Package io.grpc.internal
Class SpiffeUtil
java.lang.Object
io.grpc.internal.SpiffeUtil
Provides utilities to manage SPIFFE bundles, extract SPIFFE IDs from X.509 certificate chains,
and parse SPIFFE IDs.
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final class
Represents a SPIFFE trust bundle; that is, a map from trust domain to set of trusted certificates.static class
Represents a SPIFFE ID as defined in the SPIFFE standard. -
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static void
checkJwkEntry
(Map<String, ?> jwkNode, String trustDomainName) private static void
private static List
<X509Certificate> extractCert
(List<Map<String, ?>> keysNode, String trustDomainName) static com.google.common.base.Optional
<SpiffeUtil.SpiffeId> extractSpiffeId
(X509Certificate[] certChain) Returns the SPIFFE ID from the leaf certificate, if present.static SpiffeUtil.SpiffeBundle
loadTrustBundleFromFile
(String trustBundleFile) Loads a SPIFFE trust bundle from a file, parsing it from the JSON format.static SpiffeUtil.SpiffeId
Parses a URI string, applies validation rules described in SPIFFE standard, and, in case of success, returns parsed TrustDomain and Path.readTrustDomainsFromFile
(String filePath) private static void
validatePath
(String path) private static void
validatePathSegment
(String pathSegment) private static void
validateTrustDomain
(String trustDomain)
-
Field Details
-
URI_SAN_TYPE
-
USE_PARAMETER_VALUE
- See Also:
-
KTY_PARAMETER_VALUE
- See Also:
-
CERTIFICATE_PREFIX
- See Also:
-
CERTIFICATE_SUFFIX
- See Also:
-
PREFIX
- See Also:
-
-
Constructor Details
-
SpiffeUtil
private SpiffeUtil()
-
-
Method Details
-
parse
Parses a URI string, applies validation rules described in SPIFFE standard, and, in case of success, returns parsed TrustDomain and Path.- Parameters:
uri
- a String representing a SPIFFE ID
-
doInitialUriValidation
-
validateTrustDomain
-
validatePath
-
validatePathSegment
-
extractSpiffeId
public static com.google.common.base.Optional<SpiffeUtil.SpiffeId> extractSpiffeId(X509Certificate[] certChain) throws CertificateParsingException Returns the SPIFFE ID from the leaf certificate, if present.- Parameters:
certChain
- certificate chain to extract SPIFFE ID from- Throws:
CertificateParsingException
-
loadTrustBundleFromFile
public static SpiffeUtil.SpiffeBundle loadTrustBundleFromFile(String trustBundleFile) throws IOException Loads a SPIFFE trust bundle from a file, parsing it from the JSON format. In case of success, returnsSpiffeUtil.SpiffeBundle
. If any element of the JSON content is invalid or unsupported, anIllegalArgumentException
is thrown and the entire Bundle is considered invalid.- Parameters:
trustBundleFile
- the file path to the JSON file containing the trust bundle- Throws:
IOException
- See Also:
-
readTrustDomainsFromFile
- Throws:
IOException
-
checkJwkEntry
-
extractCert
-