Class SpiffeSslContextFactory

java.lang.Object

io.spiffe.provider.SpiffeSslContextFactory

public final class SpiffeSslContextFactory
extends Object

Utility class to create instances of SSLContext initialized with a SpiffeKeyManager and a SpiffeTrustManager that are backed by the Workload API.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SpiffeSslContextFactory.SslContextOptions	Options for creating a new SSLContext.

Method Summary

Modifier and Type	Method	Description
static SSLContext	getSslContext(@NonNull SpiffeSslContextFactory.SslContextOptions options)	Creates an SSLContext initialized with a SpiffeKeyManager and SpiffeTrustManager that are backed by the Workload API via an DefaultX509Source.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getSslContext

public static SSLContext getSslContext(@NonNull
 @NonNull SpiffeSslContextFactory.SslContextOptions options)
                                throws NoSuchAlgorithmException,
KeyManagementException

Creates an SSLContext initialized with a SpiffeKeyManager and SpiffeTrustManager that are backed by the Workload API via an DefaultX509Source.

Parameters:

options - SpiffeSslContextFactory.SslContextOptions. The option DefaultX509Source must be not null. If the option acceptedSpiffeIdsSupplier is not provided, the Set of accepted SPIFFE IDs is read from the Security or System Property ssl.spiffe.accept. If the sslProtocol is not provided, the default TLSv1.2 is used.

Returns:

an initialized SSLContext

Throws:

IllegalArgumentException - if the DefaultX509Source is not provided in the options

NoSuchAlgorithmException - if there is a problem creating the SSL context

KeyManagementException - if there is a problem initializing the SSL context