--- source-trees/wsrf-cvs/wsrf/java/core/source/src/org/globus/wsrf/impl/security/authentication/transport/TomcatTransportSecurityHandler.java	30 Jun 2005 22:02:24 -0000	1.3.2.1
+++ source-trees/wsrf-cvs/wsrf/java/core/source/src/org/globus/wsrf/impl/security/authentication/transport/TomcatTransportSecurityHandler.java	7 Nov 2005 17:40:57 -0000
@@ -27,20 +27,29 @@
 import org.globus.gsi.jaas.GlobusPrincipal;
 import org.globus.wsrf.impl.security.authentication.Constants;
 
-public class TomcatTransportSecurityHandler extends BasicHandler
-{
+import java.security.cert.X509Certificate;
+import org.gridforum.jgss.ExtendedGSSContext;
+import org.globus.gsi.gssapi.GSSConstants;
+import org.ietf.jgss.GSSException;
+
+import org.globus.wsrf.utils.Resources;
+import org.globus.util.I18n;
+
+public class TomcatTransportSecurityHandler extends BasicHandler {
+
+    private static final I18n i18n = 
+        I18n.getI18n(Resources.class.getName());
+
     private static Log logger =
         LogFactory.getLog(TomcatTransportSecurityHandler.class.getName());
 
-    public void invoke(MessageContext msgContext) throws AxisFault
-    {
+    public void invoke(MessageContext msgContext) throws AxisFault {
         logger.debug("Enter: invoke");
 
         Object tmp = msgContext.getProperty(
             HTTPConstants.MC_HTTP_SERVLETREQUEST);
 
-        if((tmp == null) || !(tmp instanceof HttpServletRequest))
-        {
+        if((tmp == null) || !(tmp instanceof HttpServletRequest)) {
             return;
         }
 
@@ -49,22 +58,20 @@
         //TODO: Not sure if the below is still necessary
         String url = req.getRequestURL().toString();
         tmp = msgContext.getProperty(MessageContext.TRANS_URL);
-        if(tmp == null && url != null)
-        {
+        if(tmp == null && url != null) {
             msgContext.setProperty(MessageContext.TRANS_URL, url);
         }
 
+        Subject subject = getSubject(msgContext);
+
         tmp = req.getAttribute(GSIConstants.GSI_USER_DN);
-        if(tmp != null)
-        {
-            Subject subject = getSubject(msgContext);
+        if(tmp != null) {
             subject.getPrincipals().add(new GlobusPrincipal((String) tmp));
         }
 
         GSSContext context = (GSSContext)
             req.getAttribute(GSIConstants.GSI_CONTEXT);
-        if(context != null)
-        {
+        if(context != null) {
             msgContext
                 .setProperty(Constants.TRANSPORT_SECURITY_CONTEXT, context);
             if (context.getConfState()) {
@@ -76,6 +83,21 @@
             } else {
                 msgContext.setProperty(Constants.GSI_TRANSPORT,
                                        Constants.NONE);
+            }
+
+            if (context instanceof ExtendedGSSContext) {
+                ExtendedGSSContext extGss = (ExtendedGSSContext) context;
+                X509Certificate[] certs = null;
+                try {
+                    certs = (X509Certificate[]) extGss
+                        .inquireByOid(GSSConstants.X509_CERT_CHAIN);
+                } catch (GSSException e) {
+                    // this should never really happen
+                    logger.error(i18n.getMessage("general"), e);
+                }
+                if (certs != null) {
+                    subject.getPublicCredentials().add(certs);
+                }
             }
         }