From f25b7ee892dc057d021034a813e37562c6dd05a9 Mon Sep 17 00:00:00 2001
From: pancho horrillo <pancho.horrillo@bbva.com>
Date: Mon, 21 Dec 2020 13:00:25 +0100
Subject: [PATCH] feat(tools): add validssclient for mutual tls auth
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Roberto Abdelkader Martínez Pérez <robertomartinezp@gmail.com>
---
 tools/validsslclient | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100755 tools/validsslclient

diff --git a/tools/validsslclient b/tools/validsslclient
new file mode 100755
index 0000000..afb6272
--- /dev/null
+++ b/tools/validsslclient
@@ -0,0 +1,19 @@
+#!/usr/bin/env sh
+
+set -e
+
+user=$(kapow get /ssl/client/i/dn)
+
+#sed '/^#.*/d' | while read -r dn
+while read -r dn
+do
+    [ -z "$dn" ] && continue
+    if [ "$user" = "$dn" ]; then
+        kapow set /server/log/validsslclient "Found valid user: '$user'"
+        exit 0
+    fi
+done
+
+kapow set /response/status 403 # Forbidden
+kapow set /server/log/validsslclient "Invalid user: '$user'"
+exit 127