From 8229f31f70ecdbe03d03c96cba17d6ee85397bca Mon Sep 17 00:00:00 2001
From: tjpcc <tjp@ctrl-c.club>
Date: Fri, 20 Jan 2023 10:58:35 -0700
Subject: "tlsauth" contrib package

This package adds authentication middlewares via TLS client
certificates.
---
 contrib/tlsauth/approver.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 contrib/tlsauth/approver.go

(limited to 'contrib/tlsauth/approver.go')

diff --git a/contrib/tlsauth/approver.go b/contrib/tlsauth/approver.go
new file mode 100644
index 0000000..064056d
--- /dev/null
+++ b/contrib/tlsauth/approver.go
@@ -0,0 +1,17 @@
+package tlsauth
+
+import "crypto/x509"
+
+// Approver is a function that validates a certificate.
+//
+// It should not be have to handle a nil argument.
+type Approver func(*x509.Certificate) bool
+
+// RequireSpecificIdentity builds an approver that demands one specific client certificate.
+func RequireSpecificIdentity(identity *x509.Certificate) Approver { return identity.Equal }
+
+// Allow is an approver which permits anything.
+func Allow(_ *x509.Certificate) bool { return true }
+
+// Reject is an approver which denies everything.
+func Reject(_ *x509.Certificate) bool { return false }
-- 
cgit v1.2.3