Hello! I'm trying to setup SSL on my servlet... I want it to whenever it gets requests from outside, it does the necessary handshaking and checks whether the client's certificate is in my trusted store. Our server needs to be limited access only, which is why we thought of having both client side and server side authentication. Our server will only be open to certain machines in our company (through LAN).

How do I go about comparing the certificate that is sent to me with that in my store?

This is all that I have so far. Please advise. Thanks!

public class testHTTPs extends HttpServlet
{
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " +
                                        "Transitional//EN\">\n" +
                "<HTML>\n" +
                "<HEAD><TITLE>Hello World!</TITLE></HEAD>\n" +
                "<BODY>Hello World!</BODY>\n" +
                "</HTML>");
}

if (!request.isSecure())
{
out.println ("<h3>Beware</h3>");
out.println ("This connection was not made via SSL. The client's certificate can't be read.");
break;
}
X509Certificate[] certs = (X509Certificate[])
request.getAttribute("javax.servlet.request.X509Certificate");
if (certs == null || certs.length == 0)
{
out.println ("<h3>Beware</h3>");
out.println ("This SSL connection can't read a client certificate.");
break;
}
else
{
out.println ("<h3>Client certificate:</h3>");
out.println (certs[0]);
     /* this is probably where I want to compare
        the clients certificate with what I have in
        my trusted store */
}

}