From cedcf58ea7d729acb6ed1a9ab7aec1ae38aed102 Mon Sep 17 00:00:00 2001 From: tjpcc Date: Mon, 9 Oct 2023 08:56:53 -0600 Subject: more useful tlsauth.Approver type the predicate function should be able to see the whole context and request --- contrib/tlsauth/approver.go | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'contrib/tlsauth/approver.go') diff --git a/contrib/tlsauth/approver.go b/contrib/tlsauth/approver.go index 064056d..ed442ce 100644 --- a/contrib/tlsauth/approver.go +++ b/contrib/tlsauth/approver.go @@ -1,17 +1,27 @@ package tlsauth -import "crypto/x509" +import ( + "context" + "crypto/x509" + + "tildegit.org/tjp/sliderule" +) // Approver is a function that validates a certificate. // // It should not be have to handle a nil argument. -type Approver func(*x509.Certificate) bool +type Approver func(context.Context, *sliderule.Request) bool // RequireSpecificIdentity builds an approver that demands one specific client certificate. -func RequireSpecificIdentity(identity *x509.Certificate) Approver { return identity.Equal } +func RequireSpecificIdentity(identity *x509.Certificate) Approver { + return func(_ context.Context, request *sliderule.Request) bool { + cert := Identity(request) + return cert != nil && identity.Equal(cert) + } +} // Allow is an approver which permits anything. -func Allow(_ *x509.Certificate) bool { return true } +func Allow(_ context.Context, _ *sliderule.Request) bool { return true } // Reject is an approver which denies everything. -func Reject(_ *x509.Certificate) bool { return false } +func Reject(_ context.Context, _ *sliderule.Request) bool { return false } -- cgit v1.2.3