The CallAttributes is the correct approach, but be warned that it is experimental API, and may change in the future.
On Saturday, January 7, 2017 at 1:15:12 PM UTC-8, Eugene Strulyov wrote: > > Answering my own question, but I figured this out. In case anyone else > finds this useful: > > SSLSession sslSession = call.attributes().get(ServerCall.SSL_SESSION_KEY); > > String peerName = sslSession.getPeerPrincipal().getName(); > > Matcher matcher = myPattern.matcher(peerName); > > Eugene > > > On Friday, January 6, 2017 at 3:17:59 PM UTC-8, Eugene Strulyov wrote: >> >> Hi all, >> >> >> I am implementing a GRPC service which must authenticate the clients, so >> I set up TLS auth as follows: >> >> >> SslContextBuilder sslContextBuilder = >> SslContextBuilder.forServer(serverPrivateKey, serverCertChain) >> >> .trustManager(serverTrustedCerts) >> >> .clientAuth(ClientAuth.REQUIRE); >> >> GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL >> ); >> >> >> In this case serverTrustedCerts is the certificate of our CA, which means >> that any certificate signed by this CA is accepted. I need to make this >> more restrictive, such that only certain clients are accepted. So I have 2 >> options: >> >> >> 1. List every single client certificate that I want to allow. >> >> >> 2. Do certificate filtering on the server. All client certificates will >> have a certain known string in Subject DN field, so if I can get access to >> the certificate, I can regexp for it. >> >> >> Option 2 is much preferred. How do I do this with GRPC? >> >> >> thanks, >> >> >> Eugene >> >> >> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/d2e1d65c-90ce-4519-b3e0-eeac00edee78%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
