Package io.grpc.util
Class AdvancedTlsX509KeyManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedKeyManager
-
- io.grpc.util.AdvancedTlsX509KeyManager
-
- All Implemented Interfaces:
KeyManager
,X509KeyManager
@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public final class AdvancedTlsX509KeyManager extends X509ExtendedKeyManager
AdvancedTlsX509KeyManager is anX509ExtendedKeyManager
that allows users to configure advanced TLS features, such as private key and certificate chain reloading, etc.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
AdvancedTlsX509KeyManager.Closeable
Mainly used to avoid throwing IO Exceptions in java.io.Closeable.
-
Constructor Summary
Constructors Constructor Description AdvancedTlsX509KeyManager()
Constructs an AdvancedTlsX509KeyManager.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
String
chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
String
chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
String
chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
X509Certificate[]
getCertificateChain(String alias)
String[]
getClientAliases(String keyType, Principal[] issuers)
PrivateKey
getPrivateKey(String alias)
String[]
getServerAliases(String keyType, Principal[] issuers)
void
updateIdentityCredentials(PrivateKey key, X509Certificate[] certs)
Updates the current cached private key and cert chains.void
updateIdentityCredentialsFromFile(File keyFile, File certFile)
Updates the private key and certificate chains from the local file paths.AdvancedTlsX509KeyManager.Closeable
updateIdentityCredentialsFromFile(File keyFile, File certFile, long period, TimeUnit unit, ScheduledExecutorService executor)
Schedules aScheduledExecutorService
to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated.
-
-
-
Constructor Detail
-
AdvancedTlsX509KeyManager
public AdvancedTlsX509KeyManager() throws CertificateException
Constructs an AdvancedTlsX509KeyManager.- Throws:
CertificateException
-
-
Method Detail
-
getPrivateKey
public PrivateKey getPrivateKey(String alias)
-
getCertificateChain
public X509Certificate[] getCertificateChain(String alias)
-
chooseClientAlias
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
-
chooseEngineClientAlias
public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
- Overrides:
chooseEngineClientAlias
in classX509ExtendedKeyManager
-
chooseServerAlias
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
-
chooseEngineServerAlias
public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
- Overrides:
chooseEngineServerAlias
in classX509ExtendedKeyManager
-
updateIdentityCredentials
public void updateIdentityCredentials(PrivateKey key, X509Certificate[] certs)
Updates the current cached private key and cert chains.- Parameters:
key
- the private key that is going to be usedcerts
- the certificate chain that is going to be used
-
updateIdentityCredentialsFromFile
public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentialsFromFile(File keyFile, File certFile, long period, TimeUnit unit, ScheduledExecutorService executor) throws IOException, GeneralSecurityException
Schedules aScheduledExecutorService
to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated.- Parameters:
keyFile
- the file on disk holding the private keycertFile
- the file on disk holding the certificate chainperiod
- the period between successive read-and-update executionsunit
- the time unit of the initialDelay and period parametersexecutor
- the execute service we use to read and update the credentials- Returns:
- an object that caller should close when the file refreshes are not needed
- Throws:
IOException
GeneralSecurityException
-
updateIdentityCredentialsFromFile
public void updateIdentityCredentialsFromFile(File keyFile, File certFile) throws IOException, GeneralSecurityException
Updates the private key and certificate chains from the local file paths.- Parameters:
keyFile
- the file on disk holding the private keycertFile
- the file on disk holding the certificate chain- Throws:
IOException
GeneralSecurityException
-
-