feat: Add support for mutualTLS security handler

oas-tools · Jun 9, 2023 · c1c5061 · c1c5061
1 parent 49b0565
commit c1c5061
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/middleware/native/oas-security.js b/src/middleware/native/oas-security.js
@@ -1,4 +1,5 @@
 import { OASBase, errors, logger } from "@oas-tools/commons";
+import { TLSSocket } from "tls";
 
 const { SecurityError, UnsupportedError, ConfigError } = errors;
 
@@ -65,6 +66,12 @@ export class OASSecurity extends OASBase {
               case 'oauth2':
               case 'openIdConnect':
                 return [secName, await handlers[secName](secDef, secScope)]; 
+              case 'mutualTLS':
+                let cert = null;
+                if (req.socket instanceof TLSSocket)
+                  cert = req.socket.getPeerCertificate(true); 
+                // cert could be null or {} or a peer cert
+                return [secName, await handlers[secName](cert)]; 
               default:
                 throw new UnsupportedError(`Security scheme ${secName} is invalid or not supported.`);
             }