我正在使用SSL套接字服务器和具有相互标识的客户端程序(ClientAuth)。客户端有两种类型,每种类型都使用自己的证书。服务器如何确定新连接的清单的类型,例如客户的证书别名或其他一些可区别的财产?
以下是设置服务器并接受客户端连接的代码:
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(serverKeystoreFile), serverKeystorePass);
kmf.init(ks, serverCertificatePass);
ks.load(new FileInputStream(serverTruststoreFile), serverTruststorePass);
tmf.init(ks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLServerSocketFactory ssf = ctx.getServerSocketFactory();
SSLServerSocket sslserversocket = (SSLServerSocket) ssf.createServerSocket(port);
sslserversocket.setNeedClientAuth(true);
// accept connection from client
SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
// At this point, I would like to determine the connected client's certificate alias
// or some other property that is unique for each of the acceptable client certificates.
答案 0 :(得分:3)
握手完成后,您应该可以在服务器上调用SSLSocket.getSession().getPeerCertificate()以获取客户端证书。