Package io.grpc.util

Class AdvancedTlsX509KeyManager

  • All Implemented Interfaces:
    javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

    @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024")
    public final class AdvancedTlsX509KeyManager
    extends javax.net.ssl.X509ExtendedKeyManager
    AdvancedTlsX509KeyManager is an X509ExtendedKeyManager that allows users to configure advanced TLS features, such as private key and certificate chain reloading, etc.
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static interface  AdvancedTlsX509KeyManager.Closeable
      Mainly used to avoid throwing IO Exceptions in java.io.Closeable.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String chooseClientAlias​(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)  
      java.lang.String chooseEngineClientAlias​(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)  
      java.lang.String chooseEngineServerAlias​(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)  
      java.lang.String chooseServerAlias​(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)  
      java.security.cert.X509Certificate[] getCertificateChain​(java.lang.String alias)  
      java.lang.String[] getClientAliases​(java.lang.String keyType, java.security.Principal[] issuers)  
      java.security.PrivateKey getPrivateKey​(java.lang.String alias)  
      java.lang.String[] getServerAliases​(java.lang.String keyType, java.security.Principal[] issuers)  
      void updateIdentityCredentials​(java.security.PrivateKey key, java.security.cert.X509Certificate[] certs)
      Updates the current cached private key and cert chains.
      void updateIdentityCredentialsFromFile​(java.io.File keyFile, java.io.File certFile)
      Updates the private key and certificate chains from the local file paths.
      AdvancedTlsX509KeyManager.Closeable updateIdentityCredentialsFromFile​(java.io.File keyFile, java.io.File certFile, long period, java.util.concurrent.TimeUnit unit, java.util.concurrent.ScheduledExecutorService executor)
      Schedules a ScheduledExecutorService to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • AdvancedTlsX509KeyManager

        public AdvancedTlsX509KeyManager()
                                  throws java.security.cert.CertificateException
        Constructs an AdvancedTlsX509KeyManager.
        Throws:
        java.security.cert.CertificateException
    • Method Detail

      • getPrivateKey

        public java.security.PrivateKey getPrivateKey​(java.lang.String alias)
      • getCertificateChain

        public java.security.cert.X509Certificate[] getCertificateChain​(java.lang.String alias)
      • getClientAliases

        public java.lang.String[] getClientAliases​(java.lang.String keyType,
                                                   java.security.Principal[] issuers)
      • chooseClientAlias

        public java.lang.String chooseClientAlias​(java.lang.String[] keyType,
                                                  java.security.Principal[] issuers,
                                                  java.net.Socket socket)
      • chooseEngineClientAlias

        public java.lang.String chooseEngineClientAlias​(java.lang.String[] keyType,
                                                        java.security.Principal[] issuers,
                                                        javax.net.ssl.SSLEngine engine)
        Overrides:
        chooseEngineClientAlias in class javax.net.ssl.X509ExtendedKeyManager
      • getServerAliases

        public java.lang.String[] getServerAliases​(java.lang.String keyType,
                                                   java.security.Principal[] issuers)
      • chooseServerAlias

        public java.lang.String chooseServerAlias​(java.lang.String keyType,
                                                  java.security.Principal[] issuers,
                                                  java.net.Socket socket)
      • chooseEngineServerAlias

        public java.lang.String chooseEngineServerAlias​(java.lang.String keyType,
                                                        java.security.Principal[] issuers,
                                                        javax.net.ssl.SSLEngine engine)
        Overrides:
        chooseEngineServerAlias in class javax.net.ssl.X509ExtendedKeyManager
      • updateIdentityCredentials

        public void updateIdentityCredentials​(java.security.PrivateKey key,
                                              java.security.cert.X509Certificate[] certs)
        Updates the current cached private key and cert chains.
        Parameters:
        key - the private key that is going to be used
        certs - the certificate chain that is going to be used
      • updateIdentityCredentialsFromFile

        public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentialsFromFile​(java.io.File keyFile,
                                                                                     java.io.File certFile,
                                                                                     long period,
                                                                                     java.util.concurrent.TimeUnit unit,
                                                                                     java.util.concurrent.ScheduledExecutorService executor)
                                                                              throws java.io.IOException,
                                                                                     java.security.GeneralSecurityException
        Schedules a ScheduledExecutorService to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated.
        Parameters:
        keyFile - the file on disk holding the private key
        certFile - the file on disk holding the certificate chain
        period - the period between successive read-and-update executions
        unit - the time unit of the initialDelay and period parameters
        executor - the execute service we use to read and update the credentials
        Returns:
        an object that caller should close when the file refreshes are not needed
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
      • updateIdentityCredentialsFromFile

        public void updateIdentityCredentialsFromFile​(java.io.File keyFile,
                                                      java.io.File certFile)
                                               throws java.io.IOException,
                                                      java.security.GeneralSecurityException
        Updates the private key and certificate chains from the local file paths.
        Parameters:
        keyFile - the file on disk holding the private key
        certFile - the file on disk holding the certificate chain
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException