feat(tools): add validssclient for mutual tls auth

Co-authored-by: Roberto Abdelkader Martínez Pérez <robertomartinezp@gmail.com>
BBVA · Dec 21, 2020 · f25b7ee · f25b7ee
1 parent 678a5a2
commit f25b7ee
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/tools/validsslclient b/tools/validsslclient
@@ -0,0 +1,19 @@
+#!/usr/bin/env sh
+
+set -e
+
+user=$(kapow get /ssl/client/i/dn)
+
+#sed '/^#.*/d' | while read -r dn
+while read -r dn
+do
+    [ -z "$dn" ] && continue
+    if [ "$user" = "$dn" ]; then
+        kapow set /server/log/validsslclient "Found valid user: '$user'"
+        exit 0
+    fi
+done
+
+kapow set /response/status 403 # Forbidden
+kapow set /server/log/validsslclient "Invalid user: '$user'"
+exit 127