From 514eef33fe6ea4e52438e62f73c8f3c0aadd45db Mon Sep 17 00:00:00 2001 From: v-rosa Date: Fri, 31 Jul 2020 22:06:30 +0100 Subject: caddyhttp: Add support to resolve DN in CEL expression (#3608) --- modules/caddyhttp/celmatcher.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'modules/caddyhttp/celmatcher.go') diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 83e01cf..bab0a07 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -15,6 +15,7 @@ package caddyhttp import ( + "crypto/x509/pkix" "encoding/json" "fmt" "net/http" @@ -199,6 +200,27 @@ func (cr celHTTPRequest) Equal(other ref.Val) ref.Val { func (celHTTPRequest) Type() ref.Type { return httpRequestCELType } func (cr celHTTPRequest) Value() interface{} { return cr } +var pkixNameCELType = types.NewTypeValue("pkix.Name", traits.ReceiverType) + +// celPkixName wraps an pkix.Name with +// methods to satisfy the ref.Val interface. +type celPkixName struct{ *pkix.Name } + +func (pn celPkixName) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { + return pn.Name, nil +} +func (celPkixName) ConvertToType(typeVal ref.Type) ref.Val { + panic("not implemented") +} +func (pn celPkixName) Equal(other ref.Val) ref.Val { + if o, ok := other.Value().(string); ok { + return types.Bool(pn.Name.String() == o) + } + return types.ValOrErr(other, "%v is not comparable type", other) +} +func (celPkixName) Type() ref.Type { return pkixNameCELType } +func (pn celPkixName) Value() interface{} { return pn } + // celTypeAdapter can adapt our custom types to a CEL value. type celTypeAdapter struct{} @@ -206,6 +228,8 @@ func (celTypeAdapter) NativeToValue(value interface{}) ref.Val { switch v := value.(type) { case celHTTPRequest: return v + case pkix.Name: + return celPkixName{&v} case time.Time: // TODO: eliminate direct protobuf dependency, sigh -- just wrap stdlib time.Time instead... return types.Timestamp{Timestamp: ×tamp.Timestamp{Seconds: v.Unix(), Nanos: int32(v.Nanosecond())}} -- cgit v1.2.3