io.spiffe.bundle.x509bundle.X509Bundle Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of java-spiffe-core Show documentation
Show all versions of java-spiffe-core Show documentation
Core functionality to fetch, process and validate X.509 and JWT SVIDs and Bundles from the Workload API.
package io.spiffe.bundle.x509bundle;
import io.spiffe.bundle.BundleSource;
import io.spiffe.exception.BundleNotFoundException;
import io.spiffe.exception.X509BundleException;
import io.spiffe.internal.CertificateUtils;
import io.spiffe.spiffeid.TrustDomain;
import lombok.NonNull;
import lombok.Value;
import lombok.val;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
/**
* Represents a collection of trusted X.509 authorities for a trust domain.
*/
@Value
public class X509Bundle implements BundleSource {
TrustDomain trustDomain;
Set x509Authorities;
/**
* Creates a new X.509 bundle for a trust domain.
*
* @param trustDomain a {@link TrustDomain} to associate to the JwtBundle
*/
public X509Bundle(@NonNull final TrustDomain trustDomain) {
this.trustDomain = trustDomain;
this.x509Authorities = ConcurrentHashMap.newKeySet();
}
/**
* Creates a new X.509 bundle for a trust domain with X.509 Authorities.
*
* @param trustDomain a {@link TrustDomain} to associate to the JwtBundle
* @param x509Authorities a Map of X.509 Certificates
*/
public X509Bundle(@NonNull final TrustDomain trustDomain, @NonNull final Set x509Authorities) {
this.trustDomain = trustDomain;
this.x509Authorities = ConcurrentHashMap.newKeySet();
this.x509Authorities.addAll(x509Authorities);
}
/**
* Loads an X.509 bundle from a file on disk.
*
* @param trustDomain a {@link TrustDomain} to associate to the bundle
* @param bundlePath a path to the file that has the X.509 authorities
* @return an instance of {@link X509Bundle} with the X.509 authorities
* associated to the trust domain.
*
* @throws X509BundleException in case of failure accessing the given bundle path or the bundle cannot be parsed
*/
public static X509Bundle load(@NonNull final TrustDomain trustDomain, @NonNull final Path bundlePath) throws X509BundleException {
final byte[] bundleBytes;
try {
bundleBytes = Files.readAllBytes(bundlePath);
} catch (IOException e) {
throw new X509BundleException("Unable to load X.509 bundle file", e);
}
val x509Certificates = generateX509Certificates(bundleBytes);
val x509CertificateSet = new HashSet<>(x509Certificates);
return new X509Bundle(trustDomain, x509CertificateSet);
}
/**
* Parses an X.509 bundle from an array of bytes.
*
* @param trustDomain a {@link TrustDomain} to associate to the X.509 bundle
* @param bundleBytes an array of bytes that represents the X.509 authorities
*
* @return an instance of {@link X509Bundle} with the X.509 authorities
* associated to the given trust domain
*
* @throws X509BundleException if the bundle cannot be parsed
*/
public static X509Bundle parse(@NonNull final TrustDomain trustDomain, @NonNull final byte[] bundleBytes) throws X509BundleException {
val x509Certificates = generateX509Certificates(bundleBytes);
val x509CertificateSet = new HashSet<>(x509Certificates);
return new X509Bundle(trustDomain, x509CertificateSet);
}
/**
* Returns the X.509 bundle associated to the trust domain.
*
* @param trustDomain an instance of a {@link TrustDomain}
* @return the {@link X509Bundle} associated to the given trust domain
*
* @throws BundleNotFoundException if no X.509 bundle can be found for the given trust domain
*/
@Override
public X509Bundle getBundleForTrustDomain(@NonNull final TrustDomain trustDomain) throws BundleNotFoundException {
if (this.trustDomain.equals(trustDomain)) {
return this;
}
throw new BundleNotFoundException(String.format("No X.509 bundle found for trust domain %s", trustDomain));
}
/**
* Returns the X.509 Authorities in the bundle.
*
* @return the X.509 Authorities in the bundle
*/
public Set getX509Authorities() {
return Collections.unmodifiableSet(x509Authorities);
}
/**
* Checks if the given X.509 authority exists in the bundle.
*
* @param x509Authority an X.509 certificate
* @return boolean true if the x509Authority is present in the X.509 bundle, false otherwise
*/
public boolean hasX509Authority(@NonNull final X509Certificate x509Authority) {
return x509Authorities.contains(x509Authority);
}
/**
* Adds an X.509 authority to the bundle.
*
* @param x509Authority an X.509 certificate
*/
public void addX509Authority(@NonNull final X509Certificate x509Authority) {
x509Authorities.add(x509Authority);
}
/**
* Removes an X.509 authority from the bundle.
*
* @param x509Authority an X.509 certificate
*/
public void removeX509Authority(@NonNull final X509Certificate x509Authority) {
x509Authorities.remove(x509Authority);
}
private static List generateX509Certificates(byte[] bundleBytes) throws X509BundleException {
List x509Certificates;
try {
x509Certificates = CertificateUtils.generateCertificates(bundleBytes);
} catch (CertificateParsingException e) {
throw new X509BundleException("Bundle certificates could not be parsed from bundle path", e);
}
return x509Certificates;
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy