[FR] - Possibility to obtain server certificates

[wojciechUrbanski]

Feature:

I would like to have the possibility to retrieve the server certificates, something like:

val Url = new URL(url)
val con = Url.openConnection
val scon = con.asInstanceOf[HttpsURLConnection]
scon.connect()
val certs = scon.getServerCertificates

After initial talk with Adam, certs might be added to ResponseMetadata and the syntax may look as: (ignore: ResponseAs[Unit]).mapWithMetadata(m => extract cert)

[Hiroki6]

This issue was created when I asked @wojciechUrbanski how I can do certificate pinning via sttp because I didn't find the way at that time.

But, I found the way after that.
The X509TrustManager class enables us to access server certificates as it's written here

// custom X509TrustManager
val TrustAllCerts: X509TrustManager = new X509TrustManager() {
  def getAcceptedIssuers: Array[X509Certificate] = Array[X509Certificate]()
  override def checkServerTrusted(x509Certificates: Array[X509Certificate], s: String): Unit = {
     // here you can access server certificates
  }
  override def checkClientTrusted(x509Certificates: Array[X509Certificate], s: String): Unit = ()
}

// configure trusted server certificates
ks.load(new FileInputStream("/path/to/server_trust"), "password".toCharArray)

// check the certificate with the default algorithm (normally PKIX)
// reference: [https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/TrustManagerFactory.html]
val tmf: TrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)  
tmf.init(ks)

Also, if you use OkHttp as a backend, it supports certificate pinning.
https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/