我们是这样取的(WebSphere):
<%@page import="java.security.cert.X509Certificate"%>
<%
String cipherSuite = (String)request.getAttribute ("javax.net.ssl.cipher_suite");
X509Certificate[] certChain = null; //证书链
if(cipherSuite != null)
certChain = (X509Certificate[])request.getAttribute ("javax.net.ssl.peer_certificates");
if(certChain == null)
{
//没有证书
}
else
{
//验证证书链certChain
String dn = certChain[0].getSubjectDN().getName(); //所选证书的DN
}
%>
<%@page import="java.security.cert.X509Certificate"%>
<%
String cipherSuite = (String)request.getAttribute ("javax.net.ssl.cipher_suite");
X509Certificate[] certChain = null; //证书链
if(cipherSuite != null)
certChain = (X509Certificate[])request.getAttribute ("javax.net.ssl.peer_certificates");
if(certChain == null)
{
//没有证书
}
else
{
//验证证书链certChain
String dn = certChain[0].getSubjectDN().getName(); //所选证书的DN
}
%>
km.init( ks, _keypassword.toString().toCharArray() );
KeyManager[] kma = km.getKeyManagers();
TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509","SunJSSE");
if (_useDefaultTrustStore) {
tm.init( (KeyStore)null );
} else {
tm.init( ks );
} TrustManager[] tma = tm.getTrustManagers();
SSLContext sslc = SSLContext.getInstance( "SSL" );
sslc.init( kma, tma, SecureRandom.getInstance("SHA1PRNG"));
SSLServerSocketFactory ssfc = sslc.getServerSocketFactory();
Log.event("SSLServerSocketFactory="+ssfc);
return ssfc;主要是生成sslcontext,用到是keystore和相关的密码,真正验证的不是在这里,这里主要还是初始化环境或是上下文。
If a request has been transmitted over a secure protocol, such as HTTPS, this information must be exposed via the isSecure method of the ServletRequest interface. The web container must expose the following attributes to the servlet programmer:Table 3: Protocol Attributes
Attribute Attribute Name Java Type
cipher suite javax.servlet.request.cipher_suite String
bit size of the algorithm javax.servlet.request.key_size Integer If there is an SSL certificate associated with the request, it must be exposed by the servlet container to the servlet programmer as an array of objects of type java.security.cert.X509Certificate and accessible via a ServletRequest attribute of javax.servlet.request.X509Certificate.
The order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.
<%@page import="java.security.cert.X509Certificate"%>
<%
if(request.isSecure())
{
//取出证书链
X509Certificate[] certChain =
(X509Certificate[])request.getAttribute("javax.net.ssl.peer_certificates");
//取得所选证书的DN
String dn = certChain[0].getSubjectDN().getName();
}
%>
request.getAttribute("javax.servlet.request.X509Certificate");
import javax.servlet.*;
import javax.servlet.http.*;
import java.security.cert.*; // For X509Certificate/** Servlet that prints information on SSL requests. Non-SSL
* requests get redirected to SSL.
* <P>
* Taken from More Servlets and JavaServer Pages
* from Prentice Hall and Sun Microsystems Press,
* http://www.moreservlets.com/.
* © 2002 Marty Hall; may be freely used or adapted.
*/public class SecurityInfo extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
// Redirect non-SSL requests to the SSL equivalent.
if (request.getScheme().equalsIgnoreCase("http")) {
String origURL = request.getRequestURL().toString();
String newURL = httpsURL(origURL);
String formData = request.getQueryString();
if (formData != null) {
newURL = newURL + "?" + formData;
}
response.sendRedirect(newURL);
} else {
String currentURL = request.getRequestURL().toString();
String formData = request.getQueryString();
PrintWriter out = response.getWriter();
String docType =
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " +
"Transitional//EN\">\n";
String title = "Security Info";
out.println
(docType +
"<HTML>\n" +
"<HEAD><TITLE>" + title +
"</TITLE></HEAD>\n" +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1>" + title + "</H1>\n" +
"<UL>\n" +
" <LI>URL: " + currentURL + "\n" +
" <LI>Data: " + formData);
boolean isSecure = request.isSecure();
if (isSecure) {
String keyAttribute =
"javax.servlet.request.key_size";
// Available only with servlets 2.3
Integer keySize =
(Integer)request.getAttribute(keyAttribute);
String sizeString =
replaceNull(keySize, "Unknown");
String cipherAttribute =
"javax.servlet.request.cipher_suite";
// Available only with servlets 2.3
String cipherSuite =
(String)request.getAttribute(cipherAttribute);
String cipherString =
replaceNull(cipherSuite, "Unknown");
String certAttribute =
"javax.servlet.request.X509Certificate";
// Available with servlets 2.2 and 2.3
X509Certificate certificate =
(X509Certificate)request.getAttribute(certAttribute);
String certificateString =
replaceNull(certificate, "None");
out.println
(" <LI>SSL: true\n" +
" <UL>\n" +
" <LI>Key Size: " + sizeString + "\n" +
" <LI>Cipher Suite: " + cipherString + "\n" +
" <LI>Client Certificate: " +
certificateString + "\n" +
" </UL>");
}
out.println
("</UL>\n" +
"</BODY></HTML>");
}
} // Given http://blah, return https://blah.
private String httpsURL(String origURL) {
int index = origURL.indexOf(":");
StringBuffer newURL = new StringBuffer(origURL);
newURL.insert(index, 's');
return(newURL.toString());
} // If the first argument is null, return the second argument.
// Otherwise, convert first argument to a String and
// return that String. private String replaceNull(Object obj, String fallback) {
if (obj == null) {
return(fallback);
} else {
return(obj.toString());
}
}
}
(X509Certificate[])request.getAttribute(certAttribute);