spiffe
/
java-spiffe
mirror of https://github.com/spiffe/java-spiffe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Making JWT and X509 SVID entities unmodifiable. 

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
This commit is contained in:
Max Lambrecht 2020-06-23 12:57:26 -03:00
parent cbca3a1ec2
commit c5f85756fc
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
java-spiffe-core/src/main/java/io/spiffe/svid/jwtsvid/JwtSvid.java
View File

@ -23,6 +23,7 @@ import java.security.PublicKey;
import java.security.interfaces.ECPublicKey; import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.text.ParseException; import java.text.ParseException;
import java.util.Collections;
import java.util.Date; import java.util.Date;
import java.util.HashSet; import java.util.HashSet;
import java.util.Map; import java.util.Map;
@ -178,6 +179,20 @@ public class JwtSvid {
return new Date(expiry.getTime()); return new Date(expiry.getTime());
} }
/**
* @return the map of claims
*/
public Map<String, Object> getClaims() {
return Collections.unmodifiableMap(claims);
}
/**
* @return the Set of audiences
*/
public Set<String> getAudience() {
return Collections.unmodifiableSet(audience);
}
private static JWTClaimsSet getJwtClaimsSet(final SignedJWT signedJwt) { private static JWTClaimsSet getJwtClaimsSet(final SignedJWT signedJwt) {
final JWTClaimsSet claimsSet; final JWTClaimsSet claimsSet;
try { try {

12
java-spiffe-core/src/main/java/io/spiffe/svid/x509svid/X509Svid.java
View File

@ -18,6 +18,7 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException; import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.util.Collections;
import java.util.List; import java.util.List;
/** /**
@ -49,12 +50,19 @@ public class X509Svid {
} }
/** /**
* @return the Leaf Certificate of the chain * @return the Leaf X.509 certificate of the chain
*/ */
public X509Certificate getLeaf() { public X509Certificate getLeaf() {
return chain.get(0); return chain.get(0);
} }
/**
* @return the chain of X.509 certificates
*/
public List<X509Certificate> getChain() {
return Collections.unmodifiableList(chain);
}
/** /**
* Loads the X.509 SVID from PEM encoded files on disk. * Loads the X.509 SVID from PEM encoded files on disk.
* <p> * <p>
@ -127,7 +135,7 @@ public class X509Svid {
validatePrivateKey(privateKey, x509Certificates); validatePrivateKey(privateKey, x509Certificates);
validateLeafCertificate(x509Certificates.get(0)); validateLeafCertificate(x509Certificates.get(0));
// there is intermediate CA certificates // there are intermediate CA certificates
if (x509Certificates.size() > 1) { if (x509Certificates.size() > 1) {
validateSigningCertificates(x509Certificates); validateSigningCertificates(x509Certificates);
} }