diff options
author | Rasmus Dahlberg <rasmus@rgdd.se> | 2023-12-31 09:39:25 +0100 |
---|---|---|
committer | Rasmus Dahlberg <rasmus@rgdd.se> | 2024-01-07 20:22:23 +0100 |
commit | e18d36ebae30536c77c61cd5da123991e0ca1629 (patch) | |
tree | bf4880c0019a6009ab1b671e23ef4a1a4a5e8e08 /pkg/server/nodes.go | |
parent | 54d980afcbd6f0011d6a162e0003587d26a3e311 (diff) |
Add drafty prototype
Diffstat (limited to 'pkg/server/nodes.go')
-rw-r--r-- | pkg/server/nodes.go | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/pkg/server/nodes.go b/pkg/server/nodes.go deleted file mode 100644 index 164c06f..0000000 --- a/pkg/server/nodes.go +++ /dev/null @@ -1,53 +0,0 @@ -package server - -import ( - "crypto/x509" - "fmt" - "net/http" -) - -// Node is an identified system that can request certificates -type Node struct { - Name string `json:"name"` // Artbirary node name for authentication - Secret string `json:"secret"` // Arbitrary node secret for authentication - Domains []string `json:"issues"` // Exact-match domain names that are allowed -} - -func (node *Node) authenticate(r *http.Request) error { - user, password, ok := r.BasicAuth() - if !ok { - return fmt.Errorf("no http basic auth credentials") - } - if user != node.Name || password != node.Secret { - return fmt.Errorf("invalid http basic auth credentials") - } - return nil -} - -func (node *Node) check(crt x509.Certificate) error { - for _, san := range crt.DNSNames { - ok := false - for _, domain := range node.Domains { - if domain == san { - ok = true - break - } - } - if !ok { - return fmt.Errorf("%s: not authorized to issue certificates for %s", node.Name, san) - } - } - return nil -} - -// Nodes is a list of nodes that can request certificates -type Nodes []Node - -func (nodes *Nodes) authenticate(r *http.Request) (Node, error) { - for _, node := range (*nodes)[:] { - if err := node.authenticate(r); err == nil { - return node, nil - } - } - return Node{}, fmt.Errorf("no valid HTTP basic auth credentials") -} |