mirror of https://github.com/linka-cloud/grpc.git
50 lines
1.1 KiB
Go
50 lines
1.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
|
|
grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
|
|
"google.golang.org/grpc/credentials"
|
|
"google.golang.org/grpc/peer"
|
|
|
|
"go.linka.cloud/grpc-toolkit/errors"
|
|
)
|
|
|
|
type X509Validator func(ctx context.Context, sans []string) (context.Context, error)
|
|
|
|
// func _(ctx context.Context) {
|
|
// p, ok := peer.FromContext(ctx)
|
|
// if !ok {
|
|
// return
|
|
// }
|
|
// i, ok := p.AuthInfo.(credentials.TLSInfo)
|
|
// if !ok {
|
|
// return
|
|
// }
|
|
// i.State.VerifiedChains
|
|
// }
|
|
|
|
func makeX509AuthFunc(v X509Validator) grpc_auth.AuthFunc {
|
|
return func(ctx context.Context) (context.Context, error) {
|
|
p, ok := peer.FromContext(ctx)
|
|
if !ok {
|
|
return ctx, errors.Internalf("peer not found")
|
|
}
|
|
i, ok := p.AuthInfo.(credentials.TLSInfo)
|
|
if !ok {
|
|
return ctx, errors.Unauthenticatedf("no TLS credentials")
|
|
}
|
|
if !i.State.HandshakeComplete {
|
|
return ctx, errors.Unauthenticatedf("handshake not complete")
|
|
}
|
|
var sans []string
|
|
for _, v := range i.State.VerifiedChains {
|
|
if len(v) == 0 {
|
|
continue
|
|
}
|
|
sans = append(sans, v[0].PermittedDNSDomains...)
|
|
}
|
|
return v(ctx, sans)
|
|
}
|
|
}
|