Re: Get Client Certificate Information

[Christopher Schultz]

Cris,

On 6/29/23 08:34, Berneburg, Cris J. - US wrote:

Hi Timothy

Sorry, I'm a little late to the party for a reply.

On an older project, when pulling cert info (using javax), we grabbed it from the 
session, not the request, even though the attribute name says "request".

HttpSession session = httpRequest.getSession();
Object rawSubject = session.getAttribute ( 
"javax.servlet.request.X509Certificate" );

Not sure if that's relevant to or helps with your situation.



Your application must have done something like this, because what you 
have above isn't required by anything in the spec. Only the request is 
mentioned in the specs.


-chris


-Original Message-
From: Timothy Ward 
Sent: Wednesday, June 21, 2023 4:57 PM
To: Tomcat Users List 
Subject: Re: Get Client Certificate Information

EXTERNAL EMAIL - This email originated from outside of CACI. Do not click any 
links or attachments unless you recognize and trust the sender.





import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

public class GrabCert extends Object
{
  public static String getCommonName()
  {
   try
  {
   X509Certificate[] certs = (X509Certificate[]) 
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
  }
   catch (Exception ex)
{
 System.out.println("Exception caught in getCommonName:");
 ex.printStackTrace();
}
  }
}

This end up getting:

[Error]  (1: 0): GrabCert:48: error: cannot find symbol
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
[Error]  (1: 0): ^
[Error]  (1: 0):   symbol:   method HttpServletRequest()
[Error]  (1: 0):   location: class GrabCert
[Error]  (1: 0): 1 error


On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz < 
ch...@christopherschultz.net> wrote:


Timothy,

On 6/21/23 13:55, Timothy Ward wrote:

Not sure it's lined up right, lost in copy/paste I think, the ^
seems to

be

initially under the (X509Certificate[]) right before the
getHttpServletRequest(), so I thought it didn't like the
getHttpServletRequest itself, maybe it doesn't like the getAttribute

method.

The compiler tells you 100% it's getHttpServletRequest.

You didn't post the rest of the code, so we have no idea what kind of
class this code exists in. My guess is that whatever class this code
is in does not have a getHttpServletRequest() method to call.

If you can post more code, we may be able to help.

-chris


On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent 

wrote:






On Jun 21, 2023, at 11:29 AM, Timothy Ward


wrote:


I tried the following:

import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate; import
javax.security.cert.X509Certificate;

X509Certificate[] certs = (X509Certificate[])




getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
ificate");


and I'm getting:

[Error]  (1: 0): GrabCert:33: error: cannot find symbol,
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])




getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
ificate");,

[Error]  (1: 0): ^,
[Error]  (1: 0):   symbol:   method getHttpServletRequest(),
[Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error



If I lined that up correctly, it seems to be pointing at “getAttribute”.
Is your getHttpServletRequest giving you what you expect?


---
-- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






This electronic message contains information from CACI International Inc or 
subsidiary companies, which may be company sensitive, proprietary, privileged 
or otherwise protected from disclosure. The information is intended to be used 
solely by the recipient(s) named above. If you are not an intended recipient, 
be aware that any review, disclosure, copying, distribution or use of this 
transmission or its contents is prohibited. If you have received this 
transmission in error, please notify the sender immediately.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Get Client Certificate Information

[Berneburg, Cris J. - US]

Hi Timothy

Sorry, I'm a little late to the party for a reply.

On an older project, when pulling cert info (using javax), we grabbed it from 
the session, not the request, even though the attribute name says "request".

HttpSession session = httpRequest.getSession();
Object rawSubject = session.getAttribute ( 
"javax.servlet.request.X509Certificate" );

Not sure if that's relevant to or helps with your situation.

--
Cris Berneburg
CACI Senior Software Engineer

-Original Message-
From: Timothy Ward 
Sent: Wednesday, June 21, 2023 4:57 PM
To: Tomcat Users List 
Subject: Re: Get Client Certificate Information

EXTERNAL EMAIL - This email originated from outside of CACI. Do not click any 
links or attachments unless you recognize and trust the sender.





import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

public class GrabCert extends Object
{
 public static String getCommonName()
 {
  try
 {
  X509Certificate[] certs = (X509Certificate[]) 
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
 }
  catch (Exception ex)
   {
System.out.println("Exception caught in getCommonName:");
ex.printStackTrace();
   }
 }
}

This end up getting:

[Error]  (1: 0): GrabCert:48: error: cannot find symbol
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
[Error]  (1: 0): ^
[Error]  (1: 0):   symbol:   method HttpServletRequest()
[Error]  (1: 0):   location: class GrabCert
[Error]  (1: 0): 1 error


On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz < 
ch...@christopherschultz.net> wrote:

> Timothy,
>
> On 6/21/23 13:55, Timothy Ward wrote:
> > Not sure it's lined up right, lost in copy/paste I think, the ^
> > seems to
> be
> > initially under the (X509Certificate[]) right before the
> > getHttpServletRequest(), so I thought it didn't like the
> > getHttpServletRequest itself, maybe it doesn't like the getAttribute
> method.
>
> The compiler tells you 100% it's getHttpServletRequest.
>
> You didn't post the rest of the code, so we have no idea what kind of
> class this code exists in. My guess is that whatever class this code
> is in does not have a getHttpServletRequest() method to call.
>
> If you can post more code, we may be able to help.
>
> -chris
>
> > On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent 
> wrote:
> >
> >>
> >>
> >>> On Jun 21, 2023, at 11:29 AM, Timothy Ward
> >>> 
> >> wrote:
> >>>
> >>> I tried the following:
> >>>
> >>> import javax.servlet.http.HttpServletRequest;
> >>> import javax.security.cert.Certificate; import
> >>> javax.security.cert.X509Certificate;
> >>>
> >>> X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
> ificate");
> >>>
> >>> and I'm getting:
> >>>
> >>> [Error]  (1: 0): GrabCert:33: error: cannot find symbol,
> >>> [Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Cert
> ificate");,
> >>> [Error]  (1: 0): ^,
> >>> [Error]  (1: 0):   symbol:   method getHttpServletRequest(),
> >>> [Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error
> >>>
> >>
> >> If I lined that up correctly, it seems to be pointing at “getAttribute”.
> >> Is your getHttpServletRequest giving you what you expect?
> >>
> >>
> >> ---
> >> -- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



This electronic message contains information from CACI International Inc or 
subsidiary companies, which may be company sensitive, proprietary, privileged 
or otherwise protected from disclosure. The information is intended to be used 
solely by the recipient(s) named above. If you are not an intended recipient, 
be aware that any review, disclosure, copying, distribution or use of this 
transmission or its contents is prohibited. If you have received this 
transmission in error, please notify the sender immediately.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get Client Certificate Information

[Timothy Ward]

The compile actually created 4 .class files:

CGIServlet$CGIEnvironment.class
CGIServlet$CGIRunner.class
CGIServlet$HTTPHeaderInputStream.class
CGIServlet.class

So, I combined them into CGIServlet.jar

I'll look at ant deploy.

On Thu, Jun 22, 2023 at 5:29 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Timothy,
>
> On 6/22/23 14:01, Timothy Ward wrote:
> > I am trying to go the route of modifying the CGIServlet from:  h
> > ttps://
> github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> > <
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> >
> >
> > I got it to compile with my changes and then all the .class files are in
> a
> > CGIServlet.jar file.
> >
> > This may sound stupid, but I've looked around, but for the life of me I
> > don't know what to do with the jar file now.
>
> It would be best to replace CGIServlet.class in catalina.jar. Remember
> it's actually org/apache/catalina/servlets/CGIServlet.class in the JAR
> file.
>
> If you are building Tomcat from source, if you just run "ant deploy"
> you'll get a catalina.jar file that already has everything you need. In
> fact, you'll get a Tomcat deployment (in output/build) that you can use
> directly if you'd like.
>
> -chris
>
> > On Thu, Jun 22, 2023 at 10:04 AM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> >> Timothy,
> >>
> >> On 6/21/23 16:56, Timothy Ward wrote:
> >>> import javax.servlet.http.HttpServletRequest;
> >>> import javax.security.cert.Certificate;
> >>> import javax.security.cert.X509Certificate;
> >>>
> >>> public class GrabCert extends Object
> >>> {
> >>>public static String getCommonName()
> >>>{
> >>> try
> >>>{
> >>> X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>}
> >>> catch (Exception ex)
> >>>  {
> >>>   System.out.println("Exception caught in getCommonName:");
> >>>   ex.printStackTrace();
> >>>  }
> >>>}
> >>> }
> >>>
> >>> This end up getting:
> >>>
> >>> [Error]  (1: 0): GrabCert:48: error: cannot find symbol
> >>> [Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>> [Error]  (1: 0): ^
> >>> [Error]  (1: 0):   symbol:   method HttpServletRequest()
> >>> [Error]  (1: 0):   location: class GrabCert
> >>> [Error]  (1: 0): 1 error
> >>
> >> Yeah, that method just doesn't exist. Your GrabCert class I guess needs
> >> a getHttpServletRequest method, and something needs to inject the
> >> request into the object as well.
> >>
> >> I think your class needs a lot more support than what you have there.
> >>
> >> -chris
> >>
> >>> On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
> >>> ch...@christopherschultz.net> wrote:
> >>>
>  Timothy,
> 
>  On 6/21/23 13:55, Timothy Ward wrote:
> > Not sure it's lined up right, lost in copy/paste I think, the ^ seems
> >> to
>  be
> > initially under the (X509Certificate[]) right before the
> > getHttpServletRequest(), so I thought it didn't like the
> > getHttpServletRequest itself, maybe it doesn't like the getAttribute
>  method.
> 
>  The compiler tells you 100% it's getHttpServletRequest.
> 
>  You didn't post the rest of the code, so we have no idea what kind of
>  class this code exists in. My guess is that whatever class this code
> is
>  in does not have a getHttpServletRequest() method to call.
> 
>  If you can post more code, we may be able to help.
> 
>  -chris
> 
> > On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent 
>  wrote:
> >
> >>
> >>
> >>> On Jun 21, 2023, at 11:29 AM, Timothy Ward  >
> >> wrote:
> >>>
> >>> I tried the following:
> >>>
> >>> import javax.servlet.http.HttpServletRequest;
> >>> import javax.security.cert.Certificate;
> >>> import javax.security.cert.X509Certificate;
> >>>
> >>> X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> 
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>
> >>> and I'm getting:
> >>>
> >>> [Error]  (1: 0): GrabCert:33: error: cannot find symbol,
> >>> [Error]  (1: 0):   X509Certificate[] certs =
> (X509Certificate[])
> >>>
> >>
> 
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> >>> [Error]  (1: 0):
> >>   ^,
> >>> [Error]  (1: 0):   symbol:   method getHttpServletRequest(),
> >>> [Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1
> error
> >>>
> >>
> >> If I lined that up correctly, it seems to be pointing at
> >> “getAttribute”.
> >> Is your 

Re: Get Client Certificate Information

[Christopher Schultz]

Timothy,

On 6/22/23 14:01, Timothy Ward wrote:

I am trying to go the route of modifying the CGIServlet from:  h
ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771


I got it to compile with my changes and then all the .class files are in a
CGIServlet.jar file.

This may sound stupid, but I've looked around, but for the life of me I
don't know what to do with the jar file now.


It would be best to replace CGIServlet.class in catalina.jar. Remember 
it's actually org/apache/catalina/servlets/CGIServlet.class in the JAR file.


If you are building Tomcat from source, if you just run "ant deploy" 
you'll get a catalina.jar file that already has everything you need. In 
fact, you'll get a Tomcat deployment (in output/build) that you can use 
directly if you'd like.


