spiffebundle

package
v2.0.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2020 License: Apache-2.0 Imports: 15 Imported by: 26

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Bundle 

type Bundle struct {
	// contains filtered or unexported fields
}

Bundle is a collection of trusted public key material for a trust domain, conforming to the SPIFFE Bundle Format as part of the SPIFFE Trust Domain and Bundle specification: https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md

func FromJWTBundle 

func FromJWTBundle(jwtBundle *jwtbundle.Bundle) *Bundle

FromJWTBundle creates a bundle from a JWT bundle. The function panics in case of a nil JWT bundle.

func FromJWTKeys 

func FromJWTKeys(trustDomain spiffeid.TrustDomain, jwtKeys map[string]crypto.PublicKey) *Bundle

FromJWTKeys creates a new bundle from JWT public keys.

func FromX509Bundle 

func FromX509Bundle(x509Bundle *x509bundle.Bundle) *Bundle

FromX509Bundle creates a bundle from an X.509 bundle. The function panics in case of a nil X.509 bundle.

func FromX509Roots 

func FromX509Roots(trustDomain spiffeid.TrustDomain, x509Roots []*x509.Certificate) *Bundle

FromX509Roots creates a bundle from X.509 certificates.

func Load 

func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error)

Load loads a bundle from a file on disk.

func New 

func New(trustDomain spiffeid.TrustDomain) *Bundle

New creates a new bundle.

func Parse 

func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error)

Parse parses a bundle from bytes.

func Read 

func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error)

Read decodes a bundle from a reader.

func (*Bundle) AddJWTKey 

func (b *Bundle) AddJWTKey(keyID string, key crypto.PublicKey) error

AddJWTKey adds a JWT key to the bundle. If a JWT key already exists under the given key ID, it is replaced. A key ID must be specified.

func (*Bundle) AddX509Root 

func (b *Bundle) AddX509Root(x509Root *x509.Certificate)

AddX509Root adds an X.509 root to the bundle. If the root already exists in the bundle, the contents of the bundle will remain unchanged.

func (*Bundle) ClearRefreshHint 

func (b *Bundle) ClearRefreshHint()

ClearRefreshHint clears the refresh hint.

func (*Bundle) ClearSequenceNumber 

func (b *Bundle) ClearSequenceNumber()

ClearSequenceNumber clears the sequence number.

func (*Bundle) Empty 

func (b *Bundle) Empty() bool

Empty returns true if the bundle has no X.509 roots and no JWT keys.

func (*Bundle) Equal 

func (b *Bundle) Equal(other *Bundle) bool

func (*Bundle) FindJWTKey 

func (b *Bundle) FindJWTKey(keyID string) (crypto.PublicKey, bool)

FindJWTKey finds the JWT key with the given key id from the bundle. If the key is found, it is returned and the boolean is true. Otherwise, the returned value is nil and the boolean is false.

func (*Bundle) GetBundleForTrustDomain 

func (b *Bundle) GetBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetBundleForTrustDomain returns the SPIFFE bundle for the given trust domain. It implements the Source interface. An error will be returned if the trust domain does not match that of the bundle.

func (*Bundle) GetJWTBundleForTrustDomain 

func (b *Bundle) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*jwtbundle.Bundle, error)

GetJWTBundleForTrustDomain returns the JWT bundle of the given trust domain. It implements the jwtbundle.Source interface. An error will be returned if the trust domain does not match that of the bundle.

func (*Bundle) GetX509BundleForTrustDomain 

func (b *Bundle) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*x509bundle.Bundle, error)

GetX509BundleForTrustDomain returns the X.509 bundle for the given trust domain. It implements the x509bundle.Source interface. An error will be returned if the trust domain does not match that of the bundle.

func (*Bundle) HasJWTKey 

func (b *Bundle) HasJWTKey(keyID string) bool

HasJWTKey returns true if the bundle has a JWT key with the given key id.

func (*Bundle) HasX509Root 

func (b *Bundle) HasX509Root(root *x509.Certificate) bool

HasX509Root checks if the given X.509 root exists in the bundle.

func (*Bundle) JWTBundle 

func (b *Bundle) JWTBundle() *jwtbundle.Bundle

JWTBundle returns a JWT bundle containing the JWT keys in the SPIFFE bundle.

func (*Bundle) JWTKeys 

func (b *Bundle) JWTKeys() map[string]crypto.PublicKey

JWTKeys returns the JWT keys in the bundle, keyed by key ID.

