diff --git a/java-spiffe-core/src/main/java/spiffe/internal/CertificateUtils.java b/java-spiffe-core/src/main/java/spiffe/internal/CertificateUtils.java index cef83cd..9ca577c 100644 --- a/java-spiffe-core/src/main/java/spiffe/internal/CertificateUtils.java +++ b/java-spiffe-core/src/main/java/spiffe/internal/CertificateUtils.java @@ -137,7 +137,7 @@ public class CertificateUtils { // Create an instance of PKIXParameters used as input for the PKIX CertPathValidator private static PKIXParameters toPkixParameters(List trustedCerts) throws CertificateException, InvalidAlgorithmParameterException { - if (trustedCerts == null || trustedCerts.size() == 0) { + if (trustedCerts == null || trustedCerts.isEmpty()) { throw new CertificateException("No trusted Certs"); } @@ -166,4 +166,6 @@ public class CertificateUtils { val decoder = Base64.getDecoder(); return decoder.decode(privateKey); } + + private CertificateUtils() {} } diff --git a/java-spiffe-core/src/main/java/spiffe/spiffeid/SpiffeId.java b/java-spiffe-core/src/main/java/spiffe/spiffeid/SpiffeId.java index acb6353..e28fd1e 100644 --- a/java-spiffe-core/src/main/java/spiffe/spiffeid/SpiffeId.java +++ b/java-spiffe-core/src/main/java/spiffe/spiffeid/SpiffeId.java @@ -41,7 +41,7 @@ public class SpiffeId { val path = Arrays.stream(segments) .filter(StringUtils::isNotBlank) .map(SpiffeId::normalize) - .map(s -> "/" + s) + .map(s -> '/' + s) .collect(Collectors.joining()); return new SpiffeId(trustDomain, path); } diff --git a/java-spiffe-core/src/main/java/spiffe/spiffeid/SpiffeIdUtils.java b/java-spiffe-core/src/main/java/spiffe/spiffeid/SpiffeIdUtils.java index 15f894b..3ddffa6 100644 --- a/java-spiffe-core/src/main/java/spiffe/spiffeid/SpiffeIdUtils.java +++ b/java-spiffe-core/src/main/java/spiffe/spiffeid/SpiffeIdUtils.java @@ -68,10 +68,11 @@ public class SpiffeIdUtils { * @throws IllegalArgumentException if any of the SPIFFE IDs in the file cannot be parsed */ public static List getSpiffeIdListFromFile(final Path spiffeIdsFile) throws IOException { - Stream lines = Files.lines(spiffeIdsFile); - return lines - .map(SpiffeId::parse) - .collect(Collectors.toList()); + try (Stream lines = Files.lines(spiffeIdsFile)) { + return lines + .map(SpiffeId::parse) + .collect(Collectors.toList()); + } } /** @@ -95,4 +96,6 @@ public class SpiffeIdUtils { .map(SpiffeId::parse) .collect(Collectors.toList()); } + + private SpiffeIdUtils() {} } diff --git a/java-spiffe-core/src/main/java/spiffe/spiffeid/TrustDomain.java b/java-spiffe-core/src/main/java/spiffe/spiffeid/TrustDomain.java index ee4a0cf..4e22537 100644 --- a/java-spiffe-core/src/main/java/spiffe/spiffeid/TrustDomain.java +++ b/java-spiffe-core/src/main/java/spiffe/spiffeid/TrustDomain.java @@ -17,10 +17,10 @@ import static java.lang.String.format; @Value public class TrustDomain { - String trustDomain; + String name; private TrustDomain(String trustDomain) { - this.trustDomain = trustDomain; + this.name = trustDomain; } /** @@ -51,7 +51,7 @@ public class TrustDomain { */ @Override public String toString() { - return trustDomain; + return name; } private static String normalize(String s) { diff --git a/java-spiffe-core/src/main/java/spiffe/svid/jwtsvid/JwtSvidSource.java b/java-spiffe-core/src/main/java/spiffe/svid/jwtsvid/JwtSvidSource.java index 74aab83..bb1c1d8 100644 --- a/java-spiffe-core/src/main/java/spiffe/svid/jwtsvid/JwtSvidSource.java +++ b/java-spiffe-core/src/main/java/spiffe/svid/jwtsvid/JwtSvidSource.java @@ -17,5 +17,5 @@ public interface JwtSvidSource { * * @throws //TODO: declare thrown exceptions */ - JwtSvid FetchJwtSvid(SpiffeId subject, String audience, String... extraAudiences); + JwtSvid fetchJwtSvid(SpiffeId subject, String audience, String... extraAudiences); } diff --git a/java-spiffe-core/src/main/java/spiffe/svid/x509svid/X509SvidValidator.java b/java-spiffe-core/src/main/java/spiffe/svid/x509svid/X509SvidValidator.java index 7ff9ee3..03cb16c 100644 --- a/java-spiffe-core/src/main/java/spiffe/svid/x509svid/X509SvidValidator.java +++ b/java-spiffe-core/src/main/java/spiffe/svid/x509svid/X509SvidValidator.java @@ -62,4 +62,6 @@ public class X509SvidValidator { throw new CertificateException(String.format("SPIFFE ID %s in x509Certificate is not accepted", spiffeId)); } } + + private X509SvidValidator() {} } diff --git a/java-spiffe-core/src/main/java/spiffe/workloadapi/Address.java b/java-spiffe-core/src/main/java/spiffe/workloadapi/Address.java index f510293..db408f3 100644 --- a/java-spiffe-core/src/main/java/spiffe/workloadapi/Address.java +++ b/java-spiffe-core/src/main/java/spiffe/workloadapi/Address.java @@ -62,76 +62,14 @@ public class Address { String error = null; switch (scheme) { - case "unix": { - if (parsedAddress.isOpaque() && parsedAddress.isAbsolute()) { - error = "Workload endpoint unix socket URI must not be opaque: %s"; - break; - } - - if (StringUtils.isNotBlank(parsedAddress.getUserInfo())) { - error = "Workload endpoint unix socket URI must not include user info: %s"; - break; - } - - if (StringUtils.isBlank(parsedAddress.getHost()) && StringUtils.isBlank(parsedAddress.getPath())) { - error = "Workload endpoint unix socket URI must include a path: %s"; - break; - } - - if (StringUtils.isNotBlank(parsedAddress.getRawQuery())) { - error = "Workload endpoint unix socket URI must not include query values: %s"; - break; - } - - if (StringUtils.isNotBlank(parsedAddress.getFragment())) { - error = "Workload endpoint unix socket URI must not include a fragment: %s"; - } + case "unix": + error = validateUnixAddress(parsedAddress); break; - } - - case "tcp": { - if (parsedAddress.isOpaque() && parsedAddress.isAbsolute()) { - error = "Workload endpoint tcp socket URI must not be opaque: %s"; - break; - } - - if (StringUtils.isNotBlank(parsedAddress.getUserInfo())) { - error = "Workload endpoint tcp socket URI must not include user info: %s"; - break; - } - - if (StringUtils.isBlank(parsedAddress.getHost())) { - error = "Workload endpoint tcp socket URI must include a host: %s"; - break; - } - - if (StringUtils.isNotBlank(parsedAddress.getPath())) { - error = "Workload endpoint tcp socket URI must not include a path: %s"; - break; - } - - if (StringUtils.isNotBlank(parsedAddress.getRawQuery())) { - error = "Workload endpoint tcp socket URI must not include query values: %s"; - break; - } - - if (StringUtils.isNotBlank(parsedAddress.getFragment())) { - error = "Workload endpoint tcp socket URI must not include a fragment: %s"; - break; - } - - String ip = parseIp(parsedAddress.getHost()); - if (StringUtils.isBlank(ip)) { - error = "Workload endpoint tcp socket URI host component must be an IP:port: %s"; - break; - } - - int port = parsedAddress.getPort(); - if (port == -1) { - error = "Workload endpoint tcp socket URI host component must include a port: %s"; - } + case "tcp": + error = validateTcpAddress(parsedAddress); break; - } + default: + error = "Workload endpoint socket URI must have a tcp:// or unix:// scheme: %s"; } if (StringUtils.isNotBlank(error)) { @@ -141,6 +79,66 @@ public class Address { return parsedAddress; } + private static String validateUnixAddress(URI parsedAddress) { + if (parsedAddress.isOpaque() && parsedAddress.isAbsolute()) { + return "Workload endpoint unix socket URI must not be opaque: %s"; + } + + if (StringUtils.isNotBlank(parsedAddress.getUserInfo())) { + return "Workload endpoint unix socket URI must not include user info: %s"; + } + + if (StringUtils.isBlank(parsedAddress.getHost()) && StringUtils.isBlank(parsedAddress.getPath())) { + return "Workload endpoint unix socket URI must include a path: %s"; + } + + if (StringUtils.isNotBlank(parsedAddress.getRawQuery())) { + return "Workload endpoint unix socket URI must not include query values: %s"; + } + + if (StringUtils.isNotBlank(parsedAddress.getFragment())) { + return "Workload endpoint unix socket URI must not include a fragment: %s"; + } + return ""; + } + + private static String validateTcpAddress(URI parsedAddress) { + if (parsedAddress.isOpaque() && parsedAddress.isAbsolute()) { + return "Workload endpoint tcp socket URI must not be opaque: %s"; + } + + if (StringUtils.isNotBlank(parsedAddress.getUserInfo())) { + return "Workload endpoint tcp socket URI must not include user info: %s"; + } + + if (StringUtils.isBlank(parsedAddress.getHost())) { + return "Workload endpoint tcp socket URI must include a host: %s"; + } + + if (StringUtils.isNotBlank(parsedAddress.getPath())) { + return "Workload endpoint tcp socket URI must not include a path: %s"; + } + + if (StringUtils.isNotBlank(parsedAddress.getRawQuery())) { + return "Workload endpoint tcp socket URI must not include query values: %s"; + } + + if (StringUtils.isNotBlank(parsedAddress.getFragment())) { + return "Workload endpoint tcp socket URI must not include a fragment: %s"; + } + + String ip = parseIp(parsedAddress.getHost()); + if (StringUtils.isBlank(ip)) { + return "Workload endpoint tcp socket URI host component must be an IP:port: %s"; + } + + int port = parsedAddress.getPort(); + if (port == -1) { + return "Workload endpoint tcp socket URI host component must include a port: %s"; + } + return ""; + } + private static boolean isValid(String scheme) { return (StringUtils.isNotBlank(scheme) && VALID_SCHEMES.contains(scheme)); } @@ -153,4 +151,6 @@ public class Address { return null; } } + + private Address() {} } diff --git a/java-spiffe-core/src/main/java/spiffe/workloadapi/JwtSource.java b/java-spiffe-core/src/main/java/spiffe/workloadapi/JwtSource.java index c36d375..ac52d26 100644 --- a/java-spiffe-core/src/main/java/spiffe/workloadapi/JwtSource.java +++ b/java-spiffe-core/src/main/java/spiffe/workloadapi/JwtSource.java @@ -31,7 +31,7 @@ public class JwtSource implements JwtSvidSource, JwtBundleSource { } @Override - public JwtSvid FetchJwtSvid(SpiffeId subject, String audience, String... extraAudiences) { + public JwtSvid fetchJwtSvid(SpiffeId subject, String audience, String... extraAudiences) { throw new NotImplementedException("Not implemented"); } } diff --git a/java-spiffe-core/src/main/java/spiffe/workloadapi/Watcher.java b/java-spiffe-core/src/main/java/spiffe/workloadapi/Watcher.java index 37f5060..8b21a52 100644 --- a/java-spiffe-core/src/main/java/spiffe/workloadapi/Watcher.java +++ b/java-spiffe-core/src/main/java/spiffe/workloadapi/Watcher.java @@ -6,8 +6,6 @@ package spiffe.workloadapi; * @param is the type of the updates. */ public interface Watcher { - - void OnUpdate(final T update); - - void OnError(final Throwable e); + void onUpdate(final T update); + void onError(final Throwable e); } diff --git a/java-spiffe-core/src/main/java/spiffe/workloadapi/WorkloadApiClient.java b/java-spiffe-core/src/main/java/spiffe/workloadapi/WorkloadApiClient.java index 1914fe8..b5a5848 100644 --- a/java-spiffe-core/src/main/java/spiffe/workloadapi/WorkloadApiClient.java +++ b/java-spiffe-core/src/main/java/spiffe/workloadapi/WorkloadApiClient.java @@ -125,19 +125,19 @@ public class WorkloadApiClient implements Closeable { try { x509Context = GrpcConversionUtils.toX509Context(value); } catch (CertificateException | X509SvidException e) { - watcher.OnError(new X509ContextException("Error processing X509 Context update", e)); + watcher.onError(new X509ContextException("Error processing X509 Context update", e)); } - watcher.OnUpdate(x509Context); + watcher.onUpdate(x509Context); } @Override public void onError(Throwable t) { - watcher.OnError(new X509ContextException("Error getting X509Context", t)); + watcher.onError(new X509ContextException("Error getting X509Context", t)); } @Override public void onCompleted() { - watcher.OnError(new X509ContextException("Unexpected completed stream")); + watcher.onError(new X509ContextException("Unexpected completed stream")); } }; Context.CancellableContext cancellableContext; diff --git a/java-spiffe-core/src/main/java/spiffe/workloadapi/X509Source.java b/java-spiffe-core/src/main/java/spiffe/workloadapi/X509Source.java index f751e81..f23f755 100644 --- a/java-spiffe-core/src/main/java/spiffe/workloadapi/X509Source.java +++ b/java-spiffe-core/src/main/java/spiffe/workloadapi/X509Source.java @@ -158,27 +158,27 @@ public class X509Source implements X509SvidSource, X509BundleSource, Closeable { private void setX509ContextWatcher() { workloadApiClient.watchX509Context(new Watcher() { @Override - public void OnUpdate(X509Context update) { + public void onUpdate(X509Context update) { log.log(Level.INFO, "Received X509Context update"); setX509Context(update); } @Override - public void OnError(Throwable error) { + public void onError(Throwable error) { log.log(Level.SEVERE, String.format("Error in X509Context watcher: %s %n %s", error.getMessage(), ExceptionUtils.getStackTrace(error))); } }); } private void setX509Context(@NonNull final X509Context update) { - X509Svid svid; + X509Svid svidUpdate; if (picker == null) { - svid = update.getDefaultSvid(); + svidUpdate = update.getDefaultSvid(); } else { - svid = picker.apply(update.getX509Svid()); + svidUpdate = picker.apply(update.getX509Svid()); } synchronized (this) { - this.svid = svid; + this.svid = svidUpdate; this.bundles = update.getX509BundleSet(); } } diff --git a/java-spiffe-core/src/main/java/spiffe/workloadapi/internal/GrpcConversionUtils.java b/java-spiffe-core/src/main/java/spiffe/workloadapi/internal/GrpcConversionUtils.java index b01d19e..08318dd 100644 --- a/java-spiffe-core/src/main/java/spiffe/workloadapi/internal/GrpcConversionUtils.java +++ b/java-spiffe-core/src/main/java/spiffe/workloadapi/internal/GrpcConversionUtils.java @@ -47,4 +47,6 @@ public class GrpcConversionUtils { } return x509SvidList; } + + private GrpcConversionUtils() {} } diff --git a/java-spiffe-core/src/main/java/spiffe/workloadapi/internal/GrpcManagedChannelFactory.java b/java-spiffe-core/src/main/java/spiffe/workloadapi/internal/GrpcManagedChannelFactory.java index f5ae12c..aa2f73a 100644 --- a/java-spiffe-core/src/main/java/spiffe/workloadapi/internal/GrpcManagedChannelFactory.java +++ b/java-spiffe-core/src/main/java/spiffe/workloadapi/internal/GrpcManagedChannelFactory.java @@ -65,4 +65,6 @@ public class GrpcManagedChannelFactory { channelBuilder.eventLoopGroup(new NioEventLoopGroup()); } + + private GrpcManagedChannelFactory() {} } \ No newline at end of file diff --git a/java-spiffe-helper/src/main/java/spiffe/helper/KeyStore.java b/java-spiffe-helper/src/main/java/spiffe/helper/KeyStore.java index 4ef1af8..dd0cecd 100644 --- a/java-spiffe-helper/src/main/java/spiffe/helper/KeyStore.java +++ b/java-spiffe-helper/src/main/java/spiffe/helper/KeyStore.java @@ -25,7 +25,7 @@ class KeyStore { private final KeyStoreType keyStoreType; private final char[] keyStorePassword; - private java.security.KeyStore keyStore; + private java.security.KeyStore javaKeyStore; private File keyStoreFile; @Builder @@ -41,7 +41,7 @@ class KeyStore { private void setupKeyStore() throws KeyStoreException { this.keyStoreFile = new File(keyStoreFilePath.toUri()); - this.keyStore = loadKeyStore(keyStoreFile); + this.javaKeyStore = loadKeyStore(keyStoreFile); } @@ -70,7 +70,7 @@ class KeyStore { */ void storePrivateKey(final PrivateKeyEntry privateKeyEntry) throws KeyStoreException { // Store PrivateKey Entry in KeyStore - keyStore.setKeyEntry( + javaKeyStore.setKeyEntry( privateKeyEntry.getAlias(), privateKeyEntry.getPrivateKey(), privateKeyEntry.getPassword(), @@ -85,7 +85,7 @@ class KeyStore { */ void storeBundleEntry(BundleEntry bundleEntry) throws KeyStoreException { // Store Bundle Entry in KeyStore - this.keyStore.setCertificateEntry( + this.javaKeyStore.setCertificateEntry( bundleEntry.getAlias(), bundleEntry.getCertificate() ); @@ -95,7 +95,7 @@ class KeyStore { // Flush KeyStore to disk, to the configured (@see keyStoreFilePath) private void flush() throws KeyStoreException { try { - keyStore.store(new FileOutputStream(keyStoreFile), keyStorePassword); + javaKeyStore.store(new FileOutputStream(keyStoreFile), keyStorePassword); } catch (IOException | NoSuchAlgorithmException | CertificateException e) { throw new KeyStoreException(e); } diff --git a/java-spiffe-helper/src/main/java/spiffe/helper/KeyStoreHelper.java b/java-spiffe-helper/src/main/java/spiffe/helper/KeyStoreHelper.java index 2038bd3..a6304fa 100644 --- a/java-spiffe-helper/src/main/java/spiffe/helper/KeyStoreHelper.java +++ b/java-spiffe-helper/src/main/java/spiffe/helper/KeyStoreHelper.java @@ -96,18 +96,18 @@ public class KeyStoreHelper { private void setX509ContextWatcher(WorkloadApiClient workloadApiClient, CountDownLatch countDownLatch) { workloadApiClient.watchX509Context(new Watcher() { @Override - public void OnUpdate(X509Context update) { + public void onUpdate(X509Context update) { log.log(Level.INFO, "Received X509Context update"); try { storeX509ContextUpdate(update); } catch (KeyStoreException e) { - this.OnError(e); + this.onError(e); } countDownLatch.countDown(); } @Override - public void OnError(Throwable t) { + public void onError(Throwable t) { throw new RuntimeException(t); } }); diff --git a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeKeyManager.java b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeKeyManager.java index 627457a..8b28957 100644 --- a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeKeyManager.java +++ b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeKeyManager.java @@ -36,7 +36,7 @@ public final class SpiffeKeyManager extends X509ExtendedKeyManager { @Override public X509Certificate[] getCertificateChain(String alias) { if (!Objects.equals(alias, DEFAULT_ALIAS)) { - return null; + return new X509Certificate[0]; } X509Svid x509Svid = x509SvidSource.getX509Svid(); return x509Svid.getChainArray(); diff --git a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeKeyStore.java b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeKeyStore.java index 7fa309c..7dc09ca 100644 --- a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeKeyStore.java +++ b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeKeyStore.java @@ -30,7 +30,7 @@ public final class SpiffeKeyStore extends KeyStoreSpi { @Override public Certificate[] engineGetCertificateChain(String alias) { - return null; + return new Certificate[0]; } @Override diff --git a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeProviderConstants.java b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeProviderConstants.java index 4eda194..7115202 100644 --- a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeProviderConstants.java +++ b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeProviderConstants.java @@ -13,4 +13,6 @@ class SpiffeProviderConstants { // alias used by the SpiffeKeyStore static final String DEFAULT_ALIAS = "Spiffe"; + + private SpiffeProviderConstants() {} } diff --git a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeSslContextFactory.java b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeSslContextFactory.java index 7ec42c1..e8ddc8a 100644 --- a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeSslContextFactory.java +++ b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeSslContextFactory.java @@ -74,4 +74,6 @@ public final class SpiffeSslContextFactory { this.sslProtocol = sslProtocol; } } + + private SpiffeSslContextFactory() {} } diff --git a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeTrustManager.java b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeTrustManager.java index deff3e7..6b4dba5 100644 --- a/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeTrustManager.java +++ b/java-spiffe-provider/src/main/java/spiffe/provider/SpiffeTrustManager.java @@ -25,15 +25,15 @@ public final class SpiffeTrustManager extends X509ExtendedTrustManager { private final Supplier> acceptedSpiffeIdsSupplier; /** - * Creates a SpiffeTrustManager with a X509BundleSource used to provide the trusted + * Creates a SpiffeTrustManager with a X509 bundle source used to provide the trusted * bundles, and a Supplier of a List of accepted SpiffeIds to be used during peer SVID validation. * - * @param X509BundleSource an implementation of a {@link X509BundleSource} + * @param x509BundleSource an implementation of a {@link X509BundleSource} * @param acceptedSpiffeIdsSupplier a Supplier of a list of accepted SPIFFE IDs. */ - public