In the previous article, "Go language for two-way TLS certified Rest Service" describes how to implement the client and server side of the two-way TLS authentication, here again how to obtain the content of the client certificate on the server side.
For example, how to obtain the subject attribute in the certificate.
Package Mainimport ("Net/http" "Encoding/json") func MyHandler (w http. Responsewriter, R *http. Request) {if! Validrequest (r) {res: = map[string]string {"Error": http. StatusText (http. statusunauthorized)} B, _: = json. Marshal (RES) W.writeheader (http. statusunauthorized) W.header (). Set ("Content-type", "Application/json") W.write (b)} else {//Normal call flow ...}} Func validrequest (R *http. Request) bool {if r.tls! = Nil {for _, cert: = Range r.tls. peercertificates {if cert. IsCA = = False {//do something with the cert, for example://Signature: = Cert. Signature//issuer: = cert. Issuer Subject: = Cert. Subject if Subject. CommonName = = "Guest" {Return True}}} return false}
In this example, add a validrequest step at the entrance of the handler function to verify some of the properties in the client certificate, such as in our example, to verify that subject common name is the guest, if not an error.
For more information about the certificate, please refer to the following:
https://golang.org/pkg/crypto/x509/#Certificate
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
