Skip to content

ADR 024: mTLS for 2FA#573

Merged
StephenCathcart merged 24 commits into
neo4j:5.0from
StephenCathcart:feat/mtls
Mar 22, 2024
Merged

ADR 024: mTLS for 2FA#573
StephenCathcart merged 24 commits into
neo4j:5.0from
StephenCathcart:feat/mtls

Conversation

@StephenCathcart

@StephenCathcart StephenCathcart commented Mar 11, 2024
edited
Loading

Copy link
Copy Markdown
Contributor

Enables mutual TLS for 2-factor authentication.

Static client certificate provider:

password := "thepassword1"
provider, err := auth.NewStaticClientCertificateProvider(auth.ClientCertificate{
	CertFile: "path/to/cert.pem",
	KeyFile:  "path/to/key.pem",
	Password: &password,
})
if err != nil {
	log.Fatalf("Failed to load certificate: %v", err)
}
_, _ = neo4j.NewDriverWithContext("bolt://localhost:7687", neo4j.BasicAuth("neo4j", "password", ""), func(config *config.Config) {
	config.ClientCertificateProvider = provider
})

Rotating client certificate provider:

password := "thepassword1"
provider, err := auth.NewRotatingClientCertificateProvider(auth.ClientCertificate{
	CertFile: "path/to/cert.pem",
	KeyFile:  "path/to/key.pem",
	Password: &password,
})
if err != nil {
	log.Fatalf("Failed to load certificate: %v", err)
}
_, _ = neo4j.NewDriverWithContext("bolt://localhost:7687", neo4j.BasicAuth("neo4j", "password", ""), func(config *config.Config) {
	config.ClientCertificateProvider = provider
})
// Some time later we update the certificate
provider.UpdateCertificate(auth.ClientCertificate{
	CertFile: "path/to/new_cert.pem",
	KeyFile:  "path/to/new_key.pem",
	Password: &password,
})

@StephenCathcart

StephenCathcart commented Mar 11, 2024

Copy link
Copy Markdown
Contributor Author

[Go] mTLS as second factor driver implementations

RichardIrons-neo4j
RichardIrons-neo4j approved these changes Mar 13, 2024
View reviewed changes
Comment thread neo4j/auth/cert.go
@robsdedude robsdedude self-requested a review March 13, 2024 10:55
robsdedude
robsdedude reviewed Mar 13, 2024
View reviewed changes
Comment thread neo4j/auth/cert_examples_test.go
Comment thread neo4j/auth/cert_test.go
Comment thread neo4j/auth/cert_examples_test.go
Comment thread neo4j/auth/cert.go Outdated
Comment thread neo4j/auth/cert.go
Comment thread neo4j/auth/cert.go
Comment thread neo4j/auth/cert_examples_test.go Outdated
Comment thread neo4j/auth/cert_test.go
Comment thread neo4j/config/driver.go Outdated
Comment thread neo4j/internal/connector/connector.go Outdated
@StephenCathcart StephenCathcart marked this pull request as ready for review March 18, 2024 16:59
robsdedude
robsdedude approved these changes Mar 21, 2024
View reviewed changes

@robsdedude robsdedude left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚂 🔐

Comment thread testkit-backend/backend.go Outdated
@StephenCathcart StephenCathcart merged commit 55358a7 into neo4j:5.0 Mar 22, 2024
@StephenCathcart StephenCathcart deleted the feat/mtls branch March 22, 2024 11:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RichardIrons-neo4j RichardIrons-neo4j RichardIrons-neo4j approved these changes

@robsdedude robsdedude robsdedude approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@StephenCathcart @robsdedude @RichardIrons-neo4j