Class CertificateAuthenticator

Authenticator using X.509 client certificates for mTLS.

Inheritance

object

BaseAuthenticator

CertificateAuthenticator

Implements

IAuthenticator

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.ReferenceEquals(object, object)

object.ToString()

Namespace: Couchbase.Core.IO.Authentication.Authenticators

Assembly: Couchbase.NetClient.dll

Syntax

public sealed class CertificateAuthenticator : BaseAuthenticator, IAuthenticator

Constructors

| Edit this page View Source

CertificateAuthenticator(ICertificateFactory)

Creates a new CertificateAuthenticator with the specified certificate factory. Note: Only provide client certificates that are intended for authentication. Server CAs and Trust Anchors should be provided in TrustedServerCertificateFactory

Declaration

public CertificateAuthenticator(ICertificateFactory certificateFactory)

Parameters

Type	Name	Description
ICertificateFactory	certificateFactory	Factory for providing client certificates.

Properties

| Edit this page View Source

AuthenticatorType

Allows for easier type checking of authenticators without incurring the overhead of type checking against its concrete class.

Declaration

public override AuthenticatorType AuthenticatorType { get; }

Property Value

Type	Description
AuthenticatorType

Overrides

BaseAuthenticator.AuthenticatorType

| Edit this page View Source

CanReauthenticateKv

Determines whether this authenticator can be used to re-authenticate existing KV connections. E.g. JWT authenticator should re-authenticate existing KV connections when the token is refreshed, while the password and certificate authenticators leave existing connections untouched.

Declaration

public override bool CanReauthenticateKv { get; }

Property Value

Type	Description
bool

Overrides

BaseAuthenticator.CanReauthenticateKv

| Edit this page View Source

CertificateFactory

Gets the certificate factory used by this authenticator.

Declaration

public ICertificateFactory CertificateFactory { get; }

Property Value

Type	Description
ICertificateFactory

| Edit this page View Source

SupportsNonTls

Indicates whether this authenticator supports non-TLS connections.

Declaration

public override bool SupportsNonTls { get; }

Property Value

Type	Description
bool

Overrides

BaseAuthenticator.SupportsNonTls

| Edit this page View Source

SupportsTls

Indicates whether this authenticator supports TLS connections.

Declaration

public override bool SupportsTls { get; }

Property Value

Type	Description
bool

Overrides

BaseAuthenticator.SupportsTls

Methods

| Edit this page View Source

AuthenticateClientWebSocket(ClientWebSocket)

Takes a ClientWebSocket and applies authentication (e.g., setting headers).

Declaration

public override void AuthenticateClientWebSocket(ClientWebSocket clientWebSocket)

Parameters

Type	Name	Description
ClientWebSocket	clientWebSocket	A ClientWebSocket object.

Overrides

BaseAuthenticator.AuthenticateClientWebSocket(ClientWebSocket)

| Edit this page View Source

AuthenticateHttpHandler(HttpMessageHandler, ClusterOptions, ICertificateValidationCallbackFactory, ILogger<object>?)

The base implementation configures the RemoteCertificateValidationCallback on the HttpMessageHandler. Derived classes can override to provide client certificates or other settings.

Declaration

public override void AuthenticateHttpHandler(HttpMessageHandler handler, ClusterOptions clusterOptions, ICertificateValidationCallbackFactory callbackFactory, ILogger<object>? logger = null)

Parameters

Type	Name	Description
HttpMessageHandler	handler
ClusterOptions	clusterOptions
ICertificateValidationCallbackFactory	callbackFactory
ILogger<object>	logger

Overrides

BaseAuthenticator.AuthenticateHttpHandler(HttpMessageHandler, ClusterOptions, ICertificateValidationCallbackFactory, ILogger<object>?)

| Edit this page View Source

AuthenticateHttpRequest(HttpRequestMessage)

Adds authentication to an HTTP request (e.g., Authorization header).

Declaration

public override void AuthenticateHttpRequest(HttpRequestMessage request)

Parameters

Type	Name	Description
HttpRequestMessage	request	The HTTP request to authenticate.

Overrides

BaseAuthenticator.AuthenticateHttpRequest(HttpRequestMessage)

| Edit this page View Source

AuthenticateSslStream(SslStream, string, ClusterOptions, ICertificateValidationCallbackFactory, CancellationToken, ILogger<object>?)

Takes an SSL stream, applies authentication (e.g. client certificates) and connects.

Declaration

public override Task AuthenticateSslStream(SslStream sslStream, string targetHost, ClusterOptions clusterOptions, ICertificateValidationCallbackFactory callbackFactory, CancellationToken cancellationToken, ILogger<object>? logger = null)

Parameters

Type	Name	Description
SslStream	sslStream	The SslStream to authenticate
string	targetHost	The target host to connect to
ClusterOptions	clusterOptions	The ClusterOptions
ICertificateValidationCallbackFactory	callbackFactory	An ICertificateValidationCallbackFactory implementation
CancellationToken	cancellationToken	A CancellationToken
ILogger<object>	logger	An optional logger

Returns

Type	Description
Task

Overrides

BaseAuthenticator.AuthenticateSslStream(SslStream, string, ClusterOptions, ICertificateValidationCallbackFactory, CancellationToken, ILogger<object>?)

| Edit this page View Source

GetClientCertificates(ILogger<object>?)

Gets client certificates for mTLS authentication, if applicable.

Declaration

public override X509Certificate2Collection? GetClientCertificates(ILogger<object>? logger = null)

Parameters

Type	Name	Description
ILogger<object>	logger

Returns

Type	Description
X509Certificate2Collection	Client certificates, or null if not using certificate authentication.

Overrides

BaseAuthenticator.GetClientCertificates(ILogger<object>?)

Implements

IAuthenticator