doujiang1001 2017-11-09 06:58
浏览 101
已采纳

在Go gRPC处理程序中从客户端证书获取主题DN

I'm using Golang gRPC with mutual tls. Is it possible to get client's certificate subject DN from rpc method?

// ...
func main() {
    // ...
    creds := credentials.NewTLS(&tls.Config{
        ClientAuth:   tls.RequireAndVerifyClientCert,
        Certificates: []tls.Certificate{certificate},
        ClientCAs:    certPool,
        MinVersion:   tsl.VersionTLS12,
    })
    s := NewMyService()
    gs := grpc.NewServer(grpc.Creds(creds))
    RegisterGRPCZmqProxyServer(gs, s)
    er := gs.Serve(lis)
    // ...
}

// ...
func (s *myService) Foo(ctx context.Context, req *FooRequest) (*FooResonse, error) {
    $dn := // What should be here?
    // ...
}

Is it possible?

  • 写回答

1条回答 默认 最新

  • duanmanpi9358 2017-11-15 12:25
    关注

    You can use peer.Peer from ctx context.Context for access to the OID registry in x509.Certificate.

    func (s *myService) Foo(ctx context.Context, req *FooRequest) (*FooResonse, error) {
        p, ok := peer.FromContext(ctx)
            if ok {
                tlsInfo := p.AuthInfo.(credentials.TLSInfo)
                subject := tlsInfo.State.VerifiedChains[0][0].Subject
                // do something ...
            }
    }
    

    Subject it is pkix.Name and in docs write:

    Name represents an X.509 distinguished name

    And I used code from this answer and it well work.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥55 AD844 howland电流源如何驱动大额负载
  • ¥15 C++ /QT 内存权限的判断函数列举
  • ¥15 深度学习GFnet理解问题
  • ¥15 单细胞小提琴堆叠图代码
  • ¥50 升级strust2版本到2.3.15.1后使用ognl3.0.6.jar windows环境中没有问题,但部署到linux环境报错
  • ¥15 vue页面,node封装接口
  • ¥15 求TMS320F280039C工程模板!
  • ¥15 delphi+fastreport实现分组补空打印问题
  • ¥15 使用python把两台mysql数据库服务器数据导出和导入
  • ¥15 NodeBB论坛配置Apache Solr中文搜索引擎的详细教程