LoveSeat icon indicating copy to clipboard operation
LoveSeat copied to clipboard

Published 20 hours ago verified publisher icon soitgoes

Mutual SSL Auth Support with self issued certs

Open yaronyg opened this issue 11 years ago • 2 comments

I used LoveSeat recently as part of code I wrote for an open source project I work on called Thali. Thali's goal is to figure out what it would take to make the web peer to peer. As part of this I wrote a Chrome extension that lets a web page using PouchDB talk to the Thali Device Hub. The back end of the Chrome Extension is a C# program which uses LoveSeat for some of the behind the scenes configuration of the Thali Device Hub.

The reason I'm bothering you is that Thali's data model is just CouchDB. But its security model involves mutual SSL auth using self-signed certs. To make this work in C# land I need to get my hands on the HttpWebRequest object in order to set both the client certs and to take over the server cert validation.

Unfortunately LoveSeat does not currently seem to expose the interfaces I need.

So in my fork of LoveSeat I added an extra argument to let me submit a class that any Web Requests created by LoveSeat get passed to. This gives me a 'hook' to make the changes I need.

I can't say I'm in love with the API I created. Instead of a class with one method I could have passed a method directly. I also looked at CouchConfiguration. One could imagine having an optional method there that set either a class or method that implemented the functionality I need.

In any case I submitted a pull request so you could easily see the changes I made and decide if you are interested. I also found a few bugs that I fixed and updated json.net to a more recent version via nuget.

I have no expectation that you will accept the pull request. It's just meant to make the discussion more concrete about how LoveSeat could support the functionality if you are interested in seeing it supported.

yaronyg avatar Feb 20 '14 03:02 yaronyg

I reviewed the request tonight. I would prefer to have something like that configurable at the CouchClient constructor instead of every request.

I need to take a deeper look and see if there is some opportunity to configure this in a less cumbersome manner.

Give me till this weekend to take a look, I'm kinda backed up with work stuff.

Thanks for the contribution. Feel free to let me know if you have any questions about LoveSeat. Glad you like it.

On Wed, Feb 19, 2014 at 9:12 PM, yaronyg [email protected] wrote:

I used LoveSeat recently as part of code I wrotehttps://thali.codeplex.com/SourceControl/latest#Production/Utilities/DotNetUtilities/DotNetUtilities/DotNetUtilities/ThaliClientToDeviceHubUtilities.csfor an open source project I work on called Thali https://thali.codeplex.com/. Thali's goal is to figure out what it would take to make the web peer to peer. As part of this I wrote a Chrome extension that lets a web page using PouchDB talk to the Thali Device Hub. The back end of the Chrome Extension is a C# program which uses LoveSeat for some of the behind the scenes configuration of the Thali Device Hub.

The reason I'm bothering you is that Thali's data model is just CouchDB. But its security model involves mutual SSL auth using self-signed certs. To make this work in C# land I need to get my hands on the HttpWebRequest object in order to set both the client certs and to take over the server cert validation.

Unfortunately LoveSeat does not currently seem to expose the interfaces I need.

So in my fork of LoveSeat https://github.com/yaronyg/LoveSeat/ I added an extra argument to let me submit a class that any Web Requests created by LoveSeat get passed to. This gives me a 'hook' to make the changes I need.

I can't say I'm in love with the API I created. Instead of a class with one method I could have passed a method directly. I also looked at CouchConfiguration. One could imagine having an optional method there that set either a class or method that implemented the functionality I need.

In any case I submitted a pull request so you could easily see the changes I made and decide if you are interested. I also found a few bugs that I fixed and updated json.net to a more recent version via nuget.

I have no expectation that you will accept the pull request. It's just meant to make the discussion more concrete about how LoveSeat could support the functionality if you are interested in seeing it supported.

Reply to this email directly or view it on GitHubhttps://github.com/soitgoes/LoveSeat/issues/58 .

Martin Murphy Whiteboard-IT http://whiteboard-it.com w: (205) 588-7102

soitgoes avatar Feb 20 '14 03:02 soitgoes

Thanks for even taking a look and again I didn't expect you would take the request, it was just there to make it easier to discuss what I did and why.

But I am a little confused by your comment. I added the configWebRequest argument to the constructor for CouchClient. That is how the user interacts with it, once, on the constructor. I think what you are referring to is my addition of the argument to the internal only constructors of objects like CouchDatabase. That isn't visible to the user and the reason I did it is because there are several different spots where WebRequest objects are created by LoveSeat and I needed my 'Web Request Enhancer' to be available at those spots so after the WebRequest is created they could be passed to my code to be further configured. But that should all be completely invisible to the user. All they see is a one time submission, on the constructor, of the fiter. That's it.

An alternative approach would be to put a variable on CouchBase that is set by its constructor rather than passing the argument in via the internal only constructors. The only reason I didn't do that is because I am a frustrated functional programmer stuck in an object oriented world. :)

In any case, I fully appreciate being insanely busy and I'll wait patiently for whenever time roles around for you to look at it.

Thanks,

      Yaron

yaronyg avatar Feb 20 '14 17:02 yaronyg