Skip to content

EXAMPLE.md

Latest commit

 

History

History
141 lines (129 loc) · 3.29 KB

EXAMPLE.md

File metadata and controls

141 lines (129 loc) · 3.29 KB

Fetch SVID

Fetch SVID and Bundles for C and C++ example.

Client object

err_t error;
workloadapi_Client *Client = workloadapi_NewClient(&error);
workloadapi_Client_SetAddress(client, "unix:///tmp/agent.sock");
workloadapi_Client_SetHeader(client, "workload.spiffe.io","true");
error = workloadapi_Client_Connect(client);

Initialize client with address.

SVID X.509

x509svid_SVID *svid = workloadapi_FetchX509SVID(Client);

Fetch SVID with Client object.

svid->id;            // spiffe ID
svid->id.td;         // trust domain object
svid->certs;         // stb array of X509* certificate objects
svid->private_key;   // private key EVP_PKEY object

SVID JWT

jwtsvid_SVID *svid = workloadapi_FetchJWTSVID(Client);

Fetch SVID with Client object.

svid->id;            // spiffe ID
svid->id.td;         // trust domain object
svid->token;         // raw jwt token
svid->claims;        // map for key to json object of claims

Bundles X.509

x509bundle_Set *set
    = workloadapi_Client_FetchX509Bundles(client, &error);

Bundles JWT

jwtbundle_Set *set
    = workloadapi_Client_FetchJWTBundles(client, &error);

Free

Don't forget to free allocated objects.

error = workloadapi_Client_Close(client);
error = workloadapi_Client_Free(client);

For SVIDs:

x509svid_SVID_Free(svid);
jwtsvid_SVID_Free(svid);

For bundles:

x509bundle_Set_Free(set);
jwtbundle_Set_Free(set);

Compiling

Always compile with make.

Run examples:

./c_client svid_type=x509
./c_client svid_type=jwt
./cpp_client svid_type=x509
./cpp_client svid_type=jwt
./c_client_bundle bundle_type=x509
./c_client_bundle bundle_type=jwt

Validate JWT SVID

Validate a given jwt for C example.

Client object

err_t error;
workloadapi_Client *Client = workloadapi_NewClient(&error);
workloadapi_Client_SetAddress(client, "unix:///tmp/agent.sock");
workloadapi_Client_SetHeader(client, "workload.spiffe.io","true");
error = workloadapi_Client_Connect(client);

Initialize client with address.

Token and audience

FILE *f = fopen(argv[1], "r");
if(f) {
    string_t token = FILE_to_string(f);
    string_t audience = string_new(argv[2]);
    // ...
}

Object file f must contain a valid jwt and argv[2] a valid audience string.

SVID JWT

jwtsvid_SVID *svid = workloadapi_FetchJWTSVID(Client);

Validate token and get SVID with Client object.

svid->id;            // spiffe ID
svid->id.td;         // trust domain object
svid->token;         // raw jwt token
svid->claims;        // map for key to json object of claims

Don't forget to free allocated objects.

jwtsvid_SVID_Free(svid);
// ...
error = workloadapi_Client_Close(client);
error = workloadapi_Client_Free(client);

=

Compiling

Always compile with make.

Run examples:

./c_client_validate token1.txt spiffe://example.org/audience1
./c_client_validate token2 spiffe://www.spiffe.org/aud1/path1

./c_client svid_type=x509
./c_client svid_type=jwt
./cpp_client svid_type=x509
./cpp_client svid_type=jwt
./c_client_bundle bundle_type=x509
./c_client_bundle bundle_type=jwt
./c_client_validate token1.txt spiffe://example.org/audience1
./c_client_validate token2 spiffe://www.spiffe.org/aud1/path1