Inputs: [request :- ring/Request allow-header-cert-info :- schema/Bool oid-map :- acl/OIDMap]
Returns: ring/Request

Add authentication information to the ring request.

Inputs: [request :- ring/Request token->subject :- (schema/maybe IFn)]

Associate a `query-params` map onto the supplied request from any
key/value pairs embedded in the request's URL query string.

Inputs: [request :- ring/Request rules :- [rules/Rule] oid-map :- acl/OIDMap allow-header-cert-info :- schema/Bool rbac-is-permitted? :- (schema/maybe IFn) token->subject :- (schema/maybe IFn)]
Returns: rules/AuthorizationResult

Checks that the request is allowed by the provided rules and returns an
 authorization result map containing the request with authorization info
 added, whether the request is authorized, and a message.

Return an X509Certificate or nil from a string encoded for transmission
in an HTTP header.

URL decode the header cert value into a PEM string.

Name of the HTTP header through which a client certificate can be passed
for a request.

Name of the HTTP header through which a client verify can be passed
for a request.

Name of the HTTP header through which a client dn can be passed
for a request.

Attempt to parse the supplied 'dn' string as a legacy OpenSSL-style DN,
where the attributes in the DN are delimited by solidus characters, and
return back the value for a CN attribute found within it.  For example,
if the supplied 'dn' were '/O=myorg/CN=myname', then the value returned
would be 'myname'.  If a value for the CN attribute cannot be found, either
because the original format of the 'dn' wasn't in the legacy OpenSSL-style
or no CN attribute was found within the 'dn', this function would return
nil.

Convert a pem string into certificate objects.

Inputs: [request :- ring/Request allow-header-cert-info :- schema/Bool]
Returns: (schema/maybe X509Certificate)

Pull the client certificate from the request.  Response includes the
certificate as a java.security.cert.X509Certificate object or, if none
can be found, nil.  allow-header-cert-info determines whether to try to
pull the certificate from an HTTP header (true) or from the certificate
provided during SSL session negotiation (false).

Inputs: [request :- ring/Request allow-header-cert-info :- schema/Bool oid-map :- acl/OIDMap]
Returns: acl/Extensions

Given a request, return a map of shortname -> value for all of the extensions
in the request's certificate. Uses the passed oid map to translate from OIDs
to short names.

Pull the common name from the request, considering whether or not the
name should be pulled from headers or an SSL certificate (per the
allow-header-cert-info setting).

Pull the common name from the request, considering whether or not the
name should be pulled from headers or an SSL certificate (per the
allow-header-cert-info setting).  header-dn-val is the value of the
DN in an HTTP header for the request, if available.

Determine if the user's identity has been 'verified'.  When
'allow-header-cert-info' is set to 'true', the user's identity is assumed
to be verified externally and, so, whatever the 'x-client-verify' header
value is for the request is assumed to be the result of that verification.
'SUCCESS' is the only value for a successful verification in that case;
anything else is considered to be 'not verified'.  When
'allow-header-cert-info' is set to 'false', the user's identity (or lack
thereof) is assumed to have been verified by the server in which this
code is running, in which case a value of 'true' is always returned

Log a warning message if the supplied common-name is empty (nil or empty
string.

Log a warning message if the supplied header-val is non-empty.

Inputs: [handler :- IFn rules :- [rules/Rule] oid-map :- acl/OIDMap allow-header-cert-info :- schema/Bool rbac-is-permitted? :- (schema/maybe IFn) token->subject :- (schema/maybe IFn)]
Returns: IFn

Middleware that checks if the request is allowed by the provided rules,
 and if not returns a 403 response with a user-friendly message.