util

package

v0.0.0-...-5e5ceee Latest Latest Go to latest Published: Apr 20, 2024 License: Apache-2.0 Imports: 7 Imported by: 19

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/istio/istio

Links

Open Source Insights

Documentation ¶

Index ¶

func DecodeJwtPart(seg string) ([]byte, error)
func ExtractJwtAud(jwt string) ([]string, bool)
func GetAud(token string) ([]string, error)
func GetExp(token string) (time.Time, error)
func IsK8SUnbound(jwt string) bool
type CertUtil
type CertUtilImpl
- func NewCertUtil(gracePeriodPercentage int) CertUtilImpl
- func (cu CertUtilImpl) GetWaitTime(certBytes []byte, now time.Time) (time.Duration, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecodeJwtPart ¶

func DecodeJwtPart(seg string) ([]byte, error)

func ExtractJwtAud ¶

func ExtractJwtAud(jwt string) ([]string, bool)

ExtractJwtAud extracts the audiences from a JWT token. If aud cannot be parse, the bool will be set to false. This distinguishes aud=[] from not parsed.

func GetAud ¶

func GetAud(token string) ([]string, error)

GetAud returns the claim `aud` from the token. Returns nil if not found.

func GetExp ¶

func GetExp(token string) (time.Time, error)

GetExp returns token expiration time, or error on failures.

func IsK8SUnbound ¶

func IsK8SUnbound(jwt string) bool

IsK8SUnbound detects if the token is a K8S unbound token. It is a regular JWT with no audience and expiration, which can be exchanged with bound tokens with audience.

This is used to determine if we check audience in the token. Clients should not use unbound tokens except in cases where bound tokens are not possible.

Types ¶

type CertUtil ¶

type CertUtil interface {
	// GetWaitTime returns the waiting time before renewing the certificate.
	GetWaitTime([]byte, time.Time) (time.Duration, error)
}

CertUtil is an interface for utility functions on certificate.

type CertUtilImpl ¶

type CertUtilImpl struct {
	// contains filtered or unexported fields
}

CertUtilImpl is the implementation of CertUtil, for production use.

func NewCertUtil ¶

func NewCertUtil(gracePeriodPercentage int) CertUtilImpl

NewCertUtil returns a new CertUtilImpl

func (CertUtilImpl) GetWaitTime ¶

func (cu CertUtilImpl) GetWaitTime(certBytes []byte, now time.Time) (time.Duration, error)

GetWaitTime returns the waiting time before renewing the cert, based on current time, the timestamps in cert and grace period.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL