Expose subject name for MutualTlsUser

akuanti · akuanti · commit 8ca69ce21904 · 2018-09-11T15:09:04.000-04:00
This is not necessarily the value stored in the subject name of the
certificate, but it is the name for which the provided certifcate was
validated.
diff --git a/core/http/src/tls.rs b/core/http/src/tls.rs
@@ -46,7 +46,7 @@ pub fn find_valid_cert_for_peer<'a>(name: &'a str, certs: &'a [Certificate]) ->
 /// ##Examples
 ///
 /// The following short snippet shows `MutualTlsUser` being used as a request guard in a handler to
-/// verify the client's certificate.
+/// verify the client's certificate and print its subject name.
 ///
 /// ```rust
 /// # #![feature(plugin, decl_macro)]
@@ -55,12 +55,40 @@ pub fn find_valid_cert_for_peer<'a>(name: &'a str, certs: &'a [Certificate]) ->
 /// use rocket::http::tls::MutualTlsUser;
 ///
 /// #[get("/message")]
-/// fn message(mtls:MutualTlsUser) {
-///     println!("Authenticated client");
+/// fn message(mtls: MutualTlsUser) {
+///     println!("{}", mtls.subject_name());
 /// }
 ///
 /// # fn main() { }
 /// ```
 ///
 #[derive(Debug)]
-pub struct MutualTlsUser {}
+pub struct MutualTlsUser {
+    subject_name: String,
+}
+
+impl MutualTlsUser {
+    pub fn new(subject_name: &str) -> MutualTlsUser {
+        // NOTE: `subject_name` is not necessarily the subject name in the certificate,
+        // but it is the name for which the certificate was validated.
+        MutualTlsUser {
+            subject_name: subject_name.to_string()
+        }
+    }
+
+    /// Return the client's subject name.
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # extern crate rocket;
+    /// use rocket::http::tls::MutualTlsUser;
+    ///
+    /// fn handler(mtls: MutualTlsUser) {
+    ///     let subject_name = mtls.subject_name();
+    /// }
+    /// ```
+    pub fn subject_name(&self) -> &str {
+        &self.subject_name
+    }
+}
diff --git a/core/lib/src/request/from_request.rs b/core/lib/src/request/from_request.rs
@@ -469,6 +469,6 @@ impl <'a, 'r> FromRequest<'a, 'r> for MutualTlsUser {
         // Validate the name against the provided certs and create a MutualTlsUser
         find_valid_cert_for_peer(&name, &certs).or_forward(())?;
 
-        Success(MutualTlsUser {})
+        Success(MutualTlsUser::new(&name))
     }
 }
diff --git a/examples/mtls/src/main.rs b/examples/mtls/src/main.rs
@@ -9,7 +9,7 @@ use rocket::http::tls::MutualTlsUser;
 
 #[get("/")]
 fn hello(mtls: MutualTlsUser) -> String {
-    format!("Hello, MTLS world, {:?}!", mtls)
+    format!("Hello, MTLS world, {}!", mtls.subject_name())
 }
 
 fn main() {
diff --git a/examples/mtls/src/tests.rs b/examples/mtls/src/tests.rs
@@ -35,5 +35,5 @@ fn hello_world() {
         .remote(socket)
         .dispatch();
 
-    assert_eq!(response.body_string(), Some("Hello, MTLS world, MutualTlsUser!".into()));
+    assert_eq!(response.body_string(), Some("Hello, MTLS world, localhost!".into()));
 }

Original file line number	Diff line number	Diff line change
`@@ -469,6 +469,6 @@ impl <'a, 'r> FromRequest<'a, 'r> for MutualTlsUser {`
`469`	`469`	`// Validate the name against the provided certs and create a MutualTlsUser`
`470`	`470`	`find_valid_cert_for_peer(&name, &certs).or_forward(())?;`
`471`	`471`
`472`		`- Success(MutualTlsUser {})`
	`472`	`+ Success(MutualTlsUser::new(&name))`
`473`	`473`	`}`
`474`	`474`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ use rocket::http::tls::MutualTlsUser;`
`9`	`9`
`10`	`10`	`#[get("/")]`
`11`	`11`	`fn hello(mtls: MutualTlsUser) -> String {`
`12`		`- format!("Hello, MTLS world, {:?}!", mtls)`
	`12`	`+ format!("Hello, MTLS world, {}!", mtls.subject_name())`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`fn main() {`
Original file line number	Diff line number	Diff line change
`@@ -35,5 +35,5 @@ fn hello_world() {`
`35`	`35`	`.remote(socket)`
`36`	`36`	`.dispatch();`
`37`	`37`
`38`		`- assert_eq!(response.body_string(), Some("Hello, MTLS world, MutualTlsUser!".into()));`
	`38`	`+ assert_eq!(response.body_string(), Some("Hello, MTLS world, localhost!".into()));`
`39`	`39`	`}`