How to read user's certificate in java

Question

Is there a way to read the trusted certificates installed with in a client browser? I want to read information such as issued to and issued by. I'm using Java to run web-sphere portal using web-sphere to run the application.

I have written the below code for reading certificates. When the code executes I get null values.

public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {

String cyphersuite = (String) req.getAttribute("javax.servlet.request.cipher_suite");        
        if (cyphersuite != null) {
            X509Certificate[] x509=(X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");
            System.out.println("x509   "+x509);         
        }
}

Answer 1

You can't. When writing server code and inspecting the request object your reading information that the client chooses to send. Browsers won't ever send arbitrary certificate information back to servers they are connecting to. If a browser was to send this kind of information servers could do things like identify other sites that the user has visited. This would be a breach of privacy.

Furthermore if the client is attempting to connect to your server and can't verify the certificate it will never create a connection to your app. The only way that your code above will execute is if the user has already trusted the certificate. At that point there is no reason to do any kind of check.