Class X509SvidValidator

java.lang.Object
io.spiffe.svid.x509svid.X509SvidValidator
public final class X509SvidValidator extends Object
Provides methods to validate a chain of X.509 certificates using an X.509 bundle source.

  • Method Details

    • verifyChain

      public static void verifyChain(@NonNull @NonNull List<X509Certificate> chain, @NonNull @NonNull BundleSource<X509Bundle> x509BundleSource) throws CertificateException, BundleNotFoundException
      Verifies that a chain of certificates can be chained to one authority in the given X.509 bundle source.
      Parameters:
      chain - a list representing the chain of X.509 certificates to be validated
      x509BundleSource - a BundleSource to provide the authorities
      Throws:
      CertificateException - is the chain cannot be verified with an authority from the X.509 bundle source
      BundleNotFoundException - if no X.509 bundle for the trust domain could be found in the X.509 bundle source
      NullPointerException - if the given chain or 509BundleSource are null

    • verifySpiffeId

      public static void verifySpiffeId(@NonNull @NonNull X509Certificate x509Certificate, @NonNull @NonNull Supplier<Set<SpiffeId>> acceptedSpiffeIdsSupplier) throws CertificateException
      Checks that the X.509 SVID provided has a SPIFFE ID that is in the Set of accepted SPIFFE IDs supplied.
      Parameters:
      x509Certificate - a X509Svid with a SPIFFE ID to be verified
      acceptedSpiffeIdsSupplier - a Supplier of a Set of SPIFFE IDs that are accepted
      Throws:
      CertificateException - if the SPIFFE ID in x509Certificate is not in the Set supplied by acceptedSpiffeIdsSupplier, or if the SPIFFE ID cannot be parsed from the x509Certificate
      NullPointerException - if the given x509Certificate or acceptedSpiffeIdsSupplier are null