java.security.cert.X509Certificate cert =
The result is the whole certificate chain.
The client could or could not send its certificate. A client certificate can be send in SSL version 3 and in TLS. You have to set an option to the web application server to want ant to accept client certificates. In jetty, the option is named wantClientAuth. Later I will extend the article with the name for Tomcat.