1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.authentication;
15
16 import java.io.IOException;
17 import java.security.Principal;
18 import java.security.cert.X509Certificate;
19
20 import javax.servlet.ServletRequest;
21 import javax.servlet.ServletResponse;
22 import javax.servlet.http.HttpServletRequest;
23 import javax.servlet.http.HttpServletResponse;
24
25 import org.eclipse.jetty.http.security.Constraint;
26 import org.eclipse.jetty.security.ServerAuthException;
27 import org.eclipse.jetty.security.UserAuthentication;
28 import org.eclipse.jetty.server.Authentication;
29 import org.eclipse.jetty.server.UserIdentity;
30 import org.eclipse.jetty.server.Authentication.User;
31 import org.eclipse.jetty.util.B64Code;
32
33
34
35
36 public class ClientCertAuthenticator extends LoginAuthenticator
37 {
38 public ClientCertAuthenticator()
39 {
40 super();
41 }
42
43 public String getAuthMethod()
44 {
45 return Constraint.__CERT_AUTH;
46 }
47
48
49
50
51
52 public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
53 {
54 if (!mandatory)
55 return _deferred;
56
57 HttpServletRequest request = (HttpServletRequest)req;
58 HttpServletResponse response = (HttpServletResponse)res;
59 X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
60
61 try
62 {
63
64 if (certs != null && certs.length > 0)
65 {
66 for (X509Certificate cert: certs)
67 {
68 if (cert==null)
69 continue;
70 Principal principal = cert.getSubjectDN();
71 if (principal == null) principal = cert.getIssuerDN();
72 final String username = principal == null ? "clientcert" : principal.getName();
73
74 final char[] credential = B64Code.encode(cert.getSignature());
75
76 UserIdentity user = _loginService.login(username,credential);
77 if (user!=null)
78 {
79 renewSessionOnAuthentication(request,response);
80 return new UserAuthentication(getAuthMethod(),user);
81 }
82 }
83 }
84
85 if (!_deferred.isDeferred(response))
86 {
87 response.sendError(HttpServletResponse.SC_FORBIDDEN);
88 return Authentication.SEND_FAILURE;
89 }
90
91 return Authentication.UNAUTHENTICATED;
92 }
93 catch (IOException e)
94 {
95 throw new ServerAuthException(e.getMessage());
96 }
97 }
98
99 public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
100 {
101 return true;
102 }
103 }