1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package org.mortbay.jetty.security;
16
17 import java.io.IOException;
18 import java.security.Principal;
19
20 import javax.servlet.http.HttpServletResponse;
21
22 import org.mortbay.jetty.Request;
23 import org.mortbay.jetty.Response;
24
25
26
27
28
29
30
31
32
33 public class ClientCertAuthenticator implements Authenticator
34 {
35 private int _maxHandShakeSeconds =60;
36
37
38 public ClientCertAuthenticator()
39 {
40 }
41
42
43 public int getMaxHandShakeSeconds()
44 {
45 return _maxHandShakeSeconds;
46 }
47
48
49
50
51
52
53 public void setMaxHandShakeSeconds(int maxHandShakeSeconds)
54 {
55 _maxHandShakeSeconds = maxHandShakeSeconds;
56 }
57
58
59
60
61
62
63
64
65 public Principal authenticate(UserRealm realm,
66 String pathInContext,
67 Request request,
68 Response response)
69 throws IOException
70 {
71 java.security.cert.X509Certificate[] certs =
72 (java.security.cert.X509Certificate[])
73 request.getAttribute("javax.servlet.request.X509Certificate");
74
75
76 if (certs==null || certs.length==0 || certs[0]==null)
77 {
78 if (response != null)
79 response.sendError(HttpServletResponse.SC_FORBIDDEN,"A client certificate is required for accessing this web application but the server's listener is not configured for mutual authentication (or the client did not provide a certificate).");
80 return null;
81 }
82
83 Principal principal = certs[0].getSubjectDN();
84 if (principal==null)
85 principal=certs[0].getIssuerDN();
86 String username=principal==null?"clientcert":principal.getName();
87
88 Principal user = realm.authenticate(username,certs,request);
89 if (user == null)
90 {
91 if (response != null)
92 response.sendError(HttpServletResponse.SC_FORBIDDEN,"The provided client certificate does not correspond to a trusted user.");
93 return null;
94 }
95
96 request.setAuthType(Constraint.__CERT_AUTH);
97 request.setUserPrincipal(user);
98 return user;
99 }
100
101
102 public String getAuthMethod()
103 {
104 return Constraint.__CERT_AUTH;
105 }
106
107 }