x509bundle

package
v2.0.0-beta.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 27, 2020 License: Apache-2.0 Imports: 9 Imported by: 34

Documentation

Overview

Package x509bundle provides X.509 bundle related functionality.

A bundle represents a collection of X.509 authorities, i.e., those that are used to authenticate SPIFFE X509-SVIDs.

You can create a new bundle for a specific trust domain:

td := spiffeid.RequireTrustDomain("example.org")
bundle := x509bundle.New(td)

Or you can load it from disk:

td := spiffeid.RequireTrustDomain("example.org")
bundle := x509bundle.Load(td, "bundle.pem")

The bundle can be initialized with X.509 authorities:

td := spiffeid.RequireTrustDomain("example.org")
var x509Authorities []*x509.Certificate = ...
bundle := x509bundle.FromX509Authorities(td, x509Authorities)

In addition, you can add X.509 authorities to the bundle:

var x509CA *x509.Certificate = ...
bundle.AddX509Authority(x509CA)

Bundles can be organized into a set, keyed by trust domain:

set := x509bundle.NewSet()
set.Add(bundle)

A Source is source of X.509 bundles for a trust domain. Both the Bundle and Set types implement Source:

// Initialize the source from a bundle or set
var source x509bundle.Source = bundle
// ... or ...
var source x509bundle.Source = set

// Use the source to query for bundles by trust domain
bundle, err := source.GetX509BundleForTrustDomain(td)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Bundle

type Bundle struct {
	// contains filtered or unexported fields
}

Bundle is a collection of trusted X.509 authorities for a trust domain.

func FromX509Authorities

func FromX509Authorities(trustDomain spiffeid.TrustDomain, authorities []*x509.Certificate) *Bundle

FromX509Authorities creates a bundle from X.509 certificates.

func Load

func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error)

Load loads a bundle from a file on disk. The file must contain PEM-encoded certificate blocks.

func New

func New(trustDomain spiffeid.TrustDomain) *Bundle

New creates a new bundle.

func Parse

func Parse(trustDomain spiffeid.TrustDomain, b []byte) (*Bundle, error)

Parse parses a bundle from bytes. The data must be PEM-encoded certificate blocks.

func Read

func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error)

Read decodes a bundle from a reader. The contents must be PEM-encoded certificate blocks.

func (*Bundle) AddX509Authority

func (b *Bundle) AddX509Authority(x509Authority *x509.Certificate)

AddX509Authority adds an X.509 authority to the bundle. If the authority already exists in the bundle, the contents of the bundle will remain unchanged.

func (*Bundle) Empty

func (b *Bundle) Empty() bool

Empty returns true if the bundle has no X.509 x509Authorities.

func (*Bundle) GetX509BundleForTrustDomain

func (b *Bundle) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetX509BundleForTrustDomain returns the X.509 bundle for the given trust domain. It implements the Source interface. An error will be returned if the trust domain does not match that of the bundle.

func (*Bundle) HasX509Authority

func (b *Bundle) HasX509Authority(x509Authority *x509.Certificate) bool

HasX509Authority checks if the given X.509 authority exists in the bundle.

func (*Bundle) Marshal

func (b *Bundle) Marshal() ([]byte, error)

Marshal marshals the X.509 bundle into PEM-encoded certificate blocks.

func (*Bundle) RemoveX509Authority

func (b *Bundle) RemoveX509Authority(x509Authority *x509.Certificate)

RemoveX509Authority removes an X.509 authority from the bundle.

func (*Bundle) SetX509Authorities

func (b *Bundle) SetX509Authorities(x509Authorities []*x509.Certificate)

SetX509Authorities sets the X.509 authorities in the bundle.

func (*Bundle) TrustDomain

func (b *Bundle) TrustDomain() spiffeid.TrustDomain

TrustDomain returns the trust domain that the bundle belongs to.

func (*Bundle) X509Authorities

func (b *Bundle) X509Authorities() []*x509.Certificate

X509Authorities returns the X.509 x509Authorities in the bundle.

type Set

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of bundles, keyed by trust domain.

func NewSet

func NewSet(bundles ...*Bundle) *Set

NewSet creates a new set initialized with the given bundles.

func (*Set) Add

func (s *Set) Add(bundle *Bundle)

Add adds a new bundle into the set. If a bundle already exists for the trust domain, the existing bundle is replaced.

func (*Set) Bundles

func (s *Set) Bundles() []*Bundle

Bundles returns the bundles in the set sorted by trust domain.

func (*Set) Get

func (s *Set) Get(trustDomain spiffeid.TrustDomain) (*Bundle, bool)

Get returns a bundle for the given trust domain. If the bundle is in the set it is returned and the boolean is true. Otherwise, the returned value is nil and the boolean is false.

func (*Set) GetX509BundleForTrustDomain

func (s *Set) GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetX509BundleForTrustDomain returns the X.509 bundle for the given trust domain. It implements the Source interface.

func (*Set) Has

func (s *Set) Has(trustDomain spiffeid.TrustDomain) bool

Has returns true if there is a bundle for the given trust domain.

func (*Set) Len

func (s *Set) Len() int

Len returns the number of bundles in the set.

func (*Set) Remove

func (s *Set) Remove(trustDomain spiffeid.TrustDomain)

Remove removes the bundle for the given trust domain.

type Source

type Source interface {
	// GetX509BundleForTrustDomain returns the X.509 bundle for the given trust
	// domain.
	GetX509BundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)
}

Source represents a source of X.509 bundles keyed by trust domain.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL