Add support for client certificate authentication

src/EventStore.Plugins/Authentication/AuthenticationRequest.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Security.Claims;
+using System.Security.Cryptography.X509Certificates;
 
 namespace EventStore.Plugins.Authentication {
 	public abstract class AuthenticationRequest {
@@ -19,6 +20,11 @@ public abstract class AuthenticationRequest {
 		/// </summary>
 		public readonly string SuppliedPassword;
 
+		/// <summary>
+		///     Whether or not a client certificate was supplied with the request
+		/// </summary>
+		public readonly bool HasSuppliedClientCertificate;
+
 		/// <summary>
 		///		All supplied authentication tokens for the request
 		/// </summary>
@@ -31,6 +37,7 @@ protected AuthenticationRequest(string id, IReadOnlyDictionary<string, string> t
 			Tokens = tokens;
 			Name = GetToken("uid");
 			SuppliedPassword = GetToken("pwd");
+			HasSuppliedClientCertificate = GetToken("clientCert") != null;
 		}
 
 		protected AuthenticationRequest(string id, string name, string suppliedPassword)
@@ -40,6 +47,13 @@ protected AuthenticationRequest(string id, string name, string suppliedPassword)
 			}) {
 		}
 
+		protected AuthenticationRequest(string id, string name, X509Certificate2 clientCertificate)
+			: this(id, new Dictionary<string, string> {
+				["uid"] = name,
+				["clientCert"] = clientCertificate.Export(X509ContentType.Cert).PEM("CERTIFICATE")
+			}) {
+		}
+
 		/// <summary>
 		/// Gets the token corresponding to <param name="key" />.
 		/// </summary>

src/EventStore.Plugins/Authentication/ByteExtensions.cs

@@ -0,0 +1,9 @@
+using System;
+
+namespace EventStore.Plugins.Authentication;
+
+internal static class ByteExtensions {
+	public static string PEM(this byte[] bytes, string label) {
+		return $"-----BEGIN {label}-----\n" +  Convert.ToBase64String(bytes) + "\n" + $"-----END {label}-----\n";
+	}
+}