我有这种情况:
1。)在localhost上工作以进行调试和开发porpouses
2。)apache2作为jboss5的前端,启用了ProxyPass和SSL
3.。)jboss5上的jsf应用程序,它可以从访问应用程序的客户端证书中读取数据
4.。)我在浏览器中安装了客户端证书,当我来到应用程序的登录页面时,broser会问我是否要使用应用程序所需的证书。
5.。)当我在弹出窗口中单击“确定”时,将显示登录页面。到这里一切都好。
6。)当我尝试登录并从请求中读取“ javax.servlet.request.X509Certificate ”时,它不存在,因此看起来证书不会从浏览器传播关闭我的应用程序的servlet请求
任何提示如何进一步调试?
这是我的vhost conf:
<VirtualHost *:443>
ServerName a.localhost
ProxyPass / http://b.localhost:8080/
ProxyPassReverse / http://b.localhost:8080/
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLOptions +ExportCertData +StdEnvVars
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLVerifyClient optional
SSLVerifyDepth 1
SSLCertificateFile C:\Users\user\ssh\4pm.si_wildcard.crt
SSLCertificateKeyFile C:\Users\user\ssh\4pm.si_wildcard.key
SSLCACertificateFile C:\Users\user\ssh\ca_cert_bundle.crt
RequestHeader set X-ClientCert %{SSL_CLIENT_CERT}s
ErrorLog "C:/Apps/wamp/logs/4pm-error-ssl.log"
CustomLog "C:/Apps/wamp/logs/4pm-access-ssl.log" common
</VirtualHost>
答案 0 :(得分:1)
答案是您必须阅读http标头而不是ServletRequest的参数测试
正确的代码是:
public static X509Certificate parseCertificate(String _headerName, HttpServletRequest _request) throws CertificateException{
String certStr = _request.getHeader("x-clientcert");
ServletRequest req = (ServletRequest)_request;
req.getParameter(arg0)
//before decoding we need to get rod off the prefix and suffix
byte [] decoded = Base64.decode(certStr.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", ""));
return (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
}