SpiffeTrustManager(X509BundleSource X509BundleSource, + public SpiffeTrustManager(X509BundleSource x509BundleSource, Supplier> acceptedSpiffeIdsSupplier) { - this.x509BundleSource = X509BundleSource; + this.x509BundleSource = x509BundleSource; this.acceptedSpiffeIdsSupplier = acceptedSpiffeIdsSupplier; } diff --git a/java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsClient.java b/java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsClient.java index b7fb222..7a32e24 100644 --- a/java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsClient.java +++ b/java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsClient.java @@ -75,9 +75,8 @@ public class HttpsClient { } static List listOfSpiffeIds() { - try { - Path path = Paths.get("java-spiffe-provider/src/main/java/spiffe/provider/examples/spiffeIds.txt"); - Stream lines = Files.lines(path); + Path path = Paths.get("java-spiffe-provider/src/main/java/spiffe/provider/examples/spiffeIds.txt"); + try (Stream lines = Files.lines(path)) { return lines .map(SpiffeId::parse) .collect(Collectors.toList()); diff --git a/java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsServer.java b/java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsServer.java index 9cf7595..fc70387 100644 --- a/java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsServer.java +++ b/java-spiffe-provider/src/main/java/spiffe/provider/examples/HttpsServer.java @@ -58,13 +58,14 @@ public class HttpsServer { SSLContext sslContext = SpiffeSslContextFactory.getSslContext(sslContextOptions); SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); - SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(port); - // Server will validate Client chain and SPIFFE ID - sslServerSocket.setNeedClientAuth(true); + try (SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(port)) { + // Server will validate Client chain and SPIFFE ID + sslServerSocket.setNeedClientAuth(true); - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - new WorkloadThread(sslSocket, x509Source).start(); + SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); + new WorkloadThread(sslSocket, x509Source).start(); + } } } diff --git a/java-spiffe-provider/src/main/java/spiffe/provider/examples/WorkloadThread.java b/java-spiffe-provider/src/main/java/spiffe/provider/examples/WorkloadThread.java index a524804..f8fbb49 100644 --- a/java-spiffe-provider/src/main/java/spiffe/provider/examples/WorkloadThread.java +++ b/java-spiffe-provider/src/main/java/spiffe/provider/examples/WorkloadThread.java @@ -1,5 +1,6 @@ package spiffe.provider.examples; +import lombok.extern.java.Log; import spiffe.internal.CertificateUtils; import spiffe.spiffeid.SpiffeId; import spiffe.workloadapi.X509Source; @@ -8,7 +9,9 @@ import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import java.io.*; import java.security.cert.X509Certificate; +import java.util.logging.Level; +@Log class WorkloadThread extends Thread { private final X509Source x509Source; @@ -19,15 +22,16 @@ class WorkloadThread extends Thread { this.x509Source = x509Source; } + + @Override public void run() { try { sslSocket.startHandshake(); SSLSession sslSession = sslSocket.getSession(); - System.out.println("SSLSession :"); - System.out.println("\tProtocol : " + sslSession.getProtocol()); - System.out.println("\tCipher suite : " + sslSession.getCipherSuite()); - System.out.println(); + log.info("SSLSession :\n"); + log.info("\tProtocol : \n" + sslSession.getProtocol()); + log.info("\tCipher suite \n: " + sslSession.getCipherSuite()); // Start handling application content InputStream inputStream = sslSocket.getInputStream(); @@ -50,14 +54,14 @@ class WorkloadThread extends Thread { // Read message from peer String line; while ((line = bufferedReader.readLine()) != null) { - System.out.println("Message received: " + line); + log.info("Message received: " + line); break; } x509Source.close(); sslSocket.close(); - } catch (Exception ex) { - ex.printStackTrace(); + } catch (Exception e) { + log.log(Level.SEVERE, e.getMessage()); } } }