Skip to content

Commit f02b44a

Browse files
lrascaolrascao
committed
crypto/spiffe: adds a multi trust anchor selector
Adds a new trust anchors provider that returns different trust anchors depending on the requested trust domain out of a pre-loaded set.
1 parent c90b807 commit f02b44a

File tree

1 file changed

+69
-0
lines changed

1 file changed

+69
-0
lines changed

crypto/spiffe/trustanchors/multi.go

+69
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
/*
2+
Copyright 2025 The Dapr Authors
3+
Licensed under the Apache License, Version 2.0 (the "License");
4+
you may not use this file except in compliance with the License.
5+
You may obtain a copy of the License at
6+
http://www.apache.org/licenses/LICENSE-2.0
7+
Unless required by applicable law or agreed to in writing, software
8+
distributed under the License is distributed on an "AS IS" BASIS,
9+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10+
See the License for the specific language governing permissions and
11+
limitations under the License.
12+
*/
13+
14+
package trustanchors
15+
16+
import (
17+
"context"
18+
"errors"
19+
20+
"github.com/spiffe/go-spiffe/v2/bundle/x509bundle"
21+
"github.com/spiffe/go-spiffe/v2/spiffeid"
22+
23+
"github.com/dapr/kit/concurrency"
24+
)
25+
26+
type OptionsMulti struct {
27+
TrustAnchors map[spiffeid.TrustDomain]Interface
28+
}
29+
30+
// multi is a TrustAnchors implementation which uses multiple trust anchors
31+
// which are indexed by trust domain.
32+
type multi struct {
33+
trustAnchors map[spiffeid.TrustDomain]Interface
34+
}
35+
36+
func FromMulti(opts OptionsMulti) Interface {
37+
return &multi{
38+
trustAnchors: opts.TrustAnchors,
39+
}
40+
}
41+
42+
func (m *multi) Run(ctx context.Context) error {
43+
r := concurrency.NewRunnerManager()
44+
for _, ta := range m.trustAnchors {
45+
if err := r.Add(ta.Run); err != nil {
46+
return err
47+
}
48+
}
49+
50+
return r.Run(ctx)
51+
}
52+
53+
func (m *multi) CurrentTrustAnchors(ctx context.Context) ([]byte, error) {
54+
return nil, errors.New("not implemented")
55+
}
56+
57+
func (m *multi) GetX509BundleForTrustDomain(td spiffeid.TrustDomain) (*x509bundle.Bundle, error) {
58+
for tad, ta := range m.trustAnchors {
59+
if td.Compare(tad) == 0 {
60+
return ta.GetX509BundleForTrustDomain(td)
61+
}
62+
}
63+
64+
return nil, errors.New("trust domain not found")
65+
}
66+
67+
func (m *multi) Watch(ctx context.Context, ch chan<- []byte) {
68+
return
69+
}

0 commit comments

Comments
 (0)