Package io.grpc.util
Class AdvancedTlsX509TrustManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedTrustManager
-
- io.grpc.util.AdvancedTlsX509TrustManager
-
- All Implemented Interfaces:
TrustManager,X509TrustManager
@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") @IgnoreJRERequirement public final class AdvancedTlsX509TrustManager extends X509ExtendedTrustManager
AdvancedTlsX509TrustManager is anX509ExtendedTrustManagerthat allows users to configure advanced TLS features, such as root certificate reloading, peer cert custom verification, etc. For Android users: this class is only supported in API level 24 and above.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classAdvancedTlsX509TrustManager.Builderstatic interfaceAdvancedTlsX509TrustManager.Closeablestatic interfaceAdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifierstatic classAdvancedTlsX509TrustManager.Verification
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckClientTrusted(X509Certificate[] chain, String authType)voidcheckClientTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)voidcheckServerTrusted(X509Certificate[] chain, String authType)voidcheckServerTrusted(X509Certificate[] chain, String authType, Socket socket)voidcheckServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)X509Certificate[]getAcceptedIssuers()static AdvancedTlsX509TrustManager.BuildernewBuilder()voidupdateTrustCredentials(X509Certificate[] trustCerts)Updates the current cached trust certificates as well as the key store.voidupdateTrustCredentialsFromFile(File trustCertFile)Updates the trust certificates from a local file path.AdvancedTlsX509TrustManager.CloseableupdateTrustCredentialsFromFile(File trustCertFile, long period, TimeUnit unit, ScheduledExecutorService executor)Schedules aScheduledExecutorServiceto read trust certificates from a local file path periodically, and update the cached trust certs if there is an update.voiduseSystemDefaultTrustCerts()Uses the default trust certificates stored on user's local system.
-
-
-
Method Detail
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkClientTrusted
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
- Specified by:
checkClientTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
- Throws:
CertificateException
-
checkServerTrusted
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
- Specified by:
checkServerTrustedin classX509ExtendedTrustManager- Throws:
CertificateException
-
getAcceptedIssuers
public X509Certificate[] getAcceptedIssuers()
-
useSystemDefaultTrustCerts
public void useSystemDefaultTrustCerts() throws CertificateException, KeyStoreException, NoSuchAlgorithmExceptionUses the default trust certificates stored on user's local system. After this is used, functions that will provide new credential data(e.g. updateTrustCredentials(), updateTrustCredentialsFromFile()) should not be called.
-
updateTrustCredentials
public void updateTrustCredentials(X509Certificate[] trustCerts) throws IOException, GeneralSecurityException
Updates the current cached trust certificates as well as the key store.- Parameters:
trustCerts- the trust certificates that are going to be used- Throws:
IOExceptionGeneralSecurityException
-
updateTrustCredentialsFromFile
public AdvancedTlsX509TrustManager.Closeable updateTrustCredentialsFromFile(File trustCertFile, long period, TimeUnit unit, ScheduledExecutorService executor) throws IOException, GeneralSecurityException
Schedules aScheduledExecutorServiceto read trust certificates from a local file path periodically, and update the cached trust certs if there is an update.- Parameters:
trustCertFile- the file on disk holding the trust certificatesperiod- the period between successive read-and-update executionsunit- the time unit of the initialDelay and period parametersexecutor- the execute service we use to read and update the credentials- Returns:
- an object that caller should close when the file refreshes are not needed
- Throws:
IOExceptionGeneralSecurityException
-
updateTrustCredentialsFromFile
public void updateTrustCredentialsFromFile(File trustCertFile) throws IOException, GeneralSecurityException
Updates the trust certificates from a local file path.- Parameters:
trustCertFile- the file on disk holding the trust certificates- Throws:
IOExceptionGeneralSecurityException
-
newBuilder
public static AdvancedTlsX509TrustManager.Builder newBuilder()
-
-