github.com/boxboat/in-toto-golang@v0.0.3-0.20210303203820-2fa16ecbe6f6/in_toto/spiffe.go (about) 1 package in_toto 2 3 import ( 4 "bytes" 5 "context" 6 "crypto/x509" 7 "log" 8 9 "github.com/spiffe/go-spiffe/v2/workloadapi" 10 ) 11 12 //GetSVID grabs the x.509 context. 13 func GetSVID(ctx context.Context, socketPath string) Key { 14 15 var k Key 16 17 //*x509.Certificate 18 19 client, err := workloadapi.New(ctx, workloadapi.WithAddr(socketPath)) 20 if err != nil { 21 log.Fatalf("Unable to create workload API client: %v", err) 22 } 23 defer client.Close() 24 25 svidContext, err := client.FetchX509Context(ctx) 26 if err != nil { 27 log.Fatalf("Error grabbing x.509 context: %v", err) 28 } 29 30 log.Printf("using svid %v", svidContext.DefaultSVID().ID.String()) 31 32 svid, keyBytes, err := svidContext.DefaultSVID().Marshal() 33 if err != nil { 34 log.Fatalf("Error marshaling certificate: %v", err) 35 } 36 37 if err := k.LoadKeyReaderDefaults(bytes.NewReader(keyBytes)); err != nil { 38 log.Fatalf("Error configuring key: %v", err) 39 } 40 41 k.KeyVal.Certificate = string(svid) 42 return k 43 } 44 45 func GetTrustBundle(ctx context.Context, socketPath string) []*x509.Certificate { 46 client, err := workloadapi.New(ctx, workloadapi.WithAddr(socketPath)) 47 if err != nil { 48 log.Fatalf("Unable to create workload API client: %v", err) 49 } 50 defer client.Close() 51 52 bundles, err := client.FetchX509Bundles(ctx) 53 if err != nil { 54 log.Fatalf("Error fetching x.509 bundles: %v", err) 55 } 56 57 certs := []*x509.Certificate{} 58 for _, bundle := range bundles.Bundles() { 59 certs = append(certs, bundle.X509Authorities()...) 60 } 61 62 return certs 63 }