Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClientCertificateVerifier ¶
type ClientCertificateVerifier struct {
// contains filtered or unexported fields
}
ClientCertificateVerifier can be used to verify X.509 client certificates. Furthermore, it can construct authentication metadata that contains attributes specified in the client certificate (e.g., DNS names or email addresses).
func NewClientCertificateVerifier ¶
func NewClientCertificateVerifier(clientCAs *x509.CertPool, clock clock.Clock, validator, metadataExtractor *jmespath.Expression) *ClientCertificateVerifier
NewClientCertificateVerifier creates a ClientCertificateVerifier that verifies X.509 client certificates using the provided certificate authorities. Authentication metadata is constructed using the provided JMESPath expression.
func NewClientCertificateVerifierFromConfiguration ¶
func NewClientCertificateVerifierFromConfiguration(configuration *pb.ClientCertificateVerifierConfiguration, group program.Group) (*ClientCertificateVerifier, error)
NewClientCertificateVerifierFromConfiguration creates a new X.509 client certificate verifier based on options provided in a configuration file.
func (*ClientCertificateVerifier) VerifyClientCertificate ¶
func (v *ClientCertificateVerifier) VerifyClientCertificate(certs []*x509.Certificate) (*auth.AuthenticationMetadata, error)
VerifyClientCertificate verifies that a chain of certificates provided by a client are valid. Upon success, authentication metadata that's based on attributes of the certificate is returned.
Source Files