diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2022-10-21 19:41:33 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-21 19:41:33 +1100 |
| commit | 9532823a99c93d2ab53624f530742190163418f4 (patch) | |
| tree | 555b7f735eb5373a4200c61aae9673ff692a3935 /internal/configuration/decode_hooks.go | |
| parent | 6e835bd8f85f1cd465d46515c4823670a062fab6 (diff) | |
feat(configuration): mtls clients (#4221)
This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options.
Closes #4044
Diffstat (limited to 'internal/configuration/decode_hooks.go')
| -rw-r--r-- | internal/configuration/decode_hooks.go | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/internal/configuration/decode_hooks.go b/internal/configuration/decode_hooks.go index 3fa27396e..a5872627f 100644 --- a/internal/configuration/decode_hooks.go +++ b/internal/configuration/decode_hooks.go @@ -346,6 +346,76 @@ func StringToX509CertificateChainHookFunc() mapstructure.DecodeHookFuncType { } } +// StringToTLSVersionHookFunc decodes strings to schema.TLSVersion's. +func StringToTLSVersionHookFunc() mapstructure.DecodeHookFuncType { + return func(f reflect.Type, t reflect.Type, data interface{}) (value interface{}, err error) { + var ptr bool + + if f.Kind() != reflect.String { + return data, nil + } + + prefixType := "" + + if t.Kind() == reflect.Ptr { + ptr = true + prefixType = "*" + } + + expectedType := reflect.TypeOf(schema.TLSVersion{}) + + if ptr && t.Elem() != expectedType { + return data, nil + } else if !ptr && t != expectedType { + return data, nil + } + + dataStr := data.(string) + + var result *schema.TLSVersion + + if result, err = schema.NewTLSVersion(dataStr); err != nil { + return nil, fmt.Errorf(errFmtDecodeHookCouldNotParse, dataStr, prefixType, expectedType, err) + } + + if ptr { + return result, nil + } + + return *result, nil + } +} + +// StringToCryptoPrivateKeyHookFunc decodes strings to schema.CryptographicPrivateKey's. +func StringToCryptoPrivateKeyHookFunc() mapstructure.DecodeHookFuncType { + return func(f reflect.Type, t reflect.Type, data interface{}) (value interface{}, err error) { + if f.Kind() != reflect.String { + return data, nil + } + + field, _ := reflect.TypeOf(schema.TLSConfig{}).FieldByName("PrivateKey") + expectedType := field.Type + + if t != expectedType { + return data, nil + } + + dataStr := data.(string) + + var i any + + if i, err = utils.ParseX509FromPEM([]byte(dataStr)); err != nil { + return nil, fmt.Errorf(errFmtDecodeHookCouldNotParseBasic, "", expectedType, err) + } + + if result, ok := i.(schema.CryptographicPrivateKey); !ok { + return nil, fmt.Errorf(errFmtDecodeHookCouldNotParseBasic, "", expectedType, fmt.Errorf("the data is for a %T not a %s", i, expectedType)) + } else { + return result, nil + } + } +} + // StringToPrivateKeyHookFunc decodes strings to rsa.PrivateKey's. func StringToPrivateKeyHookFunc() mapstructure.DecodeHookFuncType { return func(f reflect.Type, t reflect.Type, data interface{}) (value interface{}, err error) { |