Package io.grpc.internal

Class SpiffeUtil

java.lang.Object

io.grpc.internal.SpiffeUtil

public final class SpiffeUtil
extends Object

Provides utilities to manage SPIFFE bundles, extract SPIFFE IDs from X.509 certificate chains, and parse SPIFFE IDs.

See Also:

• Standard

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	SpiffeUtil.SpiffeBundle	Represents a SPIFFE trust bundle; that is, a map from trust domain to set of trusted certificates.
static class	SpiffeUtil.SpiffeId	Represents a SPIFFE ID as defined in the SPIFFE standard.

Method Summary

Modifier and Type	Method	Description
static com.google.common.base.Optional<SpiffeUtil.SpiffeId>	extractSpiffeId(X509Certificate[] certChain)	Returns the SPIFFE ID from the leaf certificate, if present.
static SpiffeUtil.SpiffeBundle	loadTrustBundleFromFile(String trustBundleFile)	Loads a SPIFFE trust bundle from a file, parsing it from the JSON format.
static SpiffeUtil.SpiffeId	parse(String uri)	Parses a URI string, applies validation rules described in SPIFFE standard, and, in case of success, returns parsed TrustDomain and Path.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

parse

public static SpiffeUtil.SpiffeId parse(String uri)

Parses a URI string, applies validation rules described in SPIFFE standard, and, in case of success, returns parsed TrustDomain and Path.

Parameters:

uri - a String representing a SPIFFE ID

extractSpiffeId

public static com.google.common.base.Optional<SpiffeUtil.SpiffeId> extractSpiffeId(X509Certificate[] certChain)
                                                                            throws CertificateParsingException

Returns the SPIFFE ID from the leaf certificate, if present.

Parameters:

certChain - certificate chain to extract SPIFFE ID from

Throws:

CertificateParsingException

loadTrustBundleFromFile

public static SpiffeUtil.SpiffeBundle loadTrustBundleFromFile(String trustBundleFile)
                                                       throws IOException

Loads a SPIFFE trust bundle from a file, parsing it from the JSON format. In case of success, returns SpiffeUtil.SpiffeBundle. If any element of the JSON content is invalid or unsupported, an IllegalArgumentException is thrown and the entire Bundle is considered invalid.

Parameters:

trustBundleFile - the file path to the JSON file containing the trust bundle

Throws:

IOException

See Also:

• JSON format
• JWK entry format
• x5c (certificate) parameter