Documentation
¶
Index ¶
- Constants
- Variables
- func Fingerprint(cert *x509.Certificate) string
- func MakeSpiffeID(trustDomain string, agentPathTemplate *template.Template, ...) (string, error)
- func VerifyChallengeResponse(publicKey interface{}, challenge *Challenge, response *Response) error
- func VerifyECDSASignatureResponse(publicKey *ecdsa.PublicKey, challenge *ECDSASignatureChallenge, ...) error
- func VerifyRSASignatureResponse(publicKey *rsa.PublicKey, challenge *RSASignatureChallenge, ...) error
- type AttestationData
- type Challenge
- type ECDSASignatureChallenge
- type ECDSASignatureResponse
- type RSASignatureChallenge
- type RSASignatureResponse
- type Response
Constants ¶
View Source
const (
// PluginName for X.509 Proof of Possession
PluginName = "x509pop"
)
Variables ¶
View Source
var DefaultAgentPathTemplate = template.Must(template.New("agent-svid").Parse("{{ .PluginName }}/{{ .Fingerprint }}"))
DefaultAgentPathTemplate is the default text/template
Functions ¶
func Fingerprint ¶
func Fingerprint(cert *x509.Certificate) string
func MakeSpiffeID ¶
func MakeSpiffeID(trustDomain string, agentPathTemplate *template.Template, cert *x509.Certificate) (string, error)
MakeSpiffeID creates a SPIFFE ID from X.509 Certificate data.
func VerifyChallengeResponse ¶
func VerifyECDSASignatureResponse ¶
func VerifyECDSASignatureResponse(publicKey *ecdsa.PublicKey, challenge *ECDSASignatureChallenge, response *ECDSASignatureResponse) error
func VerifyRSASignatureResponse ¶
func VerifyRSASignatureResponse(publicKey *rsa.PublicKey, challenge *RSASignatureChallenge, response *RSASignatureResponse) error
Types ¶
type AttestationData ¶
type AttestationData struct {
// DER encoded x509 certificate chain leading back to the trusted root. The
// leaf certificate comes first.
Certificates [][]byte `json:"certificates"`
}
type Challenge ¶
type Challenge struct {
RSASignature *RSASignatureChallenge `json:"rsa_signature"`
ECDSASignature *ECDSASignatureChallenge `json:"ecdsa_signature"`
}
func GenerateChallenge ¶
func GenerateChallenge(cert *x509.Certificate) (*Challenge, error)
type ECDSASignatureChallenge ¶
type ECDSASignatureChallenge struct {
// Nonce is the nonce generated by the challenger.
Nonce []byte `json:"nonce"`
}
func GenerateECDSASignatureChallenge ¶
func GenerateECDSASignatureChallenge() (*ECDSASignatureChallenge, error)
type ECDSASignatureResponse ¶
type ECDSASignatureResponse struct {
// Nonce is the nonce generated by the responder.
Nonce []byte `json:"nonce"`
// R value of the ECDSA signature of the combined challenger and responder
// nonces.
R []byte `json:"r"`
// S value of the ECDSA signature of the combined challenger and responder
// nonces.
S []byte `json:"s"`
}
func CalculateECDSASignatureResponse ¶
func CalculateECDSASignatureResponse(privateKey *ecdsa.PrivateKey, challenge *ECDSASignatureChallenge) (*ECDSASignatureResponse, error)
type RSASignatureChallenge ¶
type RSASignatureChallenge struct {
// Nonce is the nonce generated by the challenger.
Nonce []byte `json:"nonce"`
}
func GenerateRSASignatureChallenge ¶
func GenerateRSASignatureChallenge() (*RSASignatureChallenge, error)
type RSASignatureResponse ¶
type RSASignatureResponse struct {
// Nonce is the nonce generated by the responder.
Nonce []byte `json:"nonce"`
// Signature is the RSA signature of the combined challenger and responder
// nonces.
Signature []byte `json:"signature"`
}
func CalculateRSASignatureResponse ¶
func CalculateRSASignatureResponse(privateKey *rsa.PrivateKey, challenge *RSASignatureChallenge) (*RSASignatureResponse, error)
type Response ¶
type Response struct {
RSASignature *RSASignatureResponse `json:"rsa_signature"`
ECDSASignature *ECDSASignatureResponse `json:"ecdsa_signature"`
}
func CalculateResponse ¶
Source Files
Click to show internal directories.
Click to hide internal directories.