Documentation ¶
Index ¶
- func CertExtractMdmSignatureMiddleware(next http.Handler, opts ...SigLogOption) http.HandlerFunc
- func CertExtractPEMHeaderMiddleware(next http.Handler, header string, logger log.Logger) http.HandlerFunc
- func CertExtractTLSMiddleware(next http.Handler, logger log.Logger) http.HandlerFunc
- func CertVerifyMiddleware(next http.Handler, verifier CertVerifier, logger log.Logger) http.HandlerFunc
- func CertWithEnrollmentIDMiddleware(next http.Handler, hasher HashFn, store storage.CertAuthRetriever, ...) http.HandlerFunc
- func CheckinAndCommandHandler(service service.CheckinAndCommandService, logger log.Logger) http.HandlerFunc
- func CheckinHandler(svc service.Checkin, logger log.Logger) http.HandlerFunc
- func CommandAndReportResultsHandler(svc service.CommandAndReportResults, logger log.Logger) http.HandlerFunc
- func GetCert(ctx context.Context) *x509.Certificate
- func GetEnrollmentID(ctx context.Context) string
- type CertVerifier
- type HashFn
- type SigLogOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CertExtractMdmSignatureMiddleware ¶
func CertExtractMdmSignatureMiddleware(next http.Handler, opts ...SigLogOption) http.HandlerFunc
CertExtractMdmSignatureMiddleware extracts the MDM enrollment identity certificate from the request into the HTTP request context. It tries to verify the Mdm-Signature header on the request.
This middleware does not error if a certificate is not found. It will, however, error with an HTTP 400 status if the signature verification fails.
func CertExtractPEMHeaderMiddleware ¶
func CertExtractPEMHeaderMiddleware(next http.Handler, header string, logger log.Logger) http.HandlerFunc
CertExtractPEMHeaderMiddleware extracts the MDM enrollment identity certificate from the request into the HTTP request context. It looks at the request header which should be a URL-encoded PEM certificate.
This is ostensibly to support Nginx' $ssl_client_escaped_cert in a proxy_set_header directive. Though any reverse proxy setting a similar header could be used, of course.
func CertExtractTLSMiddleware ¶
CertExtractTLSMiddleware extracts the MDM enrollment identity certificate from the request into the HTTP request context. It looks at the TLS peer certificate in the request.
func CertVerifyMiddleware ¶
func CertVerifyMiddleware(next http.Handler, verifier CertVerifier, logger log.Logger) http.HandlerFunc
CertVerifyMiddleware checks the MDM certificate against verifier and returns an error if it fails.
We deliberately do not reply with 401 as this may cause unintentional MDM unenrollments in the case of bugs or something going wrong.
func CertWithEnrollmentIDMiddleware ¶ added in v0.6.0
func CertWithEnrollmentIDMiddleware(next http.Handler, hasher HashFn, store storage.CertAuthRetriever, enforce bool, logger log.Logger) http.HandlerFunc
CertWithEnrollmentIDMiddleware tries to associate the enrollment ID to the request context. It does this by looking up the certificate on the context, hashing it with hasher, looking up the hash in storage, and setting the ID on the context.
The next handler will be called even if cert or ID is not found unless enforce is true. This way next is able to use the existence of the ID on the context to make its own decisions.
func CheckinAndCommandHandler ¶
func CheckinAndCommandHandler(service service.CheckinAndCommandService, logger log.Logger) http.HandlerFunc
CheckinAndCommandHandler handles both check-in and command requests.
func CheckinHandler ¶
CheckinHandler decodes an MDM check-in request and adapts it to service.
func CommandAndReportResultsHandler ¶
func CommandAndReportResultsHandler(svc service.CommandAndReportResults, logger log.Logger) http.HandlerFunc
CommandAndReportResultsHandler decodes an MDM command request and adapts it to service.
func GetCert ¶
func GetCert(ctx context.Context) *x509.Certificate
GetCert retrieves the MDM enrollment identity certificate from the HTTP request context.
func GetEnrollmentID ¶ added in v0.6.0
GetEnrollmentID retrieves the MDM enrollment ID from ctx.
Types ¶
type CertVerifier ¶
type CertVerifier interface {
Verify(context.Context, *x509.Certificate) error
}
CertVerifier is a simple interface for verifying a certificate.
type HashFn ¶ added in v0.6.0
type HashFn func(*x509.Certificate) string
type SigLogOption ¶ added in v0.6.0
type SigLogOption func(*sigLogConfig)
SigLogOption sets configurations.
func SigLogWithLogAlways ¶ added in v0.6.0
func SigLogWithLogAlways(always bool) SigLogOption
SigLogWithLogAlways always logs the raw Mdm-Signature header.
func SigLogWithLogErrors ¶ added in v0.6.0
func SigLogWithLogErrors(errors bool) SigLogOption
SigLogWithLogErrors logs the raw Mdm-Signature header when errors occur.
func SigLogWithLogger ¶ added in v0.6.0
func SigLogWithLogger(logger log.Logger) SigLogOption
SigLogWithLogger sets the logger to use when logging with the MDM signature header.