From: billbarker Date: Sun, 5 Oct 2008 23:43:00 +0000 (+0000) Subject: Add support for full client-cert chains to AJP X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=f801b2dfe128b3e9848bb0dbd9c7fe0579428535;p=tomcat7.0 Add support for full client-cert chains to AJP git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@701902 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/coyote/ajp/AjpAprProcessor.java b/java/org/apache/coyote/ajp/AjpAprProcessor.java index f404716bd..ada4452c3 100644 --- a/java/org/apache/coyote/ajp/AjpAprProcessor.java +++ b/java/org/apache/coyote/ajp/AjpAprProcessor.java @@ -542,19 +542,28 @@ public class AjpAprProcessor implements ActionHook { new ByteArrayInputStream(certData.getBytes(), certData.getStart(), certData.getLength()); - // Fill the first element. + // Fill the elements. try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate) - cf.generateCertificate(bais); - jsseCerts = new X509Certificate[1]; - jsseCerts[0] = cert; - request.setAttribute(AprEndpoint.CERTIFICATE_KEY, jsseCerts); + while(bais.available() > 0) { + X509Certificate cert = (X509Certificate) + cf.generateCertificate(bais); + if(jsseCerts == null) { + jsseCerts = new X509Certificate[1]; + jsseCerts[0] = cert; + } else { + X509Certificate [] temp = new X509Certificate[jsseCerts.length+1]; + System.arraycopy(jsseCerts,0,temp,0,jsseCerts.length); + temp[jsseCerts.length] = cert; + jsseCerts = temp; + } + } } catch (java.security.cert.CertificateException e) { log.error(sm.getString("ajpprocessor.certs.fail"), e); return; } + request.setAttribute(AprEndpoint.CERTIFICATE_KEY, jsseCerts); } } else if (actionCode == ActionCode.ACTION_REQ_HOST_ATTRIBUTE) { diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java b/java/org/apache/coyote/ajp/AjpProcessor.java index 70bb3919c..5c6eab90b 100644 --- a/java/org/apache/coyote/ajp/AjpProcessor.java +++ b/java/org/apache/coyote/ajp/AjpProcessor.java @@ -548,19 +548,28 @@ public class AjpProcessor implements ActionHook { new ByteArrayInputStream(certData.getBytes(), certData.getStart(), certData.getLength()); - // Fill the first element. + // Fill the elements. try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate) - cf.generateCertificate(bais); - jsseCerts = new X509Certificate[1]; - jsseCerts[0] = cert; - request.setAttribute(JIoEndpoint.CERTIFICATE_KEY, jsseCerts); + while(bais.available() > 0) { + X509Certificate cert = (X509Certificate) + cf.generateCertificate(bais); + if(jsseCerts == null) { + jsseCerts = new X509Certificate[1]; + jsseCerts[0] = cert; + } else { + X509Certificate [] temp = new X509Certificate[jsseCerts.length+1]; + System.arraycopy(jsseCerts,0,temp,0,jsseCerts.length); + temp[jsseCerts.length] = cert; + jsseCerts = temp; + } + } } catch (java.security.cert.CertificateException e) { log.error(sm.getString("ajpprocessor.certs.fail"), e); return; } + request.setAttribute(JIoEndpoint.CERTIFICATE_KEY, jsseCerts); } } else if (actionCode == ActionCode.ACTION_REQ_HOST_ATTRIBUTE) { diff --git a/java/org/apache/jk/core/MsgContext.java b/java/org/apache/jk/core/MsgContext.java index 7c25cb3d0..bdbf1439d 100644 --- a/java/org/apache/jk/core/MsgContext.java +++ b/java/org/apache/jk/core/MsgContext.java @@ -324,15 +324,24 @@ public class MsgContext implements ActionHook { certData.getStart(), certData.getLength()); - // Fill the first element. + // Fill the elements. X509Certificate jsseCerts[] = null; try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate) - cf.generateCertificate(bais); - jsseCerts = new X509Certificate[1]; - jsseCerts[0] = cert; + while(bais.available() > 0) { + X509Certificate cert = (X509Certificate) + cf.generateCertificate(bais); + if(jsseCerts == null) { + jsseCerts = new X509Certificate[1]; + jsseCerts[0] = cert; + } else { + X509Certificate [] temp = new X509Certificate[jsseCerts.length+1]; + System.arraycopy(jsseCerts,0,temp,0,jsseCerts.length); + temp[jsseCerts.length] = cert; + jsseCerts = temp; + } + } } catch(java.security.cert.CertificateException e) { log.error("Certificate convertion failed" , e ); return;