spiffe
/
java-spiffe
mirror of https://github.com/spiffe/java-spiffe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #43 from maxlambrecht/docs-improvements 

Minor improvements in READMEs and javadocs.
This commit is contained in:
Max Lambrecht 2020-10-27 18:23:07 -03:00 committed by GitHub
parent ebb933557c dbd44a4db4
commit 2f295c86ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
java-spiffe-core/src/main/java/io/spiffe/spiffeid/SpiffeId.java
View File

@ -10,7 +10,7 @@ import java.util.Arrays;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
* Represents a SPIFFE ID as defined in SPIFFE standard. * Represents a SPIFFE ID as defined in the SPIFFE standard.
* <p> * <p>
* @see <a href="https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md">https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md</a> * @see <a href="https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md">https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md</a>
*/ */

2
java-spiffe-core/src/main/java/io/spiffe/spiffeid/TrustDomain.java
View File

@ -10,7 +10,7 @@ import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
/** /**
* Represents a normalized SPIFFE trust domain (e.g. 'domain.test'). * Represents the name of a SPIFFE trust domain (e.g. 'domain.test').
*/ */
@Value @Value
public class TrustDomain { public class TrustDomain {

17
java-spiffe-provider/README.md
View File

@ -1,14 +1,12 @@
# Java SPIFFE Provider # Java SPIFFE Provider
This module provides a Java Security Provider implementation supporting X.509-SVIDs and methods for This module provides a Java Security Provider implementation supporting X.509-SVIDs and methods for
creating SSLContexts that are backed by the Workload API. creating `SSLContext` that are backed by the Workload API.
## Create an SSL Context backed by the Workload API ## Create an SSL Context backed by the Workload API
To create an SSL Context that uses a `X509Source` backed by the Workload API, having the environment variable To create an `javax.net.ssl.SSLContext` that is backed by the Workload API through a `X509Source`, having the environment variable
` SPIFFE_ENDPOINT_SOCKET` defined with the Workload API endpoint address. ` SPIFFE_ENDPOINT_SOCKET` defined with the Workload API endpoint address:
The `SSLContext` is configured with a set of SPIFFE IDs that the current workload
will trust for TLS connections:
``` ```
X509Source source = DefaultX509Source.newSource(); X509Source source = DefaultX509Source.newSource();
@ -20,9 +18,12 @@ will trust for TLS connections:
.build(); .build();
SSLContext sslContext = SpiffeSslContextFactory.getSslContext(options); SSLContext sslContext = SpiffeSslContextFactory.getSslContext(options);
``` ```
The `SSLContext` is configured with a set of SPIFFE IDs that will be trusted for TLS connections.
Alternatively, a different Workload API address can be used by passing it to the X509Source creation method. Alternatively, a different Workload API address can be used by passing it to the `X509Source` creation method.
``` ```
X509SourceOptions sourceOptions = X509SourceOptions X509SourceOptions sourceOptions = X509SourceOptions
@ -154,7 +155,7 @@ A Tomcat TLS connector that uses the `Spiffe` KeyStore can be configured as foll
### Create mTLS GRPC server and client ### Create mTLS GRPC server and client
Prerequisite: Having the SPIFFE Provided configured through the `java.security`. Prerequisite: Having the SPIFFE Provider configured through the `java.security`.
A `GRPC Server` using an SSL context backed by the Workload API: A `GRPC Server` using an SSL context backed by the Workload API: