x509

package

v2.4.2 Latest Latest Go to latest Published: Jan 13, 2021 License: MIT Imports: 5 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/shaj13/go-guardian

Links

Open Source Insights

Documentation ¶

Overview ¶

Package x509 provides authentication strategy, to authenticate HTTPS requests and builds, extracts user informations from client certificates.

Example ¶

opts := x509.VerifyOptions{}
opts.KeyUsages = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
opts.Roots = x509.NewCertPool()
// Read Root Ca Certificate
opts.Roots.AddCert(readCertificates("ca")[0])

// create strategy and authenticator
strategy := New(opts)

// user request
req, _ := http.NewRequest("GET", "/", nil)
req.TLS = &tls.ConnectionState{PeerCertificates: readCertificates("client_valid")}

// validate request
info, err := strategy.Authenticate(req.Context(), req)
fmt.Println(info.GetUserName(), err)

// validate expired client certificate
req.TLS = &tls.ConnectionState{PeerCertificates: readCertificates("client_expired")}
info, err = strategy.Authenticate(req.Context(), req)
fmt.Println(info, err)

Output:

host.test.com <nil>
<nil> x509: certificate has expired or is not yet valid

Index ¶

Variables
func New(vopt x509.VerifyOptions, opts ...auth.Option) auth.Strategy
func SetInfoBuilder(builder InfoBuilder) auth.Option
type InfoBuilder

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrMissingCN is returned by DefaultBuilder when Certificate CommonName missing.
	ErrMissingCN = errors.New("strategies/x509: Certificate subject CN missing")
	// ErrInvalidRequest is returned by x509 strategy when a non TLS request received.
	ErrInvalidRequest = errors.New("strategy/x509: Invalid request, missing TLS parameters")
)

Functions ¶

func New ¶

func New(vopt x509.VerifyOptions, opts ...auth.Option) auth.Strategy

New returns auth.Strategy authenticate request from client certificates

func SetInfoBuilder ¶

func SetInfoBuilder(builder InfoBuilder) auth.Option

SetInfoBuilder sets x509 info builder.

Types ¶

type InfoBuilder ¶

type InfoBuilder func(chain [][]*x509.Certificate) (auth.Info, error)

InfoBuilder declare a function signature for building Info from certificate chain.

Example ¶

opts := x509.VerifyOptions{}
opts.KeyUsages = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
opts.Roots = x509.NewCertPool()
// Read Root Ca Certificate
opts.Roots.AddCert(readCertificates("ca")[0])

builder := SetInfoBuilder(func(chain [][]*x509.Certificate) (auth.Info, error) {
	return auth.NewDefaultUser("user-info-builder", "10", nil, nil), nil
})

// create strategy and authenticator
strategy := New(opts, builder)

// user request
req, _ := http.NewRequest("GET", "/", nil)
req.TLS = &tls.ConnectionState{PeerCertificates: readCertificates("client_valid")}

// validate request
info, err := strategy.Authenticate(req.Context(), req)
fmt.Println(info.GetUserName(), err)

Output:

user-info-builder <nil>

Source Files ¶

View all Source files

x509.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL