bundleutil

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 18, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// MinimumRefreshHint is the smallest refresh hint the client allows.
	// Anything smaller than the minimum will be reset to the minimum.
	MinimumRefreshHint = time.Minute
)

Variables

This section is empty.

Functions

func BundleProtoFromRootCA

func BundleProtoFromRootCA(trustDomainID string, rootCA *x509.Certificate) *common.Bundle

func BundleProtoFromRootCADER

func BundleProtoFromRootCADER(trustDomainID string, derBytes []byte) *common.Bundle

func BundleProtoFromRootCAs

func BundleProtoFromRootCAs(trustDomainID string, rootCAs []*x509.Certificate) *common.Bundle

func BundleProtoFromRootCAsDER

func BundleProtoFromRootCAsDER(trustDomainID string, derBytes []byte) (*common.Bundle, error)

func CalculateRefreshHint

func CalculateRefreshHint(bundle *Bundle) time.Duration

CalculateRefreshHint is used to calculate the refresh hint for a given bundle. If the bundle already contains a refresh hint, then that is used, Otherwise, it looks at the lifetimes of the bundle contents and returns a fraction of the smallest. It is fairly aggressive but ensures clients don't miss a rotation period and lose their ability to fetch. TODO: reevaluate our strategy here when we rework the TTL story inside SPIRE.

func CommonBundleFromProto

func CommonBundleFromProto(b *types.Bundle) (*common.Bundle, error)

func JWTSigningKeysFromBundleProto

func JWTSigningKeysFromBundleProto(b *common.Bundle) (map[string]crypto.PublicKey, error)

func Marshal

func Marshal(bundle *Bundle, opts ...MarshalOption) ([]byte, error)

func MergeBundles

func MergeBundles(a, b *common.Bundle) (*common.Bundle, bool)

func PruneBundle

func PruneBundle(bundle *common.Bundle, expiration time.Time, log logrus.FieldLogger) (*common.Bundle, bool, error)

PruneBundle removes the bundle RootCAs and JWT keys that expired before a given time It returns an error if prunning results in a bundle with no CAs or keys

func RootCAsDERFromBundleProto

func RootCAsDERFromBundleProto(b *common.Bundle) (derBytes []byte)

func RootCAsFromBundleProto

func RootCAsFromBundleProto(b *common.Bundle) (out []*x509.Certificate, err error)

Types

type Bundle

type Bundle struct {
	// contains filtered or unexported fields
}

func BundleFromProto

func BundleFromProto(b *common.Bundle) (*Bundle, error)

func BundleFromRootCA

func BundleFromRootCA(trustDomain spiffeid.TrustDomain, rootCA *x509.Certificate) *Bundle

func BundleFromRootCAs

func BundleFromRootCAs(trustDomain spiffeid.TrustDomain, rootCAs []*x509.Certificate) *Bundle

func Decode

func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error)

func New

func New(trustDomain spiffeid.TrustDomain) *Bundle

func ParseBundle

func ParseBundle(bundleBytes []byte) (*Bundle, error)

func Unmarshal

func Unmarshal(trustDomain spiffeid.TrustDomain, data []byte) (*Bundle, error)

func (*Bundle) AppendJWTSigningKey

func (b *Bundle) AppendJWTSigningKey(kid string, key crypto.PublicKey) error

func (*Bundle) AppendRootCA

func (b *Bundle) AppendRootCA(rootCA *x509.Certificate)

func (*Bundle) EqualTo

func (b *Bundle) EqualTo(other *Bundle) bool

func (*Bundle) JWTSigningKeys

func (b *Bundle) JWTSigningKeys() map[string]crypto.PublicKey

func (*Bundle) Proto

func (b *Bundle) Proto() *common.Bundle

func (*Bundle) RefreshHint

func (b *Bundle) RefreshHint() time.Duration

RefreshHint returns the bundle refresh hint.

func (*Bundle) RootCAs

func (b *Bundle) RootCAs() []*x509.Certificate

func (*Bundle) SetRefreshHint

func (b *Bundle) SetRefreshHint(d time.Duration)

SetRefreshHint sets the bundle refresh hint to the given duration. It is rounded up to the nearest second.

func (*Bundle) TrustDomainID

func (b *Bundle) TrustDomainID() string

type MarshalOption

type MarshalOption interface {
	// contains filtered or unexported methods
}

func NoJWTSVIDKeys

func NoJWTSVIDKeys() MarshalOption

NoJWTSVIDKeys skips marshalling JWT SVID keys

func NoX509SVIDKeys

func NoX509SVIDKeys() MarshalOption

NoX509SVIDKeys skips marshalling X509 SVID keys

func OverrideRefreshHint

func OverrideRefreshHint(value time.Duration) MarshalOption

OverrideRefreshHint overrides the refresh hint in the bundle

func StandardJWKS

func StandardJWKS() MarshalOption

StandardJWKS omits SPIFFE-specific parameters from the marshaled bundle

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL