stupid question on array return by javax.servlet.request.X509Certificateattribute
Why the attribute 'javax.servlet.request.X509Certificate' return an array of X509Certificate. I don't understand how it's possible because when my client choose an certificate, he chooses only one... For my test array contain always one element... so is it an specification to anticipate the future ? Best Regards The type is javax.servlet.request.X509Certificate[] ?? ie an array not a single instance.. [EMAIL PROTECTED] on 18/12/2000 05:03:48 Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] (bcc: Ken X Horn) Subject: RE:RE: Réf. : RE: X509 client certificate (Mr. McClanahan, please take a look at this) Excuse for my determination but my problem was not solve... After change my serveur.xml to clientAuth=true like Craig R. McClanahan said, I fall again on my first exception when I try to extract the certificate request because object associate with ùrequest attributes nameés 'javax.servlet.request.X509Certificate' aren't of well-known type java.security.cert.X509Certificate but [Ljava.security.cert.X509Certificate;@13a66f ! My snoop servlet give me this fragment information : Request attributes: filters.ExampleFilter.SERVLET_MAPPED = InvokerFilter(ApplicationFilterConfig[name=Servlet Mapped Filter, filterClass=filters.ExampleFilter]) javax.servlet.request.key-size = 40 javax.servlet.request.X509Certificate = [Ljava.security.cert.X509Certificate;@13a66f filters.ExampleFilter.PATH_MAPPED = InvokerFilter(ApplicationFilterConfig[name=Path Mapped Filter, filterClass=filters.ExampleFilter]) javax.servlet.request.cipher-suite = SSL_RSA_EXPORT_WITH_RC4_40_MD5 and my catalina server crash on exception when I try to cast this strange objet to java.security.cert.X509Certificate Exception dans le traitement de la requête sécurisée : java.lang.ClassCastException: [Ljava.security.cert.X509Certificate; at SnoopServlet.doGet(SnoopServlet.java:68) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDisp Any idea? Best regards Jérôme Jérôme
RE: stupid question on array return by javax.servlet.request.X509Certificateattribute
The idea (I think) is to have the certificate chain in there. Your client certificate is signed by some authority which may, in turn, be signed by someone else and so on... So you could get your client certificate as the first element, the one who signed his certificate as the second and so on. Regards, Stefan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 18. desember 2000 16:16 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: stupid question on array return by javax.servlet.request.X509Certificateattribute Why the attribute 'javax.servlet.request.X509Certificate' return an array of X509Certificate. I don't understand how it's possible because when my client choose an certificate, he chooses only one... For my test array contain always one element... so is it an specification to anticipate the future ? Best Regards The type is javax.servlet.request.X509Certificate[] ?? ie an array not a single instance.. [EMAIL PROTECTED] on 18/12/2000 05:03:48 Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] (bcc: Ken X Horn) Subject: RE:RE: Réf. : RE: X509 client certificate (Mr. McClanahan, please take a look at this) Excuse for my determination but my problem was not solve... After change my serveur.xml to clientAuth="true" like Craig R. McClanahan said, I fall again on my first exception when I try to extract the certificate request because object associate with ùrequest attributes nameés 'javax.servlet.request.X509Certificate' aren't of well-known type java.security.cert.X509Certificate but [Ljava.security.cert.X509Certificate;@13a66f ! My snoop servlet give me this fragment information : Request attributes: filters.ExampleFilter.SERVLET_MAPPED = InvokerFilter(ApplicationFilterConfig[name=Servlet Mapped Filter, filterClass=filters.ExampleFilter]) javax.servlet.request.key-size = 40 javax.servlet.request.X509Certificate = [Ljava.security.cert.X509Certificate;@13a66f filters.ExampleFilter.PATH_MAPPED = InvokerFilter(ApplicationFilterConfig[name=Path Mapped Filter, filterClass=filters.ExampleFilter]) javax.servlet.request.cipher-suite = SSL_RSA_EXPORT_WITH_RC4_40_MD5 and my catalina server crash on exception when I try to cast this strange objet to java.security.cert.X509Certificate Exception dans le traitement de la requête sécurisée : java.lang.ClassCastException: [Ljava.security.cert.X509Certificate; at SnoopServlet.doGet(SnoopServlet.java:68) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDisp. ... Any idea? Best regards Jérôme Jérôme
Re: stupid question on array return by javax.servlet.request.X509Certificateattribute
[EMAIL PROTECTED] wrote: Why the attribute 'javax.servlet.request.X509Certificate' return an array of X509Certificate. I don't understand how it's possible because when my client choose an certificate, he chooses only one... For my test array contain always one element... so is it an specification to anticipate the future ? The first element in the returned array will be the client certificate itself. However, if you acquired that certificate from a Certificate Authority (CA), the second element will be the certificate of the CA who vouches for the authenticity of the client certificate. If that CA is vouched for by someone else, ... the chain continues. That is why you need an array. Best Regards >>The type is javax.servlet.request.X509Certificate[] ?? ie an array not a >>single instance.. Craig McClanahan