func showCert(filename string) {
fmt.Println("Certificate:", filename+":")
data, err := ioutil.ReadFile(filename)
if err != nil {
fmt.Fprintf(os.Stderr, "Unable to read certfile: %s\n", err)
return
}
block, rest := pem.Decode(data)
if block == nil {
fmt.Fprintf(os.Stderr, "Failed to parse certificate PEM")
return
}
if len(rest) > 0 {
fmt.Fprintf(os.Stderr, "%d extra bytes in certfile\n", len(rest))
return
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
fmt.Fprintf(os.Stderr, "Unable to parse certificate: %s\n", err)
return
}
username, err := x509util.GetUsername(cert)
if err != nil {
fmt.Fprintf(os.Stderr, "Unable to get username: %s\n", err)
return
}
fmt.Printf(" Issued to: %s\n", username)
permittedMethods, err := x509util.GetPermittedMethods(cert)
if err != nil {
fmt.Fprintf(os.Stderr, "Unable to get methods: %s\n", err)
return
}
if len(permittedMethods) > 0 {
fmt.Println(" Permitted methods:")
sortedList := make([]string, 0, len(permittedMethods))
for method := range permittedMethods {
sortedList = append(sortedList, method)
}
sort.Strings(sortedList)
for _, method := range sortedList {
fmt.Println(" ", method)
}
} else {
fmt.Println(" No methods are permitted")
}
}
func getAuth(state tls.ConnectionState) (string, map[string]struct{}, error) {
var username string
permittedMethods := make(map[string]struct{})
for _, certChain := range state.VerifiedChains {
for _, cert := range certChain {
var err error
if username == "" {
username, err = x509util.GetUsername(cert)
if err != nil {
return "", nil, err
}
}
pms, err := x509util.GetPermittedMethods(cert)
if err != nil {
return "", nil, err
}
for method := range pms {
permittedMethods[method] = struct{}{}
}
}
}
return username, permittedMethods, nil
}