Documentation
¶
Index ¶
- type IDGIdentity
- type PeerCertVerifier
- func (v *PeerCertVerifier) AddMapping(trustDomain string, certs []*x509.Certificate)
- func (v *PeerCertVerifier) AddMappingFromPEM(trustDomain string, rootCertBytes []byte) error
- func (v *PeerCertVerifier) AddMappings(certMap map[string][]*x509.Certificate)
- func (v *PeerCertVerifier) GetGeneralCertPool() *x509.CertPool
- func (v *PeerCertVerifier) VerifyPeerCert(rawCerts [][]byte, _ [][]*x509.Certificate) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IDGIdentity ¶
type IDGIdentity struct {
SiteID string `json:"site_id"`
ClusterID string `json:"cluster_id"`
UniqueID string `json:"unique_id"`
}
IDG Identity be like "spiffe://siteid/clusterid/unique_id"
func ParseIDGIdentity ¶
func ParseIDGIdentity(s string) (*IDGIdentity, error)
func (IDGIdentity) SpiffeID ¶
func (i IDGIdentity) SpiffeID() spiffeid.ID
func (IDGIdentity) String ¶
func (i IDGIdentity) String() string
type PeerCertVerifier ¶
type PeerCertVerifier struct {
// contains filtered or unexported fields
}
PeerCertVerifier is an instance to verify the peer certificate in the SPIFFE way using the retrieved root certificates.
func NewPeerCertVerifier ¶
func NewPeerCertVerifier() *PeerCertVerifier
NewPeerCertVerifier returns a new PeerCertVerifier.
func (*PeerCertVerifier) AddMapping ¶
func (v *PeerCertVerifier) AddMapping(trustDomain string, certs []*x509.Certificate)
AddMapping adds a new trust domain to certificates mapping to the certPools map.
func (*PeerCertVerifier) AddMappingFromPEM ¶
func (v *PeerCertVerifier) AddMappingFromPEM(trustDomain string, rootCertBytes []byte) error
AddMappingFromPEM adds multiple RootCA's to the spiffe Trust bundle in the trustDomain namespace
func (*PeerCertVerifier) AddMappings ¶
func (v *PeerCertVerifier) AddMappings(certMap map[string][]*x509.Certificate)
AddMappings merges a trust domain to certs map to the certPools map.
func (*PeerCertVerifier) GetGeneralCertPool ¶
func (v *PeerCertVerifier) GetGeneralCertPool() *x509.CertPool
GetGeneralCertPool returns generalCertPool containing all root certs.
func (*PeerCertVerifier) VerifyPeerCert ¶
func (v *PeerCertVerifier) VerifyPeerCert(rawCerts [][]byte, _ [][]*x509.Certificate) error
VerifyPeerCert is an implementation of tls.Config.VerifyPeerCertificate. It verifies the peer certificate using the root certificates associated with its trust domain.
Source Files