File: policy.go

package info (click to toggle)
golang-github-smallstep-certificates 0.28.4-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 6,676 kB
  • sloc: sh: 367; makefile: 129
file content (65 lines) | stat: -rw-r--r-- 1,475 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
package provisioner

import "github.com/smallstep/certificates/authority/policy"

type policyEngine struct {
	x509Policy    policy.X509Policy
	sshHostPolicy policy.HostPolicy
	sshUserPolicy policy.UserPolicy
}

func newPolicyEngine(options *Options) (*policyEngine, error) {
	if options == nil {
		//nolint:nilnil // legacy
		return nil, nil
	}

	var (
		x509Policy    policy.X509Policy
		sshHostPolicy policy.HostPolicy
		sshUserPolicy policy.UserPolicy
		err           error
	)

	// Initialize the x509 allow/deny policy engine
	if x509Policy, err = policy.NewX509PolicyEngine(options.GetX509Options()); err != nil {
		return nil, err
	}

	// Initialize the SSH allow/deny policy engine for host certificates
	if sshHostPolicy, err = policy.NewSSHHostPolicyEngine(options.GetSSHOptions()); err != nil {
		return nil, err
	}

	// Initialize the SSH allow/deny policy engine for user certificates
	if sshUserPolicy, err = policy.NewSSHUserPolicyEngine(options.GetSSHOptions()); err != nil {
		return nil, err
	}

	return &policyEngine{
		x509Policy:    x509Policy,
		sshHostPolicy: sshHostPolicy,
		sshUserPolicy: sshUserPolicy,
	}, nil
}

func (p *policyEngine) getX509() policy.X509Policy {
	if p == nil {
		return nil
	}
	return p.x509Policy
}

func (p *policyEngine) getSSHHost() policy.HostPolicy {
	if p == nil {
		return nil
	}
	return p.sshHostPolicy
}

func (p *policyEngine) getSSHUser() policy.UserPolicy {
	if p == nil {
		return nil
	}
	return p.sshUserPolicy
}