MCPcopy Index your code
hub / github.com/smallstep/cli / WithX5CInsecureFile

Function WithX5CInsecureFile

token/options.go:325–338  ·  view source on GitHub ↗

WithX5CInsecureFile returns a Options that sets the header x5cAllowInvalid claims. The `x5c` claims can only be accessed by running a method on the jose Token which validates the certificate chain before returning it. This option serves a use case where the user would prefer not to validate the cert

(certFile string, key interface{})

Source from the content-addressed store, hash-verified

323// before returning it. Presumably the user would then perform their own validation.
324// NOTE: here be dragons. Use WithX5CFile unless you know what you are doing.
325func WithX5CInsecureFile(certFile string, key interface{}) Options {
326 return func(c *Claims) error {
327 certs, err := pemutil.ReadCertificateBundle(certFile)
328 if err != nil {
329 return err
330 }
331 certStrs, err := jose.ValidateX5C(certs, key)
332 if err != nil {
333 return errors.Wrap(err, "error validating x5c certificate chain and key for use in x5c header")
334 }
335 c.SetHeader(jose.X5cInsecureKey, certStrs)
336 return nil
337 }
338}
339
340// WithX5CInsecureCerts returns a Options that sets the header x5cAllowInvalid claims using the cert in memory
341func WithX5CInsecureCerts(certs []*x509.Certificate, key interface{}) Options {

Callers 1

checkHostActionFunction · 0.92

Calls 1

SetHeaderMethod · 0.80

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…