-chris


On Thu, Jun 22, 2023 at 10:04 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:


Timothy,

On 6/21/23 16:56, Timothy Ward wrote:

import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

public class GrabCert extends Object
{
   public static String getCommonName()
   {
try
   {
X509Certificate[] certs = (X509Certificate[])


HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");

   }
catch (Exception ex)
 {
  System.out.println("Exception caught in getCommonName:");
  ex.printStackTrace();
 }
   }
}

This end up getting:

[Error]  (1: 0): GrabCert:48: error: cannot find symbol
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])


HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");

[Error]  (1: 0): ^
[Error]  (1: 0):   symbol:   method HttpServletRequest()
[Error]  (1: 0):   location: class GrabCert
[Error]  (1: 0): 1 error


Yeah, that method just doesn't exist. Your GrabCert class I guess needs
a getHttpServletRequest method, and something needs to inject the
request into the object as well.

I think your class needs a lot more support than what you have there.

-chris


On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:


Timothy,

On 6/21/23 13:55, Timothy Ward wrote:

Not sure it's lined up right, lost in copy/paste I think, the ^ seems

to

be

initially under the (X509Certificate[]) right before the
getHttpServletRequest(), so I thought it didn't like the
getHttpServletRequest itself, maybe it doesn't like the getAttribute

method.

The compiler tells you 100% it's getHttpServletRequest.

You didn't post the rest of the code, so we have no idea what kind of
class this code exists in. My guess is that whatever class this code is
in does not have a getHttpServletRequest() method to call.

If you can post more code, we may be able to help.

-chris


On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent 

wrote:






On Jun 21, 2023, at 11:29 AM, Timothy Ward 

wrote:


I tried the following:

import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

X509Certificate[] certs = (X509Certificate[])






getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");


and I'm getting:

[Error]  (1: 0): GrabCert:33: error: cannot find symbol,
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])






getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,

[Error]  (1: 0):

  ^,

[Error]  (1: 0):   symbol:   method getHttpServletRequest(),
[Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error



If I lined that up correctly, it seems to be pointing at

“getAttribute”.

Is your getHttpServletRequest giving you what you expect?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get Client Certificate Information

[Timothy Ward]

I am trying to go the route of modifying the CGIServlet from:  h
ttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771


I got it to compile with my changes and then all the .class files are in a
CGIServlet.jar file.

This may sound stupid, but I've looked around, but for the life of me I
don't know what to do with the jar file now.



On Thu, Jun 22, 2023 at 10:04 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Timothy,
>
> On 6/21/23 16:56, Timothy Ward wrote:
> > import javax.servlet.http.HttpServletRequest;
> > import javax.security.cert.Certificate;
> > import javax.security.cert.X509Certificate;
> >
> > public class GrabCert extends Object
> > {
> >   public static String getCommonName()
> >   {
> >try
> >   {
> >X509Certificate[] certs = (X509Certificate[])
> >
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >   }
> >catch (Exception ex)
> > {
> >  System.out.println("Exception caught in getCommonName:");
> >  ex.printStackTrace();
> > }
> >   }
> > }
> >
> > This end up getting:
> >
> > [Error]  (1: 0): GrabCert:48: error: cannot find symbol
> > [Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
> >
> HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> > [Error]  (1: 0): ^
> > [Error]  (1: 0):   symbol:   method HttpServletRequest()
> > [Error]  (1: 0):   location: class GrabCert
> > [Error]  (1: 0): 1 error
>
> Yeah, that method just doesn't exist. Your GrabCert class I guess needs
> a getHttpServletRequest method, and something needs to inject the
> request into the object as well.
>
> I think your class needs a lot more support than what you have there.
>
> -chris
>
> > On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> >> Timothy,
> >>
> >> On 6/21/23 13:55, Timothy Ward wrote:
> >>> Not sure it's lined up right, lost in copy/paste I think, the ^ seems
> to
> >> be
> >>> initially under the (X509Certificate[]) right before the
> >>> getHttpServletRequest(), so I thought it didn't like the
> >>> getHttpServletRequest itself, maybe it doesn't like the getAttribute
> >> method.
> >>
> >> The compiler tells you 100% it's getHttpServletRequest.
> >>
> >> You didn't post the rest of the code, so we have no idea what kind of
> >> class this code exists in. My guess is that whatever class this code is
> >> in does not have a getHttpServletRequest() method to call.
> >>
> >> If you can post more code, we may be able to help.
> >>
> >> -chris
> >>
> >>> On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent 
> >> wrote:
> >>>
> 
> 
> > On Jun 21, 2023, at 11:29 AM, Timothy Ward 
>  wrote:
> >
> > I tried the following:
> >
> > import javax.servlet.http.HttpServletRequest;
> > import javax.security.cert.Certificate;
> > import javax.security.cert.X509Certificate;
> >
> > X509Certificate[] certs = (X509Certificate[])
> >
> 
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >
> > and I'm getting:
> >
> > [Error]  (1: 0): GrabCert:33: error: cannot find symbol,
> > [Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
> >
> 
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> > [Error]  (1: 0):
>  ^,
> > [Error]  (1: 0):   symbol:   method getHttpServletRequest(),
> > [Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error
> >
> 
>  If I lined that up correctly, it seems to be pointing at
> “getAttribute”.
>  Is your getHttpServletRequest giving you what you expect?
> 
> 
>  -
>  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>  For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> >>>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Get Client Certificate Information

[Christopher Schultz]

Timothy,

On 6/21/23 16:56, Timothy Ward wrote:

import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

public class GrabCert extends Object
{
  public static String getCommonName()
  {
   try
  {
   X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
  }
   catch (Exception ex)
{
 System.out.println("Exception caught in getCommonName:");
 ex.printStackTrace();
}
  }
}

This end up getting:

[Error]  (1: 0): GrabCert:48: error: cannot find symbol
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
[Error]  (1: 0): ^
[Error]  (1: 0):   symbol:   method HttpServletRequest()
[Error]  (1: 0):   location: class GrabCert
[Error]  (1: 0): 1 error


Yeah, that method just doesn't exist. Your GrabCert class I guess needs 
a getHttpServletRequest method, and something needs to inject the 
request into the object as well.


I think your class needs a lot more support than what you have there.

