Package com.netflix.spinnaker.kork.crypto

Interface X509IdentitySource

All Known Implementing Classes:
PasswordProtectedKeyStoreIdentitySource, PEMIdentitySource
public interface X509IdentitySource
Provides a source for loading an X509Identity from some underlying key and certificate. These sources should keep track of the last time an identity was loaded along with the earliest expiration date of any contained certificates. These identities may be adapted into refreshable identities via refreshable(Duration) which specifies a polling duration in which to recheck if the identity should be reloaded.

  • Method Details

    • getLastLoaded

      Instant getLastLoaded()
      Returns the time this source last loaded an identity. This may return Instant.MIN if no identity has been loaded yet.

    • getLastModified

      Instant getLastModified()
      Returns the time that the key or certificate source was last modified.

    • getExpiresAt

      Instant getExpiresAt()
      Returns the earliest date and time of expiration of the certificates included in this source. This may return Instant.MAX if no expiration date is known.

    • load

      X509Identity load() throws IOException
      Loads an X509Identity from this underlying source. Any thrown GeneralSecurityException instances should be rethrown in a NestedSecurityIOException.
      Throws:
      IOException

    • refreshable

      default X509Identity refreshable(Duration refreshCheckDelay)
      Creates a refreshable X509Identity from this source and the given refresh check delay. The returned identity will periodically check if a reload is required based on the last modified timestamp of the source along with the expiration of the certificates.
      See Also:

    • fromPEM

      static X509IdentitySource fromPEM(Path keyFile, Path certificateFile)
      Creates an identity source from a PEM-encoded private key file and certificate file.

    • fromPKCS12

      static X509IdentitySource fromPKCS12(Path keystoreFile, PasswordProvider passwordProvider)
      Creates an identity source from a PKCS#12-encoded keystore file and password provider function.

    • fromPKCS12

      static X509IdentitySource fromPKCS12(Path keystoreFile, PasswordProvider keystorePasswordProvider, PasswordProvider privateKeyPasswordProvider)
      Creates an identity source from a PKCS#12-encoded keystore file, keystore password provider function, and identity private key password provider function.

    • fromKeyStore

      static X509IdentitySource fromKeyStore(Path keystoreFile, String keystoreType, PasswordProvider passwordProvider)
      Creates an identity source from a password-protected KeyStore file.

    • fromKeyStore

      static X509IdentitySource fromKeyStore(Path keystoreFile, String keystoreType, PasswordProvider keystorePasswordProvider, PasswordProvider privateKeyPasswordProvider)
      Creates an identity source from a password-protected KeyStore file.
      Parameters:
      keystoreFile - path to the keystore file to read
      keystoreType - the type of the keystore (typically PKCS12)
      keystorePasswordProvider - function for obtaining the password to decrypt the keystore file
      privateKeyPasswordProvider - function for obtaining the password to decrypt the identity private key (this is typically the same as the keystore password)
      Returns:
      an identity source from the provided keystore details