package jwtbundle

import "github.com/spiffe/go-spiffe/v2/bundle/jwtbundle"

Index ¶

• type Bundle
• func FromJWTKeys(trustDomain spiffeid.TrustDomain, jwtKeys map[string]crypto.PublicKey) *Bundle
• func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error)
• func New(trustDomain spiffeid.TrustDomain) *Bundle
• func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error)
• func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error)
• func (b *Bundle) AddJWTKey(keyID string, key crypto.PublicKey) error
• func (b *Bundle) Empty() bool
• func (b *Bundle) FindJWTKey(keyID string) (crypto.PublicKey, bool)
• func (b *Bundle) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)
• func (b *Bundle) HasJWTKey(keyID string) bool
• func (b *Bundle) JWTKeys() map[string]crypto.PublicKey
• func (b *Bundle) Marshal() ([]byte, error)
• func (b *Bundle) RemoveJWTKey(keyID string)
• func (b *Bundle) SetJWTKeys(jwtKeys map[string]crypto.PublicKey)
• func (b *Bundle) TrustDomain() spiffeid.TrustDomain
• type Set
• func NewSet(bundles ...*Bundle) *Set
• func (s *Set) Add(bundle *Bundle)
• func (s *Set) Bundles() []*Bundle
• func (s *Set) Get(trustDomain spiffeid.TrustDomain) (*Bundle, bool)
• func (s *Set) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)
• func (s *Set) Has(trustDomain spiffeid.TrustDomain) bool
• func (s *Set) Len() int
• func (s *Set) Remove(trustDomain spiffeid.TrustDomain)
• type Source

Types ¶

type Bundle ¶

type Bundle struct {
	// contains filtered or unexported fields
}

Bundle is a collection of trusted JWT public keys for a trust domain.

func FromJWTKeys ¶

func FromJWTKeys(trustDomain spiffeid.TrustDomain, jwtKeys map[string]crypto.PublicKey) *Bundle

FromJWTKeys creates a new bundle from JWT public keys.

func Load ¶

func Load(trustDomain spiffeid.TrustDomain, path string) (*Bundle, error)

Load loads a bundle from a file on disk.

func New ¶

func New(trustDomain spiffeid.TrustDomain) *Bundle

New creates a new bundle.

func Parse ¶

func Parse(trustDomain spiffeid.TrustDomain, bundleBytes []byte) (*Bundle, error)

Parse parses a bundle from bytes.

func Read ¶

func Read(trustDomain spiffeid.TrustDomain, r io.Reader) (*Bundle, error)

Read decodes a bundle from a reader.

func (*Bundle) AddJWTKey ¶

func (b *Bundle) AddJWTKey(keyID string, key crypto.PublicKey) error

AddJWTKey adds a JWT key to the bundle. If a JWT key already exists under the given key ID, it is replaced. A key ID must be specified.

func (*Bundle) Empty ¶

func (b *Bundle) Empty() bool

Empty returns true if the bundle has no JWT keys.

func (*Bundle) FindJWTKey ¶

func (b *Bundle) FindJWTKey(keyID string) (crypto.PublicKey, bool)

FindJWTKey finds the JWT key with the given key id from the bundle. If the key is found, it is returned and the boolean is true. Otherwise, the returned value is nil and the boolean is false.

func (*Bundle) GetJWTBundleForTrustDomain ¶

func (b *Bundle) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetJWTBundleForTrustDomain returns the JWT bundle for the given trust domain. It implements the Source interface. An error will be returned if the trust domain does not match that of the bundle.

func (*Bundle) HasJWTKey ¶

func (b *Bundle) HasJWTKey(keyID string) bool

HasJWTKey returns true if the bundle has a JWT key with the given key id.

func (*Bundle) JWTKeys ¶

func (b *Bundle) JWTKeys() map[string]crypto.PublicKey

JWTKeys returns the JWT keys in the bundle, keyed by key ID.

func (*Bundle) Marshal ¶

func (b *Bundle) Marshal() ([]byte, error)

Marshal marshals the JWT bundle into a standard RFC 7517 JWKS document. The JWKS does not contain any SPIFFE-specific parameters.

func (*Bundle) RemoveJWTKey ¶

func (b *Bundle) RemoveJWTKey(keyID string)

RemoveJWTKey removes the JWT key identified by the key ID from the bundle.

func (*Bundle) SetJWTKeys ¶

func (b *Bundle) SetJWTKeys(jwtKeys map[string]crypto.PublicKey)

SetJWTKeys sets the JWT keys in the bundle.

func (*Bundle) TrustDomain ¶

func (b *Bundle) TrustDomain() spiffeid.TrustDomain

TrustDomain returns the trust domain that the bundle belongs to.

type Set ¶

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of bundles, keyed by trust domain.

func NewSet ¶

func NewSet(bundles ...*Bundle) *Set

NewSet creates a new set initialized with the given bundles.

func (*Set) Add ¶

func (s *Set) Add(bundle *Bundle)

Add adds a new bundle into the set. If a bundle already exists for the trust domain, the existing bundle is replaced.

func (*Set) Bundles ¶

func (s *Set) Bundles() []*Bundle

Bundles returns the bundles in the set sorted by trust domain.

func (*Set) Get ¶

func (s *Set) Get(trustDomain spiffeid.TrustDomain) (*Bundle, bool)

Get returns a bundle for the given trust domain. If the bundle is in the set it is returned and the boolean is true. Otherwise, the returned value is nil and the boolean is false.

func (*Set) GetJWTBundleForTrustDomain ¶

func (s *Set) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)

GetJWTBundleForTrustDomain returns the JWT bundle for the given trust domain. It implements the Source interface.

func (*Set) Has ¶

func (s *Set) Has(trustDomain spiffeid.TrustDomain) bool

Has returns true if there is a bundle for the given trust domain.

func (*Set) Len ¶

func (s *Set) Len() int

Len returns the number of bundles in the set.

func (*Set) Remove ¶

func (s *Set) Remove(trustDomain spiffeid.TrustDomain)

Remove removes the bundle for the given trust domain.

type Source ¶

type Source interface {
	// GetJWTBundleForTrustDomain returns the JWT bundle for the given trust
	// domain.
	GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*Bundle, error)
}

Source represents a source of JWT bundles keyed by trust domain.

Source Files ¶

bundle.go set.go source.go