You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Hartmut Keil <Ha...@adnovum.ch> on 2001/06/20 10:35:48 UTC

[PATCH] SSL session hash

Hi everybody

im writting a filter for doing some SSL related stuff, 
like client-cert authentication or sever-gated-cryptography.
Therefore you must have the possibility to identify 
the SSL sessin of the request. (of course you must then also
controll the SSL sessions, but that's another topic. i.e. 
configuring a implementation of
org.apache.catalina.net.ServerSocketFactory 
as factory for the connector.)

In general I would say:
"If there is a SSL session associated with the  request, 
an identifier of type 'string' must be exposed by the servlet container 
to the servlet or filter programmer. It must be accessible via 
a 'ServletRequest' attribute with the name 
'javax.servlet.request.session_hash'." 

In case of SSL session established using the javax.net.ssl API
that identifier would be SSLSession.getId() converted to a String.

I implemented that minor code change, and maybe 
some of you would like to commit it. (see following diff)
In addition I will post that change for the 2.3 specification. 

Thanks for supporting

Hartmut 



Index: CertificatesValve.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/CertificatesValve.java,v
retrieving revision 1.6
diff -u -r1.6 CertificatesValve.java
--- CertificatesValve.java      2001/01/23 02:53:03     1.6
+++ CertificatesValve.java      2001/06/20 07:49:08
@@ -384,6 +384,9 @@
         }
         request.getRequest().setAttribute(Globals.KEY_SIZE_ATTR,
                                           keySize);
+       if(session.getId() != null)
+              
request.getRequest().setAttribute(Globals.SESSION_HASH,new
String(session.getId()));
+
         //        if (debug >= 2)
         //            log(" expose: Has cipher suite " + cipherSuite +
         //                " and key size " + keySize);






Index: Globals.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Globals.java,v
retrieving revision 1.27
diff -u -r1.27 Globals.java
--- Globals.java        2001/05/15 03:25:47     1.27
+++ Globals.java        2001/06/20 07:47:47
@@ -92,6 +92,13 @@
     public static final String CIPHER_SUITE_ATTR =
         "javax.servlet.request.cipher_suite";
 
+    /**
+     * The request attribute under which we store the identifier of the 
+     * SSL connection (as an object of type java.lang.String).
+     * 
+     */
+    public static final String SESSION_HASH =
+        "javax.servlet.request.session_hash";
 
     /**
      * The servlet context attribute under which we store the class
loader

-- 
+---------------------------------------------------------------------+
 Hartmut Keil                           mailto:Hartmut.Keil@adnovum.ch
 Software Engineer                                     Diplom Physiker 

 AdNovum Informatik AG http://www.adnovum.ch   phone: +41 (1) 272 6111
 Roentgenstrasse 22, CH-8005 Zuerich           fax:   +41 (1) 272 6312
+---------------------------------------------------------------------+
 AdNovum Software Inc. San Mateo, CA 94404    phone: +1 (650) 52 59322
 1400 Fashion Island Boulevard, Suite 309     fax:   +1 (650) 52 59324
+---------------------------------------------------------------------+