Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add delegate property to configure React's HttpClient to use a client certificate #12744

Open
rbergerjr opened this issue Feb 16, 2024 · 2 comments
Open

Add delegate property to configure React's HttpClient to use a client certificate #12744

rbergerjr opened this issue Feb 16, 2024 · 2 comments
Assignees
@JunielKatarn
Labels
Area: Networking enhancement
Milestone
Backlog

Comments

@rbergerjr
Copy link

rbergerjr commented Feb 16, 2024
edited
Loading

Summary

In order for XHRRequests from javascript layer to request to certificate protected endpoints, a client certificate must be added to the underlying WinRT HttpClient.

Certificate configuration is performed through the HttpBaseProtocolFilter object via the HttpBaseProtocolFilter::ClientCertificate property. The HttpBaseProtocolFilter, or more generally an IHttpFilter, is passed into HttpClient at construction.

Applications need to configure the http stack's HttpBaseProtocolFilter before HttpClient construction. New API is a novel property set on the ReactInstanceSettings::Properties() property bag. The property value is a delegate of type void(winrt::Windows::Web::Http::Filters::IHttpBaseProtocolFilter& filter). If the property is set, the delegate is called during HttpClient configuration in IHttpResource::Make to allow application code to modify HttpBaseProtocolFilter. Modified HttpBaseProtocolFilter is then passed to HttpClient during HttpModule init.

Alternatives designs considered were:

  • Crafting a static storage mechanism for the delegate to bypass react machinery. Discarded due to object lifetime risk.
  • Creating a factory for HttpClient. Discarded as not minimum viable, and additional complexities with overriding current OriginPolicy configuration of HttpClient.
  • Creating WinRT wrapper type & delegate type to store delegate for broader compatibility. Discarded due to uncertainty about applicability on non-C++ applications.

Motivation

Enterprise applications often have to access protected endpoints which can be guarded by a certificate. In order for javascript layer to access certificate protected endpoints, the React Native Windows http stack needs to be configured to include the certificate.

React Native Windows uses WinRT's HttpClient to facilitate network requests from javascript layer. HttpClient needs to be configured with certificate in order to facilitate javascript requests to certificate protected endpoints.

Basic Example

In ReactNativeHost setup, add property to ReactInstanceSettings::Properties via setter in Networking/HttpBaseProtocolFilterModifierSettings.h

  Microsoft::React::Networking::SetHttpBaseProtocolFilterModifierDelegate(
      properties, [](winrt::Windows::Web::Http::Filters::IHttpBaseProtocolFilter& filter) {
        auto certFind =
            winrt::Windows::Security::Cryptography::Certificates::CertificateStores::FindAllAsync();
        auto certs = certFind.get();
        for (auto const& cert : certs) {
          auto issuer = cert.Issuer();
          
          if (winrt::to_string(issuer) == kMyIssuer) {
            filter.ClientCertificate(cert);
            return;
          }
        }
      });

Open Questions

No response
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Triage 🔍 New issue that needs to be reviewed by the issue management team (label applied by bot) label Feb 16, 2024
@rbergerjr rbergerjr changed the title Add hook to configure React's HttpClient to use a client certificate Add delegate property to configure React's HttpClient to use a client certificate Feb 16, 2024
@rbergerjr rbergerjr mentioned this issue Feb 16, 2024
Closed
@jonthysell jonthysell removed the Needs: Triage 🔍 New issue that needs to be reviewed by the issue management team (label applied by bot) label Feb 22, 2024
@jonthysell
Copy link
Contributor

@JunielKatarn Can you look at this? Does this seem like the right approach to adding this functionality? (See linked PR).

@JunielKatarn
Copy link
Contributor

@jonthysell I have followed up with @rbergerjr and suggested a simplified approach (using a filter factory function instead of a filter "editor").

More details on the PR's thread.

Currently awaiting the next commits to approve.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Invalid Triage https://github.com/microsoft/react-native-windows/wiki/Triage-Process (label applied by bot) label Feb 23, 2024
@chrisglein chrisglein removed the Invalid Triage https://github.com/microsoft/react-native-windows/wiki/Triage-Process (label applied by bot) label Apr 30, 2024
@chrisglein chrisglein added this to the Backlog milestone Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JunielKatarn JunielKatarn

Labels
Area: Networking enhancement
Projects
None yet
Milestone
Backlog
4 participants
@rbergerjr @JunielKatarn @jonthysell @chrisglein