caddy/modules/caddytls/matchers.go
2019-04-26 12:35:39 -06:00

93 lines
2.4 KiB
Go

package caddytls
import (
"crypto/tls"
"bitbucket.org/lightcodelabs/caddy2"
)
type (
// MatchServerName matches based on SNI.
MatchServerName []string
// TODO: these others should be enterprise-only, probably
// MatchProtocol matches based on protocol.
MatchProtocol []string // TODO: Protocol or version?
// MatchClientCert matches based on client certificate / client auth?
MatchClientCert struct{} // TODO: client certificate options
// MatchRemote matches based on the remote address of the connection.
MatchRemote []string
// MatchStarlark matches based on a Starlark script.
MatchStarlark string
)
func init() {
caddy2.RegisterModule(caddy2.Module{
Name: "tls.handshake_match.host",
New: func() (interface{}, error) { return MatchServerName{}, nil },
})
caddy2.RegisterModule(caddy2.Module{
Name: "tls.handshake_match.protocol",
New: func() (interface{}, error) { return MatchProtocol{}, nil },
})
caddy2.RegisterModule(caddy2.Module{
Name: "tls.handshake_match.client_cert",
New: func() (interface{}, error) { return MatchClientCert{}, nil },
})
caddy2.RegisterModule(caddy2.Module{
Name: "tls.handshake_match.remote",
New: func() (interface{}, error) { return MatchRemote{}, nil },
})
caddy2.RegisterModule(caddy2.Module{
Name: "tls.handshake_match.starlark",
New: func() (interface{}, error) { return new(MatchStarlark), nil },
})
}
// Match matches hello based on SNI.
func (m MatchServerName) Match(hello *tls.ClientHelloInfo) bool {
for _, name := range m {
// TODO: support wildcards (and regex?)
if hello.ServerName == name {
return true
}
}
return false
}
// Match matches hello based on protocol version.
func (m MatchProtocol) Match(hello *tls.ClientHelloInfo) bool {
// TODO: not implemented
return false
}
// Match matches hello based on client certificate.
func (m MatchClientCert) Match(hello *tls.ClientHelloInfo) bool {
// TODO: not implemented
return false
}
// Match matches hello based on remote address.
func (m MatchRemote) Match(hello *tls.ClientHelloInfo) bool {
// TODO: not implemented
return false
}
// Match matches hello based on a Starlark script.
func (m MatchStarlark) Match(hello *tls.ClientHelloInfo) bool {
// TODO: not implemented
return false
}
// Interface guards
var (
_ ConnectionMatcher = MatchServerName{}
_ ConnectionMatcher = MatchProtocol{}
_ ConnectionMatcher = MatchClientCert{}
_ ConnectionMatcher = MatchRemote{}
_ ConnectionMatcher = new(MatchStarlark)
)