Class X509Svid

java.lang.Object
io.spiffe.svid.x509svid.X509Svid
public class X509Svid extends Object
Represents a SPIFFE X.509 SVID.

Contains a SPIFFE ID, a private key and a chain of X.509 certificates.

  • Method Details

    • getLeaf

      public X509Certificate getLeaf()
      Returns the Leaf X.509 certificate of the chain.
      Returns:
      the Leaf X.509 certificate of the chain

    • getHint

      public String getHint()
      Returns the SVID hint.
      Returns:
      the SVID hint

    • getChain

      public List<X509Certificate> getChain()
      Returns the chain of X.509 certificates.
      Returns:
      the chain of X.509 certificates

    • load

      public static X509Svid load(@NonNull @NonNull Path certsFilePath, @NonNull @NonNull Path privateKeyFilePath) throws X509SvidException
      Loads the X.509 SVID from PEM encoded files on disk.

      It is assumed that the leaf certificate is always the first certificate in the parsed chain.

      Parameters:
      certsFilePath - path to X.509 certificate chain file
      privateKeyFilePath - path to private key file
      Returns:
      an instance of X509Svid
      Throws:
      X509SvidException - if there is an error parsing the given certsFilePath or the privateKeyFilePath

    • parse

      public static X509Svid parse(@NonNull @NonNull byte[] certsBytes, @NonNull @NonNull byte[] privateKeyBytes) throws X509SvidException
      Parses the X.509 SVID from PEM or DER blocks containing certificate chain and key bytes. The key must be a PEM block with PKCS#8.

      It is assumed that the leaf certificate is always the first certificate in the parsed chain.

      Parameters:
      certsBytes - chain of certificates as a byte array
      privateKeyBytes - private key as byte array
      Returns:
      a X509Svid parsed from the given certBytes and privateKeyBytes
      Throws:
      X509SvidException - if the given certsBytes or privateKeyBytes cannot be parsed

    • parse

      public static X509Svid parse(@NonNull @NonNull byte[] certsBytes, @NonNull @NonNull byte[] privateKeyBytes, String hint) throws X509SvidException
      Parses the X.509 SVID from PEM or DER blocks containing certificate chain and key bytes. The key must be a PEM block with PKCS#8.

      It is assumed that the leaf certificate is always the first certificate in the parsed chain.

      Parameters:
      certsBytes - chain of certificates as a byte array
      privateKeyBytes - private key as byte array
      hint - a hint that can be used to provide guidance on how this identity should be used
      Returns:
      a X509Svid parsed from the given certBytes and privateKeyBytes
      Throws:
      X509SvidException - if the given certsBytes or privateKeyBytes cannot be parsed

    • parseRaw

      public static X509Svid parseRaw(@NonNull @NonNull byte[] certsBytes, @NonNull @NonNull byte[] privateKeyBytes) throws X509SvidException
      Parses the X509-SVID from certificate and key bytes. The certificate must be ASN.1 DER (concatenated with no intermediate padding if there are more than one certificate). The key must be a PKCS#8 ASN.1 DER.

      It is assumed that the leaf certificate is always the first certificate in the parsed chain.

      Parameters:
      certsBytes - chain of certificates as a byte array
      privateKeyBytes - private key as byte array
      Returns:
      a X509Svid parsed from the given certBytes and privateKeyBytes
      Throws:
      X509SvidException - if the given certsBytes or privateKeyBytes cannot be parsed

    • parseRaw

      public static X509Svid parseRaw(@NonNull @NonNull byte[] certsBytes, @NonNull @NonNull byte[] privateKeyBytes, String hint) throws X509SvidException
      Parses the X509-SVID from certificate and key bytes. The certificate must be ASN.1 DER (concatenated with no intermediate padding if there are more than one certificate). The key must be a PKCS#8 ASN.1 DER.

      It is assumed that the leaf certificate is always the first certificate in the parsed chain.

      Parameters:
      certsBytes - chain of certificates as a byte array
      privateKeyBytes - private key as byte array
      hint - a hint that can be used to provide guidance on how this identity should be used
      Returns:
      a X509Svid parsed from the given certBytes and privateKeyBytes
      Throws:
      X509SvidException - if the given certsBytes or privateKeyBytes cannot be parsed

    • getChainArray

      public X509Certificate[] getChainArray()
      Returns the chain of certificates as an array of X509Certificate.
      Returns:
      the chain of certificates as an array of X509Certificate