Categorygithub.com/jimsyyap/golang_recipeinfosec_gomutual_authserver
package
0.0.0-20240731084147-8c2c48fecfe2
Repository: https://github.com/jimsyyap/golang_recipe.git
Documentation: pkg.go.dev
Overview
Dependencies
6
Dependents
0

# README

The Story:

Imagine you're hosting a secret club meeting in your house. To make sure only club members get in, you stand at the door and check everyone's membership card (ID). If their card checks out, you let them in and say hello. This Go code does something similar, but instead of a club meeting, it's a website, and instead of membership cards, it uses special digital certificates.

What the Code Does (ELI5):

  1. Setting Up the Club Rules (helloHandler): The helloHandler function is like your greeting at the door. When someone visits the "/hello" page on your website, it checks their digital certificate (ID) to see who they are. If their certificate is valid, it prints a friendly message with their name and tells them they're "authenticated" (allowed in).

  2. Getting Ready: The code starts by saying it needs special tools from a "toolbox" to make the code work (like tools for handling secure website connections and certificates).

  3. Loading the Member List (client.pem): Next, it loads a file named "client.pem." This file is like your list of all valid club membership cards. Each member's certificate is in there.

  4. Creating the Bouncer (tlsConfig): The code creates a strict bouncer for your website. This bouncer only lets in people who have a valid certificate from your member list. It also insists on checking everyone's certificate.

  5. Opening the Doors (server): Now, your website is ready to open! It starts listening on a specific address and port (":9443"). It uses its own certificate ("server.pem") and key ("server-key.pem") to prove it's the real website, not a fake one.

Why Each Step is Important:

  • helloHandler: This is how you greet authenticated users and let them know they're in.
  • client.pem: This is your list of trusted members (clients).
  • tlsConfig: This sets the strict rules for who gets in.
  • server: This opens up your website and starts listening for visitors.

How to Write It (Thought Process):

  1. Define the greeting: Decide how to welcome authenticated users (the helloHandler function).
  2. Get the member list: Load the file containing your trusted clients' certificates.
  3. Set the rules: Create a tlsConfig that requires and verifies client certificates.
  4. Open the doors: Start a server with the configured tlsConfig and your server's certificate and key.