jwtbundle

package

v2.0.0-...-37579b3 Latest Latest Go to latest Published: Sep 13, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/damarescavalcante/go-spiffe

Links

Open Source Insights

Documentation ¶

Overview ¶

Package jwtbundle provides JWT bundle related functionality.

A bundle represents a collection of JWT authorities, i.e., those that are used to authenticate SPIFFE JWT-SVIDs.

You can create a new bundle for a specific trust domain:

td := spiffeid.RequireTrustDomain("example.org")
bundle := jwtbundle.New(td)

Or you can load it from disk:

td := spiffeid.RequireTrustDomain("example.org")
bundle := jwtbundle.Load(td, "bundle.jwks")

The bundle can be initialized with JWT authorities:

td := spiffeid.RequireTrustDomain("example.org")
var jwtAuthorities map[string]crypto.PublicKey = ...
bundle := jwtbundle.FromJWTAuthorities(td, jwtAuthorities)

In addition, you can add JWT authorities to the bundle:

var keyID string = ...
var publicKey crypto.PublicKey = ...
bundle.AddJWTAuthority(keyID, publicKey)

Bundles can be organized into a set, keyed by trust domain:

set := jwtbundle.NewSet()
set.Add(bundle)

A Source is source of JWT bundles for a trust domain. Both the Bundle and Set types implement Source:

// Initialize the source from a bundle or set
var source jwtbundle.Source = bundle
// ... or ...
var source jwtbundle.Source = set

// Use the source to query for bundles by trust domain
bundle, err := source.GetJWTBundleForTrustDomain(td)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Bundle ¶

type Bundle struct {
	// contains filtered or unexported fields
}

Bundle is a collection of trusted JWT authorities for a trust domain.

func FromJWTAuthorities ¶

func FromJWTAuthorities(trustDomain spiffeid.TrustDomain, jwtAuthorities map[string]crypto.PublicKey) *Bundle

FromJWTAuthorities creates a new bundle from JWT authorities

func Load ¶

func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error)

Load loads a bundle from a file on disk. The file must contain a standard RFC 7517 JWKS document.

func New ¶

func New(trustDomain spiffeid.TrustDomain) *Bundle

New creates a new bundle.

func Parse ¶

func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error)

Parse parses a bundle from bytes. The data must be a standard RFC 7517 JWKS document.

func Read ¶

func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error)

Read decodes a bundle from a reader. The contents must contain a standard RFC 7517 JWKS document.

func (*Bundle) AddJWTAuthority ¶

func (b *Bundle) AddJWTAuthority(keyID string, jwtAuthority crypto.PublicKey) error

AddJWTAuthority adds a JWT authority to the bundle. If a JWT authority already exists under the given key ID, it is replaced. A key ID must be specified.

func (*Bundle) Clone ¶

func (b *Bundle) Clone() *Bundle

Clone clones the bundle.

func (*Bundle) Empty ¶

func (b *Bundle) Empty() bool

Empty returns true if the bundle has no JWT authorities.

func (*Bundle) Equal ¶

func (b *Bundle) Equal(other *Bundle) bool

Equal compares the bundle for equality against the given bundle.

func (*Bundle) FindJWTAuthority ¶

func (b *Bundle) FindJWTAuthority(keyID string) (crypto.PublicKey, bool)

FindJWTAuthority finds the JWT authority with the given key ID from the bundle. If the authority is found, it is returned and the boolean is true. Otherwise, the returned value is nil and the boolean is false.

func (*Bundle) GetJWTBundleForTrustDomain ¶

func (b *Bundle) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetJWTBundleForTrustDomain returns the JWT bundle for the given trust domain. It implements the Source interface. An error will be returned if the trust domain does not match that of the bundle.

func (*Bundle) HasJWTAuthority ¶

func (b *Bundle) HasJWTAuthority(keyID string) bool

HasJWTAuthority returns true if the bundle has a JWT authority with the given key ID.

func (*Bundle) JWTAuthorities ¶

func (b *Bundle) JWTAuthorities() map[string]crypto.PublicKey

JWTAuthorities returns the JWT authorities in the bundle, keyed by key ID.

func (*Bundle) Marshal ¶

func (b *Bundle) Marshal() ([]byte, error)

Marshal marshals the JWT bundle into a standard RFC 7517 JWKS document. The JWKS does not contain any SPIFFE-specific parameters.

func (*Bundle) RemoveJWTAuthority ¶

func (b *Bundle) RemoveJWTAuthority(keyID string)

RemoveJWTAuthority removes the JWT authority identified by the key ID from the bundle.

func (*Bundle) SetJWTAuthorities ¶

func (b *Bundle) SetJWTAuthorities(jwtAuthorities map[string]crypto.PublicKey)

SetJWTAuthorities sets the JWT authorities in the bundle.

func (*Bundle) TrustDomain ¶

func (b *Bundle) TrustDomain() spiffeid.TrustDomain

TrustDomain returns the trust domain that the bundle belongs to.

type Set ¶

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of bundles, keyed by trust domain.

func NewSet ¶

func NewSet(bundles ...*Bundle) *Set

NewSet creates a new set initialized with the given bundles.

func (*Set) Add ¶

func (s *Set) Add(bundle *Bundle)

Add adds a new bundle into the set. If a bundle already exists for the trust domain, the existing bundle is replaced.

func (*Set) Bundles ¶

func (s *Set) Bundles() []*Bundle

Bundles returns the bundles in the set sorted by trust domain.

func (*Set) Get ¶

func (s *Set) Get(trustDomain spiffeid.TrustDomain) (*Bundle, bool)

Get returns a bundle for the given trust domain. If the bundle is in the set it is returned and the boolean is true. Otherwise, the returned value is nil and the boolean is false.

func (*Set) GetJWTBundleForTrustDomain ¶

func (s *Set) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetJWTBundleForTrustDomain returns the JWT bundle for the given trust domain. It implements the Source interface.

func (*Set) Has ¶

func (s *Set) Has(trustDomain spiffeid.TrustDomain) bool

Has returns true if there is a bundle for the given trust domain.

func (*Set) Len ¶

func (s *Set) Len() int

Len returns the number of bundles in the set.

func (*Set) Remove ¶

func (s *Set) Remove(trustDomain spiffeid.TrustDomain)

Remove removes the bundle for the given trust domain.

type Source ¶

type Source interface {
	// GetJWTBundleForTrustDomain returns the JWT bundle for the given trust
	// domain.
	GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)
}

Source represents a source of JWT bundles keyed by trust domain.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL