witbundle

package
v2.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package witbundle provides support for WIT bundles, which are JWK Sets used to validate WIT-SVID signatures.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Bundle 

type Bundle struct {
	// contains filtered or unexported fields
}

Bundle is a collection of trusted WIT authorities for a trust domain.

func FromWITAuthorities 

func FromWITAuthorities(trustDomain spiffeid.TrustDomain, witAuthorities map[string]crypto.PublicKey) *Bundle

FromWITAuthorities creates a new bundle from a map of WIT authorities keyed by key ID.

func Load 

func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error)

Load loads a bundle from a file on disk. The file must contain a standard RFC 7517 JWKS document.

func New 

func New(trustDomain spiffeid.TrustDomain) *Bundle

New creates a new empty bundle for the given trust domain.

func Parse 

func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error)

Parse parses a bundle from a JWK Set JSON document.

func Read 

func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error)

Read decodes a bundle from a reader. The contents must contain a standard RFC 7517 JWKS document.

func (*Bundle) AddWITAuthority 

func (b *Bundle) AddWITAuthority(keyID string, witAuthority crypto.PublicKey) error

AddWITAuthority adds a WIT authority to the bundle. If a WIT authority already exists under the given key ID, it is replaced. A key ID must be specified.

func (*Bundle) Clone 

func (b *Bundle) Clone() *Bundle

Clone clones the bundle.

func (*Bundle) Empty 

func (b *Bundle) Empty() bool

Empty returns true if the bundle has no WIT authorities.

func (*Bundle) Equal 

func (b *Bundle) Equal(other *Bundle) bool

Equal compares the bundle for equality against the given bundle.

func (*Bundle) FindWITAuthority 

func (b *Bundle) FindWITAuthority(keyID string) (crypto.PublicKey, bool)

FindWITAuthority finds the WIT authority with the given key ID from the bundle. If the authority is found, it is returned and the boolean is true. Otherwise, the returned value is nil and the boolean is false.

func (*Bundle) GetWITBundleForTrustDomain 

func (b *Bundle) GetWITBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetWITBundleForTrustDomain returns the WIT bundle for the given trust domain. It implements the Source interface. An error will be returned if the trust domain does not match that of the bundle.

func (*Bundle) HasWITAuthority 

func (b *Bundle) HasWITAuthority(keyID string) bool

HasWITAuthority returns true if the bundle has a WIT authority with the given key ID.

func (*Bundle) Marshal 

func (b *Bundle) Marshal() ([]byte, error)

Marshal marshals the WIT bundle into a standard RFC 7517 JWKS document.

func (*Bundle) RemoveWITAuthority 

func (b *Bundle) RemoveWITAuthority(keyID string)

RemoveWITAuthority removes the WIT authority identified by the key ID from the bundle.

func (*Bundle) SetWITAuthorities 

func (b *Bundle) SetWITAuthorities(witAuthorities map[string]crypto.PublicKey)

SetWITAuthorities sets the WIT authorities in the bundle.

func (*Bundle) TrustDomain 

func (b *Bundle) TrustDomain() spiffeid.TrustDomain

TrustDomain returns the trust domain that the bundle belongs to.

func (*Bundle) WITAuthorities 

func (b *Bundle) WITAuthorities() map[string]crypto.PublicKey

WITAuthorities returns the WIT authorities in the bundle, keyed by key ID.

type Set 

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of WIT bundles, keyed by trust domain.

func NewSet 

func NewSet(bundles ...*Bundle) *Set

NewSet creates a new set initialized with the given bundles.

func (*Set) Add 

func (s *Set) Add(bundle *Bundle)

Add adds a new bundle into the set. If a bundle already exists for the trust domain, the existing bundle is replaced.

func (*Set) Bundles 

func (s *Set) Bundles() []*Bundle

Bundles returns the bundles in the set sorted by trust domain.

func (*Set) Get 

func (s *Set) Get(trustDomain spiffeid.TrustDomain) (*Bundle, bool)

Get returns a bundle for the given trust domain. If the bundle is in the set it is returned and the boolean is true. Otherwise, the returned value is nil and the boolean is false.

func (*Set) GetWITBundleForTrustDomain 

func (s *Set) GetWITBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetWITBundleForTrustDomain returns the WIT bundle for the given trust domain. It implements the Source interface.

func (*Set) Has 

func (s *Set) Has(trustDomain spiffeid.TrustDomain) bool

Has returns true if there is a bundle for the given trust domain.

func (*Set) Len 

func (s *Set) Len() int

Len returns the number of bundles in the set.

func (*Set) Remove 

func (s *Set) Remove(trustDomain spiffeid.TrustDomain)

Remove removes the bundle for the given trust domain.

type Source 

type Source interface {
	// GetWITBundleForTrustDomain returns the WIT bundle for the given trust
	// domain.
	GetWITBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)
}

Source represents a source of WIT bundles keyed by trust domain.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.