implement client cert auth

This commit is contained in:
Vladislav Yarmak 2020-05-25 00:16:56 +03:00
parent d62787101d
commit 89dc74519f
2 changed files with 16 additions and 2 deletions

13
auth.go
View File

@ -30,6 +30,8 @@ func NewAuth(paramstr string) (Auth, error) {
return NewStaticAuth(url) return NewStaticAuth(url)
case "basicfile": case "basicfile":
return NewBasicFileAuth(url) return NewBasicFileAuth(url)
case "cert":
return CertAuth{}, nil
case "none": case "none":
return NoAuth{}, nil return NoAuth{}, nil
default: default:
@ -177,3 +179,14 @@ func (_ NoAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
return true return true
} }
type CertAuth struct {}
func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 {
http.Error(wr, "Forbidden", http.StatusForbidden)
return false
} else {
return true
}
}

View File

@ -26,7 +26,7 @@ type CLIArgs struct {
auth string auth string
verbosity int verbosity int
timeout time.Duration timeout time.Duration
cert, key string cert, key, cafile string
} }
@ -39,6 +39,7 @@ func parse_args() CLIArgs {
flag.DurationVar(&args.timeout, "timeout", 10 * time.Second, "timeout for network operations") flag.DurationVar(&args.timeout, "timeout", 10 * time.Second, "timeout for network operations")
flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate") flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate")
flag.StringVar(&args.key, "key", "", "key for TLS certificate") flag.StringVar(&args.key, "key", "", "key for TLS certificate")
flag.StringVar(&args.cafile, "cafile", "", "CA file to authenticate clients with certificates")
flag.Parse() flag.Parse()
return args return args
} }
@ -74,7 +75,7 @@ func run() int {
mainLogger.Info("Starting proxy server...") mainLogger.Info("Starting proxy server...")
if args.cert != "" { if args.cert != "" {
cfg, err1 := makeServerTLSConfig(args.cert, args.key, "") cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile)
if err1 != nil { if err1 != nil {
mainLogger.Critical("TLS config construction failed: %v", err) mainLogger.Critical("TLS config construction failed: %v", err)
return 3 return 3