spiffe
/
java-spiffe
mirror of https://github.com/spiffe/java-spiffe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move examples to a folder in tests. 

Add details to README.
Make constants public.

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
This commit is contained in:
Max Lambrecht 2020-05-07 09:03:42 -03:00
parent 4e35b003fc
commit 9867c032cf
6 changed files with 30 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
java-spiffe-provider/README.md
View File

@ -38,7 +38,7 @@ Supplier of accepted SPIFFE IDs list can be provided as part of the `SslContextO
SSLContext sslContext = SpiffeSslContextFactory.getSslContext(sslContextOptions);
```
See [HttpsClient example](src/main/java/spiffe/provider/examples/HttpsClient.java) that defines a Supplier for providing
See [HttpsClient example](src/test/java/spiffe/provider/examples/mtls/HttpsClient.java) that defines a Supplier for providing
the list of SPIFFE IDs from a file.
## Plug Java SPIFFE Provider into Java Security
@ -53,6 +53,11 @@ security.provider.<n>=<className>
This declares a provider, and specifies its preference order n.
### Copy the JAR to the JVM extensions
For installing the JAR file containing the provider classes as a bundled extension in the java platform,
copy build/libs/spiffe-provider-<version>-all.jar to <java-home>/jre/lib/ext
#### Register the SPIFFE Provider
You can extend and override the master security properties file.
@ -84,13 +89,6 @@ To pass your custom security properties file through the command line via system
-Djava.security.properties=<path to java.security>
```
For example, it can be passed in the `JAVA_OPTS` used by the Tomcat's startup script:
```
$ export JAVA_OPTS="$JAVA_OPTS -Djava.security.properties=java.security"
$ ./catalina.sh run
```
The properties defined in your custom properties file will override the properties in the master file.
### Configure Workload API Socket Endpoint

27
java-spiffe-provider/src/main/java/spiffe/provider/SpiffeProviderConstants.java
View File

@ -1,24 +1,31 @@
package spiffe.provider;
/**
* Constants to be used in the context of the SPIFFE Provider
* SPIFFE Provider constants
*/
class SpiffeProviderConstants {
public class SpiffeProviderConstants {
/**
* Security property to get the list of accepted SPIFFE IDs.
* This property is read in the java.security file
*/
static final String SSL_SPIFFE_ACCEPT_PROPERTY = "ssl.spiffe.accept";
public static final String SSL_SPIFFE_ACCEPT_PROPERTY = "ssl.spiffe.accept";
// the name of this Provider implementation
static final String PROVIDER_NAME = "Spiffe";
/**
* The name of this Provider implementation
*/
public static final String PROVIDER_NAME = "Spiffe";
// the algorithm name for the KeyStore and TrustStore
static final String ALGORITHM = "Spiffe";
/**
* The algorithm name for the KeyStore and TrustStore
*/
public static final String ALGORITHM = "Spiffe";
// alias used by the SpiffeKeyStore
static final String DEFAULT_ALIAS = "Spiffe";
/**
* Alias used by the SpiffeKeyStore
*/
public static final String DEFAULT_ALIAS = "Spiffe";
private SpiffeProviderConstants() {}
private SpiffeProviderConstants() {
}
}

16
java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsClient.java → java-spiffe-provider/src/test/java/spiffe/provider/examples/mtls/HttpsClient.java
View File

@ -1,4 +1,4 @@
package spiffe.provider.examples;
package spiffe.provider.examples.mtls;
import lombok.val;
import spiffe.exception.SocketEndpointAddressException;
@ -6,6 +6,7 @@ import spiffe.exception.X509SourceException;
import spiffe.provider.SpiffeSslContextFactory;
import spiffe.provider.SpiffeSslContextFactory.SslContextOptions;
import spiffe.spiffeid.SpiffeId;
import spiffe.spiffeid.SpiffeIdUtils;
import spiffe.workloadapi.X509Source;
import spiffe.workloadapi.X509Source.X509SourceOptions;
@ -13,15 +14,11 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* Example of a simple HTTPS Client backed by the Workload API to get the X.509 Certificates
@ -76,12 +73,9 @@ public class HttpsClient {
}
static List<SpiffeId> listOfSpiffeIds() {
Path path = Paths.get("java-spiffe-provider/src/main/java/spiffe/provider/examples/spiffeIds.txt");
try (Stream<String> lines = Files.lines(path)) {
return lines
.map(SpiffeId::parse)
.collect(Collectors.toList());
} catch (Exception e) {
try {
return SpiffeIdUtils.getSpiffeIdListFromFile(Paths.get("java-spiffe-provider/src/test/java/spiffe/provider/examples/mtls/spiffeIds.txt"));
} catch (IOException e) {
throw new RuntimeException("Error getting list of spiffeIds", e);
}
}

2
java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsServer.java → java-spiffe-provider/src/test/java/spiffe/provider/examples/mtls/HttpsServer.java
View File

@ -1,4 +1,4 @@
package spiffe.provider.examples;
package spiffe.provider.examples.mtls;
import lombok.val;
import spiffe.exception.SocketEndpointAddressException;

2
java-spiffe-provider/src/main/java/spiffe/provider/examples/WorkloadThread.java → java-spiffe-provider/src/test/java/spiffe/provider/examples/mtls/WorkloadThread.java
View File

@ -1,4 +1,4 @@
package spiffe.provider.examples;
package spiffe.provider.examples.mtls;
import lombok.extern.java.Log;
import spiffe.internal.CertificateUtils;

0
java-spiffe-provider/src/main/java/spiffe/provider/examples/spiffeIds.txt → java-spiffe-provider/src/test/java/spiffe/provider/examples/mtls/spiffeIds.txt
View File