Closed avgustinmm closed 1 year ago
Btw, is it planned support for client authentication using client certificates?
Not at the moment. However, this is not so much a problem of HonoClient
but of the AMQP Network supporting it. While the Qpid Dispatch Router we are using in Hono's Getting started guide does support it, the enMasse system we use in production currently doesn't.
FMPOV it would also be more desirable to support token based authentication so that clients can present a bearer token which they might have gotten by means of an OAuth exchange from a KeyCloak server.
We are already discussing this but no work has been done yet.
Regarding the support for configuring certs by means of byte buffers: I agree, that shouldn't be too hard to do. Would you be willing to create a PR?
@avgustinmm is this still on your list or can/should we close this issue?
Nice to have feature, but at least I don't need it at the moment. You could close this issue.
Currently the ConnectionFactoryImpl support passing trusted certificate only as a path to a file (or maybe as resource?). Sometimes, e.g. when the trusted certificates are manually imported in a certificate management module of an application, the trusted certificates may be available at the runtime but not stored in files. In this case the most convenient way to set them as a security context for the connection factory would be to pass them as binary or certificate objects. Having in mind that Vertx TrustOptions implementations (JksOptions, PemTrustOptions, PfxOptions) support binaries, this shall not be a big implementation problem. E.g. you could add method to set trusted certificate file & its type (e.g. JKS, PEM or PFX). Btw, is it planned support for client authentication using client certificates?