View | Details | Raw Unified | Return to bug 37869
Collapse All | Expand All

(-)Http11AprProcessor.java (-12 / +38 lines)
Lines 1095-1110 Link Here
1095
                            (AprEndpoint.CIPHER_SUITE_KEY, sslO);
1095
                            (AprEndpoint.CIPHER_SUITE_KEY, sslO);
1096
                    }
1096
                    }
1097
                    // Client certificate chain if present
1097
                    // Client certificate chain if present
1098
                    //////////////////////////////////////////////////
1099
                    // CP: does not include client certificate, only CA certificates
1100
                    // see documentation of SSL_get_peer_cert_chain() in openssl and sslinfo.c in native APR code
1101
                    // SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates forming the certificate chain of the peer.
1102
                    // If called on the client side, the stack also contains the peer's certificate;
1103
                    // if called on the server side, the peer's certificate must be obtained separately using SSL_get_peer_certificate(3).
1104
                    // If the peer did not present a certificate, NULL is returned.
1105
                    //
1098
                    int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN);
1106
                    int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN);
1107
                    // retrieve client certificate
1108
                    byte[] clientCert = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT);
1099
                    X509Certificate[] certs = null;
1109
                    X509Certificate[] certs = null;
1100
                    if (certLength > 0) {
1110
                    if (clientCert != null) {
1101
                        certs = new X509Certificate[certLength];
1111
                        certs = new X509Certificate[certLength+1]; // add one for the client certificate
1112
1113
                        CertificateFactory cf =
1114
                        CertificateFactory.getInstance("X.509");
1115
1116
                        certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert));
1117
1102
                        for (int i = 0; i < certLength; i++) {
1118
                        for (int i = 0; i < certLength; i++) {
1103
                            byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
1119
                            byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
1104
                            CertificateFactory cf =
1120
                            certs[i+1] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data));
1105
                                CertificateFactory.getInstance("X.509");
1106
                            ByteArrayInputStream stream = new ByteArrayInputStream(data);
1107
                            certs[i] = (X509Certificate) cf.generateCertificate(stream);
1108
                        }
1121
                        }
1109
                    }
1122
                    }
1110
                    if (certs != null) {
1123
                    if (certs != null) {
Lines 1142-1157 Link Here
1142
                    // Renegociate certificates
1155
                    // Renegociate certificates
1143
                    SSLSocket.renegotiate(socket);
1156
                    SSLSocket.renegotiate(socket);
1144
                    // Client certificate chain if present
1157
                    // Client certificate chain if present
1158
                    //////////////////////////////////////////////////
1159
                    // CP: does not include client certificate, only CA certificates
1160
                    // see documentation of SSL_get_peer_cert_chain() in openssl and sslinfo.c in native APR code
1161
                    // SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates forming the certificate chain of the peer.
1162
                    // If called on the client side, the stack also contains the peer's certificate;
1163
                    // if called on the server side, the peer's certificate must be obtained separately using SSL_get_peer_certificate(3).
1164
                    // If the peer did not present a certificate, NULL is returned.
1165
                    //
1145
                    int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN);
1166
                    int certLength = SSLSocket.getInfoI(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN);
1167
                    // retrieve client certificate
1168
                    byte[] clientCert = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT);
1146
                    X509Certificate[] certs = null;
1169
                    X509Certificate[] certs = null;
1147
                    if (certLength > 0) {
1170
                    if (clientCert != null) {
1148
                        certs = new X509Certificate[certLength];
1171
                        certs = new X509Certificate[certLength+1]; // add one for the client certificate
1172
1173
                        CertificateFactory cf =
1174
                        CertificateFactory.getInstance("X.509");
1175
1176
                        certs[0] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientCert));
1177
1149
                        for (int i = 0; i < certLength; i++) {
1178
                        for (int i = 0; i < certLength; i++) {
1150
                            byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
1179
                            byte[] data = SSLSocket.getInfoB(socket, SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
1151
                            CertificateFactory cf =
1180
							certs[i+1] = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(data));
1152
                                CertificateFactory.getInstance("X.509");
1153
                            ByteArrayInputStream stream = new ByteArrayInputStream(data);
1154
                            certs[i] = (X509Certificate) cf.generateCertificate(stream);
1155
                        }
1181
                        }
1156
                    }
1182
                    }
1157
                    if (certs != null) {
1183
                    if (certs != null) {

Return to bug 37869