Documentation
¶
Index ¶
- func IDFromCert(cert *x509.Certificate) (spiffeid.ID, error)
- func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source, opts ...VerifyOption) (spiffeid.ID, [][]*x509.Certificate, error)
- func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source, ...) (spiffeid.ID, [][]*x509.Certificate, error)
- type SVID
- type Source
- type VerifyOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IDFromCert ¶
func IDFromCert(cert *x509.Certificate) (spiffeid.ID, error)
IDFromCert extracts the SPIFFE ID from the URI SAN of the provided certificate. It will return an an error if the certificate does not have exactly one URI SAN with a well-formed SPIFFE ID.
func ParseAndVerify ¶
func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source, opts ...VerifyOption) (spiffeid.ID, [][]*x509.Certificate, error)
ParseAndVerify parses and verifies an X509-SVID chain using the X.509 bundle source. It returns the SPIFFE ID of the X509-SVID and one or more chains back to a root in the bundle.
func Verify ¶
func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source, opts ...VerifyOption) (spiffeid.ID, [][]*x509.Certificate, error)
Verify verifies an X509-SVID chain using the X.509 bundle source. It returns the SPIFFE ID of the X509-SVID and one or more chains back to a root in the bundle.
Types ¶
type SVID ¶
type SVID struct {
// ID is the SPIFFE ID of the X509-SVID.
ID spiffeid.ID
// Certificates are the X.509 certificates of the X509-SVID. The leaf
// certificate is the X509-SVID certificate. Any remaining certificates (
// if any) chain the X509-SVID certificate back to a X.509 root for the
// trust domain.
Certificates []*x509.Certificate
// PrivateKey is the private key for the X509-SVID.
PrivateKey crypto.Signer
// Hint is an operator-specified string used to provide guidance on how this
// identity should be used by a workload when more than one SVID is returned.
Hint string
}
SVID represents a SPIFFE X509-SVID.
func Load ¶
Load loads the X509-SVID from PEM encoded files on disk. certFile and keyFile may be the same file.
func Parse ¶
Parse parses the X509-SVID from PEM blocks containing certificate and key bytes. The certificate must be one or more PEM blocks with ASN.1 DER. The key must be a PEM block with PKCS#8 ASN.1 DER.
func ParseRaw ¶
ParseRaw parses the X509-SVID from certificate and key bytes. The certificate must be ASN.1 DER (concatenated with no intermediate padding if there are more than one certificate). The key must be a PKCS#8 ASN.1 DER.
func (*SVID) GetX509SVID ¶
GetX509SVID returns the X509-SVID. It implements the Source interface.
type Source ¶
type Source interface {
// GetX509SVID returns an X509-SVID from the source.
GetX509SVID() (*SVID, error)
}
Source represents a source of X509-SVIDs.
type VerifyOption ¶
type VerifyOption interface {
// contains filtered or unexported methods
}
VerifyOption is an option used when verifying X509-SVIDs.
func WithTime ¶
func WithTime(now time.Time) VerifyOption
WithTime sets the time used when verifying validity periods on the X509-SVID. If not used, the current time will be used.
Source Files