Expose subject name for MutualTlsUser

This is not necessarily the value stored in the subject name of the certificate, but it is the name for which the provided certifcate was validated.
rwf2 · Sep 11, 2018 · 57b8a83 · 57b8a83
1 parent e6e8985
commit 57b8a83
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 7 deletions.
diff --git a/core/http/src/tls.rs b/core/http/src/tls.rs
@@ -47,7 +47,7 @@ pub fn find_valid_cert_for_peer<'a>(name: &'a str, certs: &'a [Certificate]) ->
 /// ##Examples
 ///
 /// The following short snippet shows `MutualTlsUser` being used as a request guard in a handler to
-/// verify the client's certificate.
+/// verify the client's certificate and print its subject name.
 ///
 /// ```rust
 /// # #![feature(plugin, decl_macro)]
@@ -56,12 +56,40 @@ pub fn find_valid_cert_for_peer<'a>(name: &'a str, certs: &'a [Certificate]) ->
 /// use rocket::http::tls::MutualTlsUser;
 ///
 /// #[get("/message")]
-/// fn message(mtls:MutualTlsUser) {
-///     println!("Authenticated client");
+/// fn message(mtls: MutualTlsUser) {
+///     println!("{}", mtls.subject_name());
 /// }
 ///
 /// # fn main() { }
 /// ```
 ///
 #[derive(Debug)]
-pub struct MutualTlsUser {}
+pub struct MutualTlsUser {
+    subject_name: String,
+}
+
+impl MutualTlsUser {
+    pub fn new(subject_name: &str) -> MutualTlsUser {
+        // NOTE: `subject_name` is not necessarily the subject name in the certificate,
+        // but it is the name for which the certificate was validated.
+        MutualTlsUser {
+            subject_name: subject_name.to_string()
+        }
+    }
+
+    /// Return the client's subject name.
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # extern crate rocket;
+    /// use rocket::http::tls::MutualTlsUser;
+    ///
+    /// fn handler(mtls: MutualTlsUser) {
+    ///     let subject_name = mtls.subject_name();
+    /// }
+    /// ```
+    pub fn subject_name(&self) -> &str {
+        &self.subject_name
+    }
+}
diff --git a/core/lib/src/request/from_request.rs b/core/lib/src/request/from_request.rs
@@ -332,6 +332,6 @@ impl <'a, 'r> FromRequest<'a, 'r> for MutualTlsUser {
         // Validate the name against the provided certs and create a MutualTlsUser
         find_valid_cert_for_peer(&name, &certs).or_forward(())?;
 
-        Success(MutualTlsUser {})
+        Success(MutualTlsUser::new(&name))
     }
 }
diff --git a/examples/mtls/src/main.rs b/examples/mtls/src/main.rs
@@ -9,7 +9,7 @@ use rocket::http::tls::MutualTlsUser;
 
 #[get("/")]
 fn hello(mtls: MutualTlsUser) -> String {
-    format!("Hello, MTLS world, {:?}!", mtls)
+    format!("Hello, MTLS world, {}!", mtls.subject_name())
 }
 
 fn main() {

diff --git a/examples/mtls/src/tests.rs b/examples/mtls/src/tests.rs
@@ -35,5 +35,5 @@ fn hello_world() {
         .remote(socket)
         .dispatch();
 
-    assert_eq!(response.body_string(), Some("Hello, MTLS world, MutualTlsUser!".into()));
+    assert_eq!(response.body_string(), Some("Hello, MTLS world, localhost!".into()));
 }