x509svid

package

v2.2.0 Latest Latest Go to latest Published: Feb 28, 2023 License: Apache-2.0 Imports: 11 Imported by: 7

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/accuknox/go-spiffe

Links

Open Source Insights

Documentation ¶

Index ¶

func IDFromCert(cert *x509.Certificate) (spiffeid.ID, error)
func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source, opts ...VerifyOption) (spiffeid.ID, [][]*x509.Certificate, error)
func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source, ...) (spiffeid.ID, [][]*x509.Certificate, error)
type SVID
type Source
type VerifyOption
- func WithTime(now time.Time) VerifyOption

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IDFromCert ¶

func IDFromCert(cert *x509.Certificate) (spiffeid.ID, error)

IDFromCert extracts the SPIFFE ID from the URI SAN of the provided certificate. It will return an an error if the certificate does not have exactly one URI SAN with a well-formed SPIFFE ID.

func ParseAndVerify ¶

func ParseAndVerify(rawCerts [][]byte, bundleSource x509bundle.Source, opts ...VerifyOption) (spiffeid.ID, [][]*x509.Certificate, error)

ParseAndVerify parses and verifies an X509-SVID chain using the X.509 bundle source. It returns the SPIFFE ID of the X509-SVID and one or more chains back to a root in the bundle.

func Verify ¶

func Verify(certs []*x509.Certificate, bundleSource x509bundle.Source, opts ...VerifyOption) (spiffeid.ID, [][]*x509.Certificate, error)

Verify verifies an X509-SVID chain using the X.509 bundle source. It returns the SPIFFE ID of the X509-SVID and one or more chains back to a root in the bundle.

Types ¶

func Load ¶

func Load(certFile, keyFile string) (*SVID, error)

Load loads the X509-SVID from PEM encoded files on disk. certFile and keyFile may be the same file.

func Parse ¶

func Parse(certBytes, keyBytes []byte) (*SVID, error)

Parse parses the X509-SVID from PEM blocks containing certificate and key bytes. The certificate must be one or more PEM blocks with ASN.1 DER. The key must be a PEM block with PKCS#8 ASN.1 DER.

func ParseRaw ¶

func ParseRaw(certBytes, keyBytes []byte) (*SVID, error)

ParseRaw parses the X509-SVID from certificate and key bytes. The certificate must be ASN.1 DER (concatenated with no intermediate padding if there are more than one certificate). The key must be a PKCS#8 ASN.1 DER.

func (*SVID) GetX509SVID ¶

func (s *SVID) GetX509SVID() (*SVID, error)

GetX509SVID returns the X509-SVID. It implements the Source interface.

func (*SVID) Marshal ¶

func (s *SVID) Marshal() ([]byte, []byte, error)

Marshal marshals the X509-SVID and returns PEM encoded blocks for the SVID and private key.

func (*SVID) MarshalRaw ¶

func (s *SVID) MarshalRaw() ([]byte, []byte, error)

MarshalRaw marshals the X509-SVID and returns ASN.1 DER for the certificates (concatenated with no intermediate padding) and PKCS8 ASN1.DER for the private key.

type Source ¶

type Source interface {
	// GetX509SVID returns an X509-SVID from the source.
	GetX509SVID() (*SVID, error)
}

Source represents a source of X509-SVIDs.

type VerifyOption ¶

type VerifyOption interface {
	// contains filtered or unexported methods
}

VerifyOption is an option used when verifying X509-SVIDs.

func WithTime ¶

func WithTime(now time.Time) VerifyOption

WithTime sets the time used when verifying validity periods on the X509-SVID. If not used, the current time will be used.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL