@ExperimentalApi(value="https://github.com/grpc/grpc-java/issues/8024") @IgnoreJRERequirement public final class AdvancedTlsX509TrustManager extends X509ExtendedTrustManager
X509ExtendedTrustManager that allows users to configure
advanced TLS features, such as root certificate reloading, peer cert custom verification, etc.
For Android users: this class is only supported in API level 24 and above.| Modifier and Type | Class and Description |
|---|---|
static class |
AdvancedTlsX509TrustManager.Builder |
static interface |
AdvancedTlsX509TrustManager.Closeable |
static interface |
AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier |
static class |
AdvancedTlsX509TrustManager.Verification |
| Modifier and Type | Method and Description |
|---|---|
void |
checkClientTrusted(X509Certificate[] chain,
String authType) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkClientTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
Socket socket) |
void |
checkServerTrusted(X509Certificate[] chain,
String authType,
SSLEngine engine) |
X509Certificate[] |
getAcceptedIssuers() |
static AdvancedTlsX509TrustManager.Builder |
newBuilder() |
void |
updateTrustCredentials(X509Certificate[] trustCerts)
Updates the current cached trust certificates as well as the key store.
|
void |
updateTrustCredentialsFromFile(File trustCertFile)
Updates the trust certificates from a local file path.
|
AdvancedTlsX509TrustManager.Closeable |
updateTrustCredentialsFromFile(File trustCertFile,
long period,
TimeUnit unit,
ScheduledExecutorService executor)
Schedules a
ScheduledExecutorService to read trust certificates from a local file path
periodically, and update the cached trust certs if there is an update. |
void |
useSystemDefaultTrustCerts()
Uses the default trust certificates stored on user's local system.
|
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateExceptionpublic void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkClientTrusted in class X509ExtendedTrustManagerCertificateExceptionpublic void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkClientTrusted in class X509ExtendedTrustManagerCertificateExceptionpublic void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
checkServerTrusted in class X509ExtendedTrustManagerCertificateExceptionpublic void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
CertificateExceptionpublic void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
checkServerTrusted in class X509ExtendedTrustManagerCertificateExceptionpublic X509Certificate[] getAcceptedIssuers()
public void useSystemDefaultTrustCerts()
throws CertificateException,
KeyStoreException,
NoSuchAlgorithmException
public void updateTrustCredentials(X509Certificate[] trustCerts) throws IOException, GeneralSecurityException
trustCerts - the trust certificates that are going to be usedIOExceptionGeneralSecurityExceptionpublic AdvancedTlsX509TrustManager.Closeable updateTrustCredentialsFromFile(File trustCertFile, long period, TimeUnit unit, ScheduledExecutorService executor) throws IOException, GeneralSecurityException
ScheduledExecutorService to read trust certificates from a local file path
periodically, and update the cached trust certs if there is an update.trustCertFile - the file on disk holding the trust certificatesperiod - the period between successive read-and-update executionsunit - the time unit of the initialDelay and period parametersexecutor - the execute service we use to read and update the credentialsIOExceptionGeneralSecurityExceptionpublic void updateTrustCredentialsFromFile(File trustCertFile) throws IOException, GeneralSecurityException
trustCertFile - the file on disk holding the trust certificatesIOExceptionGeneralSecurityExceptionpublic static AdvancedTlsX509TrustManager.Builder newBuilder()