Forum Discussion

Tidux_92112's avatar
Tidux_92112
Icon for Nimbostratus rankNimbostratus
Aug 16, 2005

How to use the SSL certificate that BIP inserted into HTTP header on WebLogic?

I have inserted client SSL certificate into HTTP header by following iRules:


when CLIENTSSL_CLIENTCERT {
   set ssl_cert [SSL::cert 0]
   session add ssl [SSL::sessionid] $ssl_cert 180
}
when HTTP_REQUEST {
   set client_sert [session lookup ssl [SSL::sessionid]]
   HTTP::header insert SSLClientCert [X509::whole $client_cert]
}

And I can see the certificate in HTTP header by tcpdump, just like:

-----BEGIN CERTIFICATE-----

AV9DGOGIJ...............................

-----END CERTIFICATE-----

There was a Netscape web server which ended SSL connection and delivered client SSL certificate to WebLogic by HTTP connection before BIP installation, and customer used following javacode to get/use certificate on WebLogic:


private String getSerialNumber(HttpServletRequest request)throws Exception
{
 try {
  weblogic.security.X509 certs [] = (weblogic.security.X509 []) request.getAttribute("javax.net.ssl.peer_certificates");
  
if (certs != null) 
  {
   InputStream inStream  =  new ByteArrayInputStream(certs[0].getBytes());
   CertificateFactory cf = CertificateFactory.getInstance("X.509");
   X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
   inStream.close();
   
                              BigInteger serialNumber = cert.getSerialNumber();
                              byte[] a = serialNumber.toByteArray();
....
....
....

The problem is: NOW, with smallest changing of javacode above, how do I get/use certificates on my WebLogic server after BIP inserted them into HTTP header?

PS: I have change the javacode above to this:


private String getSerialNumber(HttpServletRequest request)throws Exception
{
 try {
  String clientcert = request.getHeader("SSLClientCert");
  
if (clientcert != null) 
  {
   InputStream inStream = new ByteArrayInputStream(clientcert.getBytes());
   CertificateFactory cf = CertificateFactory.getInstance("X.509");
   X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
   inStream.close();
   
                              BigInteger serialNumber = cert.getSerialNumber();
                              byte[] a = serialNumber.toByteArray();
....
....
....

But it doesn't work.

Error occured when "X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);". It seems that variable "inStream" (string of PEM format certificate) doesn't match the attribute of "X509Certificate", and I have no idea about this...

application delivery
dev
devops
iRules
No RepliesBe the first to reply