1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.authentication;
15
16 import java.io.IOException;
17 import java.security.Principal;
18 import java.security.cert.X509Certificate;
19
20 import javax.servlet.ServletRequest;
21 import javax.servlet.ServletResponse;
22 import javax.servlet.http.HttpServletRequest;
23 import javax.servlet.http.HttpServletResponse;
24
25 import org.eclipse.jetty.http.security.B64Code;
26 import org.eclipse.jetty.http.security.Constraint;
27 import org.eclipse.jetty.security.UserAuthentication;
28 import org.eclipse.jetty.security.ServerAuthException;
29 import org.eclipse.jetty.server.Authentication;
30 import org.eclipse.jetty.server.UserIdentity;
31 import org.eclipse.jetty.server.Authentication.User;
32
33
34
35
36 public class ClientCertAuthenticator extends LoginAuthenticator
37 {
38 public ClientCertAuthenticator()
39 {
40 super();
41 }
42
43 public String getAuthMethod()
44 {
45 return Constraint.__CERT_AUTH;
46 }
47
48
49
50
51
52
53
54
55
56 public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
57 {
58 HttpServletRequest request = (HttpServletRequest)req;
59 HttpServletResponse response = (HttpServletResponse)res;
60 X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
61
62 try
63 {
64
65 if (certs != null && certs.length > 0)
66 {
67 for (X509Certificate cert: certs)
68 {
69 if (cert==null)
70 continue;
71 Principal principal = cert.getSubjectDN();
72 if (principal == null) principal = cert.getIssuerDN();
73 final String username = principal == null ? "clientcert" : principal.getName();
74
75
76 final char[] credential = B64Code.encode(cert.getSignature());
77
78 UserIdentity user = _loginService.login(username,credential);
79 if (user!=null)
80 return new UserAuthentication(this,user);
81 }
82 }
83
84 if (mandatory)
85 {
86 response.sendError(HttpServletResponse.SC_FORBIDDEN);
87 return Authentication.SEND_FAILURE;
88 }
89
90 return certs==null?Authentication.NOT_CHECKED:Authentication.UNAUTHENTICATED;
91 }
92 catch (IOException e)
93 {
94 throw new ServerAuthException(e.getMessage());
95 }
96 }
97
98 public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
99 {
100 return true;
101 }
102 }