summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMatthias Andreas Benkard <code@mail.matthias.benkard.de>2012-06-16 16:05:33 +0200
committerMatthias Andreas Benkard <code@mail.matthias.benkard.de>2012-06-16 16:05:33 +0200
commitc5e1ae4c18a7bb8ecf9370b913e1de1ebc64f398 (patch)
treedfbdc4c19b1aa616a4c25e7d0ce9c758e3f191dd /src
parent08c085929fe7fd653ac121a53644c4fab645d903 (diff)
Accept client certificate information from a frontend reverse proxy.
Diffstat (limited to 'src')
-rw-r--r--src/mulk/benki/main.clj34
-rw-r--r--src/mulk/benki/util.clj1
2 files changed, 34 insertions, 1 deletions
diff --git a/src/mulk/benki/main.clj b/src/mulk/benki/main.clj
index 55239d5..43809ca 100644
--- a/src/mulk/benki/main.clj
+++ b/src/mulk/benki/main.clj
@@ -13,7 +13,9 @@
[lamina.core :as lamina]
[aleph.http :as ahttp]
[aleph.formats :as aformats]
- [ring.util.codec :as codec])
+ [ring.util.codec :as codec]
+ [clojure.algo.monads :as m]
+ [clojure.data.json :as json])
(:import [java.math BigDecimal BigInteger])
(:gen-class))
@@ -59,6 +61,35 @@
(session/get :user))]
(handler request))))
+(defn parse-certificate [cert-data]
+ (let [{modulus :modulus,
+ exponent :exponent,
+ fingerprint :fingerprint,
+ valid-to :valid_to
+ valid-from :valid_from
+ subject-alt-name :subjectaltname
+ subject :subject
+ }
+ cert-data]
+ {:modulus (bigint (BigInteger. modulus 16))
+ :exponent (bigint (BigInteger. exponent 16))
+ :fingerprint fingerprint
+ :valid-to (org.joda.time.DateTime. (Long. valid-to))
+ :valid-from (org.joda.time.DateTime. (Long. valid-from))
+ :subject subject
+ :subject-alt-name subject-alt-name}))
+
+(defn wrap-client-cert [handler]
+ (fn [request]
+ (binding [*client-cert*
+ (m/domonad m/maybe-m
+ [cert-json (get-in request [:headers "x-mulk-peer-certificate"])
+ cert-data (json/read-json cert-json)
+ cert (parse-certificate cert-data)]
+ cert)]
+ (handler request))))
+
+
(defn wrap-extension-mimetype [handler]
(fn [request]
(let [uri (codec/url-decode (:uri request))
@@ -81,6 +112,7 @@
(noir.server/add-middleware #(wrap-utf-8 %))
(noir.server/add-middleware #(wrap-base-uri %))
(noir.server/add-middleware #(wrap-auth-token %))
+ (noir.server/add-middleware #(wrap-client-cert %))
(noir.server/add-middleware #(wrap-cache-control %))
(noir.server/add-middleware #(ring.middleware.file/wrap-file % "static"))
(noir.server/add-middleware #(wrap-extension-mimetype %)))
diff --git a/src/mulk/benki/util.clj b/src/mulk/benki/util.clj
index 55806eb..d3df4af 100644
--- a/src/mulk/benki/util.clj
+++ b/src/mulk/benki/util.clj
@@ -20,6 +20,7 @@
(def ^:dynamic *user*)
+(def ^:dynamic *client-cert*)
(defonce #^:private finished-initializations (atom #{}))