Author: billbarker
Date: Sun Oct 5 16:43:00 2008
New Revision: 701902
URL: http://svn.apache.org/viewvc?rev=701902&view=rev
Log:
Add support for full client-cert chains to AJP
Modified:
tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
tomcat/trunk/java/org/apache/jk/core/MsgContext.java
Modified: tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java?rev=701902&r1=701901&r2=701902&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java Sun Oct 5
16:43:00 2008
@@ -542,19 +542,28 @@
new ByteArrayInputStream(certData.getBytes(),
certData.getStart(),
certData.getLength());
- // Fill the first element.
+ // Fill the elements.
try {
CertificateFactory cf =
CertificateFactory.getInstance("X.509");
- X509Certificate cert = (X509Certificate)
- cf.generateCertificate(bais);
- jsseCerts = new X509Certificate[1];
- jsseCerts[0] = cert;
- request.setAttribute(AprEndpoint.CERTIFICATE_KEY,
jsseCerts);
+ while(bais.available() > 0) {
+ X509Certificate cert = (X509Certificate)
+ cf.generateCertificate(bais);
+ if(jsseCerts == null) {
+ jsseCerts = new X509Certificate[1];
+ jsseCerts[0] = cert;
+ } else {
+ X509Certificate [] temp = new
X509Certificate[jsseCerts.length+1];
+
System.arraycopy(jsseCerts,0,temp,0,jsseCerts.length);
+ temp[jsseCerts.length] = cert;
+ jsseCerts = temp;
+ }
+ }
} catch (java.security.cert.CertificateException e) {
log.error(sm.getString("ajpprocessor.certs.fail"), e);
return;
}
+ request.setAttribute(AprEndpoint.CERTIFICATE_KEY, jsseCerts);
}
} else if (actionCode == ActionCode.ACTION_REQ_HOST_ATTRIBUTE) {
Modified: tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java?rev=701902&r1=701901&r2=701902&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java Sun Oct 5
16:43:00 2008
@@ -548,19 +548,28 @@
new ByteArrayInputStream(certData.getBytes(),
certData.getStart(),
certData.getLength());
- // Fill the first element.
+ // Fill the elements.
try {
CertificateFactory cf =
CertificateFactory.getInstance("X.509");
- X509Certificate cert = (X509Certificate)
- cf.generateCertificate(bais);
- jsseCerts = new X509Certificate[1];
- jsseCerts[0] = cert;
- request.setAttribute(JIoEndpoint.CERTIFICATE_KEY,
jsseCerts);
+ while(bais.available() > 0) {
+ X509Certificate cert = (X509Certificate)
+ cf.generateCertificate(bais);
+ if(jsseCerts == null) {
+ jsseCerts = new X509Certificate[1];
+ jsseCerts[0] = cert;
+ } else {
+ X509Certificate [] temp = new
X509Certificate[jsseCerts.length+1];
+
System.arraycopy(jsseCerts,0,temp,0,jsseCerts.length);
+ temp[jsseCerts.length] = cert;
+ jsseCerts = temp;
+ }
+ }
} catch (java.security.cert.CertificateException e) {
log.error(sm.getString("ajpprocessor.certs.fail"), e);
return;
}
+ request.setAttribute(JIoEndpoint.CERTIFICATE_KEY, jsseCerts);
}
} else if (actionCode == ActionCode.ACTION_REQ_HOST_ATTRIBUTE) {
Modified: tomcat/trunk/java/org/apache/jk/core/MsgContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jk/core/MsgContext.java?rev=701902&r1=701901&r2=701902&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jk/core/MsgContext.java (original)
+++ tomcat/trunk/java/org/apache/jk/core/MsgContext.java Sun Oct 5 16:43:00
2008
@@ -324,15 +324,24 @@
certData.getStart(),
certData.getLength());
- // Fill the first element.
+ // Fill the elements.
X509Certificate jsseCerts[] = null;
try {
CertificateFactory cf =
CertificateFactory.getInstance("X.509");
- X509Certificate cert = (X509Certificate)
- cf.generateCertificate(bais);
- jsseCerts = new X509Certificate[1];
- jsseCerts[0] = cert;
+ while(bais.available() > 0) {
+ X509Certificate cert = (X509Certificate)
+ cf.generateCertificate(bais);
+ if(jsseCerts == null) {
+ jsseCerts = new X509Certificate[1];
+ jsseCerts[0] = cert;
+ } else {
+ X509Certificate [] temp = new
X509Certificate[jsseCerts.length+1];
+
System.arraycopy(jsseCerts,0,temp,0,jsseCerts.length);
+ temp[jsseCerts.length] = cert;
+ jsseCerts = temp;
+ }
+ }
} catch(java.security.cert.CertificateException e) {
log.error("Certificate convertion failed" , e );
return;
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
