github.com/Tyktechnologies/tyk@v2.9.5+incompatible/gateway/mw_certificate_check.go

github.com/Tyktechnologies/tyk@v2.9.5+incompatible/gateway/mw_certificate_check.go (about)

     1  package gateway
     2  
     3  import (
     4  	"net/http"
     5  )
     6  
     7  // CertificateCheckMW is used if domain was not detected or multiple APIs bind on the same domain. In this case authentification check happens not on TLS side but on HTTP level using this middleware
     8  type CertificateCheckMW struct {
     9  	BaseMiddleware
    10  }
    11  
    12  func (m *CertificateCheckMW) Name() string {
    13  	return "CertificateCheckMW"
    14  }
    15  
    16  func (m *CertificateCheckMW) EnabledForSpec() bool {
    17  	return m.Spec.UseMutualTLSAuth
    18  }
    19  
    20  func (m *CertificateCheckMW) ProcessRequest(w http.ResponseWriter, r *http.Request, _ interface{}) (error, int) {
    21  	if ctxGetRequestStatus(r) == StatusOkAndIgnore {
    22  		return nil, http.StatusOK
    23  	}
    24  
    25  	if m.Spec.UseMutualTLSAuth {
    26  		certIDs := append(m.Spec.ClientCertificates, m.Spec.GlobalConfig.Security.Certificates.API...)
    27  
    28  		if err := CertificateManager.ValidateRequestCertificate(certIDs, r); err != nil {
    29  			return err, http.StatusForbidden
    30  		}
    31  	}
    32  	return nil, http.StatusOK
    33  }