server

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2024 License: MIT Imports: 47 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncodeExtKeyUsage 

func EncodeExtKeyUsage(extKeyUsages []x509.ExtKeyUsage) []string

EncodeExtKeyUsage encodes the extended key usage (See https://github.com/golang/go/issues/56866)

func EncodeKeyUsage 

func EncodeKeyUsage(keyUsage x509.KeyUsage) []string

EncodeKeyUsage encodes the key usage (See https://github.com/golang/go/issues/56866)

func InitEcho 

func InitEcho(config Config, challengeManager *ChallengeManager) (*echo.Echo, error)

InitEcho initializes a new Echo instance

func InitInternalServer 

func InitInternalServer(config InternalServerConfig, challengeManager *ChallengeManager) (func() error, error)

InitInternalServer initializes the internal gRPC server, returning a shutdown function and an error (if any)

func InitInternalServerClient 

func InitInternalServerClient(commonName string, dnsSans []string, ipSans []net.IP, config InternalServerConfig) (*certRes, error)

InitInternalServerClient initializes the internal server client certificate

func InitInternalServerPki 

func InitInternalServerPki(serverCommonName string, serverDnsSans []string, serverIpSans []net.IP, config InternalServerConfig, configDir string, mode common.SafeOpenMode) error

InitInternalServerPki initializes the internal server PKI

func InitOAuthServer 

func InitOAuthServer(config OAuthServerConfig, handler http.Handler) (func() error, error)

InitOAuthServer initializes a new HTTP server, returning a shutdown function and an error (if any)

func LoadCertificateAllowList 

func LoadCertificateAllowList(name string, relative string) (certificateAllowList, error)

LoadCertificateAllowList loads a certificate allow list file

func SaveCertificateAllowList 

func SaveCertificateAllowList(list certificateAllowList, name string, relative string, mode common.SafeOpenMode) error

SaveCertificateAllowList saves a certificate allow list file

func SaveConfig 

func SaveConfig(config Config, name string, relative string, mode common.SafeOpenMode) error

SaveConfig saves a configuration file

Types

type AuthService 

type AuthService struct {
	api.UnimplementedAuthServiceServer
	// contains filtered or unexported fields
}

AuthService is the gRPC authentication service

func (*AuthService) GetChallengeInfo 

func (service *AuthService) GetChallengeInfo(ctx context.Context, req *api.GetChallengeInfoRequest) (*api.GetChallengeInfoResponse, error)

GetChallengeInfo gets challenge environment variables

func (*AuthService) IssueChallenge 

func (service *AuthService) IssueChallenge(ctx context.Context, req *api.IssueChallengeRequest) (*api.IssueChallengeResponse, error)

IssueChallenge issues a challenge for the client to verify its identity

func (*AuthService) VerifyChallenge 

func (service *AuthService) VerifyChallenge(ctx context.Context, req *api.VerifyChallengeRequest) (*api.VerifyChallengeResponse, error)

VerifyChallenge verifies a challenge

type ChallengeManager 

type ChallengeManager struct {
	// contains filtered or unexported fields
}

ChallengeManager is the global challenge manager

func NewChallengeManager 

func NewChallengeManager(config Config) (*ChallengeManager, error)

NewChallengeManager creates a new challenge manager

func (*ChallengeManager) Step1 

func (challengeManager *ChallengeManager) Step1(username string, clientCert *x509.Certificate) (string, string, error)

Step1 issues a challenge for the user to verify its identity, returning the challenge ID and flow begin URL (Called by the gRPC server)

func (*ChallengeManager) Step2 

func (challengeManager *ChallengeManager) Step2(challengeId string) (string, error)

Step2 returns the OAuth URL (Called by the web server)

func (*ChallengeManager) Step3 

func (challengeManager *ChallengeManager) Step3(challengeId string, oauthCode string) (string, string, error)

Step3 exchanges the specified OAuth code, invokes the callback expression, generates the challenge info, generates the verification code, and returns the verification code and/or if the challenge is succesful (Called by the web server)

func (*ChallengeManager) Step4 

func (challengeManager *ChallengeManager) Step4(challengeId string, verificationCode string, clientCert *x509.Certificate) (bool, error)

Step4 verifies the verification code for the specified challenge (Called by the gRPC server)

func (*ChallengeManager) Step5 

func (challengeManager *ChallengeManager) Step5(challengeId string, clientCert *x509.Certificate) (string, map[string]string, error)

