@ExperimentalApi(value="https://github.com/grpc/grpc-java/issues/8024") @IgnoreJRERequirement public final class AdvancedTlsX509TrustManager extends X509ExtendedTrustManager
X509ExtendedTrustManager
that allows users to configure
advanced TLS features, such as root certificate reloading, peer cert custom verification, etc.
For Android users: this class is only supported in API level 24 and above.Modifier and Type | Class and Description |
---|---|
static class |
AdvancedTlsX509TrustManager.Builder |
static interface |
AdvancedTlsX509TrustManager.Closeable |
static interface |
AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier |
static class |
AdvancedTlsX509TrustManager.Verification |
Modifier and Type | Method and Description |
---|---|
void |
checkClientTrusted(X509Certificate[] chain,
String authType) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
X509Certificate[] |
getAcceptedIssuers() |
static AdvancedTlsX509TrustManager.Builder |
newBuilder() |
void |
updateTrustCredentials(X509Certificate[] trustCerts)
Updates the current cached trust certificates as well as the key store.
|
void |
updateTrustCredentialsFromFile(File trustCertFile)
Updates the trust certificates from a local file path.
|
AdvancedTlsX509TrustManager.Closeable |
updateTrustCredentialsFromFile(File trustCertFile,
long period,
TimeUnit unit,
ScheduledExecutorService executor)
Schedules a
ScheduledExecutorService to read trust certificates from a local file path
periodically, and update the cached trust certs if there is an update. |
void |
useSystemDefaultTrustCerts()
Uses the default trust certificates stored on user's local system.
|
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkClientTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateException
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkServerTrusted
in class X509ExtendedTrustManager
CertificateException
public X509Certificate[] getAcceptedIssuers()
public void useSystemDefaultTrustCerts() throws CertificateException, KeyStoreException, NoSuchAlgorithmException
public void updateTrustCredentials(X509Certificate[] trustCerts) throws IOException, GeneralSecurityException
trustCerts
- the trust certificates that are going to be usedIOException
GeneralSecurityException
public AdvancedTlsX509TrustManager.Closeable updateTrustCredentialsFromFile(File trustCertFile, long period, TimeUnit unit, ScheduledExecutorService executor) throws IOException, GeneralSecurityException
ScheduledExecutorService
to read trust certificates from a local file path
periodically, and update the cached trust certs if there is an update.trustCertFile
- the file on disk holding the trust certificatesperiod
- the period between successive read-and-update executionsunit
- the time unit of the initialDelay and period parametersexecutor
- the execute service we use to read and update the credentialsIOException
GeneralSecurityException
public void updateTrustCredentialsFromFile(File trustCertFile) throws IOException, GeneralSecurityException
trustCertFile
- the file on disk holding the trust certificatesIOException
GeneralSecurityException
public static AdvancedTlsX509TrustManager.Builder newBuilder()