Solved

Client Authentication using SSL

Posted on 2002-03-19
7
343 Views
Last Modified: 2013-11-24
Hi,

I am using Tomcat 4.0.1 & I have configured Tomcat with a trial SSL Certificate. I configured Tomcat to accept Client Certificates in SSL Handshake. This is also working fine. Now if I need to validate this client certificate, how do I receive it at the Tomcat Server and validate the certificate. I want to know how a certificate can be retrieved by a Servlet on Tomcat incase of Client Authentication.

Please help me asap.

Thanks & Regards,

..Raj
0
Comment
Question by:raj2476
7 Comments
 

Expert Comment

by:senya
ID: 6881156
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;


try {
 FileInputStream fis   = new FileInputStream(CRLfile);

 CertificateFactory cf = CertificateFactory.getInstance("X.509");

 X509CRL CRLList = (X509CRL)cf.generateCRL(fis);
 fis.close();
}
catch()...

....
try {

String cipherSuite = (String) request.getAttribute("javax.net.ssl.cipher_suite");
out.println("Cipher Suite: " + cipherSuite);

if (cipherSuite != null) {
   X509Certificate certChain[] =(X509Certificate[])
request.getAttribute("javax.net.ssl.peer_certificates");
   if (certChain != null) {
      for (int i = 0; i < certChain.length; i++) {
         out.println ("Client Cert [" + i + "] = " + certChain[i].toString());
      }

      // This could throw InvalidCert exceptions:
      certChain[0].checkValidity();
   
     if (CRLList != null && CRLList.isRevoked(certChain[0]))
        throw new Exception("Revoked SSL Certificate");
     }
}
   catch (CertificateExpiredException cee) {
     throw new Exception("Expired SSL Certificate");
  }
   catch (CertificateNotYetValidException cnyve) {
     throw new Exception("Invalid SSL Certificate");
  }
   catch (Exception e) {
    if (e.getMessage().equals("Revoked SSL Certificate") ||
        e.getMessage().equals("Non-SSL access disabled"))
       throw e;
    else
       throw new Exception("Invalid SSL Certificate");

# UPDATE TOMCAT--START
include H:/httpd/jakarta-tomcat-3.3/conf/auto/mod_jk.conf

# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

# UPDATE TOMCAT--END

0
 

Author Comment

by:raj2476
ID: 6881804
Senya,

Thanks a lot for that answer. But the problem is I am using Tomcat 4.0.1 in which you dont have any configuration files said by you. For ex: "H:/httpd/jakarta-tomcat-3.3/conf/auto/mod_jk.conf". I guess you need to modify only server.xml in Tomcat 4.0.1. SSL is working fine for me on this server. I have put your code & when I execute, I get all the values "Null". This is how the connector looks in server.xml

    <!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
   
    <Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
            acceptCount="10" debug="0" scheme="https" secure="true">
      <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
               clientAuth="true" protocol="TLS"/>
    </Connector>

Do I need to do any more changees?? Please let me know asap becoz this is very urgent for me.

Regards,

..Raj
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6956680
Please click this link and update/finalize your open and locked questions.  If this LOCKED question does not serve your needs, please REJECT it.

http://www.experts-exchange.com/jsp/memberProfile.jsp?mbr=raj2476&showQHistory=true

Moondancer - EE Moderator
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:raj2476
ID: 6957334
This solution may work for Tomcat 3.x. But for 4.x it does not give any clue for me. I have replied the same, but no further answer from Senya. So the answer is not useful for me.
0
 

Author Comment

by:raj2476
ID: 6957336
It has been a long time since I asked the question. I worked out on my own & got the solution.
0
 
LVL 1

Accepted Solution

by:
Moondancer earned 0 total points
ID: 6957816
200 points have been refunded to you since, as you say, you found your own solution.  This question has been moved to our PAQ to close it.  Since you did find the solution, you would help others by adding it here.

Listening further.

Thanks,
Moondancer - EE Moderator
0
 

Expert Comment

by:pleasure
ID: 12037782
hi raj,
since u adi found the solution.. why not u post it here and share it qith all of us...
thanks..:-)
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
servlet doXXX methods 3 48
print map entry 34 67
nextBoolean(double p) for Random class 3 40
Convert from a json string array to a Java object 3 28
For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question