From: Felix Dörre <felix@dogcraft.de>
Date: Thu, 19 Jun 2014 22:23:37 +0000 (+0200)
Subject: Add an example jetty launcher with client certs
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=58424e340b270ac6d847f3c74f47f96b82b35d86

Add an example jetty launcher with client certs

and an example for outputting information about client certs.
---

diff --git a/.settings/org.eclipse.core.runtime.prefs b/.settings/org.eclipse.core.runtime.prefs
new file mode 100644
index 00000000..5a0ad22d
--- /dev/null
+++ b/.settings/org.eclipse.core.runtime.prefs
@@ -0,0 +1,2 @@
+eclipse.preferences.version=1
+line.separator=\n
diff --git a/README.md b/README.md
index a4c34252..8f4be3be 100644
--- a/README.md
+++ b/README.md
@@ -2,3 +2,6 @@ Gigi
 =================
 
 Webserver Module for CAcert
+
+
+Contains source from jetty 9.1.0.RC0
diff --git a/config/.gitignore b/config/.gitignore
new file mode 100644
index 00000000..2892772d
--- /dev/null
+++ b/config/.gitignore
@@ -0,0 +1,2 @@
+
+keystore.pkcs12
diff --git a/doc/generateKeys.sh b/doc/generateKeys.sh
new file mode 100644
index 00000000..bbeda4f9
--- /dev/null
+++ b/doc/generateKeys.sh
@@ -0,0 +1,11 @@
+# this script generates a simple self-signed keypair
+
+openssl genrsa -des3 -passout pass:1 -out jetty.pass.key 2048
+openssl rsa -passin pass:1 -in jetty.pass.key -out jetty.key
+rm jetty.pass.key
+openssl req -new -key jetty.key -out jetty.csr -subj "/CN=jetty" -config selfsign.config
+openssl x509 -req -days 365 -in jetty.csr -signkey jetty.key -out jetty.crt
+rm jetty.csr
+openssl pkcs12 -inkey jetty.key -in jetty.crt -passout pass: -export -out ../config/keystore.pkcs12
+rm jetty.key
+rm jetty.crt
diff --git a/doc/selfsign.config b/doc/selfsign.config
new file mode 100644
index 00000000..4962f724
--- /dev/null
+++ b/doc/selfsign.config
@@ -0,0 +1,9 @@
+[req]
+distinguished_name=dn
+#req_extensions=ext
+
+[dn]
+commonName = cn
+
+[ext]
+subjectAltName=
diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
new file mode 100644
index 00000000..a64a8fa0
--- /dev/null
+++ b/src/org/cacert/gigi/Launcher.java
@@ -0,0 +1,70 @@
+package org.cacert.gigi;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CRL;
+import java.security.cert.CertificateException;
+import java.util.Collection;
+
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+public class Launcher {
+	public static void main(String[] args) throws Exception {
+		Server s = new Server();
+
+		// === SSL HTTP Configuration ===
+		HttpConfiguration https_config = new HttpConfiguration();
+		// for client-cert auth
+		https_config.addCustomizer(new SecureRequestCustomizer());
+
+		ServerConnector connector = new ServerConnector(s,
+				new SslConnectionFactory(generateSSLContextFactory(),
+						"http/1.1"), new HttpConnectionFactory(https_config));
+		connector.setHost("127.0.0.1");
+		connector.setPort(443);
+		s.setConnectors(new Connector[]{connector});
+		ServletContextHandler sh = new ServletContextHandler();
+		s.setHandler(sh);
+		sh.addServlet(new ServletHolder(new TestServlet()), "/");
+		s.start();
+	}
+
+	private static SslContextFactory generateSSLContextFactory()
+			throws NoSuchAlgorithmException, KeyStoreException, IOException,
+			CertificateException, FileNotFoundException {
+		TrustManagerFactory tmFactory = TrustManagerFactory.getInstance("PKIX");
+		tmFactory.init((KeyStore) null);
+
+		final TrustManager[] tm = tmFactory.getTrustManagers();
+
+		SslContextFactory scf = new SslContextFactory() {
+			@Override
+			protected TrustManager[] getTrustManagers(KeyStore trustStore,
+					Collection<? extends CRL> crls) throws Exception {
+				return tm;
+			}
+		};
+		scf.setWantClientAuth(true);
+		KeyStore ks1 = KeyStore.getInstance("pkcs12");
+		ks1.load(new FileInputStream("config/keystore.pkcs12"),
+				"".toCharArray());
+		scf.setKeyStore(ks1);
+		scf.setProtocol("TLSv1");
+		return scf;
+	}
+}
diff --git a/src/org/cacert/gigi/TestServlet.java b/src/org/cacert/gigi/TestServlet.java
new file mode 100644
index 00000000..82d87958
--- /dev/null
+++ b/src/org/cacert/gigi/TestServlet.java
@@ -0,0 +1,48 @@
+package org.cacert.gigi;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+
+import javax.net.ssl.SSLEngine;
+import javax.security.auth.x500.X500Principal;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.eclipse.jetty.io.EndPoint;
+import org.eclipse.jetty.server.HttpChannel;
+import org.eclipse.jetty.server.Request;
+
+public class TestServlet extends HttpServlet {
+	@Override
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+			throws ServletException, IOException {
+		Request r = (Request) req;
+		HttpChannel<?> hc = r.getHttpChannel();
+		EndPoint ep = hc.getEndPoint();
+		SSLEngine se;
+		Enumeration<String> names = req.getAttributeNames();
+		X509Certificate[] cert = (X509Certificate[]) req
+				.getAttribute("javax.servlet.request.X509Certificate");
+		int keySize = (Integer) req
+				.getAttribute("javax.servlet.request.key_size");
+		String ciphers = (String) req
+				.getAttribute("javax.servlet.request.cipher_suite");
+		String sid = (String) req
+				.getAttribute("javax.servlet.request.ssl_session_id");
+		PrintWriter out = resp.getWriter();
+		out.println("KeySize: " + keySize);
+		out.println("cipher: " + ciphers);
+		X509Certificate c1 = cert[0];
+		out.println("Serial:" + c1.getSerialNumber());
+		X500Principal client = c1.getSubjectX500Principal();
+		out.println("Name " + client.getName());
+		out.println(client.getName(X500Principal.RFC1779));
+		out.println(client.getName(X500Principal.RFC2253));
+		out.println("signature: " + c1.getSigAlgName());
+		out.println("issuer: " + c1.getSubjectX500Principal());
+		out.println("certCount: " + cert.length);
+	}
+}