Commit 0fa24c66 authored by ale's avatar ale

Add a convenience type to specify TLS auth ACLs on the command line

parent 54f0ac4c
...@@ -2,10 +2,12 @@ package serverutil ...@@ -2,10 +2,12 @@ package serverutil
import ( import (
"crypto/tls" "crypto/tls"
"errors"
"fmt" "fmt"
"log" "log"
"net/http" "net/http"
"regexp" "regexp"
"strings"
common "git.autistici.org/ai3/go-common" common "git.autistici.org/ai3/go-common"
) )
...@@ -42,6 +44,31 @@ func (p *TLSAuthACL) match(req *http.Request) bool { ...@@ -42,6 +44,31 @@ func (p *TLSAuthACL) match(req *http.Request) bool {
return false return false
} }
// TLSAuthACLListFlag is a convenience type that allows callers to use
// the 'flag' package to specify a list of TLSAuthACL objects. It
// implements the flag.Value interface.
type TLSAuthACLListFlag []*TLSAuthACL
func (l TLSAuthACLListFlag) String() string {
var out []string
for _, acl := range l {
out = append(out, fmt.Sprintf("%s:%s", acl.Path, acl.CommonName))
}
return strings.Join(out, ",")
}
func (l *TLSAuthACLListFlag) Set(value string) error {
parts := strings.SplitN(value, ":", 2)
if len(parts) != 2 {
return errors.New("bad acl format")
}
*l = append(*l, &TLSAuthACL{
Path: parts[0],
CommonName: parts[1],
})
return nil
}
// TLSAuthConfig stores access control lists for TLS authentication. Access // TLSAuthConfig stores access control lists for TLS authentication. Access
// control lists are matched against the request path and the // control lists are matched against the request path and the
// CommonName component of the peer certificate subject. // CommonName component of the peer certificate subject.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment