我正在使用SSL套接字服务器和客户端程序,实现客户端认证(ClientAuth)。客户端分为两种类型,每种类型使用自己的证书。服务器如何确定新连接的客户端类型,例如客户端证书别名或其他可区分的属性?
以下是我设置服务器并接受来自客户端连接的代码:
以下是我设置服务器并接受来自客户端连接的代码:
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(serverKeystoreFile), serverKeystorePass);
kmf.init(ks, serverCertificatePass);
ks.load(new FileInputStream(serverTruststoreFile), serverTruststorePass);
tmf.init(ks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLServerSocketFactory ssf = ctx.getServerSocketFactory();
SSLServerSocket sslserversocket = (SSLServerSocket) ssf.createServerSocket(port);
sslserversocket.setNeedClientAuth(true);
// accept connection from client
SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
// At this point, I would like to determine the connected client's certificate alias
// or some other property that is unique for each of the acceptable client certificates.
getCipher来检索密码套件。getCipher可用于SSLContext和例如HttpsUrlConnection。我不确定它是否像您需要的那样突出,但它绝对是特定连接的属性。您还可以使用getSessionContext,它应该提供其他会话特定信息。 - jww