WithX5CInsecureFile returns a Options that sets the header x5cAllowInvalid claims. The `x5c` claims can only be accessed by running a method on the jose Token which validates the certificate chain before returning it. This option serves a use case where the user would prefer not to validate the cert
(certFile string, key interface{})
| 323 | // before returning it. Presumably the user would then perform their own validation. |
| 324 | // NOTE: here be dragons. Use WithX5CFile unless you know what you are doing. |
| 325 | func WithX5CInsecureFile(certFile string, key interface{}) Options { |
| 326 | return func(c *Claims) error { |
| 327 | certs, err := pemutil.ReadCertificateBundle(certFile) |
| 328 | if err != nil { |
| 329 | return err |
| 330 | } |
| 331 | certStrs, err := jose.ValidateX5C(certs, key) |
| 332 | if err != nil { |
| 333 | return errors.Wrap(err, "error validating x5c certificate chain and key for use in x5c header") |
| 334 | } |
| 335 | c.SetHeader(jose.X5cInsecureKey, certStrs) |
| 336 | return nil |
| 337 | } |
| 338 | } |
| 339 | |
| 340 | // WithX5CInsecureCerts returns a Options that sets the header x5cAllowInvalid claims using the cert in memory |
| 341 | func WithX5CInsecureCerts(certs []*x509.Certificate, key interface{}) Options { |
no test coverage detected
searching dependent graphs…