-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathclient-auth-tls-config.go
60 lines (55 loc) · 2.35 KB
/
client-auth-tls-config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package servers
import (
"fmt"
"io"
"github.com/go-x-pkg/dumpctx"
)
type ClientAuthTLSConfig struct {
// Enable/Disable client auth through mTLS
Enable bool `json:"enable" yaml:"enable" bson:"enable"`
// AuthType declares the policy the server will follow for
// TLS Client Authentication.
//
// "NoClientCert" indicates that no client certificate should be requested
// during the handshake, and if any certificates are sent they will not
// be verified.
//
// "RequestClientCert" indicates that a client certificate should be requested
// during the handshake, but does not require that the client send any
// certificates.
//
// "RequireAnyClientCert" indicates that a client certificate should be requested
// during the handshake, and that at least one certificate is required to be
// sent by the client, but that certificate is not required to be valid.
//
// "VerifyClientCertIfGiven" indicates that a client certificate should be requested
// during the handshake, but does not require that the client sends a
// certificate. If the client does send a certificate it is required to be
// valid.
//
// "RequireAndVerifyClientCert" indicates that a client certificate should be requested
// during the handshake, and that at least one valid certificate is required
// to be sent by the client.
//
// If ClientAuthTLS is set true, AuthType must be set.
AuthType clientAuthTypeTLS `json:"authType" yaml:"authType" bson:"authType"`
// CARoot certificate for clients certificates. Optional.
CACertFile string `json:"caCertFile" yaml:"caCertFile" bson:"caCertFile"`
// If set, server will verifie Common Name of certificate given by client has in this list.
// Otherwise server return Unauthtorized response.
ClientCommonNames []string `json:"clientCommonNames" yaml:"clientCommonNames" bson:"clientCommonNames"`
}
func (c *ClientAuthTLSConfig) defaultize() {
if c.AuthType == clientAuthTypeTLSUnknown {
c.AuthType = defaultClientAuthTypeTLS
}
}
func (c *ClientAuthTLSConfig) dump(ctx *dumpctx.Ctx, w io.Writer) {
fmt.Fprintf(w, "%stls:\n", ctx.Indent())
ctx.Wrap(func() {
fmt.Fprintf(w, "%senable: %t\n", ctx.Indent(), c.Enable)
fmt.Fprintf(w, "%sauthType: %s\n", ctx.Indent(), c.AuthType.orDefault())
fmt.Fprintf(w, "%scaCertFile: %q\n", ctx.Indent(), c.CACertFile)
fmt.Fprintf(w, "%sclientCommonNames: %s\n", ctx.Indent(), c.ClientCommonNames)
})
}