authelia/internal/configuration/validator/shared.go

package validator

import (
	"crypto/tls"
	"errors"
	"fmt"

	"github.com/authelia/authelia/v4/internal/configuration/schema"
)

// ValidateTLSConfig sets the default values and validates a schema.TLSConfig.
func ValidateTLSConfig(config *schema.TLSConfig, configDefault *schema.TLSConfig) (err error) {
	if configDefault == nil {
		return errors.New("must provide configDefault")
	}

	if config == nil {
		return
	}

	if config.ServerName == "" {
		config.ServerName = configDefault.ServerName
	}

	if config.MinimumVersion.Value == 0 {
		config.MinimumVersion.Value = configDefault.MinimumVersion.Value
	}

	if config.MaximumVersion.Value == 0 {
		config.MaximumVersion.Value = configDefault.MaximumVersion.Value
	}

	if config.MinimumVersion.MinVersion() < tls.VersionTLS10 {
		return errors.New("option 'minimum_version' is invalid: minimum version is TLS1.0 but SSL3.0 was configured")
	}

	if config.MinimumVersion.MinVersion() > config.MaximumVersion.MaxVersion() {
		return fmt.Errorf("option combination of 'minimum_version' and 'maximum_version' is invalid: minimum version %s is greater than the maximum version %s", config.MinimumVersion.String(), config.MaximumVersion.String())
	}

	if (config.CertificateChain.HasCertificates() || config.PrivateKey != nil) && !config.CertificateChain.EqualKey(config.PrivateKey) {
		return errors.New("option 'certificates' is invalid: provided certificate does not contain the public key for the private key provided")
	}

	return nil
}
feat(configuration): mtls clients (#4221) This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options. Closes #4044 2022-10-21 08:41:33 +00:00			`package validator`

			`import (`
			`"crypto/tls"`
			`"errors"`
			`"fmt"`

			`"github.com/authelia/authelia/v4/internal/configuration/schema"`
			`)`

			`// ValidateTLSConfig sets the default values and validates a schema.TLSConfig.`
			`func ValidateTLSConfig(config schema.TLSConfig, configDefault schema.TLSConfig) (err error) {`
feat(oidc): private_key_jwt client auth (#5280) This adds support for the private_key_jwt client authentication method. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-05-15 00:32:10 +00:00			`if configDefault == nil {`
			`return errors.New("must provide configDefault")`
			`}`

feat(configuration): mtls clients (#4221) This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options. Closes #4044 2022-10-21 08:41:33 +00:00			`if config == nil {`
			`return`
			`}`

			`if config.ServerName == "" {`
			`config.ServerName = configDefault.ServerName`
			`}`

			`if config.MinimumVersion.Value == 0 {`
			`config.MinimumVersion.Value = configDefault.MinimumVersion.Value`
			`}`

			`if config.MaximumVersion.Value == 0 {`
			`config.MaximumVersion.Value = configDefault.MaximumVersion.Value`
			`}`

			`if config.MinimumVersion.MinVersion() < tls.VersionTLS10 {`
			`return errors.New("option 'minimum_version' is invalid: minimum version is TLS1.0 but SSL3.0 was configured")`
			`}`

			`if config.MinimumVersion.MinVersion() > config.MaximumVersion.MaxVersion() {`
			`return fmt.Errorf("option combination of 'minimum_version' and 'maximum_version' is invalid: minimum version %s is greater than the maximum version %s", config.MinimumVersion.String(), config.MaximumVersion.String())`
			`}`

			`if (config.CertificateChain.HasCertificates() \|\| config.PrivateKey != nil) && !config.CertificateChain.EqualKey(config.PrivateKey) {`
feat(oidc): private_key_jwt client auth (#5280) This adds support for the private_key_jwt client authentication method. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-05-15 00:32:10 +00:00			`return errors.New("option 'certificates' is invalid: provided certificate does not contain the public key for the private key provided")`
feat(configuration): mtls clients (#4221) This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options. Closes #4044 2022-10-21 08:41:33 +00:00			`}`

			`return nil`
			`}`