spiffe
/
java-spiffe
mirror of https://github.com/spiffe/java-spiffe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Moving class to avoid circular references. 

Rename type parameters.
Improve readability.

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
This commit is contained in:
Max Lambrecht 2020-06-08 14:37:02 -03:00
parent 28ad4c0c0c
commit d68c17caaa
4 changed files with 15 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
java-spiffe-core/src/main/java/spiffe/workloadapi/internal/GrpcConversionUtils.java → java-spiffe-core/src/main/java/spiffe/workloadapi/GrpcConversionUtils.java
View File

@ -1,4 +1,4 @@
package spiffe.workloadapi.internal;
package spiffe.workloadapi;
import com.google.protobuf.ByteString;
import lombok.val;
@ -11,7 +11,6 @@ import spiffe.exception.X509SvidException;
import spiffe.spiffeid.SpiffeId;
import spiffe.spiffeid.TrustDomain;
import spiffe.svid.x509svid.X509Svid;
import spiffe.workloadapi.X509Context;
import spiffe.workloadapi.grpc.Workload;
import java.security.KeyException;
@ -23,16 +22,16 @@ import java.util.Map;
/**
* Utility methods for converting GRPC objects to JAVA-SPIFFE domain objects.
*/
public class GrpcConversionUtils {
class GrpcConversionUtils {
public static X509Context toX509Context(Workload.X509SVIDResponse x509SVIDResponse) throws CertificateException, X509SvidException {
static X509Context toX509Context(Workload.X509SVIDResponse x509SVIDResponse) throws CertificateException, X509SvidException {
List<X509Svid> x509SvidList = getListOfX509Svid(x509SVIDResponse);
List<X509Bundle> x509BundleList = getListOfX509Bundles(x509SVIDResponse);
X509BundleSet bundleSet = X509BundleSet.of(x509BundleList);
return new X509Context(x509SvidList, bundleSet);
}
private static List<X509Bundle> getListOfX509Bundles(Workload.X509SVIDResponse x509SVIDResponse) throws CertificateException {
static List<X509Bundle> getListOfX509Bundles(Workload.X509SVIDResponse x509SVIDResponse) throws CertificateException {
List<X509Bundle> x509BundleList = new ArrayList<>();
for (Workload.X509SVID x509SVID : x509SVIDResponse.getSvidsList()) {
SpiffeId spiffeId = SpiffeId.parse(x509SVID.getSpiffeId());

1
java-spiffe-core/src/main/java/spiffe/workloadapi/WorkloadApiClient.java
View File

@ -17,7 +17,6 @@ import spiffe.workloadapi.grpc.SpiffeWorkloadAPIGrpc;
import spiffe.workloadapi.grpc.SpiffeWorkloadAPIGrpc.SpiffeWorkloadAPIBlockingStub;
import spiffe.workloadapi.grpc.SpiffeWorkloadAPIGrpc.SpiffeWorkloadAPIStub;
import spiffe.workloadapi.grpc.Workload;
import spiffe.workloadapi.internal.GrpcConversionUtils;
import spiffe.workloadapi.internal.GrpcManagedChannelFactory;
import spiffe.workloadapi.internal.ManagedChannelWrapper;
import spiffe.workloadapi.internal.SecurityHeaderInterceptor;

8
java-spiffe-core/src/main/java/spiffe/workloadapi/internal/SecurityHeaderInterceptor.java
View File

@ -10,13 +10,13 @@ public class SecurityHeaderInterceptor implements ClientInterceptor {
* Intercepts the call to the WorkloadAPI and add the required security header
*/
@Override
public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(MethodDescriptor<ReqT, RespT> method, CallOptions callOptions, Channel next) {
return new ForwardingClientCall.SimpleForwardingClientCall<ReqT, RespT>(next.newCall(method, callOptions)) {
public <R,S> ClientCall<R,S> interceptCall(MethodDescriptor<R,S> method, CallOptions callOptions, Channel next) {
return new ForwardingClientCall.SimpleForwardingClientCall<R,S>(next.newCall(method, callOptions)) {
@Override
public void start(Listener<RespT> responseListener, Metadata headers) {
public void start(Listener<S> responseListener, Metadata headers) {
Metadata.Key<String> headerKey = Metadata.Key.of(SECURITY_HEADER, Metadata.ASCII_STRING_MARSHALLER);
headers.put(headerKey, "true");
super.start(new ForwardingClientCallListener.SimpleForwardingClientCallListener<RespT>(responseListener) {}, headers);
super.start(new ForwardingClientCallListener.SimpleForwardingClientCallListener<S>(responseListener) {}, headers);
}
};
}

25
java-spiffe-provider/src/main/java/spiffe/provider/SpiffeTrustManagerFactory.java
View File

@ -43,13 +43,9 @@ public class SpiffeTrustManagerFactory extends TrustManagerFactorySpi {
*/
@Override
public TrustManager[] engineGetTrustManagers() {
SpiffeTrustManager spiffeTrustManager =
null;
SpiffeTrustManager spiffeTrustManager = null;
try {
spiffeTrustManager = new SpiffeTrustManager(
X509SourceManager.getX509Source(),
this::getAcceptedSpiffeIds
);
spiffeTrustManager = new SpiffeTrustManager(X509SourceManager.getX509Source(), this::getAcceptedSpiffeIds);
} catch (X509SourceException e) {
throw new SpiffeProviderException("The X509 source could not be created", e);
} catch (SocketEndpointAddressException e) {
@ -79,7 +75,7 @@ public class SpiffeTrustManagerFactory extends TrustManagerFactorySpi {
* with a function verify a chain of certificates using a to validate the SPIFFE IDs
* of the peer's certificates, and a supplier of accepted SPIFFE IDs.
*
* @param x509BundleSource a {@link X509BundleSource} to provide the X.509-Bundles
* @param x509BundleSource a {@link X509BundleSource} to provide the X.509-Bundles
* @param acceptedSpiffeIdsSupplier a Supplier to provide a List of SPIFFE IDs that are accepted
* @return a TrustManager array with an initialized TrustManager.
*/
@ -87,17 +83,10 @@ public class SpiffeTrustManagerFactory extends TrustManagerFactorySpi {
X509BundleSource x509BundleSource,
Supplier<List<SpiffeId>> acceptedSpiffeIdsSupplier) {
Supplier<List<SpiffeId>> spiffeIdsSupplier;
if (acceptedSpiffeIdsSupplier != null) {
spiffeIdsSupplier = acceptedSpiffeIdsSupplier;
} else {
spiffeIdsSupplier = this::getAcceptedSpiffeIds;
}
val spiffeTrustManager =
new SpiffeTrustManager(
x509BundleSource,
spiffeIdsSupplier
);
final Supplier<List<SpiffeId>> spiffeIdsSupplier =
acceptedSpiffeIdsSupplier != null ? acceptedSpiffeIdsSupplier : this::getAcceptedSpiffeIds;
val spiffeTrustManager = new SpiffeTrustManager(x509BundleSource, spiffeIdsSupplier);
return new TrustManager[]{spiffeTrustManager};
}