在restlet中获取客户端证书

Question

我设法实现了一个带有 bot 客户端和服务器认证的 https restlet。我可以证明它有效，因为如果我用不受信任的证书调用服务器通信失败。不幸的是，我在服务器上找不到客户端的证书。我正在使用此代码：

List<Certificate> certs = request.getClientInfo().getCertificates();

但列表为空。我做错了什么？

编辑：

版本是Restlet-Framework/2.3m2

Answer 1

问题与通过com.sun.httpserver 使用默认服务器实现有关。 org.restlet.engine.connector.HttpExchangeCall 类应该在 getCertificates() 方法中返回证书， 但它总是返回null。该类用于org.restlet.engine.connector.HttpsServerHelper 在使用服务器实现com.sun.httpserver 时，它又是 Restlet 框架的助手。

要解决此问题，需要做一些事情。
首先，一个新的类HttpsExchangeCall：

package org.restlet.engine.connector;

import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.List;

import org.restlet.Server;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpsExchange;

/**
 * The default {@link HttpExchangeCall} fails to extract certificates from the SSL connection.
 * This class implements {@link #getCertificates()} to extract certificates.
 */
@SuppressWarnings("restriction")
public class HttpsExchangeCall extends HttpExchangeCall {

    private static final Logger log = LoggerFactory.getLogger(HttpsExchangeCall.class);

    private final HttpsExchange sexchange;

    public HttpsExchangeCall(Server server, HttpExchange exchange) {
        this(server, exchange, true);
    }

    public HttpsExchangeCall(Server server, HttpExchange exchange, boolean confidential) {
        super(server, exchange, confidential);
        if (exchange instanceof HttpsExchange) {
            sexchange = (HttpsExchange) exchange;
        } else {
            sexchange = null;
        }
    }

    @Override
    public List<Certificate> getCertificates() {

        if (sexchange == null) {
            log.debug("Cannot extract peer certificates from unsecure connection.");
            return null;
        }
        Certificate[] certs = null;
        try {
            certs = sexchange.getSSLSession().getPeerCertificates();
            if (log.isDebugEnabled()) {
                log.debug("Found " + (certs == null ? "no" : Integer.toString(certs.length)) + " peer certificate(s).");
            }
        } catch (Exception e) {
            log.debug("Unable to find peer certificates - " + e);
        }
        List<Certificate> lcerts = null;
        if (certs != null) {
            lcerts = new ArrayList<Certificate>();
            for (int i = 0; i < certs.length; i++) {
                lcerts.add(certs[i]);
            }
        }
        return lcerts;
    }

}

然后是HttpsServerHelper的副本 重命名为HttpsServerHelper2，修改了一行。换行
HttpsServerHelper.this.handle(new HttpExchangeCall(getHelped(),
与行：
HttpsServerHelper2.this.handle(new HttpsExchangeCall(getHelped(),

这个助手需要注册：
Engine.getInstance().getRegisteredServers().add(new HttpsServerHelper2(null));
现在创建Server 变得非常明确：

Component component = new Component();
Server server = new Server(
        (Context) null, Arrays.asList(Protocol.HTTPS),
        (String) null, Constants.PORT_TEST, component.getServers().getNext(), 
        HttpsServerHelper2.class.getName()
    );
component.getServers().add(server);

我希望 Restlet 自己的 HttpExchangeCall 将被更新以提取证书： 这是一个小修复，并节省了解决该问题所需的大量不需要的代码。
同时，您可以在 restlet-clientcert Github 项目。

Answer 2

此方法应提供您要查找的内容：request.getClientInfo().getCertificates() http://restlet.com/learn/javadocs/2.3/jse/api/org/restlet/data/ClientInfo.html

您还可以检索密码套件