Answering my own question, but I figured this out. In case anyone else finds this useful:
SSLSession sslSession = call.attributes().get(ServerCall.SSL_SESSION_KEY); String peerName = sslSession.getPeerPrincipal().getName(); Matcher matcher = myPattern.matcher(peerName); Eugene On Friday, January 6, 2017 at 3:17:59 PM UTC-8, Eugene Strulyov wrote: > > Hi all, > > > I am implementing a GRPC service which must authenticate the clients, so I > set up TLS auth as follows: > > > SslContextBuilder sslContextBuilder = SslContextBuilder.forServer( > serverPrivateKey, serverCertChain) > > .trustManager(serverTrustedCerts) > > .clientAuth(ClientAuth.REQUIRE); > > GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL); > > > In this case serverTrustedCerts is the certificate of our CA, which means > that any certificate signed by this CA is accepted. I need to make this > more restrictive, such that only certain clients are accepted. So I have 2 > options: > > > 1. List every single client certificate that I want to allow. > > > 2. Do certificate filtering on the server. All client certificates will > have a certain known string in Subject DN field, so if I can get access to > the certificate, I can regexp for it. > > > Option 2 is much preferred. How do I do this with GRPC? > > > thanks, > > > Eugene > > > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/b6c810c1-d7aa-4f1a-b5fd-49c1c1bebbf5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
