Documentation

Overview

    Package x509 provides a request authenticator that validates and extracts user information from client certificates

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (*authenticator.Response, bool, error) {
    	if len(chain[0].Subject.CommonName) == 0 {
    		return nil, false, nil
    	}
    	return &authenticator.Response{
    		User: &user.DefaultInfo{
    			Name:   chain[0].Subject.CommonName,
    			Groups: chain[0].Subject.Organization,
    		},
    	}, true, nil
    })

      CommonNameUserConversion builds user info from a certificate chain using the subject's CommonName

      Functions

      func DefaultVerifyOptions

      func DefaultVerifyOptions() x509.VerifyOptions

        DefaultVerifyOptions returns VerifyOptions that use the system root certificates, current time, and requires certificates to be valid for client auth (x509.ExtKeyUsageClientAuth)

        func NewVerifier

        func NewVerifier(opts x509.VerifyOptions, auth authenticator.Request, allowedCommonNames sets.String) authenticator.Request

          NewVerifier create a request.Authenticator by verifying a client cert on the request, then delegating to the wrapped auth

          Types

          type Authenticator

          type Authenticator struct {
          	// contains filtered or unexported fields
          }

            Authenticator implements request.Authenticator by extracting user info from verified client certificates

            func New

              New returns a request.Authenticator that verifies client certificates using the provided VerifyOptions, and converts valid certificate chains into user.Info using the provided UserConversion

              func (*Authenticator) AuthenticateRequest

              func (a *Authenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error)

                AuthenticateRequest authenticates the request using presented client certificates

                type UserConversion

                type UserConversion interface {
                	User(chain []*x509.Certificate) (*authenticator.Response, bool, error)
                }

                  UserConversion defines an interface for extracting user info from a client certificate chain

                  type UserConversionFunc

                  type UserConversionFunc func(chain []*x509.Certificate) (*authenticator.Response, bool, error)

                    UserConversionFunc is a function that implements the UserConversion interface.

                    func (UserConversionFunc) User

                      User implements x509.UserConversion

                      type Verifier

                      type Verifier struct {
                      	// contains filtered or unexported fields
                      }

                        Verifier implements request.Authenticator by verifying a client cert on the request, then delegating to the wrapped auth

                        func (*Verifier) AuthenticateRequest

                        func (a *Verifier) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error)

                          AuthenticateRequest verifies the presented client certificate, then delegates to the wrapped auth

                          Source Files