(req *http.Request, key string)
| 404 | } |
| 405 | |
| 406 | func getReqTLSReplacement(req *http.Request, key string) (any, bool) { |
| 407 | if req == nil || req.TLS == nil { |
| 408 | return nil, false |
| 409 | } |
| 410 | |
| 411 | if len(key) < len(reqTLSReplPrefix) { |
| 412 | return nil, false |
| 413 | } |
| 414 | |
| 415 | field := strings.ToLower(key[len(reqTLSReplPrefix):]) |
| 416 | |
| 417 | if strings.HasPrefix(field, "client.") { |
| 418 | cert := getTLSPeerCert(req.TLS) |
| 419 | if cert == nil { |
| 420 | // Instead of returning (nil, false) here, we set it to a dummy |
| 421 | // value to fix #7530. This way, even if there is no client cert, |
| 422 | // evaluating placeholders with ReplaceKnown() will still remove |
| 423 | // the placeholder, which would be expected. It is not expected |
| 424 | // for the placeholder to sometimes get removed based on whether |
| 425 | // the client presented a cert. We also do not return true here |
| 426 | // because we probably should remain accurate about whether a |
| 427 | // placeholder is, in fact, known or not. |
| 428 | // (This allocation may be slightly inefficient.) |
| 429 | cert = new(x509.Certificate) |
| 430 | } |
| 431 | |
| 432 | // subject alternate names (SANs) |
| 433 | if strings.HasPrefix(field, "client.san.") { |
| 434 | field = field[len("client.san."):] |
| 435 | var fieldName string |
| 436 | var fieldValue any |
| 437 | switch { |
| 438 | case strings.HasPrefix(field, "dns_names"): |
| 439 | fieldName = "dns_names" |
| 440 | fieldValue = cert.DNSNames |
| 441 | case strings.HasPrefix(field, "emails"): |
| 442 | fieldName = "emails" |
| 443 | fieldValue = cert.EmailAddresses |
| 444 | case strings.HasPrefix(field, "ips"): |
| 445 | fieldName = "ips" |
| 446 | fieldValue = cert.IPAddresses |
| 447 | case strings.HasPrefix(field, "uris"): |
| 448 | fieldName = "uris" |
| 449 | fieldValue = cert.URIs |
| 450 | default: |
| 451 | return nil, false |
| 452 | } |
| 453 | field = field[len(fieldName):] |
| 454 | |
| 455 | // if no index was specified, return the whole list |
| 456 | if field == "" { |
| 457 | return fieldValue, true |
| 458 | } |
| 459 | if len(field) < 2 || field[0] != '.' { |
| 460 | return nil, false |
| 461 | } |
| 462 | field = field[1:] // trim '.' between field name and index |
| 463 |
no test coverage detected