v1.0.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jun 18, 2015 License: Apache-2.0 Imports: 4 Imported by: 0



Package x509 provides a request authenticator that validates and extracts user information from client certificates



This section is empty.


View Source
var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
	if len(chain[0].Subject.CommonName) == 0 {
		return nil, false, nil
	return &user.DefaultInfo{Name: chain[0].Subject.CommonName}, true, nil

CommonNameUserConversion builds user info from a certificate chain using the subject's CommonName

View Source
var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
	if len(chain[0].DNSNames) == 0 {
		return nil, false, nil
	return &user.DefaultInfo{Name: chain[0].DNSNames[0]}, true, nil

DNSNameUserConversion builds user info from a certificate chain using the first DNSName on the certificate

View Source
var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
	if len(chain[0].EmailAddresses) == 0 {
		return nil, false, nil
	return &user.DefaultInfo{Name: chain[0].EmailAddresses[0]}, true, nil

EmailAddressUserConversion builds user info from a certificate chain using the first EmailAddress on the certificate


func DefaultVerifyOptions

func DefaultVerifyOptions() x509.VerifyOptions

DefaultVerifyOptions returns VerifyOptions that use the system root certificates, current time, and requires certificates to be valid for client auth (x509.ExtKeyUsageClientAuth)


type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields

Authenticator implements request.Authenticator by extracting user info from verified client certificates

func New

New returns a request.Authenticator that verifies client certificates using the provided VerifyOptions, and converts valid certificate chains into user.Info using the provided UserConversion

func (*Authenticator) AuthenticateRequest

func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error)

AuthenticateRequest authenticates the request using presented client certificates

type UserConversion

type UserConversion interface {
	User(chain []*x509.Certificate) (user.Info, bool, error)

UserConversion defines an interface for extracting user info from a client certificate chain

type UserConversionFunc

type UserConversionFunc func(chain []*x509.Certificate) (user.Info, bool, error)

UserConversionFunc is a function that implements the UserConversion interface.

func (UserConversionFunc) User

func (f UserConversionFunc) User(chain []*x509.Certificate) (user.Info, bool, error)

User implements x509.UserConversion

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL