Package io.grpc.util
Class AdvancedTlsX509KeyManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedKeyManager
-
- io.grpc.util.AdvancedTlsX509KeyManager
-
- All Implemented Interfaces:
javax.net.ssl.KeyManager
,javax.net.ssl.X509KeyManager
@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public final class AdvancedTlsX509KeyManager extends javax.net.ssl.X509ExtendedKeyManager
AdvancedTlsX509KeyManager is anX509ExtendedKeyManager
that allows users to configure advanced TLS features, such as private key and certificate chain reloading, etc.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
AdvancedTlsX509KeyManager.Closeable
Mainly used to avoid throwing IO Exceptions in java.io.Closeable.
-
Constructor Summary
Constructors Constructor Description AdvancedTlsX509KeyManager()
Constructs an AdvancedTlsX509KeyManager.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
java.lang.String
chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
java.lang.String
chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
java.lang.String
chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
java.security.cert.X509Certificate[]
getCertificateChain(java.lang.String alias)
java.lang.String[]
getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
java.security.PrivateKey
getPrivateKey(java.lang.String alias)
java.lang.String[]
getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
void
updateIdentityCredentials(java.security.PrivateKey key, java.security.cert.X509Certificate[] certs)
Updates the current cached private key and cert chains.void
updateIdentityCredentialsFromFile(java.io.File keyFile, java.io.File certFile)
Updates the private key and certificate chains from the local file paths.AdvancedTlsX509KeyManager.Closeable
updateIdentityCredentialsFromFile(java.io.File keyFile, java.io.File certFile, long period, java.util.concurrent.TimeUnit unit, java.util.concurrent.ScheduledExecutorService executor)
Schedules aScheduledExecutorService
to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated.
-
-
-
Method Detail
-
getPrivateKey
public java.security.PrivateKey getPrivateKey(java.lang.String alias)
-
getCertificateChain
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
-
getClientAliases
public java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
-
chooseClientAlias
public java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
-
chooseEngineClientAlias
public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
- Overrides:
chooseEngineClientAlias
in classjavax.net.ssl.X509ExtendedKeyManager
-
getServerAliases
public java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
-
chooseServerAlias
public java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
-
chooseEngineServerAlias
public java.lang.String chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
- Overrides:
chooseEngineServerAlias
in classjavax.net.ssl.X509ExtendedKeyManager
-
updateIdentityCredentials
public void updateIdentityCredentials(java.security.PrivateKey key, java.security.cert.X509Certificate[] certs)
Updates the current cached private key and cert chains.- Parameters:
key
- the private key that is going to be usedcerts
- the certificate chain that is going to be used
-
updateIdentityCredentialsFromFile
public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentialsFromFile(java.io.File keyFile, java.io.File certFile, long period, java.util.concurrent.TimeUnit unit, java.util.concurrent.ScheduledExecutorService executor) throws java.io.IOException, java.security.GeneralSecurityException
Schedules aScheduledExecutorService
to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated.- Parameters:
keyFile
- the file on disk holding the private keycertFile
- the file on disk holding the certificate chainperiod
- the period between successive read-and-update executionsunit
- the time unit of the initialDelay and period parametersexecutor
- the execute service we use to read and update the credentials- Returns:
- an object that caller should close when the file refreshes are not needed
- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
updateIdentityCredentialsFromFile
public void updateIdentityCredentialsFromFile(java.io.File keyFile, java.io.File certFile) throws java.io.IOException, java.security.GeneralSecurityException
Updates the private key and certificate chains from the local file paths.- Parameters:
keyFile
- the file on disk holding the private keycertFile
- the file on disk holding the certificate chain- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
-