From e18d36ebae30536c77c61cd5da123991e0ca1629 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus@rgdd.se>
Date: Sun, 31 Dec 2023 09:39:25 +0100
Subject: Add drafty prototype

---
 pkg/server/nodes.go | 53 -----------------------------------------------------
 1 file changed, 53 deletions(-)
 delete mode 100644 pkg/server/nodes.go

(limited to 'pkg/server/nodes.go')

diff --git a/pkg/server/nodes.go b/pkg/server/nodes.go
deleted file mode 100644
index 164c06f..0000000
--- a/pkg/server/nodes.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package server
-
-import (
-	"crypto/x509"
-	"fmt"
-	"net/http"
-)
-
-// Node is an identified system that can request certificates
-type Node struct {
-	Name    string   `json:"name"`   // Artbirary node name for authentication
-	Secret  string   `json:"secret"` // Arbitrary node secret for authentication
-	Domains []string `json:"issues"` // Exact-match domain names that are allowed
-}
-
-func (node *Node) authenticate(r *http.Request) error {
-	user, password, ok := r.BasicAuth()
-	if !ok {
-		return fmt.Errorf("no http basic auth credentials")
-	}
-	if user != node.Name || password != node.Secret {
-		return fmt.Errorf("invalid http basic auth credentials")
-	}
-	return nil
-}
-
-func (node *Node) check(crt x509.Certificate) error {
-	for _, san := range crt.DNSNames {
-		ok := false
-		for _, domain := range node.Domains {
-			if domain == san {
-				ok = true
-				break
-			}
-		}
-		if !ok {
-			return fmt.Errorf("%s: not authorized to issue certificates for %s", node.Name, san)
-		}
-	}
-	return nil
-}
-
-// Nodes is a list of nodes that can request certificates
-type Nodes []Node
-
-func (nodes *Nodes) authenticate(r *http.Request) (Node, error) {
-	for _, node := range (*nodes)[:] {
-		if err := node.authenticate(r); err == nil {
-			return node, nil
-		}
-	}
-	return Node{}, fmt.Errorf("no valid HTTP basic auth credentials")
-}
-- 
cgit v1.2.3