forked from shaj13/go-guardian
-
Notifications
You must be signed in to change notification settings - Fork 0
/
options.go
55 lines (48 loc) · 1.28 KB
/
options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package x509
import (
"regexp"
"github.com/m87carlson/go-guardian/v2/auth"
)
// SetInfoBuilder sets x509 info builder.
func SetInfoBuilder(ib InfoBuilder) auth.Option {
return auth.OptionFunc(func(v interface{}) {
if s, ok := v.(*strategy); ok {
s.builder = ib
}
})
}
// SetAllowEmptyCN prevent strategy from return ErrMissingCN
// when client certificate subject CN missing or empty.
func SetAllowEmptyCN() auth.Option {
return auth.OptionFunc(func(v interface{}) {
if s, ok := v.(*strategy); ok {
s.emptyCN = true
}
})
}
// SetAllowedCN sets the common names which a verified certificate is allowed to have.
func SetAllowedCN(cns ...string) auth.Option {
allowedCNS := map[string]struct{}{}
for _, cn := range cns {
allowedCNS[cn] = struct{}{}
}
return auth.OptionFunc(func(v interface{}) {
if s, ok := v.(*strategy); ok {
s.allowedCN = func(cn string) bool {
_, ok := allowedCNS[cn]
return ok
}
}
})
}
// SetAllowedCNRegex sets the common names regex which a verified certificate is allowed to have.
func SetAllowedCNRegex(str string) auth.Option {
regex := regexp.MustCompile(str)
return auth.OptionFunc(func(v interface{}) {
if s, ok := v.(*strategy); ok {
s.allowedCN = func(cn string) bool {
return regex.MatchString(cn)
}
}
})
}