Versions in this module Expand all Collapse all v1 v1.0.2 May 18, 2023 Changes in this version + const DefaultJWTSVIDTTL + const DefaultX509CATTL + const DefaultX509SVIDTTL + const NotBeforeCushion + func DefaultX509CASubject() pkix.Name + func DefaultX509SVIDSubject() pkix.Name + type AgentX509SVIDParams struct + ParentChain []*x509.Certificate + PublicKey crypto.PublicKey + SPIFFEID spiffeid.ID + type Builder struct + func NewBuilder(config Config) (*Builder, error) + func (b *Builder) BuildAgentX509SVIDTemplate(ctx context.Context, params AgentX509SVIDParams) (*x509.Certificate, error) + func (b *Builder) BuildDownstreamX509CATemplate(ctx context.Context, params DownstreamX509CAParams) (*x509.Certificate, error) + func (b *Builder) BuildSelfSignedX509CATemplate(ctx context.Context, params SelfSignedX509CAParams) (*x509.Certificate, error) + func (b *Builder) BuildServerX509SVIDTemplate(ctx context.Context, params ServerX509SVIDParams) (*x509.Certificate, error) + func (b *Builder) BuildUpstreamSignedX509CACSR(ctx context.Context, params UpstreamSignedX509CAParams) (*x509.CertificateRequest, error) + func (b *Builder) BuildWorkloadJWTSVIDClaims(ctx context.Context, params WorkloadJWTSVIDParams) (map[string]interface{}, error) + func (b *Builder) BuildWorkloadX509SVIDTemplate(ctx context.Context, params WorkloadX509SVIDParams) (*x509.Certificate, error) + func (b *Builder) Config() Config + func (b *Builder) ValidateWorkloadJWTSVID(rawToken string, id spiffeid.ID) error + func (b *Builder) ValidateX509CA(ca *x509.Certificate) error + func (b *Builder) ValidateX509SVID(svid *x509.Certificate, id spiffeid.ID) error + type Config struct + AgentSVIDTTL time.Duration + Clock clock.Clock + CredentialComposers []credentialcomposer.CredentialComposer + JWTIssuer string + JWTSVIDTTL time.Duration + NewSerialNumber func() (*big.Int, error) + TrustDomain spiffeid.TrustDomain + X509CASubject pkix.Name + X509CATTL time.Duration + X509SVIDSubject pkix.Name + X509SVIDTTL time.Duration + type DownstreamX509CAParams struct + ParentChain []*x509.Certificate + PublicKey crypto.PublicKey + TTL time.Duration + type SelfSignedX509CAParams struct + PublicKey crypto.PublicKey + type ServerX509SVIDParams struct + ParentChain []*x509.Certificate + PublicKey crypto.PublicKey + type UpstreamSignedX509CAParams struct + PublicKey crypto.PublicKey + type WorkloadJWTSVIDParams struct + Audience []string + ExpirationCap time.Time + SPIFFEID spiffeid.ID + TTL time.Duration + type WorkloadX509SVIDParams struct + DNSNames []string + ParentChain []*x509.Certificate + PublicKey crypto.PublicKey + SPIFFEID spiffeid.ID + Subject pkix.Name + TTL time.Duration