package x509
import "k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509"
Package x509 provides a request authenticator that validates and extracts user information from client certificates
Index ¶
- Variables
- func DefaultVerifyOptions() x509.VerifyOptions
- type Authenticator
- func New(opts x509.VerifyOptions, user UserConversion) *Authenticator
- func (a *Authenticator) AuthenticateRequest(req *http.Request) (user.Info, bool, error)
- type UserConversion
- type UserConversionFunc
Variables ¶
var CommonNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { if len(chain[0].Subject.CommonName) == 0 { return nil, false, nil } return &user.DefaultInfo{Name: chain[0].Subject.CommonName}, true, nil })
CommonNameUserConversion builds user info from a certificate chain using the subject's CommonName
var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { if len(chain[0].DNSNames) == 0 { return nil, false, nil } return &user.DefaultInfo{Name: chain[0].DNSNames[0]}, true, nil })
DNSNameUserConversion builds user info from a certificate chain using the first DNSName on the certificate
var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { if len(chain[0].EmailAddresses) == 0 { return nil, false, nil } return &user.DefaultInfo{Name: chain[0].EmailAddresses[0]}, true, nil })
EmailAddressUserConversion builds user info from a certificate chain using the first EmailAddress on the certificate
Functions ¶
func DefaultVerifyOptions ¶
func DefaultVerifyOptions() x509.VerifyOptions
DefaultVerifyOptions returns VerifyOptions that use the system root certificates, current time, and requires certificates to be valid for client auth (x509.ExtKeyUsageClientAuth)
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator implements request.Authenticator by extracting user info from verified client certificates
func New ¶
func New(opts x509.VerifyOptions, user UserConversion) *Authenticator
New returns a request.Authenticator that verifies client certificates using the provided VerifyOptions, and converts valid certificate chains into user.Info using the provided UserConversion
func (*Authenticator) AuthenticateRequest ¶
AuthenticateRequest authenticates the request using presented client certificates
type UserConversion ¶
UserConversion defines an interface for extracting user info from a client certificate chain
type UserConversionFunc ¶
UserConversionFunc is a function that implements the UserConversion interface.
func (UserConversionFunc) User ¶
func (f UserConversionFunc) User(chain []*x509.Certificate) (user.Info, bool, error)
User implements x509.UserConversion
Source Files ¶
doc.go x509.go
- Version
- v1.1.9-beta.0
- Published
- Feb 23, 2016
- Platform
- js/wasm
- Imports
- 4 packages
- Last checked
- 45 minutes ago –
Tools for package owners.