Authenticate using certificate and passphrase like curl's `--cert` option

[garanda21]

I'm working with Vapor on Linux on a API which connects to a URL and send it a XML, this URL needs certificate authentication (.pem, or p12) and passphrase.

Using curl on terminal works perfect, with this command:

curl -X POST https://myurl.com/api -H "ContentType: application/xml" --cert file.pem:password -d "<xml>my awesome xml</xml>"

Ref: https://curl.se/docs/manpage.html#-E

Now I'm trying to figure it to how to implement using TLSConfiguration.forClient(), based on this comment: https://github.com/swift-server/async-http-client/issues/27#issuecomment-489760481, and I'm not sure how to "inject" the certificate and its passphrase and later using it on one of my routes.

Any help appreciated

[Lukasa]

You need to set the privateKey and certificateChain fields on the TLSConfiguration. These take a NIOSSLCertificate and NIOSSLPrivateKey which support being constructed in a number of ways. Note that NIOSSL does not support having the private key and cert in a single file at this time, so you'd need them in separate files.

[dnadoba]

We actually have support for p12 bundles which can store a private key and a cert chain in a single file e.g.:

let p12Bundle = NIOSSLPKCS12Bundle(file: pathToMyP12)
let config = TLSConfiguration.makeServerConfiguration(
    certificateChain: p12Bundle.certificateChain,
    privateKey: p12Bundle.privateKey
)

You can also provide a passphrase through the various initialisers: https://swiftpackageindex.com/apple/swift-nio-ssl/main/documentation/niossl/niosslpkcs12bundle