auth

package

v0.1.8-1 Latest Latest Go to latest Published: Nov 8, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ARGOeu/argo-api-authn

Documentation ¶

Index ¶

Constants
Variables
func CRLCheckRevokedCert(cert *x509.Certificate) error
func CertHasExpired(cert *x509.Certificate) error
func ExtractEnhancedRDNSequenceToString(cert *x509.Certificate) string
func FetchCRL(url string) (pkix.TBSCertificateList, error)
func FormatRdnToString(rdn string, rdnValues []string) string
func LoadCAs(dir string) (roots *x509.CertPool)
func SynchronizedCheckInCRL(doneChan <-chan bool, errChan chan<- error, ...)
func ValidateClientCertificate(cert *x509.Certificate, clientIP string, clientCertHostVerification bool) error

Constants ¶

View Source

const (
	DomainComponentRDN = "DC"
	EmailAddressRDN    = "E"
)

Variables ¶

View Source

var NonStandardAttributeNames = map[string]string{
	"0.9.2342.19200300.100.1.25": DomainComponentRDN,
	"1.2.840.113549.1.9.1":       EmailAddressRDN,
}

Functions ¶

func CRLCheckRevokedCert ¶

func CRLCheckRevokedCert(cert *x509.Certificate) error

CRLCheckRevokedCert checks whether or not a certificate has been revoked

func CertHasExpired ¶

func CertHasExpired(cert *x509.Certificate) error

func ExtractEnhancedRDNSequenceToString ¶

func ExtractEnhancedRDNSequenceToString(cert *x509.Certificate) string

ExtractEnhancedRDNSequenceToString extracts a certificate's RDNs to a string using what's provided in the standard library and then adding extra attribute names that we have defined

func FetchCRL ¶

func FetchCRL(url string) (pkix.TBSCertificateList, error)

FetchCRL fetches the CRL

func FormatRdnToString ¶

func FormatRdnToString(rdn string, rdnValues []string) string

FormatRdnToString transforms the values of a given RDN to a printable string e.g. rdn=DC, rdnValues=[argo, grnet, gr ], ths should be transformed to DC=argo+DC=grnet+DC=gr

func LoadCAs ¶

func LoadCAs(dir string) (roots *x509.CertPool)

load_CAs reads the root certificates from a directory within the filesystem, and creates the trusted root CA chain

func SynchronizedCheckInCRL ¶

func SynchronizedCheckInCRL(doneChan <-chan bool, errChan chan<- error, revokedCerts []pkix.RevokedCertificate, serialNumber *big.Int, wg *sync.WaitGroup)

CheckInCRL checks if a serial number exists within the serial numbers of other revoked certificates

func ValidateClientCertificate ¶

func ValidateClientCertificate(cert *x509.Certificate, clientIP string, clientCertHostVerification bool) error

ValidateClientCertificate performs a number of different checks to ensure the provided certificate is valid

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL