Add Nkey and User JWT Support #260
Conversation
Signed-off-by: Colin Sullivan <[email protected]>
Signed-off-by: Colin Sullivan <[email protected]>
Signed-off-by: Colin Sullivan <[email protected]>
Signed-off-by: Colin Sullivan <[email protected]>
Signed-off-by: Colin Sullivan <[email protected]>
Signed-off-by: Colin Sullivan <[email protected]>
Signed-off-by: Colin Sullivan <[email protected]>
Signed-off-by: Colin Sullivan <[email protected]>
NATS.Client/ConnectionFactory.cs
Outdated
| /// <para>-or-</para> | ||
| /// <para>An exception was encountered while connecting to a NATS Server. See <see cref="Exception.InnerException"/> for more | ||
| /// details.</para></exception> | ||
| public IConnection CreateConnection(string url, string credentials) |
There was a problem hiding this comment.
This would likely be better as credentialsPath.
NATS.Client/DefaultUserJWTHandler.cs
Outdated
| /// <summary> | ||
| /// Gets the JWT file. | ||
| /// </summary> | ||
| public string JwtFile { get => jwtFile; } |
There was a problem hiding this comment.
Or:
| public string JwtFile { get => jwtFile; } | |
| public string JwtFile => jwtFile; |
NATS.Client/DefaultUserJWTHandler.cs
Outdated
| /// </summary> | ||
| /// <param name="filePath">Full path to the JWT or cred file.</param> | ||
| /// <returns>The encoded JWT</returns> | ||
| public string UserFromFile(string filePath) |
There was a problem hiding this comment.
LoadUserFromFile and just path to be idiomatic with .NET. And should this be static?
NATS.Client/DefaultUserJWTHandler.cs
Outdated
| /// </summary> | ||
| /// <param name="filePath">The credentials file, could be a "*.nk" or "*.creds" file.</param> | ||
| /// <returns>A NATS Ed25519 KeyPair</returns> | ||
| public static NkeyPair NkeyPairFromSeedFile(string filePath) |
There was a problem hiding this comment.
LoadNkeyPairFromSeedFile and just path to be idiomatic with .NET.
NATS.Client/NATS.cs
Outdated
|
|
||
| /*! \mainpage %NATS .NET client. | ||
| * | ||
| * \section intro_sec Introduction | ||
| * | ||
| * The %NATS .NET Client is part of %NATS an open-source, cloud-native | ||
| * messaging system. | ||
| * messaging |
There was a problem hiding this comment.
Accidental... thanks for noticing!
| } | ||
| finally | ||
| { | ||
| Nkeys.Wipe(text); |
There was a problem hiding this comment.
I think putting these string wipe calls into finally blocks actually makes this situation worse, as the strings would hang around much longer than they would during reading in the loop.
If this is sensitive enough to keep out of memory any longer than necessary, why not require this to return byte[] instead?
There was a problem hiding this comment.
I think the wipe w/ strings needs to be revisited, but really don't want to hold this up right now. I'll take another pass after the other 2.0 features are implemented.
NATS.Client/Options.cs
Outdated
| /// </summary> | ||
| /// <param name="credentials">A user JWT, e.g user.jwt</param> | ||
| /// <param name="keyfile">Private Key file</param> | ||
| public void SetUserCredentials(string credentials, string keyfile) |
There was a problem hiding this comment.
credentialsPath and privateKeyPath
NATS.Client/Options.cs
Outdated
| /// Sets user credentials using the NATS 2.0 security scheme. | ||
| /// </summary> | ||
| /// <param name="credentials">A chained credentials file, e.g user.cred</param> | ||
| public void SetUserCredentials(string credentials) |
NATS.Client/Options.cs
Outdated
| public void SetUserCredentials(string credentials, string keyfile) | ||
| { | ||
| if (string.IsNullOrWhiteSpace(credentials)) | ||
| throw new ArgumentException("Invalid credentials path", "credentials"); |
There was a problem hiding this comment.
| throw new ArgumentException("Invalid credentials path", "credentials"); | |
| throw new ArgumentException("Invalid credentials path", nameof(credentials)); |
| /// <param name="SignatureEventHandler"></param> | ||
| public void SetJWTEventHandlers(EventHandler<UserJWTEventArgs> JWTEventHandler, EventHandler<UserSignatureEventArgs> SignatureEventHandler) | ||
| { | ||
| UserJWTEventHandler = JWTEventHandler ?? throw new ArgumentNullException("JWTEventHandler"); |
Signed-off-by: Colin Sullivan <[email protected]>
Signed-off-by: Colin Sullivan <[email protected]>
ColinSullivan1
changed the title
|
@watfordgnf , Thank you for the review and comments. I do think wipe needs to be improved. I'll review it further over the weekend, but don't want to hold up the 2.0 features to improve it right now. Does that make sense? |
Signed-off-by: Colin Sullivan <[email protected]>
Add NATS 2.0 security features and support the new NATS 2.0 authentication protocol.
Resolves #253.
Resolves #254.
Signed-off-by: Colin Sullivan [email protected]