A KafkaPrincipalBuilder that will extract a SPIFFE ID
from the Subject Alternative Names (SAN) of an X.509 certificate. Looks for
SANs of type URI starting with spiffe://, and returns the first one found.
If no match is found, falls back to traditional certificate parsing.
The .jar-file of this project must be made available on the Kafka
Broker classpath, typically in /usr/share/java/kafka/.
Then the broker must be instructed to use this class to build principals by adding the following to the configuration file:
principal.builder.class=io.statnett.k3a.authz.spiffe.SpiffePrincipalBuilder