Step5 returns the username and challenge environment variables for the specified challenge (Called by the gRPC server)

type Config 

type Config struct {
	Version              *version.Version     `toml:"version,omitempty" comment:"The configuration version (DO NOT CHANGE)"`
	InternalServerConfig InternalServerConfig `toml:"internal_server" comment:"Internal server configuration"`
	Log                  LogConfig            `toml:"log" comment:"Logging configuration"`
	OAuthClient          OAuthClientConfig    `toml:"oauth_client" comment:"OAuth client configuration"`
	OAuthServer          OAuthServerConfig    `toml:"oauth_server" comment:"OAuth callback server configuration"`
}

Config is the global server configuration

func LoadConfig 

func LoadConfig(name string, relative string) (Config, error)

LoadConfig loads a configuration file

type InternalServerConfig 

type InternalServerConfig struct {
	Address             string `toml:"address" comment:"The address to listen on for the internal server" default:"127.0.0.1"`
	Port                uint16 `toml:"port" comment:"The port to listen on for the internal server" default:"8081"`
	ClientAllowListPath string `` /* 133-byte string literal not displayed */
	RootTlsCertPath     string `toml:"root_cert" comment:"The path to the root TLS certificate file (for client verification)" default:"./internal-root.crt"`
	RootTlsKeyPath      string `toml:"root_key" comment:"The path to the root TLS key file" default:"./internal-root.key"`
	ServerTlsCertPath   string `toml:"server_cert" comment:"The path to the server TLS certificate file" default:"./internal-server.crt"`
	ServerTlsKeyPath    string `toml:"server_key" comment:"The path to the server TLS key file" default:"./internal-server.key"`
	Callback            string `` /* 196-byte string literal not displayed */
	Timeout             int    `toml:"timeout" comment:"The challenge timeout (in seconds)" default:"300"`

	// The client certificate allow list
	ClientAllowList certificateAllowList `toml:"-"`

	// The root TLS keypair
	RootTlsCert *tls.Certificate `toml:"-"`

	// The interal server TLS kepair
	ServerTlsKeypair *tls.Certificate `toml:"-"`
}

InternalServerConfig is the internal server configuration

type LogConfig 

type LogConfig struct {
	File   string           `toml:"file" comment:"Log file (if output is file)" default:"/var/log/pam-oauth-server.log"`
	Level  common.LogLevel  `toml:"level" comment:"Log level (One of debug, info, warn, or error)" default:"info"`
	Output common.LogOutput `toml:"output" comment:"Log output (One of file, stdout, or stderr)" default:"stderr"`
}

LogConfig is the logging configuration

type OAuthClientConfig 

type OAuthClientConfig struct {
	ClientID     string   `toml:"client_id" comment:"The OAuth client ID"`
	ClientSecret string   `toml:"client_secret" comment:"The OAuth client secret"`
	Scopes       []string `toml:"scopes" comment:"The OAuth scopes (openid scope is required if oidc_url is set)" default:"[openid,profile,email]"`
	OidcUrl      string   `` /* 156-byte string literal not displayed */
	AuthURL      string   `toml:"auth_url" comment:"The OAuth endpoint auth URL (Mutually exclusive with oidc_url)"`
	TokenURL     string   `toml:"token_url" comment:"The OAuth endpoint token URL (Mutually exclusive with oidc_url)"`
}

OAuthClientConfig is the OAuth client configuration

type OAuthServerConfig 

type OAuthServerConfig struct {
	Address           string `toml:"address" comment:"The address to listen on for the OAuth callback server" default:"0.0.0.0"`
	Port              uint16 `toml:"port" comment:"The port to listen on for the OAuth callback server" default:"8080"`
	ServerTlsAuto     bool   `toml:"tls_auto" comment:"Automatically enable TLS via LetsEncrypt" default:"false"`
	ServerTlsAutoPath string `toml:"tls_auto_path" comment:"The path to the automatic TLS cache directory" default:"./letsencrypt"`
	ServerTlsCertPath string `toml:"tls_cert" comment:"The path to the server TLS certificate file"`
	ServerTlsKeyPath  string `toml:"tls_key" comment:"The path to the server TLS key file"`
	ExternalBaseUrl   string `toml:"external_base_url" comment:"The external base URL for the OAuth callback server" default:"http://localhost:8080"`

	// The TLS certificate and key
	ServerTlsKeypair *tls.Certificate `toml:"-"`
}

OAuthServerConfig is the OAuth callback server configuration

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.