DecDawkins_3864
Apr 02, 2019Nimbostratus
Base64 decode certificate in header help
Hi!
Looking for some help on using the b64decode option within my irule, to decode an incoming client certificate which has been base64 encoded in a custom HTTP header.
I currently have the client certificate validation working (line 6 down), however due to changes in the application now require to decode said incoming certificate. I've written a first pass configuration, which I believe should see an HTTP requests, if the header equals a certain string, it should find and decode said string, then pass onto the cert validation.
when HTTP_REQUEST {
if { [HTTP::header exists X-Client-Cert-Example]}
b64decode [findstr [HTTP::header X-Client-Cert-Example]]
}
when CLIENTSSL_CLIENTCERT {
Set up variables
set ::org "O=Example Org"
set ::cust "CN=Example Cust"
set ::debug 1
set ::to_reject 0
Check if the client provided a certificate
if {[SSL::cert 0] eq ""}{
Reject if the client provided no certificate
if { $::debug }{ log "NO Client Certificate Received from client [IP::client_addr]:[TCP::local_port]" }
set ::to_reject 1
return
} else {
Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith
set subject_dn [X509::subject [SSL::cert 0]]
if { $::debug }{ log "Client Certificate Received: $subject_dn" }
return
Check if the client certificate contains the correct O and a CN
if { ($subject_dn contains $::cust) and ($subject_dn contains $::org) } {
Accept the client cert and drop through to the HTTP_REQUEST
if { $::debug }{ log "Client Certificate Accepted: $subject_dn" }
} else {
if { $::debug }{ log "No Matching Client Certificate Was Found Using: $subject_dn" }
set ::to_reject 1
return
}
}
}
Cheers,
Dec