Class SpiffeSslSocketFactory
java.lang.Object
javax.net.SocketFactory
javax.net.ssl.SSLSocketFactory
io.spiffe.provider.SpiffeSslSocketFactory
Implementation of
SSLSocketFactory that provides methods to create SSLSocket
backed by a SPIFFE SSLContext SpiffeSslContextFactory.-
Constructor Summary
ConstructorsConstructorDescriptionDefault Constructor.SpiffeSslSocketFactory(SpiffeSslContextFactory.SslContextOptions contextOptions) Constructor. -
Method Summary
Modifier and TypeMethodDescriptioncreateSocket(String s, int i) createSocket(String s, int i, InetAddress inetAddress, int i1) createSocket(InetAddress inetAddress, int i) createSocket(InetAddress inetAddress, int i, InetAddress inetAddress1, int i1) createSocket(Socket socket, String s, int i, boolean b) String[]String[]Methods inherited from class javax.net.ssl.SSLSocketFactory
createSocket, getDefault
-
Constructor Details
-
SpiffeSslSocketFactory
public SpiffeSslSocketFactory() throws io.spiffe.exception.SocketEndpointAddressException, io.spiffe.exception.X509SourceException, NoSuchAlgorithmException, KeyManagementExceptionDefault Constructor. This SpiffeSslSocketFactory is backed by SPIFFE-aware SSLContext that obtains certificates from the SPIFFE Workload API, connecting to a socket configured through the environment variable 'SPIFFE_ENDPOINT_SOCKET'. The list of accepted SPIFFE IDs, that will be used to validate the SAN in a peer certificate, can be configured through the property 'ssl.spiffe.accept', separating the SPIFFE IDs using commas without spaces, e.g., '-Dssl.spiffe.accept=spiffe://domain.test/service,spiffe://example.org/app' If the property is not set, any SPIFFE ID will be accepted in a TLS connection.- Throws:
NoSuchAlgorithmException- if there is a problem creating the SSL contextKeyManagementException- if there is a problem initializing the SSL contextio.spiffe.exception.X509SourceException- if there is a problem creating the source of X.509 certificatesio.spiffe.exception.SocketEndpointAddressException- if there is a problem connecting to the local SPIFFE socket
-
SpiffeSslSocketFactory
public SpiffeSslSocketFactory(SpiffeSslContextFactory.SslContextOptions contextOptions) throws KeyManagementException, NoSuchAlgorithmException Constructor.- Parameters:
contextOptions- options for creating the SSL Context- Throws:
NoSuchAlgorithmException- if there is a problem creating the SSL contextKeyManagementException- if there is a problem initializing the SSL context
-
-
Method Details
-
getDefaultCipherSuites
- Specified by:
getDefaultCipherSuitesin classSSLSocketFactory
-
getSupportedCipherSuites
- Specified by:
getSupportedCipherSuitesin classSSLSocketFactory
-
createSocket
- Specified by:
createSocketin classSSLSocketFactory- Throws:
IOException
-
createSocket
- Specified by:
createSocketin classSocketFactory- Throws:
IOException
-
createSocket
- Specified by:
createSocketin classSocketFactory- Throws:
IOException
-
createSocket
- Specified by:
createSocketin classSocketFactory- Throws:
IOException
-
createSocket
public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress1, int i1) throws IOException - Specified by:
createSocketin classSocketFactory- Throws:
IOException
-
createSocket
- Overrides:
createSocketin classSocketFactory- Throws:
IOException
-