OpenSSlSession.getPeerPrincipal() returns the issuer principal of the first certificate in the chain, but it should return the subject principal instead.

As a reference, look at the JDK implementation for getPeerPrincipal() and getLocalPrincipal():

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/d5a00b1e8f78/src/share/classes/sun/security/ssl/SSLSessionImpl.java#l541