identity

package
v0.0.0-...-b918271 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 10, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CertMatchesPolicy

func CertMatchesPolicy[Certificate *x509.Certificate | *google_x509.Certificate](cert Certificate, expectedSub string, expectedIssuers []string) (bool, string, string, error)

CertMatchesPolicy returns true if a certificate contains a given subject and optionally a given issuer expectedSub and expectedIssuers can be regular expressions CertMatchesPolicy also returns the matched subject and issuer on success

func CreateIdentitiesList

func CreateIdentitiesList(mvs MonitoredValues) []string

CreateIdentitiesList takes in a MonitoredValues input and returns a list of all currently monitored identities. It returns a list of strings.

func MonitoredValuesExist

func MonitoredValuesExist(mvs MonitoredValues) bool

MonitoredValuesExist checks if there are monitored values in an input and returns accordingly.

func OIDMatchesPolicy

func OIDMatchesPolicy[Certificate *x509.Certificate | *google_x509.Certificate](cert Certificate, oid asn1.ObjectIdentifier, extensionValues []string) (bool, asn1.ObjectIdentifier, string, error)

OIDMatchesPolicy returns if a certificate contains both a given OID field and a matching value associated with that field if true, it returns the OID extension and extension value that were matched on

func PrintMonitoredIdentities

func PrintMonitoredIdentities(monitoredIdentities []MonitoredIdentity) ([]byte, error)

PrintMonitoredIdentities formats a list of monitored identities and corresponding log entries using JSON tagging into JSON formatting.

Types

type CertificateIdentity

type CertificateIdentity struct {
	CertSubject string   `yaml:"certSubject"`
	Issuers     []string `yaml:"issuers"`
}

CertificateIdentity holds a certificate subject and an optional list of identity issuers

type LogEntry

type LogEntry struct {
	CertSubject    string
	Issuer         string
	Fingerprint    string
	Subject        string
	Index          int64
	UUID           string
	OIDExtension   asn1.ObjectIdentifier
	ExtensionValue string
}

LogEntry holds a certificate subject, issuer, OID extension and associated value, and log entry metadata

func (*LogEntry) String

func (e *LogEntry) String() string

type MonitoredIdentity

type MonitoredIdentity struct {
	Identity             string     `json:"identity"`
	FoundIdentityEntries []LogEntry `json:"foundIdentityEntries"`
}

MonitoredIdentity holds an identity and associated log entries matching the identity being monitored.

func CreateMonitoredIdentities

func CreateMonitoredIdentities(inputIdentityEntries []LogEntry, monitoredIdentities []string) []MonitoredIdentity

CreateMonitoredIdentities takes in a list of IdentityEntries and groups them by associated identity based on an input list of identities to monitor. It returns a list of MonitoredIdentities.

type MonitoredValues

type MonitoredValues struct {
	// CertificateIdentities contains a list of subjects and issuers
	CertificateIdentities []CertificateIdentity `yaml:"certIdentities"`
	// Fingerprints contains a list of key fingerprints. Values are as follows:
	// For keys, certificates, and minisign, hex-encoded SHA-256 digest
	// of the DER-encoded PKIX public key or certificate
	// For SSH and PGP, the standard for each ecosystem:
	// For SSH, unpadded base-64 encoded SHA-256 digest of the key
	// For PGP, hex-encoded SHA-1 digest of a key, which can be either
	// a primary key or subkey
	Fingerprints []string `yaml:"fingerprints"`
	// Subjects contains a list of subjects that are not specified in a
	// certificate, such as a SSH key or PGP key email address
	Subjects []string `yaml:"subjects"`
	// OIDMatchers represents a list of OID extension fields and associated values,
	// which includes those constructed directly, those supported by Fulcio, and any constructed via dot notation.
	OIDMatchers []extensions.OIDExtension `yaml:"oidMatchers"`
}

MonitoredValues holds a set of values to compare against a given entry

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL