Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 10 for ExtractIDs (0.24 sec)

  2. github.com/istio/istio

    security/pkg/server/ca/authenticate/cert_authenticator.go 

    	tlsInfo := peer.AuthInfo.(credentials.TLSInfo)
	chains := tlsInfo.State.VerifiedChains
	if len(chains) == 0 || len(chains[0]) == 0 {
		return nil, fmt.Errorf("no verified chain is found")
	}

	ids, err := util.ExtractIDs(chains[0][0].Extensions)
	if err != nil {
		return nil, err
	}

	return &security.Caller{
		AuthSource: security.AuthSourceClientCertificate,
		Identities: ids,
	}, nil
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Jul 19 02:12:12 UTC 2022
    - 3.1K bytes
    - Viewed (0)
  3. github.com/istio/istio

    security/pkg/pki/util/san.go 

    			// https://tools.ietf.org/html/rfc5280#section-4.2.
			return &ext
		}
	}
	return nil
}

// ExtractIDs first finds the SAN extension from the given extension set, then
// extract identities from the SAN extension.
func ExtractIDs(exts []pkix.Extension) ([]string, error) {
	sanExt := ExtractSANExtension(exts)
	if sanExt == nil {
		return nil, fmt.Errorf("the SAN extension does not exist")
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Oct 14 06:50:22 UTC 2022
    - 6K bytes
    - Viewed (0)
  4. github.com/istio/istio

    security/pkg/pki/ra/common.go 

    	csr, err := util.ParsePemEncodedCSR(csrPEM)
	if err != nil {
		return false
	}
	if err := csr.CheckSignature(); err != nil {
		return false
	}
	csrIDs, err := util.ExtractIDs(csr.Extensions)
	if err != nil {
		return false
	}
	for _, s1 := range csrIDs {
		if !slices.Contains(subjectIDs, s1) {
			return false
		}
	}
	return true
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Sep 11 19:57:30 UTC 2023
    - 4.4K bytes
    - Viewed (0)
  5. github.com/istio/istio

    security/pkg/pki/util/verify_cert.go 

    			}
		} else {
			return fmt.Errorf("algorithms for private key and cert do not match")
		}
	}
	if strings.HasPrefix(host, "spiffe") {
		matchHost := false
		ids, err := ExtractIDs(cert.Extensions)
		if err != nil {
			return err
		}
		for _, id := range ids {
			if strings.HasSuffix(id, host) {
				matchHost = true
				break
			}
		}
		if !matchHost {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Sep 05 10:37:29 UTC 2022
    - 5.9K bytes
    - Viewed (0)
  6. github.com/istio/istio

    pkg/security/mock.go 

    	tlsInfo := p.AuthInfo.(credentials.TLSInfo)
	chains := tlsInfo.State.VerifiedChains
	if len(chains) == 0 || len(chains[0]) == 0 {
		return fmt.Errorf("no verified chain is found")
	}

	ids, err := util.ExtractIDs(chains[0][0].Extensions)
	if err != nil {
		return fmt.Errorf("failed to extract IDs")
	}
	if !sets.New(ids...).Contains(expected) {
		return fmt.Errorf("expected identity %q, got %v", expected, ids)
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue May 23 17:08:31 UTC 2023
    - 4.5K bytes
    - Viewed (0)
  7. github.com/istio/istio

    tests/fuzz/pki_fuzzer.go 

    	for i := 0; i < noOfExtensions; i++ {
		newExtension := pkix.Extension{}
		err = f.GenerateStruct(&newExtension)
		if err != nil {
			return 0
		}
		extensions = append(extensions, newExtension)
	}
	_, _ = util.ExtractIDs(extensions)
	return 1
}

// FuzzPemCertBytestoString implements a fuzzer
// that tests PemCertBytestoString
func FuzzPemCertBytestoString(data []byte) int {
	_ = util.PemCertBytestoString(data)
	return 1
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Jun 05 14:00:25 UTC 2023
    - 5.2K bytes
    - Viewed (0)
  8. github.com/istio/istio

    pkg/hbone/dialer.go 

    	resp, err := d.transport.RoundTrip(r)
	if err != nil {
		return fmt.Errorf("round trip: %v", err)
	}
	var remoteID string
	if resp.TLS != nil && len(resp.TLS.PeerCertificates) > 0 {
		ids, _ := util.ExtractIDs(resp.TLS.PeerCertificates[0].Extensions)
		if len(ids) > 0 {
			remoteID = ids[0]
		}
	}
	if resp.StatusCode != http.StatusOK {
		return fmt.Errorf("round trip failed: %v", resp.Status)
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed May 24 15:56:41 UTC 2023
    - 5.1K bytes
    - Viewed (0)
  9. github.com/istio/istio

    security/pkg/pki/util/san_test.go 

    				{Id: asn1.ObjectIdentifier{1, 2, 3, 4}},
				*sanExt,
				{Id: asn1.ObjectIdentifier{3, 2, 1}},
			},
			expectedIDs: []string{id},
		},
	}

	for id, tc := range testCases {
		actualIDs, err := ExtractIDs(tc.exts)
		if !reflect.DeepEqual(actualIDs, tc.expectedIDs) {
			t.Errorf("Case %q: unexpected identities: want %v but got %v", id, tc.expectedIDs, actualIDs)
		}
		if tc.expectedErrMsg != "" {
			if err == nil {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Feb 12 17:36:33 UTC 2024
    - 6.5K bytes
    - Viewed (0)
  10. github.com/istio/istio

    security/pkg/pki/util/keycertbundle.go 

    }

// CertOptions returns the certificate config based on currently stored cert.
func (b *KeyCertBundle) CertOptions() (*CertOptions, error) {
	b.mutex.RLock()
	defer b.mutex.RUnlock()
	ids, err := ExtractIDs(b.cert.Extensions)
	if err != nil {
		return nil, fmt.Errorf("failed to extract id %v", err)
	}
	if len(ids) != 1 {
		return nil, fmt.Errorf("expect single id from the cert, found %v", ids)
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Sun Jan 21 06:07:50 UTC 2024
    - 10.5K bytes
    - Viewed (0)
  11. github.com/istio/istio

    security/pkg/pki/util/generate_cert_test.go 

    		}
		if len(out.Subject.Organization) > 0 {
			t.Errorf("Organization should be empty, but got %s", out.Subject.Organization)
		}

		ids, err := ExtractIDs(out.Extensions)
		if err != nil {
			t.Errorf("failed to extract IDs from cert extension: %v", err)
		}
		if len(c.subjectIDs) != len(ids) {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Nov 06 12:48:53 UTC 2023
    - 29.4K bytes
    - Viewed (0)
Back to top