Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrMissingClientCertificates = errors.New("no client certificates provided")
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer struct { Pool *x509.CertPool Certificates []tls.Certificate }
Authorizer is a mTLS enabled authorizer that requires clients to present a valid client certificate for connection. Client certificates will be checked against a pool of CA certificates. The authorizer also configures TLS for the server.
func NewAuthorizer ¶
func NewAuthorizer(pool *x509.CertPool, serverCertificates []tls.Certificate) *Authorizer
NewAuthorizer creates a new mTLS authorizer. The certificate pool is used to validate the client certificates, while the server certificates are used to enable TLS on the server.
func (*Authorizer) Apply ¶
func (authorizer *Authorizer) Apply(server *cachaca.Server) error
Apply implements the cachaca.Option interface to configure the server to use this authorizer.
func (*Authorizer) AuthorizeGrpc ¶
AuthorizeGrpc serves as the middleware to authorize the incoming gRPC requests. If no client certificates are provided, the request will be rejected. Provided certificates are injected into the context by the middleware.
func (*Authorizer) AuthorizeHTTP ¶
func (authorizer *Authorizer) AuthorizeHTTP(ctx *gin.Context) error
AuthorizeHTTP serves as the middleware to authorize the incoming HTTP requests. If no client certificates are provided, the request will be rejected. Provided certificates are injected into the context by the middleware.
type Credentials ¶
type Credentials struct {
Certificates []*x509.Certificate
}
Credentials are passed into the context by the middleware and can be used to retrieve the certificates / certificate chain of the authenticated client connecting to the server.