Return the X509certificates or null if we can't get them.
XXX We should allow unverified certificates
Certificate [] certs=null;
try {
certs = session.getPeerCertificates();
} catch( Throwable t ) {
logger.debug("Error getting client certs",t);
return null;
}
if( certs==null ) return null;
X509Certificate [] x509Certs = new X509Certificate[certs.length];
for(int i=0; i < certs.length; i++) {
if( certs[i] instanceof X509Certificate ) {
// always currently true with the JSSE 1.1.x
x509Certs[i] = (X509Certificate)certs[i];
} else {
try {
byte [] buffer = certs[i].getEncoded();
CertificateFactory cf =
CertificateFactory.getInstance("X.509");
ByteArrayInputStream stream =
new ByteArrayInputStream(buffer);
x509Certs[i] = (X509Certificate)
cf.generateCertificate(stream);
} catch(Exception ex) {
logger.info("Error translating cert " + certs[i], ex);
return null;
}
}
if(logger.isTraceEnabled())
logger.trace("Cert #" + i + " = " + x509Certs[i]);
}
if(x509Certs.length < 1)
return null;
return x509Certs;