Package io.grpc.util
Class AdvancedTlsX509KeyManager
java.lang.Object
javax.net.ssl.X509ExtendedKeyManager
io.grpc.util.AdvancedTlsX509KeyManager
- All Implemented Interfaces:
KeyManager,X509KeyManager
AdvancedTlsX509KeyManager is an
X509ExtendedKeyManager that allows users to configure
advanced TLS features, such as private key and certificate chain reloading.-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceMainly used to avoid throwing IO Exceptions in java.io.Closeable. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionchooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) chooseServerAlias(String keyType, Principal[] issuers, Socket socket) getCertificateChain(String alias) String[]getClientAliases(String keyType, Principal[] issuers) getPrivateKey(String alias) String[]getServerAliases(String keyType, Principal[] issuers) voidupdateIdentityCredentials(File certFile, File keyFile) Updates certificate chains and the private key from the local file paths.updateIdentityCredentials(File certFile, File keyFile, long period, TimeUnit unit, ScheduledExecutorService executor) Schedules aScheduledExecutorServiceto read certificate chains and private key from the local file paths periodically, and update the cached identity credentials if they are both updated.voidupdateIdentityCredentials(X509Certificate[] certs, PrivateKey key) Updates the current cached private key and cert chains.voidupdateIdentityCredentials(PrivateKey key, X509Certificate[] certs) Deprecated.voidupdateIdentityCredentialsFromFile(File keyFile, File certFile) Deprecated.UseupdateIdentityCredentials(File, File)instead.updateIdentityCredentialsFromFile(File keyFile, File certFile, long period, TimeUnit unit, ScheduledExecutorService executor) Deprecated.
-
Constructor Details
-
AdvancedTlsX509KeyManager
public AdvancedTlsX509KeyManager()
-
-
Method Details
-
getPrivateKey
-
getCertificateChain
-
getClientAliases
-
chooseClientAlias
-
chooseEngineClientAlias
- Overrides:
chooseEngineClientAliasin classX509ExtendedKeyManager
-
getServerAliases
-
chooseServerAlias
-
chooseEngineServerAlias
- Overrides:
chooseEngineServerAliasin classX509ExtendedKeyManager
-
updateIdentityCredentials
@Deprecated @InlineMe(replacement="this.updateIdentityCredentials(certs, key)") @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public void updateIdentityCredentials(PrivateKey key, X509Certificate[] certs) Deprecated.Updates the current cached private key and cert chains.- Parameters:
key- the private key that is going to be usedcerts- the certificate chain that is going to be used
-
updateIdentityCredentials
Updates the current cached private key and cert chains.- Parameters:
certs- the certificate chain that is going to be usedkey- the private key that is going to be used
-
updateIdentityCredentials
public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentials(File certFile, File keyFile, long period, TimeUnit unit, ScheduledExecutorService executor) throws IOException, GeneralSecurityException Schedules aScheduledExecutorServiceto read certificate chains and private key from the local file paths periodically, and update the cached identity credentials if they are both updated. You must close the returned Closeable before calling this method again or other update methods (updateIdentityCredentials(java.security.PrivateKey, java.security.cert.X509Certificate[]),updateIdentityCredentials(File, File)). Before scheduling the task, the method synchronously executesreadAndUpdateonce. The minimum refresh period of 1 minute is enforced.- Parameters:
certFile- the file on disk holding the certificate chainkeyFile- the file on disk holding the private keyperiod- the period between successive read-and-update executionsunit- the time unit of the initialDelay and period parametersexecutor- the executor service we use to read and update the credentials- Returns:
- an object that caller should close when the file refreshes are not needed
- Throws:
IOExceptionGeneralSecurityException
-
updateIdentityCredentials
public void updateIdentityCredentials(File certFile, File keyFile) throws IOException, GeneralSecurityException Updates certificate chains and the private key from the local file paths.- Parameters:
certFile- the file on disk holding the certificate chainkeyFile- the file on disk holding the private key- Throws:
IOExceptionGeneralSecurityException
-
updateIdentityCredentialsFromFile
@Deprecated @InlineMe(replacement="this.updateIdentityCredentials(certFile, keyFile)") @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public void updateIdentityCredentialsFromFile(File keyFile, File certFile) throws IOException, GeneralSecurityException Deprecated.UseupdateIdentityCredentials(File, File)instead.Updates the private key and certificate chains from the local file paths.- Parameters:
keyFile- the file on disk holding the private keycertFile- the file on disk holding the certificate chain- Throws:
IOExceptionGeneralSecurityException
-
updateIdentityCredentialsFromFile
@Deprecated @InlineMe(replacement="this.updateIdentityCredentials(certFile, keyFile, period, unit, executor)") @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentialsFromFile(File keyFile, File certFile, long period, TimeUnit unit, ScheduledExecutorService executor) throws IOException, GeneralSecurityException Deprecated.Schedules aScheduledExecutorServiceto read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated. You must close the returned Closeable before calling this method again or other update methods (updateIdentityCredentials(java.security.PrivateKey, java.security.cert.X509Certificate[]),updateIdentityCredentials(File, File)). Before scheduling the task, the method synchronously executesreadAndUpdateonce. The minimum refresh period of 1 minute is enforced.- Parameters:
keyFile- the file on disk holding the private keycertFile- the file on disk holding the certificate chainperiod- the period between successive read-and-update executionsunit- the time unit of the initialDelay and period parametersexecutor- the executor service we use to read and update the credentials- Returns:
- an object that caller should close when the file refreshes are not needed
- Throws:
IOExceptionGeneralSecurityException
-
updateIdentityCredentials(X509Certificate[], PrivateKey)