1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
// Package x509bundle provides X.509 bundle related functionality.
//
// A bundle represents a collection of X.509 authorities, i.e., those that
// are used to authenticate SPIFFE X509-SVIDs.
//
// You can create a new bundle for a specific trust domain:
//
// td := spiffeid.RequireTrustDomainFromString("example.org")
// bundle := x509bundle.New(td)
//
// Or you can load it from disk:
//
// td := spiffeid.RequireTrustDomainFromString("example.org")
// bundle := x509bundle.Load(td, "bundle.pem")
//
// The bundle can be initialized with X.509 authorities:
//
// td := spiffeid.RequireTrustDomainFromString("example.org")
// var x509Authorities []*x509.Certificate = ...
// bundle := x509bundle.FromX509Authorities(td, x509Authorities)
//
// In addition, you can add X.509 authorities to the bundle:
//
// var x509CA *x509.Certificate = ...
// bundle.AddX509Authority(x509CA)
//
// Bundles can be organized into a set, keyed by trust domain:
//
// set := x509bundle.NewSet()
// set.Add(bundle)
//
// A Source is source of X.509 bundles for a trust domain. Both the Bundle
// and Set types implement Source:
//
// // Initialize the source from a bundle or set
// var source x509bundle.Source = bundle
// // ... or ...
// var source x509bundle.Source = set
//
// // Use the source to query for bundles by trust domain
// bundle, err := source.GetX509BundleForTrustDomain(td)
package x509bundle
|
