We have a weblogic server configured to require a client certificate on stablishing a ssl connection with client for a web service solution. The ssl handshake works perfectly as we have already configured all that is required.
Now, after the connection we do receive a soap request where the client id is one of the fields of this request soap. What we need to do is to check this id against the common name of the client certificate used to connect within our server in order to garantee the transaction. This is very important to us because this is a bank transaction and there is a lot of money involved in it and we need to avoid frauds.
So: Is there a way to recover the common name of a client certificate used to stablish a 2 way ssl connection from java code running on the server using a weblogic 10.3.3 server?
[]s
The client's certificate can be read from the incoming Servlet request using the HttpServletRequest.getAttribute(String) method invocation. The attribute with name javax.servlet.request.X509Certificate is populated by the servlet container when it creates an instance of the Request object for processing by the servlet/webservice.
The DN of the certificate can then be obtained from the X500Principal object, obtained from the certificate object via the getX500Principal method invocation. This does not give the CN, but will provide your with the complete distinguished name in a specified format; this could be parsed to provide the CN.
As far as accessing the ServletRequest object is concerned, JAX-WS web services can be programmed to read the MessageContext which allows access to the underlying HttpServletRequest object.
来源:https://stackoverflow.com/questions/6179450/is-there-a-way-to-recover-the-common-name-of-a-client-certificate-from-java-code