666766a90f
Add default helper config Improving java-spiffe-helper Runner and Config logic Improve error handling in java-spiffe-helper Update README Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com> |
||
|---|---|---|
| .github | ||
| conf | ||
| gradle/wrapper | ||
| java-spiffe-core | ||
| java-spiffe-helper | ||
| java-spiffe-provider | ||
| .gitignore | ||
| CHANGELOG.md | ||
| CODEOWNERS | ||
| LICENSE | ||
| README.md | ||
| build.gradle | ||
| gradlew | ||
| gradlew.bat | ||
| integration-tests.sh | ||
| lombok.config | ||
| settings.gradle | ||
README.md
Java SPIFFE Library
Overview
The JAVA-SPIFFE library provides functionality to interact with the Workload API to fetch X.509 and JWT SVIDs and Bundles, and a Java Security Provider implementation to be plugged into the Java Security architecture. This is essentially an X.509-SVID based KeyStore and TrustStore implementation that handles the certificates in memory and receives the updates asynchronously from the Workload API. The KeyStore handles the Certificate chain and Private Key to prove identity in a TLS connection, and the TrustStore handles the trusted bundles (supporting federated bundles) and performs peer's certificate and SPIFFE ID verification.
This library contains three modules:
-
java-spiffe-core: Core functionality to interact with the Workload API, and to process and validate X.509 and JWT SVIDs and bundles.
-
java-spiffe-provider: Java Provider implementation.
-
java-spiffe-helper: Helper to store X.509 SVIDs and Bundles in Java Keystores in disk.
Supports Java 8+
Download
The JARs can be downloaded from Maven Central.
The dependencies can be added to pom.xml
To import the java-spiffe-provider component:
<dependency>
<groupId>io.spiffe</groupId>
<artifactId>java-spiffe-provider</artifactId>
<version>0.8.4</version>
</dependency>
The java-spiffe-provider component imports the java-spiffe-core component.
To just import the java-spiffe-core component:
<dependency>
<groupId>io.spiffe</groupId>
<artifactId>java-spiffe-core</artifactId>
<version>0.8.4</version>
</dependency>
Using Gradle:
Import java-spiffe-provider:
implementation group: 'io.spiffe', name: 'java-spiffe-provider', version: '0.8.4'
Import java-spiffe-core:
implementation group: 'io.spiffe', name: 'java-spiffe-core', version: '0.8.4'
MacOS Support
x86 Architecture
In case run on a osx-x86 architecture, add to your pom.xml:
<dependency>
<groupId>io.spiffe</groupId>
<artifactId>grpc-netty-macos</artifactId>
<version>0.8.4</version>
<scope>runtime</scope>
</dependency>
Using Gradle:
runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos', version: '0.8.4'
Aarch64 (M1) Architecture
If you are running the aarch64 architecture (M1 CPUs), add to your pom.xml:
<dependency>
<groupId>io.spiffe</groupId>
<artifactId>grpc-netty-macos-aarch64</artifactId>
<version>0.8.4</version>
<scope>runtime</scope>
</dependency>
Using Gradle:
runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos-aarch64', version: '0.8.4'
Caveat: not all OpenJDK distributions are aarch64 native, make sure your JDK is also running natively
Note: java-spiffe-helper artifact
As the java-spiffe-helper artifact is meant to be used as a standalone JAR and not as a Maven dependency, it is not published to Maven Central, but to Github releases, for both Linux and MacOS versions.
Build the JARs
On Linux or MacOS, run:
$ ./gradlew assemble
BUILD SUCCESSFUL
All jar files are placed in build/libs folder.
Jars that include all dependencies
For the module java-spiffe-provider, a fat jar is generated with the classifier -all-[os-classifier].
For the module java-spiffe-helper, a fat jar is generated with the classifier [os-classifier].
Based on the OS where the build is run, the [os-classifier] will be:
-linux-x86_64for Linux-osx-x86_64for MacOS with x86_64 architecture-osx-aarch64for MacOS with aarch64 architecture (M1)