import "istio.io/istio/security/pkg/util"
GetAud returns the claim `aud` from the token. Returns nil if not found.
IsJwtExpired checks if the JWT token is expired compared with the given time, without validating it.
IsK8SUnbound detects if the token is a K8S unbound token. It is a regular JWT with no audience and expiration, which can be exchanged with bound tokens with audience.
This is used to determine if we check audience in the token. Clients should not use unbound tokens except in cases where bound tokens are not possible.
type CertUtil interface { // GetWaitTime returns the waiting time before renewing the certificate. GetWaitTime([]byte, time.Time, time.Duration) (time.Duration, error) }
CertUtil is an interface for utility functions on certificate.
type CertUtilImpl struct {
// contains filtered or unexported fields
}
CertUtilImpl is the implementation of CertUtil, for production use.
func NewCertUtil(gracePeriodPercentage int) CertUtilImpl
NewCertUtil returns a new CertUtilImpl
func (cu CertUtilImpl) GetWaitTime(certBytes []byte, now time.Time, minGracePeriod time.Duration) (time.Duration, error)
GetWaitTime returns the waititng time before renewing the cert, based on current time, the timestamps in cert and graceperiod.
Path | Synopsis |
---|---|
mock |
Package util imports 8 packages (graph) and is imported by 5 packages. Updated 2020-11-22. Refresh now. Tools for package owners.