-chris


On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:


Timothy,

On 6/21/23 13:55, Timothy Ward wrote:

Not sure it's lined up right, lost in copy/paste I think, the ^ seems to

be

initially under the (X509Certificate[]) right before the
getHttpServletRequest(), so I thought it didn't like the
getHttpServletRequest itself, maybe it doesn't like the getAttribute

method.

The compiler tells you 100% it's getHttpServletRequest.

You didn't post the rest of the code, so we have no idea what kind of
class this code exists in. My guess is that whatever class this code is
in does not have a getHttpServletRequest() method to call.

If you can post more code, we may be able to help.

-chris


On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent 

wrote:






On Jun 21, 2023, at 11:29 AM, Timothy Ward 

wrote:


I tried the following:

import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

X509Certificate[] certs = (X509Certificate[])




getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");


and I'm getting:

[Error]  (1: 0): GrabCert:33: error: cannot find symbol,
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])




getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,

[Error]  (1: 0): ^,
[Error]  (1: 0):   symbol:   method getHttpServletRequest(),
[Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error



If I lined that up correctly, it seems to be pointing at “getAttribute”.
Is your getHttpServletRequest giving you what you expect?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get Client Certificate Information

[Timothy Ward]

import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

public class GrabCert extends Object
{
 public static String getCommonName()
 {
  try
 {
  X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
 }
  catch (Exception ex)
   {
System.out.println("Exception caught in getCommonName:");
ex.printStackTrace();
   }
 }
}

This end up getting:

[Error]  (1: 0): GrabCert:48: error: cannot find symbol
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
HttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
[Error]  (1: 0): ^
[Error]  (1: 0):   symbol:   method HttpServletRequest()
[Error]  (1: 0):   location: class GrabCert
[Error]  (1: 0): 1 error


On Wed, Jun 21, 2023 at 2:32 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Timothy,
>
> On 6/21/23 13:55, Timothy Ward wrote:
> > Not sure it's lined up right, lost in copy/paste I think, the ^ seems to
> be
> > initially under the (X509Certificate[]) right before the
> > getHttpServletRequest(), so I thought it didn't like the
> > getHttpServletRequest itself, maybe it doesn't like the getAttribute
> method.
>
> The compiler tells you 100% it's getHttpServletRequest.
>
> You didn't post the rest of the code, so we have no idea what kind of
> class this code exists in. My guess is that whatever class this code is
> in does not have a getHttpServletRequest() method to call.
>
> If you can post more code, we may be able to help.
>
> -chris
>
> > On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent 
> wrote:
> >
> >>
> >>
> >>> On Jun 21, 2023, at 11:29 AM, Timothy Ward 
> >> wrote:
> >>>
> >>> I tried the following:
> >>>
> >>> import javax.servlet.http.HttpServletRequest;
> >>> import javax.security.cert.Certificate;
> >>> import javax.security.cert.X509Certificate;
> >>>
> >>> X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>
> >>> and I'm getting:
> >>>
> >>> [Error]  (1: 0): GrabCert:33: error: cannot find symbol,
> >>> [Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> >>> [Error]  (1: 0): ^,
> >>> [Error]  (1: 0):   symbol:   method getHttpServletRequest(),
> >>> [Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error
> >>>
> >>
> >> If I lined that up correctly, it seems to be pointing at “getAttribute”.
> >> Is your getHttpServletRequest giving you what you expect?
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Get Client Certificate Information

[Martynas Jusevičius]

Sorry, getHttpServletRequest() came from my code :) It’s not a Jakarta
method.

In JAX-RS frameworks such as Jersey you can use @Context or @Inject
annotations to get request and servlet context objects (such as
HttpServletRequest):
https://jakarta.ee/specifications/dependency-injection/2.0/apidocs/jakarta/inject/inject


On Wed, 21 Jun 2023 at 20.32, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Timothy,
>
> On 6/21/23 13:55, Timothy Ward wrote:
> > Not sure it's lined up right, lost in copy/paste I think, the ^ seems to
> be
> > initially under the (X509Certificate[]) right before the
> > getHttpServletRequest(), so I thought it didn't like the
> > getHttpServletRequest itself, maybe it doesn't like the getAttribute
> method.
>
> The compiler tells you 100% it's getHttpServletRequest.
>
> You didn't post the rest of the code, so we have no idea what kind of
> class this code exists in. My guess is that whatever class this code is
> in does not have a getHttpServletRequest() method to call.
>
> If you can post more code, we may be able to help.
>
> -chris
>
> > On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent 
> wrote:
> >
> >>
> >>
> >>> On Jun 21, 2023, at 11:29 AM, Timothy Ward 
> >> wrote:
> >>>
> >>> I tried the following:
> >>>
> >>> import javax.servlet.http.HttpServletRequest;
> >>> import javax.security.cert.Certificate;
> >>> import javax.security.cert.X509Certificate;
> >>>
> >>> X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>
> >>> and I'm getting:
> >>>
> >>> [Error]  (1: 0): GrabCert:33: error: cannot find symbol,
> >>> [Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
> >>>
> >>
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> >>> [Error]  (1: 0): ^,
> >>> [Error]  (1: 0):   symbol:   method getHttpServletRequest(),
> >>> [Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error
> >>>
> >>
> >> If I lined that up correctly, it seems to be pointing at “getAttribute”.
> >> Is your getHttpServletRequest giving you what you expect?
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Get Client Certificate Information

[Christopher Schultz]

Timothy,

On 6/21/23 13:55, Timothy Ward wrote:

Not sure it's lined up right, lost in copy/paste I think, the ^ seems to be
initially under the (X509Certificate[]) right before the
getHttpServletRequest(), so I thought it didn't like the
getHttpServletRequest itself, maybe it doesn't like the getAttribute method.


The compiler tells you 100% it's getHttpServletRequest.

You didn't post the rest of the code, so we have no idea what kind of 
class this code exists in. My guess is that whatever class this code is 
in does not have a getHttpServletRequest() method to call.


If you can post more code, we may be able to help.

-chris


On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent  wrote:





On Jun 21, 2023, at 11:29 AM, Timothy Ward 

wrote:


I tried the following:

import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

X509Certificate[] certs = (X509Certificate[])


getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");


and I'm getting:

[Error]  (1: 0): GrabCert:33: error: cannot find symbol,
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])


getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,

[Error]  (1: 0): ^,
[Error]  (1: 0):   symbol:   method getHttpServletRequest(),
[Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error



If I lined that up correctly, it seems to be pointing at “getAttribute”.
Is your getHttpServletRequest giving you what you expect?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get Client Certificate Information

[Timothy Ward]

I'm attempting to run this from within Oracle 19c, so I believe that is
throwing a whole other wrinkle in there.

On Wed, Jun 21, 2023 at 1:48 PM Mark Thomas  wrote:

>
>
> On 21/06/2023 18:29, Timothy Ward wrote:
> > I tried the following:
> >
> > import javax.servlet.http.HttpServletRequest;
>
> If you are using the Java EE imports ...
>
> > import javax.security.cert.Certificate;
> > import javax.security.cert.X509Certificate;
> >
> > X509Certificate[] certs = (X509Certificate[])
> >
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>
> ... you should be using the Java EE attribute names. Replace "jakarta"
> with "javax".
>
> It should still compile though, even with the wrong attribute name. Is
> the ORDS related? I'm not familiar with that tool so I don't know what
> might be going on.
>
> Mark
>
> >
> > and I'm getting:
> >
> > [Error]  (1: 0): GrabCert:33: error: cannot find symbol,
> > [Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
> >
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> > [Error]  (1: 0): ^,
> > [Error]  (1: 0):   symbol:   method getHttpServletRequest(),
> > [Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error
> >
> > I've tried various other versions as well after googling it and haven't
> > been able to get anything to compile.
> >
> > On Mon, Jun 12, 2023 at 12:11 PM Mark Thomas  wrote:
> >
> >> On 12/06/2023 12:00, Timothy Ward wrote:
> >>> Changing the CGI Servlet may be the easiest route, but if I wanted to
> use
> >>> it as intended, I'm guessing I would use the original Java code that
> you
> >>> sent below?
> >>>
> >>> X509Certificate[] certs =
> >>>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>>
> >>>
> >>> I would just have to figure out how to do that within Oracle.
> >>
> >> That should get you the value with ORDS (I've never used ORDS). I don't
> >> think you'll be able to pass it to the CGI though.
> >>
> >> Mark
> >>
> >>
> >>>
> >>> On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas  wrote:
> >>>
>  If you decide to go the route of modifying Tomcat's CGI servlet, this
> is
>  probably where you'll want to add the TLS info:
> 
> 
> 
> >>
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> 
>  You should be able to copy the source of Tomcat's CGI servlet, modify
> as
>  required and then just deploy it as part of the web application the
> same
>  way you would any other servlet.
> 
>  Mark
> 
> 
>  On 12/06/2023 10:41, Timothy Ward wrote:
> > I'm converting an application from using Oracle Http Server which is
> a
> > version of Apache so I was just trying to keep the code close to the
>  same.
> >
> > It is going to use Tomcat and ORDS.  We've got ORDS working and are
> >> just
> > setting up Tomcat to do the SSL stuff we needed to do.
> >
> > I was using the SSLOptions +StdEnvVars settings that would set the
> > variables I needed as environment variables that I could then pick up
> >> in
> > Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
> >
> > So, I guess if there is a different way of doing that without using
> CGI
> > Environment variables I can try that.  I'm just having issues finding
> >> any
> > useful examples of what I want to do.
> >
> > Thanks for your help, it is really appreciated.
> >
> > On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas 
> wrote:
> >
> >> The information you are looking for is not made available via
> Tomcat's
> >> standard CGI servlet. You would need to extend it and add the
> >> certificate information as an additional environment variable (or
> >> variables).
> >>
> >> Do you need to use CGI? It is fairly unusual to see CGI mention on
> >> this
> >> list these days.
> >>
> >> Mark
> >>
> >>
> >> On 11/06/2023 22:56, Timothy Ward wrote:
> >>> Doesn't seem to work via perl, where would I have to use that line
> of
> >> code?
> >>>
> >>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> >> marty...@atomgraph.com>
> >>> wrote:
> >>>
>  You can get client certificates from ServletRequest:
> 
>  X509Certificate[] certs =
> 
> 
> >>
> 
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> 
> 
> 
> >>
> 
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> 
>  On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <
> >> twardbite...@gmail.com
> >
>  wrote:
> >
> > Tomcat 10.1 setup using 

Re: Get Client Certificate Information

[Timothy Ward]

Not sure it's lined up right, lost in copy/paste I think, the ^ seems to be
initially under the (X509Certificate[]) right before the
getHttpServletRequest(), so I thought it didn't like the
getHttpServletRequest itself, maybe it doesn't like the getAttribute method.

On Wed, Jun 21, 2023 at 1:52 PM Rob Sargent  wrote:

>
>
> > On Jun 21, 2023, at 11:29 AM, Timothy Ward 
> wrote:
> >
> > I tried the following:
> >
> > import javax.servlet.http.HttpServletRequest;
> > import javax.security.cert.Certificate;
> > import javax.security.cert.X509Certificate;
> >
> > X509Certificate[] certs = (X509Certificate[])
> >
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >
> > and I'm getting:
> >
> > [Error]  (1: 0): GrabCert:33: error: cannot find symbol,
> > [Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
> >
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> > [Error]  (1: 0): ^,
> > [Error]  (1: 0):   symbol:   method getHttpServletRequest(),
> > [Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error
> >
>
> If I lined that up correctly, it seems to be pointing at “getAttribute”.
> Is your getHttpServletRequest giving you what you expect?
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Get Client Certificate Information

[Rob Sargent]

> On Jun 21, 2023, at 11:29 AM, Timothy Ward  wrote:
> 
> I tried the following:
> 
> import javax.servlet.http.HttpServletRequest;
> import javax.security.cert.Certificate;
> import javax.security.cert.X509Certificate;
> 
> X509Certificate[] certs = (X509Certificate[])
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> 
> and I'm getting:
> 
> [Error]  (1: 0): GrabCert:33: error: cannot find symbol,
> [Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
> getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
> [Error]  (1: 0): ^,
> [Error]  (1: 0):   symbol:   method getHttpServletRequest(),
> [Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error
> 

If I lined that up correctly, it seems to be pointing at “getAttribute”. Is 
your getHttpServletRequest giving you what you expect?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get Client Certificate Information

[Mark Thomas]

On 21/06/2023 18:29, Timothy Ward wrote:

I tried the following:

import javax.servlet.http.HttpServletRequest;


If you are using the Java EE imports ...


import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");


... you should be using the Java EE attribute names. Replace "jakarta" 
with "javax".


It should still compile though, even with the wrong attribute name. Is 
the ORDS related? I'm not familiar with that tool so I don't know what 
might be going on.


Mark



and I'm getting:

[Error]  (1: 0): GrabCert:33: error: cannot find symbol,
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
[Error]  (1: 0): ^,
[Error]  (1: 0):   symbol:   method getHttpServletRequest(),
[Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error

I've tried various other versions as well after googling it and haven't
been able to get anything to compile.

On Mon, Jun 12, 2023 at 12:11 PM Mark Thomas  wrote:


On 12/06/2023 12:00, Timothy Ward wrote:

Changing the CGI Servlet may be the easiest route, but if I wanted to use
it as intended, I'm guessing I would use the original Java code that you
sent below?

X509Certificate[] certs =


(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");



I would just have to figure out how to do that within Oracle.


That should get you the value with ORDS (I've never used ORDS). I don't
think you'll be able to pass it to the CGI though.

Mark




On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas  wrote:


If you decide to go the route of modifying Tomcat's CGI servlet, this is
probably where you'll want to add the TLS info:




https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771


You should be able to copy the source of Tomcat's CGI servlet, modify as
required and then just deploy it as part of the web application the same
way you would any other servlet.

Mark


On 12/06/2023 10:41, Timothy Ward wrote:

I'm converting an application from using Oracle Http Server which is a
version of Apache so I was just trying to keep the code close to the

same.


It is going to use Tomcat and ORDS.  We've got ORDS working and are

just

setting up Tomcat to do the SSL stuff we needed to do.

I was using the SSLOptions +StdEnvVars settings that would set the
variables I needed as environment variables that I could then pick up

in

Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');

So, I guess if there is a different way of doing that without using CGI
Environment variables I can try that.  I'm just having issues finding

any

useful examples of what I want to do.

Thanks for your help, it is really appreciated.

On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas  wrote:


The information you are looking for is not made available via Tomcat's
standard CGI servlet. You would need to extend it and add the
certificate information as an additional environment variable (or
variables).

Do you need to use CGI? It is fairly unusual to see CGI mention on

this

list these days.

Mark


On 11/06/2023 22:56, Timothy Ward wrote:

Doesn't seem to work via perl, where would I have to use that line of

code?


On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <

marty...@atomgraph.com>

wrote:


You can get client certificates from ServletRequest:

X509Certificate[] certs =







(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");









https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)


On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <

twardbite...@gmail.com



wrote:


Tomcat 10.1 setup using certificateVerification="required" on

Windows

Server 2019, is there a way to get the SSL_CLIENT_S_DN and

SSL_CLIENT_I_DN

via a CGI perl script?  I think I have the SSLValve valve

implemented,

but

there is nothing for sure that tells me that it is.

The browser prompts for the pin and authenticates just fine, I just

need

a

way to get some of the client certificate information.

Thanks,
Tim




-

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get Client Certificate Information

[Timothy Ward]

I tried the following:

import javax.servlet.http.HttpServletRequest;
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;

X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");

and I'm getting:

[Error]  (1: 0): GrabCert:33: error: cannot find symbol,
[Error]  (1: 0):   X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
[Error]  (1: 0): ^,
[Error]  (1: 0):   symbol:   method getHttpServletRequest(),
[Error]  (1: 0):   location: class GrabCert, [Error]  (1: 0): 1 error

I've tried various other versions as well after googling it and haven't
been able to get anything to compile.

On Mon, Jun 12, 2023 at 12:11 PM Mark Thomas  wrote:

> On 12/06/2023 12:00, Timothy Ward wrote:
> > Changing the CGI Servlet may be the easiest route, but if I wanted to use
> > it as intended, I'm guessing I would use the original Java code that you
> > sent below?
> >
> > X509Certificate[] certs =
> >
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >
> >
> > I would just have to figure out how to do that within Oracle.
>
> That should get you the value with ORDS (I've never used ORDS). I don't
> think you'll be able to pass it to the CGI though.
>
> Mark
>
>
> >
> > On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas  wrote:
> >
> >> If you decide to go the route of modifying Tomcat's CGI servlet, this is
> >> probably where you'll want to add the TLS info:
> >>
> >>
> >>
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
> >>
> >> You should be able to copy the source of Tomcat's CGI servlet, modify as
> >> required and then just deploy it as part of the web application the same
> >> way you would any other servlet.
> >>
> >> Mark
> >>
> >>
> >> On 12/06/2023 10:41, Timothy Ward wrote:
> >>> I'm converting an application from using Oracle Http Server which is a
> >>> version of Apache so I was just trying to keep the code close to the
> >> same.
> >>>
> >>> It is going to use Tomcat and ORDS.  We've got ORDS working and are
> just
> >>> setting up Tomcat to do the SSL stuff we needed to do.
> >>>
> >>> I was using the SSLOptions +StdEnvVars settings that would set the
> >>> variables I needed as environment variables that I could then pick up
> in
> >>> Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
> >>>
> >>> So, I guess if there is a different way of doing that without using CGI
> >>> Environment variables I can try that.  I'm just having issues finding
> any
> >>> useful examples of what I want to do.
> >>>
> >>> Thanks for your help, it is really appreciated.
> >>>
> >>> On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas  wrote:
> >>>
>  The information you are looking for is not made available via Tomcat's
>  standard CGI servlet. You would need to extend it and add the
>  certificate information as an additional environment variable (or
>  variables).
> 
>  Do you need to use CGI? It is fairly unusual to see CGI mention on
> this
>  list these days.
> 
>  Mark
> 
> 
>  On 11/06/2023 22:56, Timothy Ward wrote:
> > Doesn't seem to work via perl, where would I have to use that line of
>  code?
> >
> > On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
>  marty...@atomgraph.com>
> > wrote:
> >
> >> You can get client certificates from ServletRequest:
> >>
> >>X509Certificate[] certs =
> >>
> >>
> 
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>
> >>
> >>
> 
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> >>
> >> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <
> twardbite...@gmail.com
> >>>
> >> wrote:
> >>>
> >>> Tomcat 10.1 setup using certificateVerification="required" on
> Windows
> >>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> >> SSL_CLIENT_I_DN
> >>> via a CGI perl script?  I think I have the SSLValve valve
> >> implemented,
> >> but
> >>> there is nothing for sure that tells me that it is.
> >>>
> >>> The browser prompts for the pin and authenticates just fine, I just
>  need
> >> a
> >>> way to get some of the client certificate information.
> >>>
> >>> Thanks,
> >>> Tim
> >>
> >>
> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> 
>  -
>  To unsubscribe, e-mail: 

Re: Get Client Certificate Information

[Mark Thomas]

On 12/06/2023 12:00, Timothy Ward wrote:

Changing the CGI Servlet may be the easiest route, but if I wanted to use
it as intended, I'm guessing I would use the original Java code that you
sent below?

X509Certificate[] certs =
(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");


I would just have to figure out how to do that within Oracle.


That should get you the value with ORDS (I've never used ORDS). I don't 
think you'll be able to pass it to the CGI though.


Mark




On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas  wrote:


If you decide to go the route of modifying Tomcat's CGI servlet, this is
probably where you'll want to add the TLS info:


https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771

You should be able to copy the source of Tomcat's CGI servlet, modify as
required and then just deploy it as part of the web application the same
way you would any other servlet.

Mark


On 12/06/2023 10:41, Timothy Ward wrote:

I'm converting an application from using Oracle Http Server which is a
version of Apache so I was just trying to keep the code close to the

same.


It is going to use Tomcat and ORDS.  We've got ORDS working and are just
setting up Tomcat to do the SSL stuff we needed to do.

I was using the SSLOptions +StdEnvVars settings that would set the
variables I needed as environment variables that I could then pick up in
Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');

So, I guess if there is a different way of doing that without using CGI
Environment variables I can try that.  I'm just having issues finding any
useful examples of what I want to do.

Thanks for your help, it is really appreciated.

On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas  wrote:


The information you are looking for is not made available via Tomcat's
standard CGI servlet. You would need to extend it and add the
certificate information as an additional environment variable (or
variables).

Do you need to use CGI? It is fairly unusual to see CGI mention on this
list these days.

Mark


On 11/06/2023 22:56, Timothy Ward wrote:

Doesn't seem to work via perl, where would I have to use that line of

code?


On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <

marty...@atomgraph.com>

wrote:


You can get client certificates from ServletRequest:

   X509Certificate[] certs =





(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");







https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)


On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward 


wrote:


Tomcat 10.1 setup using certificateVerification="required" on Windows
Server 2019, is there a way to get the SSL_CLIENT_S_DN and

SSL_CLIENT_I_DN

via a CGI perl script?  I think I have the SSLValve valve

implemented,

but

there is nothing for sure that tells me that it is.

The browser prompts for the pin and authenticates just fine, I just

need

a

way to get some of the client certificate information.

Thanks,
Tim


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get Client Certificate Information

[Timothy Ward]

Changing the CGI Servlet may be the easiest route, but if I wanted to use
it as intended, I'm guessing I would use the original Java code that you
sent below?

X509Certificate[] certs =
(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");


I would just have to figure out how to do that within Oracle.

On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas  wrote:

> If you decide to go the route of modifying Tomcat's CGI servlet, this is
> probably where you'll want to add the TLS info:
>
>
> https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
>
> You should be able to copy the source of Tomcat's CGI servlet, modify as
> required and then just deploy it as part of the web application the same
> way you would any other servlet.
>
> Mark
>
>
> On 12/06/2023 10:41, Timothy Ward wrote:
> > I'm converting an application from using Oracle Http Server which is a
> > version of Apache so I was just trying to keep the code close to the
> same.
> >
> > It is going to use Tomcat and ORDS.  We've got ORDS working and are just
> > setting up Tomcat to do the SSL stuff we needed to do.
> >
> > I was using the SSLOptions +StdEnvVars settings that would set the
> > variables I needed as environment variables that I could then pick up in
> > Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
> >
> > So, I guess if there is a different way of doing that without using CGI
> > Environment variables I can try that.  I'm just having issues finding any
> > useful examples of what I want to do.
> >
> > Thanks for your help, it is really appreciated.
> >
> > On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas  wrote:
> >
> >> The information you are looking for is not made available via Tomcat's
> >> standard CGI servlet. You would need to extend it and add the
> >> certificate information as an additional environment variable (or
> >> variables).
> >>
> >> Do you need to use CGI? It is fairly unusual to see CGI mention on this
> >> list these days.
> >>
> >> Mark
> >>
> >>
> >> On 11/06/2023 22:56, Timothy Ward wrote:
> >>> Doesn't seem to work via perl, where would I have to use that line of
> >> code?
> >>>
> >>> On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> >> marty...@atomgraph.com>
> >>> wrote:
> >>>
>  You can get client certificates from ServletRequest:
> 
>    X509Certificate[] certs =
> 
> 
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> 
> 
> 
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> 
>  On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward  >
>  wrote:
> >
> > Tomcat 10.1 setup using certificateVerification="required" on Windows
> > Server 2019, is there a way to get the SSL_CLIENT_S_DN and
>  SSL_CLIENT_I_DN
> > via a CGI perl script?  I think I have the SSLValve valve
> implemented,
>  but
> > there is nothing for sure that tells me that it is.
> >
> > The browser prompts for the pin and authenticates just fine, I just
> >> need
>  a
> > way to get some of the client certificate information.
> >
> > Thanks,
> > Tim
> 
>  -
>  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>  For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> >>>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Get Client Certificate Information

[Mark Thomas]

If you decide to go the route of modifying Tomcat's CGI servlet, this is 
probably where you'll want to add the TLS info:


https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771

You should be able to copy the source of Tomcat's CGI servlet, modify as 
required and then just deploy it as part of the web application the same 
way you would any other servlet.


