In my Rust Tonic setup, I have configured mTLS (mutual TLS) authentication between client and server.
Now, I would like to use the data stored in client certificate
a) for authorizing access (interceptor)
b) use in providing the service (ie. I want to see Hello Petr if Petr is connecting)
I could not find any examples about this, and traversing Tonic source code didn't help me, too.
After asking on discord channel tokio/tonic, I got the solution (thanks Lucio Franco!) and also found that there actually is an example in tonic (yes my research was not good enough).
For anyone interested, this is the example code: https://github.com/hyperium/tonic/blob/master/examples/src/tls_client_auth/server.rs
Brief summary:
the
requestparameter, provided in each method generated for the service, contains parameter peer_certs() which returns all the user certificates.These can be then iterated, and their bytes parsed. I used crate x509-parser which works great for me, but others might be probably used as well.