public class CertificateIdentityPoolSubjectTokenSupplier implements IdentityPoolSubjectTokenSupplierProvider for retrieving the subject tokens for IdentityPoolCredentials by reading an X.509 certificate from the filesystem. The certificate file (e.g., PEM or DER encoded) is read, the leaf certificate is base64-encoded (DER format), wrapped in a JSON array, and used as the subject token for STS exchange.
Implements
IdentityPoolSubjectTokenSupplierMethods
getSubjectToken(ExternalAccountSupplierContext context)
public String getSubjectToken(ExternalAccountSupplierContext context)Retrieves the X509 subject token. This method loads the leaf certificate specified by the
credentialSource.credentialLocation. If a trust chain path is configured in the
credentialSource.certificateConfig, it also loads and includes the trust chain certificates.
The subject token is constructed as a JSON array containing the base64-encoded (DER format)
leaf certificate, followed by the base64-encoded (DER format) certificates in the trust chain.
This JSON array serves as the subject token for mTLS authentication.
| Parameter | |
|---|---|
| Name | Description |
context |
ExternalAccountSupplierContextThe external account supplier context. This parameter is currently not used in this implementation. |
| Returns | |
|---|---|
| Type | Description |
String |
The JSON string representation of the base64-encoded certificate chain (leaf certificate followed by the trust chain, if present). |
| Exceptions | |
|---|---|
| Type | Description |
IOException |
If an I/O error occurs while reading the certificate file(s). |