remm 2005/07/13 04:05:20
Modified: http11/src/java/org/apache/coyote/http11
Http11AprProcessor.java
Log:
- Fix array length if no client certs.
Revision Changes Path
1.24 +22 -25
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java
Index: Http11AprProcessor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- Http11AprProcessor.java 12 Jul 2005 17:01:42 -0000 1.23
+++ Http11AprProcessor.java 13 Jul 2005 11:05:19 -0000 1.24
@@ -1085,22 +1085,20 @@
request.setAttribute
("javax.servlet.request.cipher_suite", sslO);
int certLength = SSLSocket.getInfoI(socket,
SSL.SSL_INFO_CLIENT_CERT_CHAIN);
- X509Certificate[] certs = new
X509Certificate[certLength];
- for (int i = 0; i < certLength; i++) {
- byte[] data = SSLSocket.getInfoB(socket,
SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
- CertificateFactory cf =
- CertificateFactory.getInstance("X.509");
- ByteArrayInputStream stream = new
ByteArrayInputStream(data);
- certs[i] = (X509Certificate)
cf.generateCertificate(stream);
- }
+ X509Certificate[] certs = null;
if (certLength > 0) {
- sslO = certs;
- } else {
- sslO = null;
+ certs = new X509Certificate[certLength];
+ for (int i = 0; i < certLength; i++) {
+ byte[] data = SSLSocket.getInfoB(socket,
SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
+ CertificateFactory cf =
+ CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream stream = new
ByteArrayInputStream(data);
+ certs[i] = (X509Certificate)
cf.generateCertificate(stream);
+ }
}
- if (sslO != null)
+ if (certs != null)
request.setAttribute
- ("javax.servlet.request.X509Certificate", sslO);
+ ("javax.servlet.request.X509Certificate", certs);
sslO = new Integer(SSLSocket.getInfoI(socket,
SSL.SSL_INFO_CIPHER_USEKEYSIZE));
if (sslO != null)
request.setAttribute
@@ -1130,21 +1128,20 @@
// FIXME: Verify this is the right thing to do
SSLSocket.renegotiate(socket);
int certLength = SSLSocket.getInfoI(socket,
SSL.SSL_INFO_CLIENT_CERT_CHAIN);
- X509Certificate[] certs = new
X509Certificate[certLength];
- for (int i = 0; i < certLength; i++) {
- byte[] data = SSLSocket.getInfoB(socket,
SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
- CertificateFactory cf =
- CertificateFactory.getInstance("X.509");
- ByteArrayInputStream stream = new
ByteArrayInputStream(data);
- certs[i] = (X509Certificate)
cf.generateCertificate(stream);
- }
- Object sslO = null;
+ X509Certificate[] certs = null;
if (certLength > 0) {
- sslO = certs;
+ certs = new X509Certificate[certLength];
+ for (int i = 0; i < certLength; i++) {
+ byte[] data = SSLSocket.getInfoB(socket,
SSL.SSL_INFO_CLIENT_CERT_CHAIN + i);
+ CertificateFactory cf =
+ CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream stream = new
ByteArrayInputStream(data);
+ certs[i] = (X509Certificate)
cf.generateCertificate(stream);
+ }
}
- if (sslO != null)
+ if (certs != null)
request.setAttribute
- ("javax.servlet.request.X509Certificate", sslO);
+ ("javax.servlet.request.X509Certificate", certs);
} catch (Exception e) {
log.warn("Exception getting SSL Cert", e);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
