valve
> >> implemented,
> >>>>>> but
> >>>>>>> there is nothing for sure that tells me that it is.
> >>>>>>>
> >>>>>>> The browser prompts for the pin and authenticates just fine, I just
> >>>> need
> >>>>>> a
> >>>>>>> way to get some of the client certificate information.
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>> Tim
> >>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Get Client Certificate Information
Posted by Mark Thomas <ma...@apache.org>.
On 12/06/2023 12:00, Timothy Ward wrote:
> Changing the CGI Servlet may be the easiest route, but if I wanted to use
> it as intended, I'm guessing I would use the original Java code that you
> sent below?
>
> X509Certificate[] certs =
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>
>
> I would just have to figure out how to do that within Oracle.
That should get you the value with ORDS (I've never used ORDS). I don't
think you'll be able to pass it to the CGI though.
Mark
>
> On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas <ma...@apache.org> wrote:
>
>> If you decide to go the route of modifying Tomcat's CGI servlet, this is
>> probably where you'll want to add the TLS info:
>>
>>
>> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
>>
>> You should be able to copy the source of Tomcat's CGI servlet, modify as
>> required and then just deploy it as part of the web application the same
>> way you would any other servlet.
>>
>> Mark
>>
>>
>> On 12/06/2023 10:41, Timothy Ward wrote:
>>> I'm converting an application from using Oracle Http Server which is a
>>> version of Apache so I was just trying to keep the code close to the
>> same.
>>>
>>> It is going to use Tomcat and ORDS. We've got ORDS working and are just
>>> setting up Tomcat to do the SSL stuff we needed to do.
>>>
>>> I was using the SSLOptions +StdEnvVars settings that would set the
>>> variables I needed as environment variables that I could then pick up in
>>> Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
>>>
>>> So, I guess if there is a different way of doing that without using CGI
>>> Environment variables I can try that. I'm just having issues finding any
>>> useful examples of what I want to do.
>>>
>>> Thanks for your help, it is really appreciated.
>>>
>>> On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
>>>
>>>> The information you are looking for is not made available via Tomcat's
>>>> standard CGI servlet. You would need to extend it and add the
>>>> certificate information as an additional environment variable (or
>>>> variables).
>>>>
>>>> Do you need to use CGI? It is fairly unusual to see CGI mention on this
>>>> list these days.
>>>>
>>>> Mark
>>>>
>>>>
>>>> On 11/06/2023 22:56, Timothy Ward wrote:
>>>>> Doesn't seem to work via perl, where would I have to use that line of
>>>> code?
>>>>>
>>>>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
>>>> martynas@atomgraph.com>
>>>>> wrote:
>>>>>
>>>>>> You can get client certificates from ServletRequest:
>>>>>>
>>>>>> X509Certificate[] certs =
>>>>>>
>>>>>>
>>>>
>> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>>>>>
>>>>>>
>>>>>>
>>>>
>> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
>>>>>>
>>>>>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <twardbiteme1@gmail.com
>>>
>>>>>> wrote:
>>>>>>>
>>>>>>> Tomcat 10.1 setup using certificateVerification="required" on Windows
>>>>>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
>>>>>> SSL_CLIENT_I_DN
>>>>>>> via a CGI perl script? I think I have the SSLValve valve
>> implemented,
>>>>>> but
>>>>>>> there is nothing for sure that tells me that it is.
>>>>>>>
>>>>>>> The browser prompts for the pin and authenticates just fine, I just
>>>> need
>>>>>> a
>>>>>>> way to get some of the client certificate information.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Tim
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Get Client Certificate Information
Posted by Timothy Ward <tw...@gmail.com>.
Changing the CGI Servlet may be the easiest route, but if I wanted to use
it as intended, I'm guessing I would use the original Java code that you
sent below?
X509Certificate[] certs =
(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
I would just have to figure out how to do that within Oracle.
On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas <ma...@apache.org> wrote:
> If you decide to go the route of modifying Tomcat's CGI servlet, this is
> probably where you'll want to add the TLS info:
>
>
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
>
> You should be able to copy the source of Tomcat's CGI servlet, modify as
> required and then just deploy it as part of the web application the same
> way you would any other servlet.
>
> Mark
>
>
> On 12/06/2023 10:41, Timothy Ward wrote:
> > I'm converting an application from using Oracle Http Server which is a
> > version of Apache so I was just trying to keep the code close to the
> same.
> >
> > It is going to use Tomcat and ORDS. We've got ORDS working and are just
> > setting up Tomcat to do the SSL stuff we needed to do.
> >
> > I was using the SSLOptions +StdEnvVars settings that would set the
> > variables I needed as environment variables that I could then pick up in
> > Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
> >
> > So, I guess if there is a different way of doing that without using CGI
> > Environment variables I can try that. I'm just having issues finding any
> > useful examples of what I want to do.
> >
> > Thanks for your help, it is really appreciated.
> >
> > On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
> >
> >> The information you are looking for is not made available via Tomcat's
> >> standard CGI servlet. You would need to extend it and add the
> >> certificate information as an additional environment variable (or
> >> variables).
> >>
> >> Do you need to use CGI? It is fairly unusual to see CGI mention on this
> >> list these days.
> >>
> >> Mark
> >>
> >>
> >> On 11/06/2023 22:56, Timothy Ward wrote:
> >>> Doesn't seem to work via perl, where would I have to use that line of
> >> code?
> >>>
> >>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> >> martynas@atomgraph.com>
> >>> wrote:
> >>>
> >>>> You can get client certificates from ServletRequest:
> >>>>
> >>>> X509Certificate[] certs =
> >>>>
> >>>>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>>
> >>>>
> >>>>
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> >>>>
> >>>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <twardbiteme1@gmail.com
> >
> >>>> wrote:
> >>>>>
> >>>>> Tomcat 10.1 setup using certificateVerification="required" on Windows
> >>>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> >>>> SSL_CLIENT_I_DN
> >>>>> via a CGI perl script? I think I have the SSLValve valve
> implemented,
> >>>> but
> >>>>> there is nothing for sure that tells me that it is.
> >>>>>
> >>>>> The browser prompts for the pin and authenticates just fine, I just
> >> need
> >>>> a
> >>>>> way to get some of the client certificate information.
> >>>>>
> >>>>> Thanks,
> >>>>> Tim
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Get Client Certificate Information
Posted by Mark Thomas <ma...@apache.org>.
If you decide to go the route of modifying Tomcat's CGI servlet, this is
probably where you'll want to add the TLS info:
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
You should be able to copy the source of Tomcat's CGI servlet, modify as
required and then just deploy it as part of the web application the same
way you would any other servlet.
Mark
On 12/06/2023 10:41, Timothy Ward wrote:
> I'm converting an application from using Oracle Http Server which is a
> version of Apache so I was just trying to keep the code close to the same.
>
> It is going to use Tomcat and ORDS. We've got ORDS working and are just
> setting up Tomcat to do the SSL stuff we needed to do.
>
> I was using the SSLOptions +StdEnvVars settings that would set the
> variables I needed as environment variables that I could then pick up in
> Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
>
> So, I guess if there is a different way of doing that without using CGI
> Environment variables I can try that. I'm just having issues finding any
> useful examples of what I want to do.
>
> Thanks for your help, it is really appreciated.
>
> On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
>
>> The information you are looking for is not made available via Tomcat's
>> standard CGI servlet. You would need to extend it and add the
>> certificate information as an additional environment variable (or
>> variables).
>>
>> Do you need to use CGI? It is fairly unusual to see CGI mention on this
>> list these days.
>>
>> Mark
>>
>>
>> On 11/06/2023 22:56, Timothy Ward wrote:
>>> Doesn't seem to work via perl, where would I have to use that line of
>> code?
>>>
>>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
>> martynas@atomgraph.com>
>>> wrote:
>>>
>>>> You can get client certificates from ServletRequest:
>>>>
>>>> X509Certificate[] certs =
>>>>
>>>>
>> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>>>
>>>>
>>>>
>> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
>>>>
>>>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <tw...@gmail.com>
>>>> wrote:
>>>>>
>>>>> Tomcat 10.1 setup using certificateVerification="required" on Windows
>>>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
>>>> SSL_CLIENT_I_DN
>>>>> via a CGI perl script? I think I have the SSLValve valve implemented,
>>>> but
>>>>> there is nothing for sure that tells me that it is.
>>>>>
>>>>> The browser prompts for the pin and authenticates just fine, I just
>> need
>>>> a
>>>>> way to get some of the client certificate information.
