authentication

package
v0.40.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 13, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Copyright 2023 The Radius Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const (
	IngressCertThumbprintHeader = "X-SSL-Client-Thumbprint"
	ArmCertificateRefreshRate   = 1 * time.Hour
)

Variables

View Source
var ArmCertStore sync.Map

ArmCertStore stores active client certificates fetched from arm metadata endpoint

View Source
var (
	ErrClientCertFetch = errors.New("failed to fetch client certificate from arm metadata endpoint - ")
)

Functions

func ClientCertValidator

func ClientCertValidator(armCertMgr *ArmCertManager) func(http.Handler) http.Handler

ClientCertValidator validates the thumbprint received in the request header with the active thumbprints fetched from ARM Metadata endpoint

func IsValidThumbprint

func IsValidThumbprint(thumbprint string) bool

IsValidThumbprint verifies the thumbprint received in the request header against the list of thumbprints fetched from arm metadata endpoint

Types

type ArmCertManager

type ArmCertManager struct {
	// contains filtered or unexported fields
}

ArmCertManager defines the arm client manager for fetching the client cert from arm metadata endpoint

func NewArmCertManager

func NewArmCertManager(armMetaEndpoint string, log logr.Logger) *ArmCertManager

NewArmCertManager creates a new ArmCertManager

func (*ArmCertManager) Start

func (acm *ArmCertManager) Start(ctx context.Context) error

Start fetches the client certificates from the arm metadata endpoint during service start up and runs in the background the periodic certificate refresher.

type Certificate

type Certificate struct {
	Certificate string    `json:"certificate"`
	NotAfter    time.Time `json:"notAfter"`
	NotBefore   time.Time `json:"notBefore"`
	Thumbprint  string    `json:"thumbprint"`
}

Certificate represents the client certificate fetched from arm metadata endpoint

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL