mdm

func CertExtractMdmSignatureMiddleware ¶

func CertExtractMdmSignatureMiddleware(next http.Handler, opts ...SigLogOption) http.HandlerFunc

CertExtractMdmSignatureMiddleware extracts the MDM enrollment identity certificate from the request into the HTTP request context. It tries to verify the Mdm-Signature header on the request.

This middleware does not error if a certificate is not found. It will, however, error with an HTTP 400 status if the signature verification fails.

func CertExtractPEMHeaderMiddleware ¶

func CertExtractPEMHeaderMiddleware(next http.Handler, header string, logger log.Logger) http.HandlerFunc

CertExtractPEMHeaderMiddleware extracts the MDM enrollment identity certificate from the request into the HTTP request context. It looks at the request header which should be a URL-encoded PEM certificate.

This is ostensibly to support Nginx' $ssl_client_escaped_cert in a proxy_set_header directive. Though any reverse proxy setting a similar header could be used, of course.

func CertExtractTLSMiddleware ¶

func CertExtractTLSMiddleware(next http.Handler, logger log.Logger) http.HandlerFunc

CertExtractTLSMiddleware extracts the MDM enrollment identity certificate from the request into the HTTP request context. It looks at the TLS peer certificate in the request.

func CertVerifyMiddleware ¶

func CertVerifyMiddleware(next http.Handler, verifier CertVerifier, logger log.Logger) http.HandlerFunc

CertVerifyMiddleware checks the MDM certificate against verifier and returns an error if it fails.

We deliberately do not reply with 401 as this may cause unintentional MDM unenrollments in the case of bugs or something going wrong.

func CertWithEnrollmentIDMiddleware ¶ added in v0.6.0

func CertWithEnrollmentIDMiddleware(next http.Handler, hasher HashFn, store storage.CertAuthRetriever, enforce bool, logger log.Logger) http.HandlerFunc

CertWithEnrollmentIDMiddleware tries to associate the enrollment ID to the request context. It does this by looking up the certificate on the context, hashing it with hasher, looking up the hash in storage, and setting the ID on the context.

The next handler will be called even if cert or ID is not found unless enforce is true. This way next is able to use the existence of the ID on the context to make its own decisions.

func CheckinAndCommandHandler ¶

func CheckinAndCommandHandler(service service.CheckinAndCommandService, logger log.Logger) http.HandlerFunc

CheckinAndCommandHandler handles both check-in and command requests.

func CheckinHandler ¶

func CheckinHandler(svc service.Checkin, logger log.Logger) http.HandlerFunc

CheckinHandler decodes an MDM check-in request and adapts it to service.

func CommandAndReportResultsHandler ¶

func CommandAndReportResultsHandler(svc service.CommandAndReportResults, logger log.Logger) http.HandlerFunc

CommandAndReportResultsHandler decodes an MDM command request and adapts it to service.

func GetCert ¶

func GetCert(ctx context.Context) *x509.Certificate

GetCert retrieves the MDM enrollment identity certificate from the HTTP request context.

func GetEnrollmentID ¶ added in v0.6.0

func GetEnrollmentID(ctx context.Context) string

GetEnrollmentID retrieves the MDM enrollment ID from ctx.