diff options
Diffstat (limited to 'vendor/google.golang.org/grpc/internal/credentials/spiffe.go')
| -rw-r--r-- | vendor/google.golang.org/grpc/internal/credentials/spiffe.go | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/vendor/google.golang.org/grpc/internal/credentials/spiffe.go b/vendor/google.golang.org/grpc/internal/credentials/spiffe.go deleted file mode 100644 index 25ade6230..000000000 --- a/vendor/google.golang.org/grpc/internal/credentials/spiffe.go +++ /dev/null @@ -1,75 +0,0 @@ -/* - * - * Copyright 2020 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -// Package credentials defines APIs for parsing SPIFFE ID. -// -// All APIs in this package are experimental. -package credentials - -import ( - "crypto/tls" - "crypto/x509" - "net/url" - - "google.golang.org/grpc/grpclog" -) - -var logger = grpclog.Component("credentials") - -// SPIFFEIDFromState parses the SPIFFE ID from State. If the SPIFFE ID format -// is invalid, return nil with warning. -func SPIFFEIDFromState(state tls.ConnectionState) *url.URL { - if len(state.PeerCertificates) == 0 || len(state.PeerCertificates[0].URIs) == 0 { - return nil - } - return SPIFFEIDFromCert(state.PeerCertificates[0]) -} - -// SPIFFEIDFromCert parses the SPIFFE ID from x509.Certificate. If the SPIFFE -// ID format is invalid, return nil with warning. -func SPIFFEIDFromCert(cert *x509.Certificate) *url.URL { - if cert == nil || cert.URIs == nil { - return nil - } - var spiffeID *url.URL - for _, uri := range cert.URIs { - if uri == nil || uri.Scheme != "spiffe" || uri.Opaque != "" || (uri.User != nil && uri.User.Username() != "") { - continue - } - // From this point, we assume the uri is intended for a SPIFFE ID. - if len(uri.String()) > 2048 { - logger.Warning("invalid SPIFFE ID: total ID length larger than 2048 bytes") - return nil - } - if len(uri.Host) == 0 || len(uri.Path) == 0 { - logger.Warning("invalid SPIFFE ID: domain or workload ID is empty") - return nil - } - if len(uri.Host) > 255 { - logger.Warning("invalid SPIFFE ID: domain length larger than 255 characters") - return nil - } - // A valid SPIFFE certificate can only have exactly one URI SAN field. - if len(cert.URIs) > 1 { - logger.Warning("invalid SPIFFE ID: multiple URI SANs") - return nil - } - spiffeID = uri - } - return spiffeID -} |