idFromCert parses the SPIFFE ID from the x509.Certificate. If the certificate does not have a valid SPIFFE ID, returns an error.
(cert *x509.Certificate)
| 92 | // idFromCert parses the SPIFFE ID from the x509.Certificate. If the certificate |
| 93 | // does not have a valid SPIFFE ID, returns an error. |
| 94 | func idFromCert(cert *x509.Certificate) (*spiffeid.ID, error) { |
| 95 | if cert == nil { |
| 96 | return nil, fmt.Errorf("input cert is nil") |
| 97 | } |
| 98 | // A valid SPIFFE Certificate should have exactly one URI. |
| 99 | if len(cert.URIs) != 1 { |
| 100 | return nil, fmt.Errorf("input cert has %v URIs but should have 1", len(cert.URIs)) |
| 101 | } |
| 102 | id, err := spiffeid.FromURI(cert.URIs[0]) |
| 103 | if err != nil { |
| 104 | return nil, fmt.Errorf("invalid spiffeid: %v", err) |
| 105 | } |
| 106 | return &id, nil |
| 107 | } |