>>>>>
>>>>> Thanks,
>>>>> Tim
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Get Client Certificate Information
Posted by Timothy Ward <tw...@gmail.com>.
I'm converting an application from using Oracle Http Server which is a
version of Apache so I was just trying to keep the code close to the same.
It is going to use Tomcat and ORDS. We've got ORDS working and are just
setting up Tomcat to do the SSL stuff we needed to do.
I was using the SSLOptions +StdEnvVars settings that would set the
variables I needed as environment variables that I could then pick up in
Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
So, I guess if there is a different way of doing that without using CGI
Environment variables I can try that. I'm just having issues finding any
useful examples of what I want to do.
Thanks for your help, it is really appreciated.
On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
> The information you are looking for is not made available via Tomcat's
> standard CGI servlet. You would need to extend it and add the
> certificate information as an additional environment variable (or
> variables).
>
> Do you need to use CGI? It is fairly unusual to see CGI mention on this
> list these days.
>
> Mark
>
>
> On 11/06/2023 22:56, Timothy Ward wrote:
> > Doesn't seem to work via perl, where would I have to use that line of
> code?
> >
> > On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> martynas@atomgraph.com>
> > wrote:
> >
> >> You can get client certificates from ServletRequest:
> >>
> >> X509Certificate[] certs =
> >>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>
> >>
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> >>
> >> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <tw...@gmail.com>
> >> wrote:
> >>>
> >>> Tomcat 10.1 setup using certificateVerification="required" on Windows
> >>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> >> SSL_CLIENT_I_DN
> >>> via a CGI perl script? I think I have the SSLValve valve implemented,
> >> but
> >>> there is nothing for sure that tells me that it is.
> >>>
> >>> The browser prompts for the pin and authenticates just fine, I just
> need
> >> a
> >>> way to get some of the client certificate information.
> >>>
> >>> Thanks,
> >>> Tim
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Get Client Certificate Information
Posted by Mark Thomas <ma...@apache.org>.
The information you are looking for is not made available via Tomcat's
standard CGI servlet. You would need to extend it and add the
certificate information as an additional environment variable (or
variables).
Do you need to use CGI? It is fairly unusual to see CGI mention on this
list these days.
Mark
On 11/06/2023 22:56, Timothy Ward wrote:
> Doesn't seem to work via perl, where would I have to use that line of code?
>
> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <ma...@atomgraph.com>
> wrote:
>
>> You can get client certificates from ServletRequest:
>>
>> X509Certificate[] certs =
>>
>> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>>
>>
>> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
>>
>> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <tw...@gmail.com>
>> wrote:
>>>
>>> Tomcat 10.1 setup using certificateVerification="required" on Windows
>>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
>> SSL_CLIENT_I_DN
>>> via a CGI perl script? I think I have the SSLValve valve implemented,
>> but
>>> there is nothing for sure that tells me that it is.
>>>
>>> The browser prompts for the pin and authenticates just fine, I just need
>> a
>>> way to get some of the client certificate information.
>>>
>>> Thanks,
>>> Tim
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Get Client Certificate Information
Posted by Timothy Ward <tw...@gmail.com>.
Doesn't seem to work via perl, where would I have to use that line of code?
On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <ma...@atomgraph.com>
wrote:
> You can get client certificates from ServletRequest:
>
> X509Certificate[] certs =
>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>
>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
>
> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <tw...@gmail.com>
> wrote:
> >
> > Tomcat 10.1 setup using certificateVerification="required" on Windows
> > Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> SSL_CLIENT_I_DN
> > via a CGI perl script? I think I have the SSLValve valve implemented,
> but
> > there is nothing for sure that tells me that it is.
> >
> > The browser prompts for the pin and authenticates just fine, I just need
> a
> > way to get some of the client certificate information.
> >
> > Thanks,
> > Tim
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Get Client Certificate Information
Posted by Martynas Jusevičius <ma...@atomgraph.com>.
You can get client certificates from ServletRequest:
X509Certificate[] certs =
(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <tw...@gmail.com> wrote:
>
> Tomcat 10.1 setup using certificateVerification="required" on Windows
> Server 2019, is there a way to get the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN
> via a CGI perl script? I think I have the SSLValve valve implemented, but
> there is nothing for sure that tells me that it is.
>
> The browser prompts for the pin and authenticates just fine, I just need a
> way to get some of the client certificate information.
>
> Thanks,
> Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org