Intercept client certificate

author Mathieu Baudier <mbaudier@argeo.org>

Wed, 25 Feb 2015 17:53:26 +0000 (17:53 +0000)

committer Mathieu Baudier <mbaudier@argeo.org>

Wed, 25 Feb 2015 17:53:26 +0000 (17:53 +0000)
author Mathieu Baudier <mbaudier@argeo.org>
Wed, 25 Feb 2015 17:53:26 +0000 (17:53 +0000)
committer Mathieu Baudier <mbaudier@argeo.org>
Wed, 25 Feb 2015 17:53:26 +0000 (17:53 +0000)
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java

index cbad271540f4896e54325756a56d54c33571c170..418771d981669295308a51958aa6b979e0a38385 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
@@ -3,6 +3,7 @@ package org.argeo.cms.internal.kernel;
  import static org.argeo.jackrabbit.servlet.WebdavServlet.INIT_PARAM_RESOURCE_CONFIG;
  
  import java.io.IOException;
+import java.security.cert.X509Certificate;
  import java.util.Enumeration;
  import java.util.Properties;
  import java.util.StringTokenizer;
@@ -175,25 +176,19 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
                 public void doFilter(HttpSession httpSession,
                                 HttpServletRequest request, HttpServletResponse response,
                                 FilterChain filterChain) throws IOException, ServletException {
-                       if (log.isTraceEnabled()) {
-                               log.debug(request.getContextPath());
-                               log.debug(request.getServletPath());
-                               log.debug(request.getRequestURI());
-                               log.debug(request.getQueryString());
-                               StringBuilder buf = new StringBuilder();
-                               Enumeration<String> en = request.getHeaderNames();
-                               while (en.hasMoreElements()) {
-                                       String header = en.nextElement();
-                                       Enumeration<String> values = request.getHeaders(header);
-                                       while (values.hasMoreElements())
-                                               buf.append("  " + header + ": " + values.nextElement());
-                                       buf.append('\n');
-                               }
-                               log.debug("\n" + buf);
-                       }
+                       if (log.isTraceEnabled())
+                               logRequest(request);
  
                         String servletPath = request.getServletPath();
  
+                       // client certificate
+                       X509Certificate clientCert = extractCertificate(request);
+                       if (clientCert != null) {
+                               // TODO authenticate
+                               // if (log.isDebugEnabled())
+                               // log.debug(clientCert.getSubjectX500Principal().getName());
+                       }
+
                         // skip data
                         if (servletPath.startsWith(PATH_DATA)) {
                                 filterChain.doFilter(request, response);
@@ -224,6 +219,42 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
                 }
         }
  
+       private void logRequest(HttpServletRequest request) {
+               log.debug(request.getContextPath());
+               log.debug(request.getServletPath());
+               log.debug(request.getRequestURI());
+               log.debug(request.getQueryString());
+               StringBuilder buf = new StringBuilder();
+               // headers
+               Enumeration<String> en = request.getHeaderNames();
+               while (en.hasMoreElements()) {
+                       String header = en.nextElement();
+                       Enumeration<String> values = request.getHeaders(header);
+                       while (values.hasMoreElements())
+                               buf.append("  " + header + ": " + values.nextElement());
+                       buf.append('\n');
+               }
+
+               // attributed
+               Enumeration<String> an = request.getAttributeNames();
+               while (an.hasMoreElements()) {
+                       String attr = an.nextElement();
+                       Object value = request.getAttribute(attr);
+                       buf.append("  " + attr + ": " + value);
+                       buf.append('\n');
+               }
+               log.debug("\n" + buf);
+       }
+
+       private X509Certificate extractCertificate(HttpServletRequest req) {
+               X509Certificate[] certs = (X509Certificate[]) req
+                               .getAttribute("javax.servlet.request.X509Certificate");
+               if (null != certs && certs.length > 0) {
+                       return certs[0];
+               }
+               return null;
+       }
+
         /** Intercepts all requests. Authenticates. */
         private class AnonymousFilter extends HttpFilter {
                 @Override
author	Mathieu Baudier <mbaudier@argeo.org>
	Wed, 25 Feb 2015 17:53:26 +0000 (17:53 +0000)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Wed, 25 Feb 2015 17:53:26 +0000 (17:53 +0000)