Package io.spiffe.helper.keystore

Class KeyStoreHelper

java.lang.Object

io.spiffe.helper.keystore.KeyStoreHelper

All Implemented Interfaces:

Closeable, AutoCloseable

public class KeyStoreHelper
extends Object
implements Closeable

Helper for storing X.509 SVIDs and bundles that are automatically fetched and rotated via the Workload API, in a Java KeyStore and a TrustStore in files in disk.

It stores the Private Key along with the chain of X.509 certificates in a KeyStore, and the trusted bundles in a separate KeyStore (TrustStore).

The underlying workload api client uses a backoff retry policy to reconnect to the Workload API when the connection is lost.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	KeyStoreHelper.KeyStoreOptions	Options for creating a KeyStoreHelper.

Method Summary

Modifier and Type	Method	Description
void	close()	Closes the KeyStoreHelper instance.
static KeyStoreHelper	create(@NonNull KeyStoreHelper.KeyStoreOptions options)	Creates an instance of a KeyStoreHelper for fetching X.509 SVIDs and bundles from a Workload API and store them in a binary Java KeyStore in disk.
void	run(boolean keepRunning)	Sets the instance to run fetching and storing the X.509 SVIDs and Bundles.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

create

public static KeyStoreHelper create(@NonNull
 @NonNull KeyStoreHelper.KeyStoreOptions options)
                             throws io.spiffe.exception.SocketEndpointAddressException,
KeyStoreHelperException,
KeyStoreException

Creates an instance of a KeyStoreHelper for fetching X.509 SVIDs and bundles from a Workload API and store them in a binary Java KeyStore in disk.

Parameters:

options - an instance of KeyStoreHelper.KeyStoreOptions

Returns:

an instance of a KeyStoreHelper

Throws:

io.spiffe.exception.SocketEndpointAddressException - if the socket endpoint address is not valid

KeyStoreHelperException - if the KeyStoreHelper cannot be created

KeyStoreException - if the underlying java KeyStore and TrustStore cannot be created

run

public void run(boolean keepRunning)
         throws KeyStoreHelperException

Sets the instance to run fetching and storing the X.509 SVIDs and Bundles.

Parameters:

keepRunning - if true, the process will block receiving and storing updates, otherwise it blocks only until the first X.509 context is received and stored.

Throws:

KeyStoreHelperException - if there is an error fetching or storing the X.509 SVIDs and Bundles

close

public void close()

Closes the KeyStoreHelper instance.

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable