On 21/06/2023 18:29, Timothy Ward wrote:
I tried the following:
import javax.servlet.http.HttpServletRequest;
If you are using the Java EE imports ...
import javax.security.cert.Certificate;
import javax.security.cert.X509Certificate;
X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
... you should be using the Java EE attribute names. Replace "jakarta"
with "javax".
It should still compile though, even with the wrong attribute name. Is
the ORDS related? I'm not familiar with that tool so I don't know what
might be going on.
Mark
and I'm getting:
[Error] (1: 0): GrabCert:33: error: cannot find symbol,
[Error] (1: 0): X509Certificate[] certs = (X509Certificate[])
getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");,
[Error] (1: 0): ^,
[Error] (1: 0): symbol: method getHttpServletRequest(),
[Error] (1: 0): location: class GrabCert, [Error] (1: 0): 1 error
I've tried various other versions as well after googling it and haven't
been able to get anything to compile.
On Mon, Jun 12, 2023 at 12:11 PM Mark Thomas <ma...@apache.org> wrote:
On 12/06/2023 12:00, Timothy Ward wrote:
Changing the CGI Servlet may be the easiest route, but if I wanted to use
it as intended, I'm guessing I would use the original Java code that you
sent below?
X509Certificate[] certs =
(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
I would just have to figure out how to do that within Oracle.
That should get you the value with ORDS (I've never used ORDS). I don't
think you'll be able to pass it to the CGI though.
Mark
On Mon, Jun 12, 2023 at 6:17 AM Mark Thomas <ma...@apache.org> wrote:
If you decide to go the route of modifying Tomcat's CGI servlet, this is
probably where you'll want to add the TLS info:
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/CGIServlet.java#L771
You should be able to copy the source of Tomcat's CGI servlet, modify as
required and then just deploy it as part of the web application the same
way you would any other servlet.
Mark
On 12/06/2023 10:41, Timothy Ward wrote:
I'm converting an application from using Oracle Http Server which is a
version of Apache so I was just trying to keep the code close to the
same.
It is going to use Tomcat and ORDS. We've got ORDS working and are
just
setting up Tomcat to do the SSL stuff we needed to do.
I was using the SSLOptions +StdEnvVars settings that would set the
variables I needed as environment variables that I could then pick up
in
Oracle via OWA_UTIL.GET_CGI_ENV('SSL_CLIENT_S_DN');
So, I guess if there is a different way of doing that without using CGI
Environment variables I can try that. I'm just having issues finding
any
useful examples of what I want to do.
Thanks for your help, it is really appreciated.
On Mon, Jun 12, 2023 at 4:31 AM Mark Thomas <ma...@apache.org> wrote:
The information you are looking for is not made available via Tomcat's
standard CGI servlet. You would need to extend it and add the
certificate information as an additional environment variable (or
variables).
Do you need to use CGI? It is fairly unusual to see CGI mention on
this
list these days.
Mark
On 11/06/2023 22:56, Timothy Ward wrote:
Doesn't seem to work via perl, where would I have to use that line of
code?
On Sun, Jun 11, 2023 at 5:26 PM Martynas Jusevičius <
marty...@atomgraph.com>
wrote:
You can get client certificates from ServletRequest:
X509Certificate[] certs =
(X509Certificate[])getHttpServletRequest().getAttribute("jakarta.servlet.request.X509Certificate");
https://jakarta.ee/specifications/servlet/5.0/apidocs/jakarta/servlet/servletrequest#getAttribute(java.lang.String)
On Sun, Jun 11, 2023 at 11:20 PM Timothy Ward <
twardbite...@gmail.com
wrote:
Tomcat 10.1 setup using certificateVerification="required" on
Windows
Server 2019, is there a way to get the SSL_CLIENT_S_DN and
SSL_CLIENT_I_DN
via a CGI perl script? I think I have the SSLValve valve
implemented,
but
there is nothing for sure that tells me that it is.
The browser prompts for the pin and authenticates just fine, I just
need
a
way to get some of the client certificate information.
Thanks,
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
