How to get client certificate in a Java HttpsServer implementation for a webservice?
Asked Answered
O

2

9

I wrote a Web Service server using Sun Ws implementation and I used a HttpsServer for publication (TLS mutual authentication).

        httpServer=HttpsServer.create(...);
        ssl=SSLContext.getInstance("TLS");
        ...
        ssl.init(keyFactory.getKeyManagers(),trustFactory.getTrustManagers(),new SecureRandom());
        configurator=new HttpsConfigurator(ssl) {
           public void configure (HttpsParameters params) 
           {
               SSLContext context; 
               SSLParameters sslparams;

               context=getSSLContext();
               sslparams=context.getDefaultSSLParameters();
               sslparams.setNeedClientAuth(true);
               params.setSSLParameters(sslparams);
           }
       }; 
       ((HttpsServer)httpServer).setHttpsConfigurator(configurator);
       ...
       endPoint=getSunWsProvider().createEndPoint(...);
       httpContext=httpServer.createContext(...);
       endPoint.publish(httpContext);
       httpServer.start();
       ...

Everything works fine. When the implementation of the server side of the Web Service is executed by a client, I would like to know which client is executing the code (to manage rights). Knowing that each client gets its own certificate, how can I get the client certificate used for the TLS negociation before the Web Service call ? (I would prefer to find a solution based on the client certificate analysis instead of adding an identification information to each Web Service call).

Thank you for your help.

Orris answered 1/9, 2012 at 13:57 Comment(3)
Is your web-service implemented as a Servlet within "Sun Ws implementation"? If so, what does getUserPrincipal() give? (It's in HttpServletRequest.)Estus
In the web service implementation ... @Resource WebServcieContext wsctx;Orris
@Estus In the web service implementation ... WebServcieContext wsctx; MessageContext mctx=wsctx.getMessageContext(); mctx.get(MessageContext.SERVLET_CONTEXT) ... is null mctx.get(MessageContext.SERVLET_REQUEST) ... is null and wsctx.getUserPrincipal() is null.Orris
A
3

in your handler you get not the HttpExchange instance but the instance of its subclass HttpsExchange that has the extra method:

abstract SSLSession getSSLSession();

Among many other things an SSLSession exposes peer identity

Apostate answered 22/9, 2012 at 2:20 Comment(0)
P
-3

getUserPrincipal() gives you the certificate in httpservletrequest.

Phlegm answered 23/2, 2015 at 8:47 Comment(1)
No it doesn't. It gives you a Principal.Fermentative

© 2022 - 2024 — McMap. All rights reserved.