Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEV-303 - Client certificate authentication for users #274

Closed
wants to merge 9 commits into from
Closed

DEV-303 - Client certificate authentication for users #274

wants to merge 9 commits into from

Conversation

shaan1337
Copy link
Member

@shaan1337 shaan1337 commented Nov 16, 2023
edited
Loading

Sample code:

    class Program
    {
        static async Task Main(string[] args)
        {
            var certPath = "/path/to/user.crt";
            var certKeyPath = "/path/to/user.key";
            var connectionString = $"esdb://127.0.0.1:2113,127.0.0.2:2113,127.0.0.3:2113?tls=true&tlsVerifyCert=false&certPath={certPath}&certKeyPath={certKeyPath}";
            
            var settings = EventStoreClientSettings.Create(connectionString);
            
            using (var client = new EventStoreClient(settings)) {
                await client.SubscribeToStreamAsync(
                    streamName: "test",
                    start: FromStream.Start,
                    eventAppeared: (sub, evt, ct) => {
                        Console.WriteLine(evt.Event.EventStreamId + " " + evt.OriginalEventNumber);
                        return Task.CompletedTask;
                    });

                Console.ReadLine();
            }
        }
    }

Manual tests carried out:

  • tested with disabled/deleted user
  • tested multiple requests from same HTTP/2 connection (to see if caching is working properly)
  • tested intermediate certificates (supported by adding intermediate CAs to the store)
  • tested HTTP/1 fallback connection (with persistent subscription client)
  • tested expired certificate

TODO:

  • Add tests
  • Automatic certificate rotation by detecting file changes (also requires refreshing of the HTTP connection pool)

@linear Linear
Copy link

linear bot commented Nov 16, 2023

DB-498 User x.509 certs POC

POC DB-283

@josephcummings josephcummings self-requested a review February 27, 2024 11:40
@josephcummings josephcummings changed the title Client certificate authentication for users [DB-498] DEV-303 - Client certificate authentication for users Mar 1, 2024
@w1am w1am force-pushed the db-498-user-certs branch 3 times, most recently from 93029fc to 939e9bc Compare March 13, 2024 05:34
@w1am w1am force-pushed the db-498-user-certs branch from 29c9c3f to 6d5f5a3 Compare March 13, 2024 06:54
@w1am
Allow overriding user credentials
5f969ab 
- Replace DnsEndpoint with ChannelIdentifier
- Allow passing a new input in SharingProviderInput and add a test
- Use BouncyCastle for loading certificates in net48
- Allow passing ChannelIdentifier in ChannelFactory
@w1am w1am force-pushed the db-498-user-certs branch from 6d5f5a3 to 5f969ab Compare March 14, 2024 04:46
@w1am w1am force-pushed the db-498-user-certs branch 7 times, most recently from aba3327 to 2571caf Compare March 20, 2024 04:54
@w1am w1am force-pushed the db-498-user-certs branch from 2571caf to 13635ac Compare March 20, 2024 06:09
@w1am w1am marked this pull request as ready for review March 20, 2024 06:58
@w1am
Add user certificate field
a6ad8b1 
* Remove user cert argument http fallback
@w1am
Copy link
Contributor

w1am commented Apr 18, 2024

I am closing this PR as I started a cleaner version to address the same feature. see #295

@w1am w1am closed this Apr 18, 2024
@w1am w1am deleted the db-498-user-certs branch April 18, 2024 09:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josephcummings josephcummings Awaiting requested review from josephcummings

@thefringeninja thefringeninja Awaiting requested review from thefringeninja

Assignees

@w1am w1am

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shaan1337 @w1am @YoEight