Java-WebSocket - Get Client certificate from Server for authentication

Question

I've set up a websocket connection using Java-WebSocket with a working two-way TLS connection. However, to make Client Authentication possible I'd like to be able to get the information attached to the Client Certificate. This will contain some information about the client connecting so it would be useful to have.

I've looked through all the data in debug mode for the connection and the data it contains, but cannot find any reference to the certificate. Most questions online seem to be about the standard javax websocket, but the one I'm using is made by TooTallNate (https://github.com/TooTallNate/Java-WebSocket)

I would like to be able to get a certificate from an established session. Is this possible?

Answer 1

Apparently in the new version the possibility of getting the SSLEngine from a session has been made possible. This should be present starting from version 1.4.1, which is currently a SNAPSHOT.

For anyone else stumbling across this question, this is a solution that works as of the 1.4.1-SNAPSHOT build used. This code should function in any of the server events. In my case I placed this in the onOpen event, which I'm guessing is where you'd want it to be as well. I haven't fully tested this with a non-SSL server but since there is a check in place it SHOULD be fine. Please test beforehand, however.

Certificate[] certificates = null;
if(webSocket.hasSSLSupport()) {
    try {
        certificates = webSocket.getSSLSession().getPeerCertificates();
    } catch (SSLPeerUnverifiedException e) {
        logger.error("Could not read SSL Certificates");
        e.printStackTrace();
    }
}