Package io.grpc.internal
Class SpiffeUtil
java.lang.Object
io.grpc.internal.SpiffeUtil
Provides utilities to manage SPIFFE bundles, extract SPIFFE IDs from X.509 certificate chains,
and parse SPIFFE IDs.
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final classRepresents a SPIFFE trust bundle; that is, a map from trust domain to set of trusted certificates.static classRepresents a SPIFFE ID as defined in the SPIFFE standard. -
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static voidcheckJwkEntry(Map<String, ?> jwkNode, String trustDomainName) private static voidprivate static List<X509Certificate> extractCert(List<Map<String, ?>> keysNode, String trustDomainName) static com.google.common.base.Optional<SpiffeUtil.SpiffeId> extractSpiffeId(X509Certificate[] certChain) Returns the SPIFFE ID from the leaf certificate, if present.static SpiffeUtil.SpiffeBundleloadTrustBundleFromFile(String trustBundleFile) Loads a SPIFFE trust bundle from a file, parsing it from the JSON format.static SpiffeUtil.SpiffeIdParses a URI string, applies validation rules described in SPIFFE standard, and, in case of success, returns parsed TrustDomain and Path.readTrustDomainsFromFile(String filePath) private static voidvalidatePath(String path) private static voidvalidatePathSegment(String pathSegment) private static voidvalidateTrustDomain(String trustDomain)
-
Field Details
-
URI_SAN_TYPE
-
USE_PARAMETER_VALUE
- See Also:
-
KTY_PARAMETER_VALUE
- See Also:
-
CERTIFICATE_PREFIX
- See Also:
-
CERTIFICATE_SUFFIX
- See Also:
-
PREFIX
- See Also:
-
-
Constructor Details
-
SpiffeUtil
private SpiffeUtil()
-
-
Method Details
-
parse
Parses a URI string, applies validation rules described in SPIFFE standard, and, in case of success, returns parsed TrustDomain and Path.- Parameters:
uri- a String representing a SPIFFE ID
-
doInitialUriValidation
-
validateTrustDomain
-
validatePath
-
validatePathSegment
-
extractSpiffeId
public static com.google.common.base.Optional<SpiffeUtil.SpiffeId> extractSpiffeId(X509Certificate[] certChain) throws CertificateParsingException Returns the SPIFFE ID from the leaf certificate, if present.- Parameters:
certChain- certificate chain to extract SPIFFE ID from- Throws:
CertificateParsingException
-
loadTrustBundleFromFile
public static SpiffeUtil.SpiffeBundle loadTrustBundleFromFile(String trustBundleFile) throws IOException Loads a SPIFFE trust bundle from a file, parsing it from the JSON format. In case of success, returnsSpiffeUtil.SpiffeBundle. If any element of the JSON content is invalid or unsupported, anIllegalArgumentExceptionis thrown and the entire Bundle is considered invalid.- Parameters:
trustBundleFile- the file path to the JSON file containing the trust bundle- Throws:
IOException- See Also:
-
readTrustDomainsFromFile
- Throws:
IOException
-
checkJwkEntry
-
extractCert
-