bundleutil

package
v1.6.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2023 License: Apache-2.0 Imports: 18 Imported by: 2

Documentation

Index

Constants

View Source 
const (

	// MinimumRefreshHint is the smallest refresh hint the client allows.
	// Anything smaller than the minimum will be reset to the minimum.
	MinimumRefreshHint = time.Minute
)

Variables

This section is empty.

Functions

func BundleProtoFromRootCA 

func BundleProtoFromRootCA(trustDomainID string, rootCA *x509.Certificate) *common.Bundle

func BundleProtoFromRootCADER 

func BundleProtoFromRootCADER(trustDomainID string, derBytes []byte) *common.Bundle

func BundleProtoFromRootCAs 

func BundleProtoFromRootCAs(trustDomainID string, rootCAs []*x509.Certificate) *common.Bundle

func BundleProtoFromRootCAsDER 

func BundleProtoFromRootCAsDER(trustDomainID string, derBytes []byte) (*common.Bundle, error)

func CalculateRefreshHint 

func CalculateRefreshHint(bundle *Bundle) time.Duration

CalculateRefreshHint is used to calculate the refresh hint for a given bundle. If the bundle already contains a refresh hint, then that is used, Otherwise, it looks at the lifetimes of the bundle contents and returns a fraction of the smallest. It is fairly aggressive but ensures clients don't miss a rotation period and lose their ability to fetch. TODO: reevaluate our strategy here when we rework the TTL story inside SPIRE.

func CommonBundleFromProto added in v0.11.0 

func CommonBundleFromProto(b *types.Bundle) (*common.Bundle, error)

func JWTSigningKeysFromBundleProto 

func JWTSigningKeysFromBundleProto(b *common.Bundle) (map[string]crypto.PublicKey, error)

func Marshal 

func Marshal(bundle *Bundle, opts ...MarshalOption) ([]byte, error)

func MarshalIdentBundle added in v1.6.3 

func MarshalIdentBundle(bundle *spiffebundle.Bundle) ([]byte, error)

func MergeBundles 

func MergeBundles(a, b *common.Bundle) (*common.Bundle, bool)

func PruneBundle 

func PruneBundle(bundle *common.Bundle, expiration time.Time, log logrus.FieldLogger) (*common.Bundle, bool, error)

PruneBundle removes the bundle RootCAs and JWT keys that expired before a given time It returns an error if prunning results in a bundle with no CAs or keys

func RootCAsDERFromBundleProto 

func RootCAsDERFromBundleProto(b *common.Bundle) (derBytes []byte)

func RootCAsFromBundleProto 

func RootCAsFromBundleProto(b *common.Bundle) (out []*x509.Certificate, err error)

func SPIFFEBundleFromProto added in v1.6.3 

func SPIFFEBundleFromProto(b *common.Bundle) (*spiffebundle.Bundle, error)

func SPIFFEBundleToProto added in v1.6.3 

func SPIFFEBundleToProto(b *spiffebundle.Bundle) (*common.Bundle, error)

Types

type Bundle 

type Bundle struct {
	// contains filtered or unexported fields
}

func BundleFromProto 

func BundleFromProto(b *common.Bundle) (*Bundle, error)

func BundleFromRootCA 

func BundleFromRootCA(trustDomain spiffeid.TrustDomain, rootCA *x509.Certificate) *Bundle

func BundleFromRootCAs 

func BundleFromRootCAs(trustDomain spiffeid.TrustDomain, rootCAs []*x509.Certificate) *Bundle

func Decode 

func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error)

func New 

func New(trustDomain spiffeid.TrustDomain) *Bundle

func ParseBundle 

func ParseBundle(bundleBytes []byte) (*Bundle, error)

func SPIFFEBundleToBundleUtil added in v1.6.3 

func SPIFFEBundleToBundleUtil(b *spiffebundle.Bundle) (*Bundle, error)

SPIFFEBundleToBundleUtil is a temporary function that converts a spiffebundle.Bundle to bundleutil.Bundle. This function should be used only for restricting the scope of the changes in places that still use bundleutil.Bundle. It should be removed as soon as we don't have any other reference to bundleutil.Bundle. TODO: (remove this function when bundleutil.Bundle cease to be used)

func Unmarshal 

func Unmarshal(trustDomain spiffeid.TrustDomain, data []byte) (*Bundle, error)

func (*Bundle) AppendJWTSigningKey 

func (b *Bundle) AppendJWTSigningKey(kid string, key crypto.PublicKey) error

func (*Bundle) AppendRootCA 

func (b *Bundle) AppendRootCA(rootCA *x509.Certificate)

func (*Bundle) EqualTo 

func (b *Bundle) EqualTo(other *Bundle) bool

func (*Bundle) JWTSigningKeys 

func (b *Bundle) JWTSigningKeys() map[string]crypto.PublicKey

func (*Bundle) Proto 

func (b *Bundle) Proto() *common.Bundle

func (*Bundle) RefreshHint 

func (b *Bundle) RefreshHint() time.Duration

RefreshHint returns the bundle refresh hint.

func (*Bundle) RootCAs 

func (b *Bundle) RootCAs() []*x509.Certificate

func (*Bundle) SetRefreshHint 

func (b *Bundle) SetRefreshHint(d time.Duration)

SetRefreshHint sets the bundle refresh hint to the given duration. It is rounded up to the nearest second.

func (*Bundle) ToSPIFFEBundle added in v1.6.3 

func (b *Bundle) ToSPIFFEBundle() (*spiffebundle.Bundle, error)

ToSPIFFEBundle is a temporary function that converts a bundleutil.Bundle to spiffebundle.Bundle. This function should be used only for restricting the scope of the changes in places that use bundleutil.Bundle. It should be removed as soon as we don't have any other reference to bundleutil.Bundle. TODO: (remove this function when bundleutil.Bundle cease to be used)

func (*Bundle) TrustDomainID 

func (b *Bundle) TrustDomainID() string

type MarshalOption 

type MarshalOption interface {
	// contains filtered or unexported methods
}

func NoJWTSVIDKeys 

func NoJWTSVIDKeys() MarshalOption

NoJWTSVIDKeys skips marshalling JWT SVID keys

func NoX509SVIDKeys 

func NoX509SVIDKeys() MarshalOption

NoX509SVIDKeys skips marshalling X509 SVID keys

func OverrideRefreshHint 

func OverrideRefreshHint(value time.Duration) MarshalOption

OverrideRefreshHint overrides the refresh hint in the bundle

func StandardJWKS added in v0.12.0 

func StandardJWKS() MarshalOption

StandardJWKS omits SPIFFE-specific parameters from the marshaled bundle

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.