HTTPS Client Certificates about blpapi-http HOT 10 CLOSED

Progress so far regarding getting access to underlying client cert info:

Getting access to the client cert in node is relatively easy. One just has to call req.connection.getPeerCertificate(), as noted in the Node API doc:

With HTTPS support, use request.connection.verifyPeer() and request.connection.getPeerCertificate() > to obtain the client's authentication details.

The problem comes in when we try to do this in typescript. req.connection is type net.Socket when req is a HTTP request, and type tls.ClearTextStream when req is a HTTPS request. In order to get variant type notation in typescript, I upgrade the typescript compiler to 1.4.0 so that we could use union type(req.connection: net.Socket|tls.ClearTextStream).

Within the extracted client certificate object, there's the fingerprint property that we could use to unique identify the user. I will start modifying the subscription code based on it.

from blpapi-http.

You can always do a typecast in typescript.

I am more curious about how to invalidate a client certificate?

from blpapi-http.

Typecasting would only work in up/down casting, as explained in this post. In this case, if the type annotation is req.connection: net.Socket, I get the following error when I try to cast it to tls.ClearTextStream:

error TS2352: Neither type 'Socket' nor type 'ClearTextStream' is assignable to the other.
Property 'authorized' is missing in type 'Socket'.

I will look into the client cert invalidation tomorrow.

from blpapi-http.

I don't have time to read the link, but you can totally cast anything into anything.
var x : Cls1;
var y : Cls2;
y = x;

from blpapi-http.

Stupid Github doesn't display < and > :-)

from blpapi-http.

I've tried the following example and it doesn't seem to work:

interface Dog {
    woo(): void;
}

interface Cat {
    meow(): void;
}

var d: Dog;
var c: Cat;

d.woo();    // OK
c.meow();   // OK
d = <Dog>c; // Error
(<Dog>c).woo(); // Error

// error TS2353: Neither type 'Cat' nor type 'Dog' is assignable to the other:
// Property 'woo' is missing in type 'Cat'.

from blpapi-http.

As I said earlier, you need to type: c;

from blpapi-http.

Oh sorry I missed the double casting syntax. I tried and it did work. Thanks for the suggestion.

from blpapi-http.

For certificate revocation list, node js support it by passing the following option when create the server:

crl : Either a string or list of strings of PEM encoded CRLs (Certificate Revocation List)

The followup problem is when the crl get updated, node doesn't seem to reload the file unless you restart the server. Also, node doesn't seem to have native support of CRL Distribution Point, where the server will periodically download the CRL from the specified URL to check whether any certificates have been revoked.

Some ref:

• https://jamielinux.com/articles/2013/08/generate-certificate-revocation-list-revoke-certificates/
• http://nodejs.org/api/tls.html

from blpapi-http.

We have been using HTTPS client certificates for quite some time now - closing.

from blpapi-http.