Class DefaultX509Source
- All Implemented Interfaces:
BundleSource<X509Bundle>,X509SvidSource,X509Source,Closeable,AutoCloseable
It handles a X509Svid and a X509BundleSet that are updated automatically
whenever there is an update from the Workload API.
Implements X509SvidSource and BundleSource.
Implements the Closeable interface. The close() method closes the source,
dropping the connection to the Workload API. Other source methods will return an error
after close has been called.
-
Nested Class Summary
Nested Classes -
Method Summary
Modifier and TypeMethodDescriptionvoidclose()Closes this source, dropping the connection to the Workload API.getBundleForTrustDomain(@NonNull TrustDomain trustDomain) Returns the X.509 bundle for a given trust domain.Returns the X.509 SVID handled by this source.static DefaultX509SourceCreates a new X.509 source.static DefaultX509SourcenewSource(@NonNull DefaultX509Source.X509SourceOptions options) Creates a new X.509 source.
-
Method Details
-
newSource
public static DefaultX509Source newSource() throws SocketEndpointAddressException, X509SourceExceptionCreates a new X.509 source. It blocks until the initial update with the X.509 materials has been received from the Workload API or until the timeout configured through the system property `spiffe.newX509Source.timeout` expires. If no timeout is configured, it blocks until it gets an X.509 update from the Workload API.It uses the default address socket endpoint from the environment variable to get the Workload API address.
It uses the default X.509 SVID (picks the first SVID that comes in the Workload API response).
- Returns:
- an instance of
DefaultX509Source, with the SVID and bundles initialized - Throws:
SocketEndpointAddressException- if the address to the Workload API is not validX509SourceException- if the source could not be initialized
-
newSource
public static DefaultX509Source newSource(@NonNull @NonNull DefaultX509Source.X509SourceOptions options) throws SocketEndpointAddressException, X509SourceException Creates a new X.509 source. It blocks until the initial update with the X.509 materials has been received from the Workload API, doing retries with a backoff exponential policy, or until the timeout has expired.If the timeout is not provided in the options, the default timeout is read from the system property `spiffe.newX509Source.timeout`. If none is configured, this method will block until the X.509 materials can be retrieved from the Workload API.
The
WorkloadApiClientcan be provided in the options, if it is not, a new client is created.If no SVID Picker is provided in the options, it uses the default X.509 SVID (picks the first SVID that comes in the Workload API response).
- Parameters:
options-DefaultX509Source.X509SourceOptions- Returns:
- an instance of
DefaultX509Source, with the SVID and bundles initialized - Throws:
SocketEndpointAddressException- if the address to the Workload API is not validX509SourceException- if the source could not be initialized
-
getX509Svid
Returns the X.509 SVID handled by this source.- Specified by:
getX509Svidin interfaceX509SvidSource- Returns:
- a
X509Svid - Throws:
IllegalStateException- if the source is closed
-
getBundleForTrustDomain
public X509Bundle getBundleForTrustDomain(@NonNull @NonNull TrustDomain trustDomain) throws BundleNotFoundException Returns the X.509 bundle for a given trust domain.- Specified by:
getBundleForTrustDomainin interfaceBundleSource<X509Bundle>- Parameters:
trustDomain- an instance of aTrustDomain- Returns:
- an instance of a
X509Bundle - Throws:
BundleNotFoundException- is there is no bundle for the trust domain providedIllegalStateException- if the source is closed
-
close
public void close()Closes this source, dropping the connection to the Workload API. Other source methods will return an error after close has been called.It is marked with
SneakyThrowsbecause it is not expected to throw the checked exception defined on theCloseableinterface.- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable
-