Add support for full client-cert chains to AJP

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@701902 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/coyote/ajp/AjpAprProcessor.java b/java/org/apache/coyote/ajp/AjpAprProcessor.java
index f404716..ada4452 100644 (file)
--- a/java/org/apache/coyote/ajp/AjpAprProcessor.java
+++ b/java/org/apache/coyote/ajp/AjpAprProcessor.java
@@ -542,19 +542,28 @@ public class AjpAprProcessor implements ActionHook {
                     new ByteArrayInputStream(certData.getBytes(),
                             certData.getStart(),
                             certData.getLength());
-                // Fill the first element.
+                // Fill the  elements.
                 try {
                     CertificateFactory cf =
                         CertificateFactory.getInstance("X.509");
-                    X509Certificate cert = (X509Certificate)
-                    cf.generateCertificate(bais);
-                    jsseCerts = new X509Certificate[1];
-                    jsseCerts[0] = cert;
-                    request.setAttribute(AprEndpoint.CERTIFICATE_KEY, jsseCerts);
+                    while(bais.available() > 0) {
+                        X509Certificate cert = (X509Certificate)
+                            cf.generateCertificate(bais);
+                        if(jsseCerts == null) {
+                            jsseCerts = new X509Certificate[1];
+                            jsseCerts[0] = cert;
+                        } else {
+                            X509Certificate [] temp = new X509Certificate[jsseCerts.length+1];
+                            System.arraycopy(jsseCerts,0,temp,0,jsseCerts.length);
+                            temp[jsseCerts.length] = cert;
+                            jsseCerts = temp;
+                        }
+                    }
                 } catch (java.security.cert.CertificateException e) {
                     log.error(sm.getString("ajpprocessor.certs.fail"), e);
                     return;
                 }
+                request.setAttribute(AprEndpoint.CERTIFICATE_KEY, jsseCerts);
             }
 
         } else if (actionCode == ActionCode.ACTION_REQ_HOST_ATTRIBUTE) {

diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java b/java/org/apache/coyote/ajp/AjpProcessor.java
index 70bb391..5c6eab9 100644 (file)
--- a/java/org/apache/coyote/ajp/AjpProcessor.java
+++ b/java/org/apache/coyote/ajp/AjpProcessor.java
@@ -548,19 +548,28 @@ public class AjpProcessor implements ActionHook {
                     new ByteArrayInputStream(certData.getBytes(),
                             certData.getStart(),
                             certData.getLength());
-                // Fill the first element.
+                // Fill the  elements.
                 try {
                     CertificateFactory cf =
                         CertificateFactory.getInstance("X.509");
-                    X509Certificate cert = (X509Certificate)
-                    cf.generateCertificate(bais);
-                    jsseCerts = new X509Certificate[1];
-                    jsseCerts[0] = cert;
-                    request.setAttribute(JIoEndpoint.CERTIFICATE_KEY, jsseCerts);
+                    while(bais.available() > 0) {
+                        X509Certificate cert = (X509Certificate)
+                            cf.generateCertificate(bais);
+                        if(jsseCerts == null) {
+                            jsseCerts = new X509Certificate[1];
+                            jsseCerts[0] = cert;
+                        } else {
+                            X509Certificate [] temp = new X509Certificate[jsseCerts.length+1];
+                            System.arraycopy(jsseCerts,0,temp,0,jsseCerts.length);
+                            temp[jsseCerts.length] = cert;
+                            jsseCerts = temp;
+                        }
+                    }
                 } catch (java.security.cert.CertificateException e) {
                     log.error(sm.getString("ajpprocessor.certs.fail"), e);
                     return;
                 }
+                request.setAttribute(JIoEndpoint.CERTIFICATE_KEY, jsseCerts);
             }
 
         } else if (actionCode == ActionCode.ACTION_REQ_HOST_ATTRIBUTE) {

diff --git a/java/org/apache/jk/core/MsgContext.java b/java/org/apache/jk/core/MsgContext.java
index 7c25cb3..bdbf143 100644 (file)
--- a/java/org/apache/jk/core/MsgContext.java
+++ b/java/org/apache/jk/core/MsgContext.java
@@ -324,15 +324,24 @@ public class MsgContext implements ActionHook {
                                              certData.getStart(),
                                              certData.getLength());
  
-                // Fill the first element.
+                // Fill the  elements.
                 X509Certificate jsseCerts[] = null;
                 try {
                     CertificateFactory cf =
                         CertificateFactory.getInstance("X.509");
-                    X509Certificate cert = (X509Certificate)
-                        cf.generateCertificate(bais);
-                    jsseCerts =  new X509Certificate[1];
-                    jsseCerts[0] = cert;
+                    while(bais.available() > 0) {
+                        X509Certificate cert = (X509Certificate)
+                            cf.generateCertificate(bais);
+                        if(jsseCerts == null) {
+                            jsseCerts =  new X509Certificate[1];
+                            jsseCerts[0] = cert;
+                        } else {
+                            X509Certificate [] temp = new X509Certificate[jsseCerts.length+1];
+                            System.arraycopy(jsseCerts,0,temp,0,jsseCerts.length);
+                            temp[jsseCerts.length] = cert;
+                            jsseCerts = temp;
+                        }
+                    }
                 } catch(java.security.cert.CertificateException e) {
                     log.error("Certificate convertion failed" , e );
                     return;