Skip to content

added option to request, require and verify client certificates #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
SierraGolf wants to merge 1 commit into
base: master
Choose a base branch
from
Open

added option to request, require and verify client certificates #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions docs/options.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ const options = {
'listen': 'myservice.example.com:50051',
'rootProtoPath': '../protos',
'rootCert': '/path/to/root/cert',
'checkClientCert': true,
'certChain': '/path/to/cert/chain',
'privateKey': '/path/to/private/key',
};
Expand All @@ -19,14 +20,15 @@ const app = new Condor(options);

All the options are not required. Their default values are:

| Option | Description | Default |
|---------------|----------------------------------------------------------|---------------|
| listen | The hostname and port the server will listen into | 0.0.0.0:50051 |
| host | The hostname. *Valid only if `listen` is not set* | 0.0.0.0 |
| port | The port. *Valid only if `listen` is not set* | 50051 |
| rootProtoPath | Root path of the proto files | |
| rootCert | Path to the root cert file | |
| certChain | Path to the cert chain file | |
| privateKey | Path to the private key file | |
| Option | Description | Default |
|-----------------|----------------------------------------------------------------------------------------|---------------|
| listen | The hostname and port the server will listen into | 0.0.0.0:50051 |
| host | The hostname. *Valid only if `listen` is not set* | 0.0.0.0 |
| port | The port. *Valid only if `listen` is not set* | 50051 |
| rootProtoPath | Root path of the proto files | |
| rootCert | Path to the root cert file | |
| checkClientCert | Indicates that the server should request, require and verify the client's certificates | false |
| certChain | Path to the cert chain file | |
| privateKey | Path to the private key file | |

Next: [Related modules and middleware](related-modules-and-middleware.md)
9 changes: 5 additions & 4 deletions docs/ssl-tls.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,14 @@ layout: default
GRPC has some built-in mechanisms for server [authentication](http://www.grpc.io/docs/guides/auth.html).

To enable SSL you just have to pass the host and the paths to the certificate files.

```js
const options= {
'listen': 'myservice.example.com:50051', // required
'rootCert': '/path/to/root/cert', // optional
'certChain': '/path/to/cert/chain', // required
'privateKey': '/path/to/private/key', // required
'rootCert': '/path/to/root/cert', // optional
'checkClientCert': false, // optional
'certChain': '/path/to/cert/chain', // required
'privateKey': '/path/to/private/key', // required
};
app = new Condor(options);
```
Expand Down
3 changes: 2 additions & 1 deletion lib/server.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ module.exports = class {
constructor(builder, options) {
const defaultOptions = {
'listen': '0.0.0.0:50051',
'checkClientCert': false,
};

this._validateBuilder(builder);
Expand Down Expand Up @@ -124,7 +125,7 @@ module.exports = class {
'cert_chain': this._getFileBuffer(options.certChain),
'private_key': this._getFileBuffer(options.privateKey),
},
]);
], options.checkClientCert);
}

_getFileBuffer(path) {
Expand Down
10 changes: 6 additions & 4 deletions lib/server.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ describe('Server:', () => {
describe('getOptions()', () => {
describe('when server was initialized without options', () => {
it('should return the default options', () => {
const defaultOptions = {'listen': '0.0.0.0:50051'};
const defaultOptions = {'listen': '0.0.0.0:50051', 'checkClientCert': false};
expect(server.getOptions()).toEqual(defaultOptions);
});
});
Expand All @@ -45,13 +45,13 @@ describe('Server:', () => {
});

it('should return the options merged with the default options', () => {
const expectedOptions = {'listen': '1.1.1.1:3000'};
const expectedOptions = {'listen': '1.1.1.1:3000', 'checkClientCert': false};
expect(server.getOptions()).toEqual(expectedOptions);
});

describe('when two servers are created', () => {
it('should reset default options', () => {
const expectedOptions = {'listen': '0.0.0.0:50051'};
const expectedOptions = {'listen': '0.0.0.0:50051', 'checkClientCert': false};
server = new Server(builder);
expect(server.getOptions()).toEqual(expectedOptions);
});
Expand Down Expand Up @@ -93,6 +93,7 @@ describe('Server:', () => {
it('should create ssl creds', () => {
const expectedOptions = {
'listen': '0.0.0.0:50051',
'checkClientCert': false,
'certChain': 'spec/ssl/server.crt',
'privateKey': 'spec/ssl/server.key',
};
Expand Down Expand Up @@ -122,6 +123,7 @@ describe('Server:', () => {
describe('when ssl options are files paths', () => {
const expectedOptions = {
'listen': '0.0.0.0:50051',
'checkClientCert': false,
'certChain': 'spec/ssl/server.crt',
'privateKey': 'spec/ssl/server.key',
};
Expand Down Expand Up @@ -231,7 +233,7 @@ describe('Server:', () => {
'cert_chain': new Buffer('cert_chain'),
'private_key': new Buffer('private_key'),
},
]);
], false);
server = new Server(builder, {
'cert_chain': '/path/to/cert/chain.crt',
'private_key': '/path/to/private/key.key',
Expand Down