All geek questions in one place

Mutual Client Authentication Get Certificate in Servlet

I installed Tomcat 7.0 application server with mutual (client / server) authentication via SSL. To configure this configuration, I needed to create a .jks file for the server certificate and .pks in my web browser. After setting up the server.xml file in Tomcat, I have mutual authentication and SSL working. Now I am trying to grab a certificate in a servlet, however, it seems I cannot grab a certificate from a request in a servlet. I can configure a filter that successfully pulled a certificate from the request. Can someone provide me with a configuration / code that will allow me to grab a certificate from a servlet? I also agree on why I cannot get the certificate in the servlet.

Server.xml

<Connector clientAuth="true" port="8443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="C:/Users/Kevin Bowersox/Desktop/Development/My Certs/server.jks" keystoreType="JKS" keystorePass="notmypassword" truststoreFile="C:/Users/Kevin Bowersox/Desktop/Development/My Certs/server.jks" truststoreType="JKS" truststorePass="notmypassword" SSLVerifyClient="require" SSLVerifyDepth="2" sslProtocol="TLS" />

MyServlet.java - this raises a RuntimeException because the certificate was not found when url: https: // localhost: 8443 / Sample_Application / MyServlet

 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); if (null != certs && certs.length > 0) { System.out.println("cert found"); } throw new RuntimeException("No X.509 client certificate found in request"); }

Display MyServlet

 <servlet> <description> </description> <display-name>MyServlet</display-name> <servlet-name>MyServlet</servlet-name> <servlet-class>MyServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>MyServlet</servlet-name> <url-pattern>/MyServlet</url-pattern> </servlet-mapping>

MyFilter.java - returns "cert found" when hit url: https: // localhost: 8443 / Sample_Application / test.jsp

 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); if (null != certs && certs.length > 0) { System.out.println("cert found"); } //throw new RuntimeException("No X.509 client certificate found in request"); chain.doFilter(request, response); }

My filter mapping

 <filter> <description> </description> <display-name>MyFilter</display-name> <filter-name>MyFilter</filter-name> <filter-class>MyFilter</filter-class> </filter> <filter-mapping> <filter-name>MyFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping>
+6
source share
1 answer

He works. However, the servlet is coded to always throw a RuntimeException, so it looks like it is not working.

+6
source

Source: https://habr.com/ru/post/913815/

More articles:


All Articles