Package io.grpc.util
Class AdvancedTlsX509TrustManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedTrustManager
-
- io.grpc.util.AdvancedTlsX509TrustManager
-
- All Implemented Interfaces:
TrustManager,X509TrustManager
@IgnoreJRERequirement public final class AdvancedTlsX509TrustManager extends X509ExtendedTrustManager
AdvancedTlsX509TrustManager is anX509ExtendedTrustManagerthat allows users to configure advanced TLS features, such as root certificate reloading and peer cert custom verification. The basic instantiation pattern isnew Builder().build().useSystemDefaultTrustCerts();For Android users: this class is only supported in API level 24 and above.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classAdvancedTlsX509TrustManager.BuilderBuilds a newAdvancedTlsX509TrustManager.static interfaceAdvancedTlsX509TrustManager.Closeablestatic interfaceAdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifierstatic classAdvancedTlsX509TrustManager.VerificationThe verification mode when authenticating the peer certificate.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voidcheckClientTrusted(X509Certificate[] chain, String authType)voidcheckClientTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)voidcheckServerTrusted(X509Certificate[] chain, String authType)voidcheckServerTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)X509Certificate[]getAcceptedIssuers()static AdvancedTlsX509TrustManager.BuildernewBuilder()voidupdateTrustCredentials(File trustCertFile)Updates the trust certificates from a local file path.AdvancedTlsX509TrustManager.CloseableupdateTrustCredentials(File trustCertFile, long period, TimeUnit unit, ScheduledExecutorService executor)Schedules aScheduledExecutorServiceto read trust certificates from a local file path periodically, and updates the cached trust certs if there is an update.voidupdateTrustCredentials(X509Certificate[] trustCerts)Updates the current cached trust certificates as well as the key store.voidupdateTrustCredentialsFromFile(File trustCertFile)Deprecated.AdvancedTlsX509TrustManager.CloseableupdateTrustCredentialsFromFile(File trustCertFile, long period, TimeUnit unit, ScheduledExecutorService executor)voiduseSystemDefaultTrustCerts()Uses the default trust certificates stored on user's local system.
-
-
-
Method Detail
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
-
useSystemDefaultTrustCerts
public void useSystemDefaultTrustCerts() throws CertificateException, KeyStoreException, NoSuchAlgorithmExceptionUses the default trust certificates stored on user's local system. After this is used, functions that will provide new credential data(e.g. updateTrustCredentials) should not be called.
-
updateTrustCredentials
public void updateTrustCredentials(X509Certificate[] trustCerts) throws IOException, GeneralSecurityException
Updates the current cached trust certificates as well as the key store.- Parameters:
trustCerts- the trust certificates that are going to be used- Throws:
IOExceptionGeneralSecurityException
-
updateTrustCredentials
public void updateTrustCredentials(File trustCertFile) throws IOException, GeneralSecurityException
Updates the trust certificates from a local file path.- Parameters:
trustCertFile- the file on disk holding the trust certificates- Throws:
IOExceptionGeneralSecurityException
-
updateTrustCredentials
public AdvancedTlsX509TrustManager.Closeable updateTrustCredentials(File trustCertFile, long period, TimeUnit unit, ScheduledExecutorService executor) throws IOException, GeneralSecurityException
Schedules aScheduledExecutorServiceto read trust certificates from a local file path periodically, and updates the cached trust certs if there is an update. You must close the returned Closeable before calling this method again or other update methods (useSystemDefaultTrustCerts(),updateTrustCredentials(X509Certificate[]),updateTrustCredentialsFromFile(File)). Before scheduling the task, the method synchronously reads and updates trust certificates once. If the provided period is less than 1 minute, it is automatically adjusted to 1 minute.- Parameters:
trustCertFile- the file on disk holding the trust certificatesperiod- the period between successive read-and-update executionsunit- the time unit of the initialDelay and period parametersexecutor- the executor service we use to read and update the credentials- Returns:
- an object that caller should close when the file refreshes are not needed
- Throws:
IOExceptionGeneralSecurityException
-
updateTrustCredentialsFromFile
@Deprecated @InlineMe(replacement="this.updateTrustCredentials(trustCertFile, period, unit, executor)") @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public AdvancedTlsX509TrustManager.Closeable updateTrustCredentialsFromFile(File trustCertFile, long period, TimeUnit unit, ScheduledExecutorService executor) throws IOException, GeneralSecurityException
Schedules aScheduledExecutorServiceto read trust certificates from a local file path periodically, and updates the cached trust certs if there is an update. You must close the returned Closeable before calling this method again or other update methods (useSystemDefaultTrustCerts(),updateTrustCredentials(X509Certificate[]),updateTrustCredentialsFromFile(File)). Before scheduling the task, the method synchronously reads and updates trust certificates once. If the provided period is less than 1 minute, it is automatically adjusted to 1 minute.- Parameters:
trustCertFile- the file on disk holding the trust certificatesperiod- the period between successive read-and-update executionsunit- the time unit of the initialDelay and period parametersexecutor- the executor service we use to read and update the credentials- Returns:
- an object that caller should close when the file refreshes are not needed
- Throws:
IOExceptionGeneralSecurityException
-
updateTrustCredentialsFromFile
@Deprecated @InlineMe(replacement="this.updateTrustCredentials(trustCertFile)") @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public void updateTrustCredentialsFromFile(File trustCertFile) throws IOException, GeneralSecurityException
Deprecated.Updates the trust certificates from a local file path.- Parameters:
trustCertFile- the file on disk holding the trust certificates- Throws:
IOExceptionGeneralSecurityException
-
newBuilder
public static AdvancedTlsX509TrustManager.Builder newBuilder()
-
-