bundleutil

package

v1.0.2 Latest Latest Go to latest Published: May 18, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/accuknox/spire

Documentation ¶

Index ¶

Constants
func BundleProtoFromRootCA(trustDomainID string, rootCA *x509.Certificate) *common.Bundle
func BundleProtoFromRootCADER(trustDomainID string, derBytes []byte) *common.Bundle
func BundleProtoFromRootCAs(trustDomainID string, rootCAs []*x509.Certificate) *common.Bundle
func BundleProtoFromRootCAsDER(trustDomainID string, derBytes []byte) (*common.Bundle, error)
func CalculateRefreshHint(bundle *Bundle) time.Duration
func CommonBundleFromProto(b *types.Bundle) (*common.Bundle, error)
func JWTSigningKeysFromBundleProto(b *common.Bundle) (map[string]crypto.PublicKey, error)
func Marshal(bundle *Bundle, opts ...MarshalOption) ([]byte, error)
func MergeBundles(a, b *common.Bundle) (*common.Bundle, bool)
func PruneBundle(bundle *common.Bundle, expiration time.Time, log logrus.FieldLogger) (*common.Bundle, bool, error)
func RootCAsDERFromBundleProto(b *common.Bundle) (derBytes []byte)
func RootCAsFromBundleProto(b *common.Bundle) (out []*x509.Certificate, err error)
type Bundle
type MarshalOption

Constants ¶

View Source

const (

	// MinimumRefreshHint is the smallest refresh hint the client allows.
	// Anything smaller than the minimum will be reset to the minimum.
	MinimumRefreshHint = time.Minute
)

Variables ¶

This section is empty.

Functions ¶

func BundleProtoFromRootCA ¶

func BundleProtoFromRootCA(trustDomainID string, rootCA *x509.Certificate) *common.Bundle

func BundleProtoFromRootCADER ¶

func BundleProtoFromRootCADER(trustDomainID string, derBytes []byte) *common.Bundle

func BundleProtoFromRootCAs ¶

func BundleProtoFromRootCAs(trustDomainID string, rootCAs []*x509.Certificate) *common.Bundle

func BundleProtoFromRootCAsDER ¶

func BundleProtoFromRootCAsDER(trustDomainID string, derBytes []byte) (*common.Bundle, error)

func CalculateRefreshHint ¶

func CalculateRefreshHint(bundle *Bundle) time.Duration

CalculateRefreshHint is used to calculate the refresh hint for a given bundle. If the bundle already contains a refresh hint, then that is used, Otherwise, it looks at the lifetimes of the bundle contents and returns a fraction of the smallest. It is fairly aggressive but ensures clients don't miss a rotation period and lose their ability to fetch. TODO: reevaluate our strategy here when we rework the TTL story inside SPIRE.

func CommonBundleFromProto ¶

func CommonBundleFromProto(b *types.Bundle) (*common.Bundle, error)

func JWTSigningKeysFromBundleProto ¶

func JWTSigningKeysFromBundleProto(b *common.Bundle) (map[string]crypto.PublicKey, error)

func Marshal ¶

func Marshal(bundle *Bundle, opts ...MarshalOption) ([]byte, error)

func MergeBundles ¶

func MergeBundles(a, b *common.Bundle) (*common.Bundle, bool)

func PruneBundle ¶

func PruneBundle(bundle *common.Bundle, expiration time.Time, log logrus.FieldLogger) (*common.Bundle, bool, error)

PruneBundle removes the bundle RootCAs and JWT keys that expired before a given time It returns an error if prunning results in a bundle with no CAs or keys

func RootCAsDERFromBundleProto ¶

func RootCAsDERFromBundleProto(b *common.Bundle) (derBytes []byte)

func RootCAsFromBundleProto ¶

func RootCAsFromBundleProto(b *common.Bundle) (out []*x509.Certificate, err error)

Types ¶

type Bundle ¶

type Bundle struct {
	// contains filtered or unexported fields
}

func BundleFromProto ¶

func BundleFromProto(b *common.Bundle) (*Bundle, error)

func BundleFromRootCA ¶

func BundleFromRootCA(trustDomain spiffeid.TrustDomain, rootCA *x509.Certificate) *Bundle

func BundleFromRootCAs ¶

func BundleFromRootCAs(trustDomain spiffeid.TrustDomain, rootCAs []*x509.Certificate) *Bundle

func Decode ¶

func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error)

func New ¶

func New(trustDomain spiffeid.TrustDomain) *Bundle

func ParseBundle ¶

func ParseBundle(bundleBytes []byte) (*Bundle, error)

func Unmarshal ¶

func Unmarshal(trustDomain spiffeid.TrustDomain, data []byte) (*Bundle, error)

func (*Bundle) AppendJWTSigningKey ¶

func (b *Bundle) AppendJWTSigningKey(kid string, key crypto.PublicKey) error

func (*Bundle) AppendRootCA ¶

func (b *Bundle) AppendRootCA(rootCA *x509.Certificate)

func (*Bundle) EqualTo ¶

func (b *Bundle) EqualTo(other *Bundle) bool

func (*Bundle) JWTSigningKeys ¶

func (b *Bundle) JWTSigningKeys() map[string]crypto.PublicKey

func (*Bundle) Proto ¶

func (b *Bundle) Proto() *common.Bundle

func (*Bundle) RefreshHint ¶

func (b *Bundle) RefreshHint() time.Duration

RefreshHint returns the bundle refresh hint.

func (*Bundle) RootCAs ¶

func (b *Bundle) RootCAs() []*x509.Certificate

func (*Bundle) SetRefreshHint ¶

func (b *Bundle) SetRefreshHint(d time.Duration)

SetRefreshHint sets the bundle refresh hint to the given duration. It is rounded up to the nearest second.

func (*Bundle) TrustDomainID ¶

func (b *Bundle) TrustDomainID() string

type MarshalOption ¶

type MarshalOption interface {
	// contains filtered or unexported methods
}

func NoJWTSVIDKeys ¶

func NoJWTSVIDKeys() MarshalOption

NoJWTSVIDKeys skips marshalling JWT SVID keys

func NoX509SVIDKeys ¶

func NoX509SVIDKeys() MarshalOption

NoX509SVIDKeys skips marshalling X509 SVID keys

func OverrideRefreshHint ¶

func OverrideRefreshHint(value time.Duration) MarshalOption

OverrideRefreshHint overrides the refresh hint in the bundle

func StandardJWKS ¶

func StandardJWKS() MarshalOption

StandardJWKS omits SPIFFE-specific parameters from the marshaled bundle

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL