spiffe
/
java-spiffe
mirror of https://github.com/spiffe/java-spiffe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18 from transferwise/send-chain 

Use the certificate chain as provided by the workload api
This commit is contained in:
Max 2019-08-06 18:29:15 -03:00 committed by GitHub
parent 2edd5a7c35 89d2b5edeb
commit fa4b3da370
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/spiffe/provider/CertificateUtils.java
View File

@ -38,11 +38,11 @@ class CertificateUtils {
* @return a Set of X509Certificate
* @throws CertificateException
*/
static Set<X509Certificate> generateCertificates(byte[] input) throws CertificateException {
static List<X509Certificate> generateCertificates(byte[] input) throws CertificateException {
Collection<? extends Certificate> certificates = getCertificateFactory().generateCertificates(new ByteArrayInputStream(input));
return certificates.stream()
.map(X509Certificate.class::cast)
.collect(Collectors.toSet());
.collect(Collectors.toList());
}
/**

5
src/main/java/spiffe/provider/SpiffeIdManager.java
View File

@ -6,6 +6,7 @@ import spiffe.api.svid.X509SVIDFetcher;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CountDownLatch;
import java.util.logging.Level;
@ -70,9 +71,9 @@ public class SpiffeIdManager {
LOGGER.log(Level.FINE, "Spiffe SVID has been updated ");
}
public X509Certificate getCertificate() {
public List<X509Certificate> getCertificateChain() {
awaitSpiffeSVID();
return guard.read(() -> spiffeSVID != null ? spiffeSVID.getCertificate() : null);
return guard.read(() -> spiffeSVID != null ? spiffeSVID.getCertificateChain() : null);
}
public PrivateKey getPrivateKey() {

8
src/main/java/spiffe/provider/SpiffeKeyManager.java
View File

@ -7,6 +7,7 @@ import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import static spiffe.provider.SpiffeProviderConstants.ALIAS;
@ -27,14 +28,13 @@ public class SpiffeKeyManager extends X509ExtendedKeyManager {
}
/**
* The Certificate Chain that the workload presents to the other peer,
* it consists only of the SpiffeSVID leaf certificate
* The Certificate Chain that the workload presents to the other peer.
*
* @return the X.509 SVID Certificate
* @return the X.509 SVID Certificates
*/
@Override
public X509Certificate[] getCertificateChain(String s) {
return new X509Certificate[]{spiffeIdManager.getCertificate()};
return spiffeIdManager.getCertificateChain().toArray(new X509Certificate[0]);
}
/**

15
src/main/java/spiffe/provider/SpiffeSVID.java
View File

@ -8,6 +8,7 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
@ -27,9 +28,9 @@ public class SpiffeSVID {
private String spiffeID;
/**
* The SPIFFE Verifiable Identity Document
* The SPIFFE Verifiable Identity Document and chain
*/
private X509Certificate certificate;
private List<X509Certificate> certificateChain;
/**
* The Private Key associated to the Public Key of the certificate
@ -62,8 +63,8 @@ public class SpiffeSVID {
Workload.X509SVID svid = x509SVIDResponse.getSvidsList().get(0);
certificate = CertificateUtils.generateCertificate(svid.getX509Svid().toByteArray());
bundle = CertificateUtils.generateCertificates(svid.getBundle().toByteArray());
certificateChain = CertificateUtils.generateCertificates(svid.getX509Svid().toByteArray());
bundle = new HashSet<>(CertificateUtils.generateCertificates(svid.getBundle().toByteArray()));
privateKey = CertificateUtils.generatePrivateKey(svid.getX509SvidKey().toByteArray());
spiffeID = svid.getSpiffeId();
federatedBundles = buildFederatedX509CertificatesMap(x509SVIDResponse.getFederatedBundlesMap());
@ -81,7 +82,7 @@ public class SpiffeSVID {
Map<String, Set<X509Certificate>> federatedCertificates = new HashMap<>();
federatedBundlesMap.forEach((trustDomain, cert) -> {
try {
federatedCertificates.put(trustDomain, CertificateUtils.generateCertificates(cert.toByteArray()));
federatedCertificates.put(trustDomain, new HashSet<>(CertificateUtils.generateCertificates(cert.toByteArray())));
} catch (CertificateException e) {
LOGGER.log(Level.SEVERE, "Federated Bundles couldn't be processed ", e);
throw new RuntimeException(e);
@ -94,8 +95,8 @@ public class SpiffeSVID {
return spiffeID;
}
public X509Certificate getCertificate() {
return certificate;
public List<X509Certificate> getCertificateChain() {
return certificateChain;
}
public PrivateKey getPrivateKey() {