Mark


On 12/06/2023 10:41, Timothy Ward wrote:

I'm converting an application from using Oracle Http Server which is a
version of Apache so I was just trying to keep the code close to the same.

It is going to use Tomcat and ORDS.  We've got ORDS working and are just
setting up Tomcat to do the SSL stuff we needed to do.

I was using the SSLOptions +StdEnvVars settings that would set the
variables I needed as environment variables that I could then pick up in
Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');

So, I guess if there is a different way of doing that without using CGI
Environment variables I can try that.  I'm just having issues finding any
useful examples of what I want to do.

Thanks for your help, it is really appreciated.

On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas  wrote:


The information you are looking for is not made available via Tomcat's
standard CGI servlet. You would need to extend it and add the
certificate information as an additional environment variable (or
variables).

Do you need to use CGI? It is fairly unusual to see CGI mention on this
list these days.

Mark


On 11/06/2023 22:56, Timothy Ward wrote:

Doesn't seem to work via perl, where would I have to use that line of

code?


On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <

marty...@atomgraph.com>

wrote:


You can get client certificates from ServletRequest:

  X509Certificate[] certs =



(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");





https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)


On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward 
wrote:


Tomcat 10.1 setup using certificateVerification="required" on Windows
Server 2019, is there a way to get the SSL_CLIENT_S_DN and

SSL_CLIENT_I_DN

via a CGI perl script?  I think I have the SSLValve valve implemented,

but

there is nothing for sure that tells me that it is.

The browser prompts for the pin and authenticates just fine, I just

need

a

way to get some of the client certificate information.

Thanks,
Tim


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get Client Certificate Information

[Timothy Ward]

I'm converting an application from using Oracle Http Server which is a
version of Apache so I was just trying to keep the code close to the same.

It is going to use Tomcat and ORDS.  We've got ORDS working and are just
setting up Tomcat to do the SSL stuff we needed to do.

I was using the SSLOptions +StdEnvVars settings that would set the
variables I needed as environment variables that I could then pick up in
Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');

So, I guess if there is a different way of doing that without using CGI
Environment variables I can try that.  I'm just having issues finding any
useful examples of what I want to do.

Thanks for your help, it is really appreciated.

On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas  wrote:

> The information you are looking for is not made available via Tomcat's
> standard CGI servlet. You would need to extend it and add the
> certificate information as an additional environment variable (or
> variables).
>
> Do you need to use CGI? It is fairly unusual to see CGI mention on this
> list these days.
>
> Mark
>
>
> On 11/06/2023 22:56, Timothy Ward wrote:
> > Doesn't seem to work via perl, where would I have to use that line of
> code?
> >
> > On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
> marty...@atomgraph.com>
> > wrote:
> >
> >> You can get client certificates from ServletRequest:
> >>
> >>  X509Certificate[] certs =
> >>
> >>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
> >>
> >>
> >>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
> >>
> >> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward 
> >> wrote:
> >>>
> >>> Tomcat 10.1 setup using certificateVerification="required" on Windows
> >>> Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> >> SSL_CLIENT_I_DN
> >>> via a CGI perl script?  I think I have the SSLValve valve implemented,
> >> but
> >>> there is nothing for sure that tells me that it is.
> >>>
> >>> The browser prompts for the pin and authenticates just fine, I just
> need
> >> a
> >>> way to get some of the client certificate information.
> >>>
> >>> Thanks,
> >>> Tim
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Get Client Certificate Information

[Mark Thomas]

The information you are looking for is not made available via Tomcat's 
standard CGI servlet. You would need to extend it and add the 
certificate information as an additional environment variable (or 
variables).


Do you need to use CGI? It is fairly unusual to see CGI mention on this 
list these days.


Mark


On 11/06/2023 22:56, Timothy Ward wrote:

Doesn't seem to work via perl, where would I have to use that line of code?

On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius 
wrote:


You can get client certificates from ServletRequest:

 X509Certificate[] certs =

(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");


https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)

On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward 
wrote:


Tomcat 10.1 setup using certificateVerification="required" on Windows
Server 2019, is there a way to get the SSL_CLIENT_S_DN and

SSL_CLIENT_I_DN

via a CGI perl script?  I think I have the SSLValve valve implemented,

but

there is nothing for sure that tells me that it is.

The browser prompts for the pin and authenticates just fine, I just need

a

way to get some of the client certificate information.

Thanks,
Tim


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Get Client Certificate Information

[Timothy Ward]

Doesn't seem to work via perl, where would I have to use that line of code?

On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius 
wrote:

> You can get client certificates from ServletRequest:
>
> X509Certificate[] certs =
>
> (X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
>
>
> https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
>
> On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward 
> wrote:
> >
> > Tomcat 10.1 setup using certificateVerification="required" on Windows
> > Server 2019, is there a way to get the SSL_CLIENT_S_DN and
> SSL_CLIENT_I_DN
> > via a CGI perl script?  I think I have the SSLValve valve implemented,
> but
> > there is nothing for sure that tells me that it is.
> >
> > The browser prompts for the pin and authenticates just fine, I just need
> a
> > way to get some of the client certificate information.
> >
> > Thanks,
> > Tim
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Get Client Certificate Information

[Martynas Jusevičius]

You can get client certificates from ServletRequest:

X509Certificate[] certs =
(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");

https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)

On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward  wrote:
>
> Tomcat 10.1 setup using certificateVerification="required" on Windows
> Server 2019, is there a way to get the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN
> via a CGI perl script?  I think I have the SSLValve valve implemented, but
> there is nothing for sure that tells me that it is.
>
> The browser prompts for the pin and authenticates just fine, I just need a
> way to get some of the client certificate information.
>
> Thanks,
> Tim

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org