Hello everyone,
I'm developing a secure communication between client and server. Client and Server have their own unique certificates. I used keytool to generate them and included in the client certificate an extension. The next step I want to do is to obtain on serverside the client certificate and extract the extension, but how do I do this?
I've tried many things but none of them worked fine. Here is the incomplete source code on my server:
@WebMethod(operationName = "Extensionthrower", action="Extensionthrower")
@RolesAllowed("users")
public String Extensionthrower() {
HttpServletRequest request=null;
try{
String clientcert = (String) request.getAttribute("javax.servlet.request.X509Certificate");
InputStream inStream = new ByteArrayInputStream(clientcert.getBytes());
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
final X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inStream);
java.util.Collection altNames = cert.getSubjectAlternativeNames();
....
}
}
My idea was using "mutual certicates security" to authenticate the client on serverside and vice versa and between the steps of authentication, the server extracts the extension of the client-certificate. For these reasons I need your help. Any ideas how I could realize that or how I could change my source code?
Many thanks in advance
[Message sent by forum member 'armerino']
http://forums.java.net/jive/thread.jspa?messageID=469526