...
1// Copyright 2022 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package s2a.proto.v2;
18
19option go_package = "github.com/google/s2a/internal/proto/v2/s2a_context_go_proto";
20
21import "internal/proto/common/common.proto";
22
23message S2AContext {
24 // The SPIFFE ID from the peer leaf certificate, if present.
25 //
26 // This field is only populated if the leaf certificate is a valid SPIFFE
27 // SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
28 // SPIFFE ID.
29 string leaf_cert_spiffe_id = 1;
30
31 // The URIs that are present in the SubjectAltName extension of the peer leaf
32 // certificate.
33 //
34 // Note that the extracted URIs are not validated and may not be properly
35 // formatted.
36 repeated string leaf_cert_uris = 2;
37
38 // The DNSNames that are present in the SubjectAltName extension of the peer
39 // leaf certificate.
40 repeated string leaf_cert_dnsnames = 3;
41
42 // The (ordered) list of fingerprints in the certificate chain used to verify
43 // the given leaf certificate. The order MUST be from leaf certificate
44 // fingerprint to root certificate fingerprint.
45 //
46 // A fingerprint is the base-64 encoding of the SHA256 hash of the
47 // DER-encoding of a certificate. The list MAY be populated even if the peer
48 // certificate chain was NOT validated successfully.
49 repeated string peer_certificate_chain_fingerprints = 4;
50
51 // The local identity used during session setup.
52 s2a.proto.Identity local_identity = 5;
53
54 // The SHA256 hash of the DER-encoding of the local leaf certificate used in
55 // the handshake.
56 bytes local_leaf_cert_fingerprint = 6;
57}
58
View as plain text