combined auth

Snawoot · Snawoot · commit 3d45b72e43a7 · 2025-10-18T16:36:47.000+03:00
diff --git a/auth/cert.go b/auth/cert.go
@@ -31,6 +31,7 @@ type CertAuth struct {
 	logger            *clog.CondLogger
 	stopOnce          sync.Once
 	stopChan          chan struct{}
+	next              Auth
 }
 
 func NewCertAuth(param_url *url.URL, logger *clog.CondLogger) (*CertAuth, error) {
@@ -62,11 +63,18 @@ func NewCertAuth(param_url *url.URL, logger *clog.CondLogger) (*CertAuth, error)
 			go auth.reloadLoop(reloadInterval)
 		}
 	}
+	if nextAuth := values.Get("next"); nextAuth != "" {
+		nap, err := NewAuth(nextAuth, logger)
+		if err != nil {
+			return nil, fmt.Errorf("chained auth provider construction failed: %w", err)
+		}
+		auth.next = nap
+	}
 
 	return auth, nil
 }
 
-func (auth *CertAuth) Validate(_ context.Context, wr http.ResponseWriter, req *http.Request) (string, bool) {
+func (auth *CertAuth) Validate(ctx context.Context, wr http.ResponseWriter, req *http.Request) (string, bool) {
 	if req.TLS == nil || len(req.TLS.VerifiedChains) < 1 || len(req.TLS.VerifiedChains[0]) < 1 {
 		http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
 		return "", false
@@ -76,6 +84,9 @@ func (auth *CertAuth) Validate(_ context.Context, wr http.ResponseWriter, req *h
 		http.Error(wr, BAD_REQ_MSG, http.StatusBadRequest)
 		return "", false
 	}
+	if auth.next != nil {
+		return auth.next.Validate(ctx, wr, req)
+	}
 	return fmt.Sprintf(
 		"Subject: %s, Serial Number: %s",
 		eeCert.Subject.String(),
