auth

package
v1.19.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 4, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package auth provides client authentication mode types and parsing for TLS connections.

This package defines the ClientAuth type which wraps tls.ClientAuthType and provides convenient parsing from strings and other formats. It supports all standard TLS client authentication modes.

Client Authentication Modes:

  • NoClientCert: Server will not request client certificates
  • RequestClientCert: Server requests but doesn't require client certificates
  • RequireAnyClientCert: Server requires client certificate but doesn't verify it
  • VerifyClientCertIfGiven: Server verifies client certificate if provided
  • RequireAndVerifyClientCert: Server requires and verifies client certificates

Example: 

auth := auth.Parse("require")
if auth == auth.RequireAndVerifyClientCert {
    // Configure strict client authentication
}

Index

Constants

View Source 
const (
	// NoClientCert indicates that no client certificate is requested or required.
	NoClientCert = ClientAuth(tls.NoClientCert)

	// RequestClientCert indicates that a client certificate is requested but not required.
	RequestClientCert = ClientAuth(tls.RequestClientCert)

	// RequireAnyClientCert indicates that at least one client certificate is required,
	// but it doesn't need to be valid or verified.
	RequireAnyClientCert = ClientAuth(tls.RequireAnyClientCert)

	// VerifyClientCertIfGiven indicates that if a client certificate is provided,
	// it must be valid and verified.
	VerifyClientCertIfGiven = ClientAuth(tls.VerifyClientCertIfGiven)

	// RequireAndVerifyClientCert indicates that a valid client certificate is required
	// and must be verified against the client CA pool.
	RequireAndVerifyClientCert = ClientAuth(tls.RequireAndVerifyClientCert)
)

Variables

This section is empty.

Functions

func ViperDecoderHook 

func ViperDecoderHook() libmap.DecodeHookFuncType

Types

type ClientAuth 

type ClientAuth tls.ClientAuthType

ClientAuth represents the client authentication policy for TLS connections. It wraps tls.ClientAuthType and provides parsing and formatting capabilities.

func List 

func List() []ClientAuth

List returns all possible ClientAuth values.

The returned slice is in an arbitrary order.

The returned value is not a copy of a known ClientAuth. The returned value is thread-safe. Multiple goroutines can call the List function at the same time without affecting the correctness of the TLS configuration.

func Parse 

func Parse(s string) ClientAuth

Parse returns the ClientAuth corresponding as a ClientAuth, given a string s.

The function takes a string s that represents a tls.ClientAuthType. The function returns the ClientAuth that matches the string, or NoClientCert if no match is found.

The returned value is a reference to a known ClientAuth. The returned value is not a copy of a known ClientAuth. The returned value is thread-safe. Multiple goroutines can call the Parse function at the same time without affecting the correctness of the TLS configuration.

The string s can contain one of the following keywords: - "strict" - "require" - "verify" - "request" - "none"

The function will return the corresponding ClientAuth value if the string s contains the keyword. If the string s does not contain any of the keywords, the function will return NoClientCert.

func ParseBytes added in v1.19.0 

func ParseBytes(p []byte) ClientAuth

ParseBytes returns the ClientAuth corresponding as a ClientAuth, given a byte slice p.

The function takes a byte slice p that represents a ClientAuth. The function returns the ClientAuth that matches the byte slice, or NoClientCert if no match is found.

The returned value is a reference to a known ClientAuth. The returned value is not a copy of a known ClientAuth. The returned value is thread-safe. Multiple goroutines can call the ParseBytes function at the same time without affecting the correctness of the TLS configuration.

func ParseInt 

func ParseInt(d int) ClientAuth

ParseInt returns the ClientAuth corresponding as a ClientAuth, given an integer d.

The function takes an integer d that represents a tls.ClientAuthType. The function returns the ClientAuth that matches the integer, or NoClientCert if no match is found.

The returned value is a reference to a known ClientAuth. The returned value is not a copy of a known ClientAuth. The returned value is thread-safe. Multiple goroutines can call the ParseInt function at the same time without affecting the correctness of the TLS configuration.

func (ClientAuth) Code 

func (a ClientAuth) Code() string

func (ClientAuth) MarshalCBOR 

func (a ClientAuth) MarshalCBOR() ([]byte, error)

func (ClientAuth) MarshalJSON 

func (a ClientAuth) MarshalJSON() ([]byte, error)

func (ClientAuth) MarshalTOML 

func (a ClientAuth) MarshalTOML() ([]byte, error)

func (ClientAuth) MarshalText 

func (a ClientAuth) MarshalText() ([]byte, error)

func (ClientAuth) MarshalYAML 

func (a ClientAuth) MarshalYAML() (interface{}, error)

func (ClientAuth) String 

func (a ClientAuth) String() string

func (ClientAuth) TLS 

func (a ClientAuth) TLS() tls.ClientAuthType

func (*ClientAuth) UnmarshalCBOR 

func (a *ClientAuth) UnmarshalCBOR(p []byte) error

func (*ClientAuth) UnmarshalJSON 

func (a *ClientAuth) UnmarshalJSON(bytes []byte) error

func (*ClientAuth) UnmarshalTOML 

func (a *ClientAuth) UnmarshalTOML(i interface{}) error

func (*ClientAuth) UnmarshalText 

func (a *ClientAuth) UnmarshalText(bytes []byte) error

func (*ClientAuth) UnmarshalYAML 

func (a *ClientAuth) UnmarshalYAML(value *yaml.Node) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.