istio: istio.io/istio/security/pkg/util Index | Files | Directories

package util

import "istio.io/istio/security/pkg/util"

Index

Package Files

certutil.go jwtutil.go

func GetAud Uses

func GetAud(token string) ([]string, error)

GetAud returns the claim `aud` from the token. Returns nil if not found.

func IsJwtExpired Uses

func IsJwtExpired(token string, now time.Time) (bool, error)

IsJwtExpired checks if the JWT token is expired compared with the given time, without validating it.

func IsK8SUnbound Uses

func IsK8SUnbound(jwt string) bool

IsK8SUnbound detects if the token is a K8S unbound token. It is a regular JWT with no audience and expiration, which can be exchanged with bound tokens with audience.

This is used to determine if we check audience in the token. Clients should not use unbound tokens except in cases where bound tokens are not possible.

type CertUtil Uses

type CertUtil interface {
    // GetWaitTime returns the waiting time before renewing the certificate.
    GetWaitTime([]byte, time.Time, time.Duration) (time.Duration, error)
}

CertUtil is an interface for utility functions on certificate.

type CertUtilImpl Uses

type CertUtilImpl struct {
    // contains filtered or unexported fields
}

CertUtilImpl is the implementation of CertUtil, for production use.

func NewCertUtil Uses

func NewCertUtil(gracePeriodPercentage int) CertUtilImpl

NewCertUtil returns a new CertUtilImpl

func (CertUtilImpl) GetWaitTime Uses

func (cu CertUtilImpl) GetWaitTime(certBytes []byte, now time.Time, minGracePeriod time.Duration) (time.Duration, error)

GetWaitTime returns the waititng time before renewing the cert, based on current time, the timestamps in cert and graceperiod.

Directories

PathSynopsis
mock

Package util imports 8 packages (graph) and is imported by 5 packages. Updated 2020-11-22. Refresh now. Tools for package owners.