Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseAndVerify ¶
func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source) (spiffeid.ID, [][]*x509.Certificate, error)
ParseAndVerify parses and verifies an X509-SVID chain using the X.509 bundle source. It returns the SPIFFE ID of the X509-SVID and one or more chains back to a root in the bundle.
func Verify ¶
func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source) (spiffeid.ID, [][]*x509.Certificate, error)
Verify verifies an X509-SVID chain using the X.509 bundle source. It returns the SPIFFE ID of the X509-SVID and one or more chains back to a root in the bundle.
Types ¶
type SVID ¶
type SVID struct { // ID is the SPIFFE ID of the X509-SVID. ID spiffeid.ID // Certificates are the X.509 certificates of the X509-SVID. The leaf // certificate is the X509-SVID certificate. Any remaining certificates ( // if any) chain the X509-SVID certificate back to a X.509 root for the // trust domain. Certificates []*x509.Certificate // PrivateKey is the private key for the X509-SVID. PrivateKey crypto.Signer }
SVID represents a SPIFFE X509-SVID.
func Load ¶
Load loads the X509-SVID from PEM encoded files on disk. certFile and keyFile may be the same file.
func Parse ¶
Parse parses the X509-SVID from PEM blocks containing certificate and key bytes. The certificate must be one or more PEM blocks with ASN.1 DER. The key must be a PEM block with PKCS#8 ASN.1 DER.
func ParseRaw ¶
ParseRaw parses the X509-SVID from certificate and key bytes. The certificate must be ASN.1 DER (concatenated with no intermediate padding if there are more than one certificate). The key must be a PKCS#8 ASN.1 DER.
func (*SVID) GetX509SVID ¶
GetX509SVID returns the X509-SVID. It implements the Source interface.