CODEWITHSUNDEEP
javassl
Baltazar
Baltazar

Reputation: 71

Java ssl client identification

I am using SSL socket server and client programs with mutual identification (ClientAuth). The clients are of two types, each type using its own certificate. How can the server determine the type of a newly connected clent, e.g. the client's certificate alias or some other distinguishable property?

Here is my code that sets up the server and accepts a connection form client:

SSLContext ctx = SSLContext.getInstance("TLSv1.2");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("JKS");

ks.load(new FileInputStream(serverKeystoreFile), serverKeystorePass);
kmf.init(ks, serverCertificatePass);
ks.load(new FileInputStream(serverTruststoreFile), serverTruststorePass);
tmf.init(ks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLServerSocketFactory ssf = ctx.getServerSocketFactory();
SSLServerSocket sslserversocket = (SSLServerSocket) ssf.createServerSocket(port);
sslserversocket.setNeedClientAuth(true);

// accept connection from client
SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();

// At this point, I would like to determine the connected client's certificate alias
// or some other property that is unique for each of the acceptable client certificates.

Upvotes: 3

Views: 417

Answers (1)

Warren Dew
Warren Dew

Reputation: 8928

After the handshake completes, you should be able to call SSLSocket.getSession().getPeerCertificate() on the server to get the client's certificate.

Upvotes: 3

Related Questions