--- /dev/null
+package org.cacert.gigi;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CRL;
+import java.security.cert.CertificateException;
+import java.util.Collection;
+
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+public class Launcher {
+ public static void main(String[] args) throws Exception {
+ Server s = new Server();
+
+ // === SSL HTTP Configuration ===
+ HttpConfiguration https_config = new HttpConfiguration();
+ // for client-cert auth
+ https_config.addCustomizer(new SecureRequestCustomizer());
+
+ ServerConnector connector = new ServerConnector(s,
+ new SslConnectionFactory(generateSSLContextFactory(),
+ "http/1.1"), new HttpConnectionFactory(https_config));
+ connector.setHost("127.0.0.1");
+ connector.setPort(443);
+ s.setConnectors(new Connector[]{connector});
+ ServletContextHandler sh = new ServletContextHandler();
+ s.setHandler(sh);
+ sh.addServlet(new ServletHolder(new TestServlet()), "/");
+ s.start();
+ }
+
+ private static SslContextFactory generateSSLContextFactory()
+ throws NoSuchAlgorithmException, KeyStoreException, IOException,
+ CertificateException, FileNotFoundException {
+ TrustManagerFactory tmFactory = TrustManagerFactory.getInstance("PKIX");
+ tmFactory.init((KeyStore) null);
+
+ final TrustManager[] tm = tmFactory.getTrustManagers();
+
+ SslContextFactory scf = new SslContextFactory() {
+ @Override
+ protected TrustManager[] getTrustManagers(KeyStore trustStore,
+ Collection<? extends CRL> crls) throws Exception {
+ return tm;
+ }
+ };
+ scf.setWantClientAuth(true);
+ KeyStore ks1 = KeyStore.getInstance("pkcs12");
+ ks1.load(new FileInputStream("config/keystore.pkcs12"),
+ "".toCharArray());
+ scf.setKeyStore(ks1);
+ scf.setProtocol("TLSv1");
+ return scf;
+ }
+}
--- /dev/null
+package org.cacert.gigi;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+
+import javax.net.ssl.SSLEngine;
+import javax.security.auth.x500.X500Principal;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.eclipse.jetty.io.EndPoint;
+import org.eclipse.jetty.server.HttpChannel;
+import org.eclipse.jetty.server.Request;
+
+public class TestServlet extends HttpServlet {
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Request r = (Request) req;
+ HttpChannel<?> hc = r.getHttpChannel();
+ EndPoint ep = hc.getEndPoint();
+ SSLEngine se;
+ Enumeration<String> names = req.getAttributeNames();
+ X509Certificate[] cert = (X509Certificate[]) req
+ .getAttribute("javax.servlet.request.X509Certificate");
+ int keySize = (Integer) req
+ .getAttribute("javax.servlet.request.key_size");
+ String ciphers = (String) req
+ .getAttribute("javax.servlet.request.cipher_suite");
+ String sid = (String) req
+ .getAttribute("javax.servlet.request.ssl_session_id");
+ PrintWriter out = resp.getWriter();
+ out.println("KeySize: " + keySize);
+ out.println("cipher: " + ciphers);
+ X509Certificate c1 = cert[0];
+ out.println("Serial:" + c1.getSerialNumber());
+ X500Principal client = c1.getSubjectX500Principal();
+ out.println("Name " + client.getName());
+ out.println(client.getName(X500Principal.RFC1779));
+ out.println(client.getName(X500Principal.RFC2253));
+ out.println("signature: " + c1.getSigAlgName());
+ out.println("issuer: " + c1.getSubjectX500Principal());
+ out.println("certCount: " + cert.length);
+ }
+}