x509svid

package
v2.0.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 6, 2020 License: Apache-2.0 Imports: 10 Imported by: 52

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseAndVerify

func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source) (spiffeid.ID, [][]*x509.Certificate, error)

ParseAndVerify parses and verifies an X509-SVID chain using the X.509 bundle source. It returns the SPIFFE ID of the X509-SVID and one or more chains back to a root in the bundle.

func Verify

func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source) (spiffeid.ID, [][]*x509.Certificate, error)

Verify verifies an X509-SVID chain using the X.509 bundle source. It returns the SPIFFE ID of the X509-SVID and one or more chains back to a root in the bundle.

Types

type SVID

type SVID struct {
	// ID is the SPIFFE ID of the X509-SVID.
	ID spiffeid.ID

	// Certificates are the X.509 certificates of the X509-SVID. The leaf
	// certificate is the X509-SVID certificate. Any remaining certificates (
	// if any) chain the X509-SVID certificate back to a X.509 root for the
	// trust domain.
	Certificates []*x509.Certificate

	// PrivateKey is the private key for the X509-SVID.
	PrivateKey crypto.Signer
}

SVID represents a SPIFFE X509-SVID.

func Load

func Load(certFile, keyFile string) (*SVID, error)

Load loads the X509-SVID from PEM encoded files on disk. certFile and keyFile may be the same file.

func Parse

func Parse(certBytes, keyBytes []byte) (*SVID, error)

Parse parses the X509-SVID from PEM blocks containing certificate and key bytes. The certificate must be one or more PEM blocks with ASN.1 DER. The key must be a PEM block with PKCS#8 ASN.1 DER.

func ParseRaw

func ParseRaw(certBytes, keyBytes []byte) (*SVID, error)

ParseRaw parses the X509-SVID from certificate and key bytes. The certificate must be ASN.1 DER (concatenated with no intermediate padding if there are more than one certificate). The key must be a PKCS#8 ASN.1 DER.

func (*SVID) GetX509SVID

func (s *SVID) GetX509SVID() (*SVID, error)

GetX509SVID returns the X509-SVID. It implements the Source interface.

func (*SVID) Marshal

func (s *SVID) Marshal() ([]byte, []byte, error)

Marshal marshals the X509-SVID and returns PEM encoded blocks for the SVID and private key.

func (*SVID) MarshalRaw

func (s *SVID) MarshalRaw() ([]byte, []byte, error)

MarshalRaw marshals the X509-SVID and returns ASN.1 DER for the certificates (concatenated with no intermediate padding) and PKCS8 ASN1.DER for the private key.

type Source

type Source interface {
	// GetX509SVID returns an X509-SVID from the source.
	GetX509SVID() (*SVID, error)
}

Source represents a source of X509-SVIDs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL