I have a Vertx (3.9.x) based HTTP server in which I need to cater to two sets of request paths. First path always expects client certificates (ClientAuth.REQUIRED) and another for which client certificate is optional (ClientAuth.REQUEST or ClientAuth.NONE).
As I could see, only place where the ClientAuth could be set is HttpServerOptions, and it binds to a specific port, sample code snippet below:
final HttpServerOptions options = new HttpServerOptions()
.setPort(443)
.setClientAuth(ClientAuth.REQUIRED) // One option per listening port.
// Set all other server options
The Router configuration is somewhat like below:
final Router router = Router.router(vertx);
router.route("/required-client-cert/").handler(this::handleMutualAuth);
router.route("/no-need-client-cert/").handler(this::handleRegularAuth);
// Any one of the above routes can work anytime, because ClientAuth is configured in server options.
Is it possible to handle this within single Vertx application? If yes, how?
Is there any alternative, while listening on single port?
Thanks.
After some more research, I ended up with what is suggested in this post. In short, "I cannot vary the SSL configuration based on the URL's path since it is only available after the SSL connection has been established".
The resolution is that, I can have a another handler at the beginning for paths that need client certificate (mutual auth) and validate the client certificate there, something like below:
router.route("/required-client-cert/")
.handler(clientCertHandler::validateClientCert)
.handler(this::handleMutualAuth);
PS: The other approach is configure a different port for listening for requests that need mutual auth. However, in my case configuring another port is not an option.