README ¶
caddy-tls-fnmt
This caddy client auth verifier module allows to filter users by the names, or DNIs in their FNMT certificate.
example.com {
respond "Hello world!" 200
tls internal {
client_auth {
mode require_and_verify
# The CA certificate file. You can get this from the FNMT website. Make sure it's
# the PEM format, not CER.
trust_pool file /data/AC_FNMT_Usuarios.pem
verifier fnmt {
# All fields are optional, and case sensitive
# Allowed user names (a name may be shared by multiple people)
names "JUAN ESPAÑOL ESPAÑOL" "PEPE GARCIA GARCIA"
# Allowed DNI numbers
dnis "12345678Z" "87654321X"
# Allowed full names (the format is "NAME SURNAME SURNAME - DNI")
full_names "JUAN ESPAÑOL ESPAÑOL - 12345678Z" "PEPE GARCIA GARCIA - 87654321X"
}
}
}
}
Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetFirstAndSurNames ¶
func GetFirstAndSurNames(cert *x509.Certificate) (string, string)
OID for surname is 2.5.4.4 (https://www.alvestrand.no/objectid/2.5.4.4.html) OID for given name is 2.5.4.42 (https://www.alvestrand.no/objectid/2.5.4.42.html)
Types ¶
type FNMTClientAuth ¶
type FNMTClientAuth struct { Names []string `json:"names,omitempty"` Dnis []string `json:"dnis,omitempty"` NameDnis []string `json:"namednis,omitempty"` // contains filtered or unexported fields }
func (FNMTClientAuth) CaddyModule ¶
func (FNMTClientAuth) CaddyModule() caddy.ModuleInfo
func (*FNMTClientAuth) Provision ¶
func (f *FNMTClientAuth) Provision(ctx caddy.Context) error
func (*FNMTClientAuth) UnmarshalCaddyfile ¶
func (f *FNMTClientAuth) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax:
fnmt { names <full name1> <full name2>... dnis <dni1> <dni2> ... }
func (FNMTClientAuth) VerifyClientCertificate ¶
func (f FNMTClientAuth) VerifyClientCertificate(rawCerts [][]byte, _ [][]*x509.Certificate) error
Click to show internal directories.
Click to hide internal directories.