Authenticate using certificate and passphrase like curl's `--cert` option
garanda21 opened this issue · 2 comments
I'm working with Vapor on Linux on a API which connects to a URL and send it a XML, this URL needs certificate authentication (.pem, or p12) and passphrase.
Using curl on terminal works perfect, with this command:
curl -X POST https://myurl.com/api -H "ContentType: application/xml" --cert file.pem:password -d "<xml>my awesome xml</xml>"
Ref: https://curl.se/docs/manpage.html#-E
Now I'm trying to figure it to how to implement using TLSConfiguration.forClient()
, based on this comment: #27 (comment), and I'm not sure how to "inject" the certificate and its passphrase and later using it on one of my routes.
Any help appreciated
You need to set the privateKey
and certificateChain
fields on the TLSConfiguration
. These take a NIOSSLCertificate
and NIOSSLPrivateKey
which support being constructed in a number of ways. Note that NIOSSL does not support having the private key and cert in a single file at this time, so you'd need them in separate files.
We actually have support for p12 bundles which can store a private key and a cert chain in a single file e.g.:
let p12Bundle = NIOSSLPKCS12Bundle(file: pathToMyP12)
let config = TLSConfiguration.makeServerConfiguration(
certificateChain: p12Bundle.certificateChain,
privateKey: p12Bundle.privateKey
)
You can also provide a passphrase through the various initialisers: https://swiftpackageindex.com/apple/swift-nio-ssl/main/documentation/niossl/niosslpkcs12bundle