func (*Bundle) Marshal 

func (b *Bundle) Marshal() ([]byte, error)

Marshal marshals the bundle according to the SPIFFE Trust Domain and Bundle specification. The trust domain is not marshaled as part of the bundle and must be conveyed separately. See the specification for details.

func (*Bundle) RefreshHint 

func (b *Bundle) RefreshHint() (refreshHint time.Duration, ok bool)

RefreshHint returns the refresh hint. If the refresh hint is set in the bundle, it is returned and the boolean is true. Otherwise, the returned value is zero and the boolean is false.

func (*Bundle) RemoveJWTKey 

func (b *Bundle) RemoveJWTKey(keyID string)

RemoveJWTKey removes the JWT key identified by the key ID from the bundle.

func (*Bundle) RemoveX509Root 

func (b *Bundle) RemoveX509Root(x509Root *x509.Certificate)

RemoveX509Root removes an X.509 root from the bundle.

func (*Bundle) SequenceNumber 

func (b *Bundle) SequenceNumber() (uint64, bool)

SequenceNumber returns the sequence number. If the sequence number is set in the bundle, it is returned and the boolean is true. Otherwise, the returned value is zero and the boolean is false.

func (*Bundle) SetJWTKeys 

func (b *Bundle) SetJWTKeys(jwtKeys map[string]crypto.PublicKey)

SetJWTKeys sets the JWT keys in the bundle.

func (*Bundle) SetRefreshHint 

func (b *Bundle) SetRefreshHint(refreshHint time.Duration)

SetRefreshHint sets the refresh hint. The refresh hint value will be truncated to time.Second.

func (*Bundle) SetSequenceNumber 

func (b *Bundle) SetSequenceNumber(sequenceNumber uint64)

SetSequenceNumber sets the sequence number.

func (*Bundle) SetX509Roots 

func (b *Bundle) SetX509Roots(roots []*x509.Certificate)

SetX509Roots sets the X.509 roots in the bundle.

func (*Bundle) TrustDomain 

func (b *Bundle) TrustDomain() spiffeid.TrustDomain

TrustDomain returns the trust domain that the bundle belongs to.

func (*Bundle) X509Bundle 

func (b *Bundle) X509Bundle() *x509bundle.Bundle

X509Bundle returns an X.509 bundle containing the X.509 roots in the SPIFFE bundle.

func (*Bundle) X509Roots 

func (b *Bundle) X509Roots() []*x509.Certificate

X509Roots returns the X.509 roots in the bundle.

type Set 

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of bundles, keyed by trust domain.

func NewSet 

func NewSet(bundles ...*Bundle) *Set

NewSet creates a new set initialized with the given bundles.

func (*Set) Add 

func (s *Set) Add(bundle *Bundle)

Add adds a new bundle into the set. If a bundle already exists for the trust domain, the existing bundle is replaced.

func (*Set) Bundles 

func (s *Set) Bundles() []*Bundle

Bundles returns the bundles in the set sorted by trust domain.

func (*Set) Get 

func (s *Set) Get(trustDomain spiffeid.TrustDomain) (*Bundle, bool)

Get returns a bundle for the given trust domain. If the bundle is in the set it is returned and the boolean is true. Otherwise, the returned value is nil and the boolean is false.

func (*Set) GetBundleForTrustDomain 

func (s *Set) GetBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetBundleForTrustDomain returns the SPIFFE bundle for the given trust domain. It implements the Source interface.

func (*Set) GetJWTBundleForTrustDomain 

func (s *Set) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*jwtbundle.Bundle, error)

GetJWTBundleForTrustDomain returns the JWT bundle for the given trust domain. It implements the jwtbundle.Source interface.

func (*Set) GetX509BundleForTrustDomain 

func (s *Set) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*x509bundle.Bundle, error)

GetX509BundleForTrustDomain returns the X.509 bundle for the given trust domain. It implements the x509bundle.Source interface.

func (*Set) Has 

func (s *Set) Has(trustDomain spiffeid.TrustDomain) bool

Has returns true if there is a bundle for the given trust domain.

func (*Set) Len 

func (s *Set) Len() int

Len returns the number of bundles in the set.

func (*Set) Remove 

func (s *Set) Remove(trustDomain spiffeid.TrustDomain)

Remove removes the bundle for the given trust domain.

type Source 

type Source interface {
	// GetBundleForTrustDomain returns the SPIFFE bundle for the given trust
	// domain.
	GetBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)
}

Source represents a source of SPIFFE bundles keyed by trust domain.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.