BundleMapFromBytes parses bytes into a SPIFFE Bundle Map. See the SPIFFE Bundle Map spec for more detail - https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Trust_Domain_and_Bundle.md#4-spiffe-bundle-format If duplicate keys are encountered in the JSON parsing, Go's default unmarshal behav
(bundleMapBytes []byte)
| 41 | // behavior occurs which causes the last processed entry to be the entry in the |
| 42 | // parsed map. |
| 43 | func BundleMapFromBytes(bundleMapBytes []byte) (map[string]*spiffebundle.Bundle, error) { |
| 44 | var result partialParsedSPIFFEBundleMap |
| 45 | if err := json.Unmarshal(bundleMapBytes, &result); err != nil { |
| 46 | return nil, err |
| 47 | } |
| 48 | if result.Bundles == nil { |
| 49 | return nil, fmt.Errorf("spiffe: BundleMapFromBytes() no bundles parsed from spiffe bundle map bytes") |
| 50 | } |
| 51 | bundleMap := map[string]*spiffebundle.Bundle{} |
| 52 | for td, jsonBundle := range result.Bundles { |
| 53 | trustDomain, err := spiffeid.TrustDomainFromString(td) |
| 54 | if err != nil { |
| 55 | return nil, fmt.Errorf("spiffe: BundleMapFromBytes() invalid trust domain %q found when parsing SPIFFE Bundle Map: %v", td, err) |
| 56 | } |
| 57 | bundle, err := spiffebundle.Parse(trustDomain, jsonBundle) |
| 58 | if err != nil { |
| 59 | return nil, fmt.Errorf("spiffe: BundleMapFromBytes() failed to parse bundle for trust domain %q: %v", td, err) |
| 60 | } |
| 61 | bundleMap[td] = bundle |
| 62 | } |
| 63 | return bundleMap, nil |
| 64 | } |
| 65 | |
| 66 | // GetRootsFromSPIFFEBundleMap returns the root trust certificates from the |
| 67 | // SPIFFE bundle map for the given trust domain from the leaf certificate. |