开发者

Is there a way to recover the common name of a client certificate from java code in a 2 way ssl connection?

开发者 https://www.devze.com 2023-03-09 19:43 出处:网络
We have a weblogic server configured to require a client certificate on stablishing a ssl connection with client for a web service solution. The ssl handshake works perfectly as we have already config

We have a weblogic server configured to require a client certificate on stablishing a ssl connection with client for a web service solution. The ssl handshake works perfectly as we have already configured all that is required.

Now, after the connection we do receive a soap request where the client id is one of the fields of this reque开发者_运维知识库st soap. What we need to do is to check this id against the common name of the client certificate used to connect within our server in order to garantee the transaction. This is very important to us because this is a bank transaction and there is a lot of money involved in it and we need to avoid frauds.

So: Is there a way to recover the common name of a client certificate used to stablish a 2 way ssl connection from java code running on the server using a weblogic 10.3.3 server?

[]s


The client's certificate can be read from the incoming Servlet request using the HttpServletRequest.getAttribute(String) method invocation. The attribute with name javax.servlet.request.X509Certificate is populated by the servlet container when it creates an instance of the Request object for processing by the servlet/webservice.

The DN of the certificate can then be obtained from the X500Principal object, obtained from the certificate object via the getX500Principal method invocation. This does not give the CN, but will provide your with the complete distinguished name in a specified format; this could be parsed to provide the CN.

As far as accessing the ServletRequest object is concerned, JAX-WS web services can be programmed to read the MessageContext which allows access to the underlying HttpServletRequest object.

0

精彩评论

暂无评论...
验证码 换一张
取 消