diff options
Diffstat (limited to 'contrib/tlsauth/approver.go')
| -rw-r--r-- | contrib/tlsauth/approver.go | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/contrib/tlsauth/approver.go b/contrib/tlsauth/approver.go index 064056d..ed442ce 100644 --- a/contrib/tlsauth/approver.go +++ b/contrib/tlsauth/approver.go @@ -1,17 +1,27 @@ package tlsauth -import "crypto/x509" +import ( + "context" + "crypto/x509" + + "tildegit.org/tjp/sliderule" +) // Approver is a function that validates a certificate. // // It should not be have to handle a nil argument. -type Approver func(*x509.Certificate) bool +type Approver func(context.Context, *sliderule.Request) bool // RequireSpecificIdentity builds an approver that demands one specific client certificate. -func RequireSpecificIdentity(identity *x509.Certificate) Approver { return identity.Equal } +func RequireSpecificIdentity(identity *x509.Certificate) Approver { + return func(_ context.Context, request *sliderule.Request) bool { + cert := Identity(request) + return cert != nil && identity.Equal(cert) + } +} // Allow is an approver which permits anything. -func Allow(_ *x509.Certificate) bool { return true } +func Allow(_ context.Context, _ *sliderule.Request) bool { return true } // Reject is an approver which denies everything. -func Reject(_ *x509.Certificate) bool { return false } +func Reject(_ context.Context, _ *sliderule.Request) bool { return false } |