堆栈内存溢出
  简体   繁体   English

有没有办法以 2 路 ssl 连接从 java 代码中恢复客户端证书的通用名称?

[英]Is there a way to recover the common name of a client certificate from java code in a 2 way ssl connection?

 原文  2011-05-30 18:06:43       java/ soap/ ssl/ weblogic

问题描述

We have a weblogic server configured to require a client certificate on stablishing a ssl connection with client for a web service solution.我们有一个 weblogic 服务器配置为在建立 ssl 与客户端的 web 服务解决方案的连接时需要客户端证书。 The ssl handshake works perfectly as we have already configured all that is required. ssl 握手完美地工作,因为我们已经配置了所有需要的东西。

Now, after the connection we do receive a soap request where the client id is one of the fields of this request soap.现在,在连接之后,我们确实收到了一个 soap 请求,其中客户端 ID 是该请求 soap 的字段之一。 What we need to do is to check this id against the common name of the client certificate used to connect within our server in order to garantee the transaction.我们需要做的是根据用于在我们的服务器内连接的客户端证书的通用名称检查此 ID,以保证交易。 This is very important to us because this is a bank transaction and there is a lot of money involved in it and we need to avoid frauds.这对我们来说非常重要,因为这是一项银行交易,涉及大量资金,我们需要避免欺诈。

So: Is there a way to recover the common name of a client certificate used to stablish a 2 way ssl connection from java code running on the server using a weblogic 10.3.3 server?所以:有没有办法从使用 weblogic 10.3.3 服务器的服务器上运行的 java 代码恢复用于建立 2 路 ssl 连接的客户端证书的公用名?

[]s []s

1 个解决方案

解决方案1
 6 已采纳  2011-05-30 18:45:00

The client's certificate can be read from the incoming Servlet request using the HttpServletRequest.getAttribute(String) method invocation.可以使用HttpServletRequest.getAttribute(String)方法调用从传入的 Servlet 请求中读取客户端的证书。 The attribute with name javax.servlet.request.X509Certificate is populated by the servlet container when it creates an instance of the Request object for processing by the servlet/webservice.名为javax.servlet.request.X509Certificate的属性由 servlet 容器在创建请求 object 的实例以供 servlet/webservice 处理时填充。

The DN of the certificate can then be obtained from the X500Principal object, obtained from the certificate object via the getX500Principal method invocation.然后可以从 X500Principal object 获得证书的 DN,通过getX500Principal方法调用从证书 object 获得。 This does not give the CN, but will provide your with the complete distinguished name in a specified format;这不会提供 CN,但会以指定格式为您提供完整的专有名称; this could be parsed to provide the CN . 这可以被解析以提供 CN

As far as accessing the ServletRequest object is concerned, JAX-WS web services can be programmed to read the MessageContext which allows access to the underlying HttpServletRequest object.就访问 ServletRequest object 而言,可以对 JAX-WS web 服务进行编程以读取允许访问底层 HttpServletRequest object 的MessageContext

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 Java 中验证 SSL 证书的通用名称 - Verifying SSL Certificate's Common Name in Java 我的 SSL 客户端 (Java) 未通过双向 SSL 握手将证书发送回服务器 - My SSL client (Java) isn't sending a certificate back to the server in two-way SSL handshake SSL客户端(Java)不在两次SSL握手中将证书发送回服务器 - SSL client (Java) is not sending a certificate back to the server in two-way SSL handshake 来自Java客户端的SSL连接 - SSL Connection from Java client 如何使用 Quarkus 以两种方式 SSL 从 REST 服务中的请求中检索客户端证书 - How to retrieve the client certificate from a request in a REST service using Quarkus in two way SSL 使用 2-way SSL Handskake(客户端和服务器证书)设置 Netty - Set up Netty with 2-way SSL Handskake (client and server certificate) 忽略Java ssl连接中的“证书名称错误”类型错误 - Ignoring “wrong name on certificate” type error in Java ssl connection 有没有办法获取 AWS IoT 核心证书的通用名称 - Is there a way to fetch common name of AWS IoT core certificate SSL 6数字证书身份验证在Java 6中失败但在Java 7中工作的两种方式 - Two way SSL digital certificate authentication is failing in Java 6 but working in Java 7 在 Java 中选择 SSL 客户端证书 - Choosing SSL client certificate in Java
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM