// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // https://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package s2a.proto.v2; option go_package = "github.com/google/s2a/internal/proto/v2/s2a_context_go_proto"; import "internal/proto/common/common.proto"; message S2AContext { // The SPIFFE ID from the peer leaf certificate, if present. // // This field is only populated if the leaf certificate is a valid SPIFFE // SVID; in particular, there is a unique URI SAN and this URI SAN is a valid // SPIFFE ID. string leaf_cert_spiffe_id = 1; // The URIs that are present in the SubjectAltName extension of the peer leaf // certificate. // // Note that the extracted URIs are not validated and may not be properly // formatted. repeated string leaf_cert_uris = 2; // The DNSNames that are present in the SubjectAltName extension of the peer // leaf certificate. repeated string leaf_cert_dnsnames = 3; // The (ordered) list of fingerprints in the certificate chain used to verify // the given leaf certificate. The order MUST be from leaf certificate // fingerprint to root certificate fingerprint. // // A fingerprint is the base-64 encoding of the SHA256 hash of the // DER-encoding of a certificate. The list MAY be populated even if the peer // certificate chain was NOT validated successfully. repeated string peer_certificate_chain_fingerprints = 4; // The local identity used during session setup. s2a.proto.Identity local_identity = 5; // The SHA256 hash of the DER-encoding of the local leaf certificate used in // the handshake. bytes local_leaf_cert_fingerprint = 6; }