I'm using Golang gRPC with mutual tls. Is it possible to get client's certificate subject DN from rpc method?
// ...
func main() {
// ...
creds := credentials.NewTLS(&tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
Certificates: []tls.Certificate{certificate},
ClientCAs: certPool,
MinVersion: tsl.VersionTLS12,
})
s := NewMyService()
gs := grpc.NewServer(grpc.Creds(creds))
RegisterGRPCZmqProxyServer(gs, s)
er := gs.Serve(lis)
// ...
}
// ...
func (s *myService) Foo(ctx context.Context, req *FooRequest) (*FooResonse, error) {
$dn := // What should be here?
// ...
}
Is it possible?
You can use peer.Peer from ctx context.Context for access to the OID registry in x509.Certificate.
func (s *myService) Foo(ctx context.Context, req *FooRequest) (*FooResonse, error) {
p, ok := peer.FromContext(ctx)
if ok {
tlsInfo := p.AuthInfo.(credentials.TLSInfo)
subject := tlsInfo.State.VerifiedChains[0][0].Subject
// do something ...
}
}
Subject it is pkix.Name and in docs write:
Name represents an X.509 distinguished name
And I used code from this answer and it well work.