Comments (10)
Progress so far regarding getting access to underlying client cert info:
Getting access to the client cert in node is relatively easy. One just has to call req.connection.getPeerCertificate()
, as noted in the Node API doc:
With HTTPS support, use request.connection.verifyPeer() and request.connection.getPeerCertificate() > to obtain the client's authentication details.
The problem comes in when we try to do this in typescript. req.connection
is type net.Socket
when req is a HTTP request, and type tls.ClearTextStream
when req is a HTTPS request. In order to get variant type notation in typescript, I upgrade the typescript compiler to 1.4.0 so that we could use union type(req.connection: net.Socket|tls.ClearTextStream
).
Within the extracted client certificate object, there's the fingerprint property that we could use to unique identify the user. I will start modifying the subscription code based on it.
from blpapi-http.
You can always do a typecast in typescript.
I am more curious about how to invalidate a client certificate?
from blpapi-http.
Typecasting would only work in up/down casting, as explained in this post. In this case, if the type annotation is req.connection: net.Socket
, I get the following error when I try to cast it to tls.ClearTextStream
:
error TS2352: Neither type 'Socket' nor type 'ClearTextStream' is assignable to the other.
Property 'authorized' is missing in type 'Socket'.
I will look into the client cert invalidation tomorrow.
from blpapi-http.
I don't have time to read the link, but you can totally cast anything into anything.
var x : Cls1;
var y : Cls2;
y = x;
from blpapi-http.
Stupid Github doesn't display < and > :-)
from blpapi-http.
I've tried the following example and it doesn't seem to work:
interface Dog {
woo(): void;
}
interface Cat {
meow(): void;
}
var d: Dog;
var c: Cat;
d.woo(); // OK
c.meow(); // OK
d = <Dog>c; // Error
(<Dog>c).woo(); // Error
// error TS2353: Neither type 'Cat' nor type 'Dog' is assignable to the other:
// Property 'woo' is missing in type 'Cat'.
from blpapi-http.
As I said earlier, you need to type: c;
from blpapi-http.
Oh sorry I missed the double casting syntax. I tried and it did work. Thanks for the suggestion.
from blpapi-http.
For certificate revocation list, node js support it by passing the following option when create the server:
crl : Either a string or list of strings of PEM encoded CRLs (Certificate Revocation List)
The followup problem is when the crl get updated, node doesn't seem to reload the file unless you restart the server. Also, node doesn't seem to have native support of CRL Distribution Point, where the server will periodically download the CRL from the specified URL to check whether any certificates have been revoked.
Some ref:
- https://jamielinux.com/articles/2013/08/generate-certificate-revocation-list-revoke-certificates/
- http://nodejs.org/api/tls.html
from blpapi-http.
We have been using HTTPS client certificates for quite some time now - closing.
from blpapi-http.
Related Issues (20)
- Handle auth for websocket subscription
- Remove 'connected' server => client event for subscriptions
- Subscribe/unsubscribe message events should echo correlations ids
- Subscribe/unsubscribe route should echo back correlation ids(long-polling subscription)
- Support //blp/mktdepth
- Support //blp/mktlist
- Support //blp/srcref
- Support publishing data
- ES6: Transition to Map
- ES6: Transition to Generators
- ES6: Transition to native Promise
- Fix for a circular reference issue HOT 1
- TypeScript 1.5.0-alpha breaks TravisCI build for node v0.10 HOT 6
- Remove usage and references to hackathon
- Probable memory leak in native memory with subscription data HOT 1
- 'let' and 'const' declarations available only when targetting ECMAScript6 and higher error HOT 6
- Enhance command line support for MarketDataSubscription_LongPoll.js example
- Scala examples HOT 1
- Datetime handling before Unix epoch HOT 16
- time resolution when retrieving tick data
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blpapi-http.