#333 - Added code to configure http/dio with client certs (mTLS)

Clon1998 · Mar 31, 2024 · 26cc6d3 · 26cc6d3
1 parent 09e8f53
commit 26cc6d3
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 1 deletion.
diff --git a/common/lib/network/dio_provider.dart b/common/lib/network/dio_provider.dart
@@ -103,7 +103,14 @@ HttpClient httpClient(HttpClientRef ref, String machineUUID, ClientType clientTy
 }
 
 HttpClient httpClientFromBaseOptions(BaseOptions options) {
-  final client = HttpClient()
+  var context = SecurityContext.defaultContext;
+
+  if (options.useTlsClientCertificate) {
+    context.useCertificateChainBytes(options.tlsClientCertificate!);
+    context.usePrivateKeyBytes(options.tlsClientPrivateKey!);
+  }
+
+  final client = HttpClient(context: context)
     ..idleTimeout = const Duration(seconds: 3)
     ..connectionTimeout = options.connectTimeout;
 

diff --git a/common/lib/util/extensions/dio_options_extension.dart b/common/lib/util/extensions/dio_options_extension.dart
@@ -3,6 +3,8 @@
  * All rights reserved.
  */
 
+import 'dart:typed_data';
+
 import 'package:common/network/json_rpc_client.dart';
 import 'package:dio/dio.dart';
 import 'package:hashlib/hashlib.dart';
@@ -11,6 +13,9 @@ const String _kMrClientType = 'mrClientType';
 const String _kMrTrustUntrusted = 'mrTrustUntrusted';
 const String _kMrPinnedCertificate = 'mrPinnedCertHash';
 
+const String _kMrmTlsClientCertificate = 'mrTlsClientCertificate';
+const String _kMrmTlsClientPrivateKey = 'mrTlsClientPrivateKey';
+
 extension MobilerakerDioBaseOptions on BaseOptions {
   set clientType(ClientType clientType) => extra[_kMrClientType] = clientType;
 
@@ -23,6 +28,16 @@ extension MobilerakerDioBaseOptions on BaseOptions {
   set pinnedCertificateFingerPrint(HashDigest? value) => extra[_kMrPinnedCertificate] = value;
 
   HashDigest? get pinnedCertificateFingerPrint => (extra[_kMrPinnedCertificate] as HashDigest?);
+
+  set tlsClientPrivateKey(Uint8List? value) => extra[_kMrmTlsClientPrivateKey] = value;
+
+  Uint8List? get tlsClientCertificate => (extra[_kMrmTlsClientCertificate] as Uint8List?);
+
+  set tlsClientCertificate(Uint8List? value) => extra[_kMrmTlsClientCertificate] = value;
+
+  Uint8List? get tlsClientPrivateKey => (extra[_kMrmTlsClientPrivateKey] as Uint8List?);
+
+  bool get useTlsClientCertificate => tlsClientCertificate != null && tlsClientPrivateKey != null;
 }
 
 extension MobilerakerDioOptions on Options {
@@ -37,6 +52,16 @@ extension MobilerakerDioOptions on Options {
   set pinnedCertificateFingerPrint(HashDigest? value) => extra?[_kMrPinnedCertificate] = value;
 
   HashDigest? get pinnedCertificateFingerPrint => (extra?[_kMrPinnedCertificate] as HashDigest?);
+
+  set tlsClientPrivateKey(Uint8List? value) => extra[_kMrmTlsClientPrivateKey] = value;
+
+  Uint8List? get tlsClientCertificate => (extra[_kMrmTlsClientCertificate] as Uint8List?);
+
+  set tlsClientCertificate(Uint8List? value) => extra[_kMrmTlsClientCertificate] = value;
+
+  Uint8List? get tlsClientPrivateKey => (extra[_kMrmTlsClientPrivateKey] as Uint8List?);
+
+  bool get useTlsClientCertificate => tlsClientCertificate != null && tlsClientPrivateKey != null;
 }
 
 extension MobilerakerDioRequestOptions on RequestOptions {
@@ -51,4 +76,14 @@ extension MobilerakerDioRequestOptions on RequestOptions {
   set pinnedCertificateFingerPrint(HashDigest? value) => extra[_kMrPinnedCertificate] = value;
 
   HashDigest? get pinnedCertificateFingerPrint => (extra[_kMrPinnedCertificate] as HashDigest?);
+
+  set tlsClientPrivateKey(Uint8List? value) => extra[_kMrmTlsClientPrivateKey] = value;
+
+  Uint8List? get tlsClientCertificate => (extra[_kMrmTlsClientCertificate] as Uint8List?);
+
+  set tlsClientCertificate(Uint8List? value) => extra[_kMrmTlsClientCertificate] = value;
+
+  Uint8List? get tlsClientPrivateKey => (extra[_kMrmTlsClientPrivateKey] as Uint8List?);
+
+  bool get useTlsClientCertificate => tlsClientCertificate != null && tlsClientPrivateKey != null;
 }