I am pretty new to certificates, but I have to do something like this (in Java):
1) I have requestor's certificate in my hand:
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
2) I need to request another url with that certificate (is it even possible?), something like:
URL url = new URL(server);
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
if (connection instanceof HttpsURLConnection) {
((HttpsURLConnection) connection).setSSLSocketFactory(???);
}
My question is: how do I link certificates from 1) with request from 2)?
cheers.
You won't be able to do this. In order to establish an authenticated SSL connection you need both the public and private components of the certificate. It would be a security hole to do something like what you are suggesting, allowing a server to masquerade as an entity that it isn't.