...

Text file src/github.com/google/s2a-go/internal/proto/v2/s2a_context/s2a_context.proto

Documentation: github.com/google/s2a-go/internal/proto/v2/s2a_context

     1// Copyright 2022 Google LLC
     2//
     3// Licensed under the Apache License, Version 2.0 (the "License");
     4// you may not use this file except in compliance with the License.
     5// You may obtain a copy of the License at
     6//
     7//    https://www.apache.org/licenses/LICENSE-2.0
     8//
     9// Unless required by applicable law or agreed to in writing, software
    10// distributed under the License is distributed on an "AS IS" BASIS,
    11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12// See the License for the specific language governing permissions and
    13// limitations under the License.
    14
    15syntax = "proto3";
    16
    17package s2a.proto.v2;
    18
    19option go_package = "github.com/google/s2a/internal/proto/v2/s2a_context_go_proto";
    20
    21import "internal/proto/common/common.proto";
    22
    23message S2AContext {
    24  // The SPIFFE ID from the peer leaf certificate, if present.
    25  //
    26  // This field is only populated if the leaf certificate is a valid SPIFFE
    27  // SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
    28  // SPIFFE ID.
    29  string leaf_cert_spiffe_id = 1;
    30
    31  // The URIs that are present in the SubjectAltName extension of the peer leaf
    32  // certificate.
    33  //
    34  // Note that the extracted URIs are not validated and may not be properly
    35  // formatted.
    36  repeated string leaf_cert_uris = 2;
    37
    38  // The DNSNames that are present in the SubjectAltName extension of the peer
    39  // leaf certificate.
    40  repeated string leaf_cert_dnsnames = 3;
    41
    42  // The (ordered) list of fingerprints in the certificate chain used to verify
    43  // the given leaf certificate. The order MUST be from leaf certificate
    44  // fingerprint to root certificate fingerprint.
    45  //
    46  // A fingerprint is the base-64 encoding of the SHA256 hash of the
    47  // DER-encoding of a certificate. The list MAY be populated even if the peer
    48  // certificate chain was NOT validated successfully.
    49  repeated string peer_certificate_chain_fingerprints = 4;
    50
    51  // The local identity used during session setup.
    52  s2a.proto.Identity local_identity = 5;
    53
    54  // The SHA256 hash of the DER-encoding of the local leaf certificate used in
    55  // the handshake.
    56  bytes local_leaf_cert_fingerprint = 6;
    57}
    58

View as plain text