nathan/go-authcheck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

load cert from file rather than embed
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2023-07-20 09:05:48 +10:00
parent f987f4438a
commit 23e3044f89
2 changed files with 74 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
log.txt log.txt
*.pem

66
main.go
View File

@@ -3,8 +3,12 @@ package main
import ( import (
"crypto/x509" "crypto/x509"
"encoding/json" "encoding/json"
"encoding/pem"
"flag" "flag"
"fmt" "fmt"
"io/ioutil"
"os"
"path/filepath"
auth "github.com/korylprince/go-ad-auth/v3" auth "github.com/korylprince/go-ad-auth/v3"
) )
@@ -71,6 +75,37 @@ lS3ZUQcHCLtUbTw=
-----END CERTIFICATE----- -----END CERTIFICATE-----
` `
func GetFilePath(path string) string {
// Check for empty filename
if len(path) == 0 {
return ""
}
// check if filename exists
if _, err := os.Stat(path); os.IsNotExist((err)) {
fmt.Printf("File '%s' not found, searching in same directory as binary\n", path)
// if not, check that it exists in the same directory as the currently executing binary
ex, err2 := os.Executable()
if err2 != nil {
//log.Printf("Error determining binary path : '%s'", err)
return ""
}
binaryPath := filepath.Dir(ex)
path = filepath.Join(binaryPath, path)
}
return path
}
func isFlagPassed(name string) bool {
found := false
flag.Visit(func(f *flag.Flag) {
if f.Name == name {
found = true
}
})
return found
}
func main() { func main() {
var output Output var output Output
@@ -79,6 +114,7 @@ func main() {
baseDN := flag.String("baseDN", "OU=Users,DC=example,DC=com", "Base DN to use when attempting to bind to AD") baseDN := flag.String("baseDN", "OU=Users,DC=example,DC=com", "Base DN to use when attempting to bind to AD")
username := flag.String("username", "user", "Username to use when attempting to bind to AD") username := flag.String("username", "user", "Username to use when attempting to bind to AD")
password := flag.String("password", "pass", "Password to use when attempting to bind to AD") password := flag.String("password", "pass", "Password to use when attempting to bind to AD")
certFile := flag.String("cert-file", "rootca.pem", "Filename to load trusted certificate from")
flag.Parse() flag.Parse()
output.Server = *server output.Server = *server
@@ -93,8 +129,34 @@ func main() {
return return
} }
// only try to load certificate from file if the command line argument was specified
if isFlagPassed("cert-file") {
// Try to read the file
cf, err := ioutil.ReadFile(GetFilePath(*certFile))
if err != nil {
output.AuthSuccess = false
output.Error = err.Error()
b, _ := json.Marshal(output)
fmt.Println(string(b))
return
}
// Get the certificate from the file
cpb, _ := pem.Decode(cf)
crt, err := x509.ParseCertificate(cpb.Bytes)
if err != nil {
output.AuthSuccess = false
output.Error = err.Error()
b, _ := json.Marshal(output)
fmt.Println(string(b))
return
}
// Add custom certificate to the system cert pool // Add custom certificate to the system cert pool
ok := system.AppendCertsFromPEM([]byte(WSDCCertPem)) system.AddCert(crt)
/*
ok := system.AppendCertsFromPEM(crt)
if !ok { if !ok {
output.AuthSuccess = false output.AuthSuccess = false
output.Error = "failed to parse WSDC intermediate certificate" output.Error = "failed to parse WSDC intermediate certificate"
@@ -102,6 +164,8 @@ func main() {
fmt.Println(string(b)) fmt.Println(string(b))
return return
} }
*/
}
config := &auth.Config{ config := &auth.Config{
Server: *server, Server: *server,