predhme predhme - 4 months ago 35
Node.js Question

How to get NodeJS to proxy Client Certificates like Jetty Proxy

I am writing a NodeJS proxy that will replace a Java Jetty Proxy. I am using node-http-proxy. The only piece remaining is to have the original client certificate passed along to the proxied server.

From my understanding, the Java Servlet specification requires that a Servlet container pull the Client Certificate from an HTTPS request and store that as an attribute on the HttpServletRequest.

I am not sure how the Servlet Container handles the Attributes when proxying the request to a new server. I presume that it is attaching them somehow either as headers or by some other means.

Does anyone know how those attributes (specifically the

javax.servlet.request.X509Certificate
) are passed on a proxied HTTPS request? And two, how do I achieve the same functionality using NodeJS.

Answer

In the event that is helps someone else out... The issue turned out to be the node module I was using (node-http-proxy) wasn't reusing the HTTP server connection certificates. That is, when attempting to create a connection with the proxy server, it was using a default (generated) certificate.

To properly connect with the proxy server, I had to pass the ca, pfx, and passphrase to the proxy connector.

const ca = ...
const pfx = ...
const passphrase = ...

// proxy connection
server.web(req, res, { ca: ca, pfx: pfx, passphrase: passphrase }, function(err) {}); 

After doing so, the Proxy server was able to pull and validate the certificate.

Comments