66 lines
1.5 KiB
Go
66 lines
1.5 KiB
Go
package pkiutil
|
|
|
|
import "crypto/x509"
|
|
import "encoding/asn1"
|
|
|
|
var OIDCoditMTLSAuthorization = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 57264, 1, 1}
|
|
|
|
type clientAuthorizationValue struct {
|
|
Version int
|
|
UserID string
|
|
Username string
|
|
ProfileID string
|
|
Permissions []string
|
|
Scope string
|
|
}
|
|
|
|
type ClientAuthorizationInfo struct {
|
|
Version int
|
|
UserID string
|
|
Username string
|
|
ProfileID string
|
|
Permissions []string
|
|
Scope string
|
|
}
|
|
|
|
func ParseClientAuthorizationExtension(raw []byte) (ClientAuthorizationInfo, error) {
|
|
var value clientAuthorizationValue
|
|
var info ClientAuthorizationInfo
|
|
var err error
|
|
|
|
_, err = asn1.Unmarshal(raw, &value)
|
|
if err != nil {
|
|
return info, err
|
|
}
|
|
info = ClientAuthorizationInfo{
|
|
Version: value.Version,
|
|
UserID: value.UserID,
|
|
Username: value.Username,
|
|
ProfileID: value.ProfileID,
|
|
Permissions: append([]string{}, value.Permissions...),
|
|
Scope: value.Scope,
|
|
}
|
|
return info, nil
|
|
}
|
|
|
|
func ParseClientAuthorizationFromCertificate(cert *x509.Certificate) (ClientAuthorizationInfo, bool, error) {
|
|
var i int
|
|
var info ClientAuthorizationInfo
|
|
var err error
|
|
|
|
if cert == nil {
|
|
return info, false, nil
|
|
}
|
|
for i = 0; i < len(cert.Extensions); i++ {
|
|
if !cert.Extensions[i].Id.Equal(OIDCoditMTLSAuthorization) {
|
|
continue
|
|
}
|
|
info, err = ParseClientAuthorizationExtension(cert.Extensions[i].Value)
|
|
if err != nil {
|
|
return info, true, err
|
|
}
|
|
return info, true, nil
|
|
}
|
|
return info, false, nil
|
|
}
|