5.2.5. xgt.ProxyPKIAuth

class xgt.ProxyPKIAuth(ssl_root_dir=None, ssl_server_cert=None, ssl_proxy_cert=None, ssl_proxy_key=None, ssl_actual_cert=None)

PKI-based authentication through a proxy. Will derive user ID from information in the passed-in x509 actual client certificate. Automatically enables mutual TLS for connecting to the server.

Added in version 2.0.6.

Parameters:

  • ssl_root_dir (str) – Path to the root folder for ssl certificates and private keys. Defaults to the user’s home directory.

  • ssl_server_cert (str) – File containing the certificate chain that validates the server’s certificate. Defaults to ssl_root_dir + ‘/certs/ca-chain.cert.pem’.

  • ssl_proxy_cert (str) – File containing the proxy’s certificate.

  • ssl_proxy_key (str) – File containing the proxy’s key.

  • ssl_actual_cert (str) – Contents of the actual client certificate that should be validated. The gRPC connection will be done under the proxy’s certificate identity, but the logical xGT connection will correspond to the actual certificate’s identity.

Methods

__init__([ssl_root_dir, ssl_server_cert, ...])

Constructor for PKIAuth.

Attributes

ssl_actual_cert

The contents of the actual client certificate

ssl_client_cert

The location of the file with the client's certificate.

ssl_client_key

The location of the file with the client's key.

ssl_proxy_cert

The location of the file with the proxy's certificate.

ssl_proxy_key

The location of the file with the proxy's key.

ssl_root_dir

The SSL certificate directory.

ssl_server_cert

The location of the file with the certificate chain validating the server certificate.
property ssl_actual_cert: str

The contents of the actual client certificate

Type:

str

property ssl_client_cert: str

The location of the file with the client’s certificate.

Type:

str

property ssl_client_key: str

The location of the file with the client’s key.

Type:

str

property ssl_proxy_cert: str

The location of the file with the proxy’s certificate.

Type:

str

property ssl_proxy_key: str

The location of the file with the proxy’s key.

Type:

str

property ssl_root_dir: str

The SSL certificate directory.

Type:

str

property ssl_server_cert: str

The location of the file with the certificate chain validating the server certificate.

Type:

str