Package io.grpc.util

Class AdvancedTlsX509KeyManager

  • All Implemented Interfaces:
    javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

    public final class AdvancedTlsX509KeyManager
    extends javax.net.ssl.X509ExtendedKeyManager
    AdvancedTlsX509KeyManager is an X509ExtendedKeyManager that allows users to configure advanced TLS features, such as private key and certificate chain reloading.
    • Constructor Detail

      • AdvancedTlsX509KeyManager

        public AdvancedTlsX509KeyManager()
    • Method Detail

      • getPrivateKey

        public java.security.PrivateKey getPrivateKey​(java.lang.String alias)
      • getCertificateChain

        public java.security.cert.X509Certificate[] getCertificateChain​(java.lang.String alias)
      • getClientAliases

        public java.lang.String[] getClientAliases​(java.lang.String keyType,
                                                   java.security.Principal[] issuers)
      • chooseClientAlias

        public java.lang.String chooseClientAlias​(java.lang.String[] keyType,
                                                  java.security.Principal[] issuers,
                                                  java.net.Socket socket)
      • chooseEngineClientAlias

        public java.lang.String chooseEngineClientAlias​(java.lang.String[] keyType,
                                                        java.security.Principal[] issuers,
                                                        javax.net.ssl.SSLEngine engine)
        Overrides:
        chooseEngineClientAlias in class javax.net.ssl.X509ExtendedKeyManager
      • getServerAliases

        public java.lang.String[] getServerAliases​(java.lang.String keyType,
                                                   java.security.Principal[] issuers)
      • chooseServerAlias

        public java.lang.String chooseServerAlias​(java.lang.String keyType,
                                                  java.security.Principal[] issuers,
                                                  java.net.Socket socket)
      • chooseEngineServerAlias

        public java.lang.String chooseEngineServerAlias​(java.lang.String keyType,
                                                        java.security.Principal[] issuers,
                                                        javax.net.ssl.SSLEngine engine)
        Overrides:
        chooseEngineServerAlias in class javax.net.ssl.X509ExtendedKeyManager
      • updateIdentityCredentials

        @Deprecated
        @InlineMe(replacement="this.updateIdentityCredentials(certs, key)")
        @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024")
        public void updateIdentityCredentials​(java.security.PrivateKey key,
                                              java.security.cert.X509Certificate[] certs)
        Updates the current cached private key and cert chains.
        Parameters:
        key - the private key that is going to be used
        certs - the certificate chain that is going to be used
      • updateIdentityCredentials

        public void updateIdentityCredentials​(java.security.cert.X509Certificate[] certs,
                                              java.security.PrivateKey key)
        Updates the current cached private key and cert chains.
        Parameters:
        certs - the certificate chain that is going to be used
        key - the private key that is going to be used
      • updateIdentityCredentials

        public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentials​(java.io.File certFile,
                                                                             java.io.File keyFile,
                                                                             long period,
                                                                             java.util.concurrent.TimeUnit unit,
                                                                             java.util.concurrent.ScheduledExecutorService executor)
                                                                      throws java.io.IOException,
                                                                             java.security.GeneralSecurityException
        Schedules a ScheduledExecutorService to read certificate chains and private key from the local file paths periodically, and update the cached identity credentials if they are both updated. You must close the returned Closeable before calling this method again or other update methods (updateIdentityCredentials(java.security.PrivateKey, java.security.cert.X509Certificate[]), updateIdentityCredentials(File, File)). Before scheduling the task, the method synchronously executes readAndUpdate once. The minimum refresh period of 1 minute is enforced.
        Parameters:
        certFile - the file on disk holding the certificate chain
        keyFile - the file on disk holding the private key
        period - the period between successive read-and-update executions
        unit - the time unit of the initialDelay and period parameters
        executor - the executor service we use to read and update the credentials
        Returns:
        an object that caller should close when the file refreshes are not needed
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
      • updateIdentityCredentials

        public void updateIdentityCredentials​(java.io.File certFile,
                                              java.io.File keyFile)
                                       throws java.io.IOException,
                                              java.security.GeneralSecurityException
        Updates certificate chains and the private key from the local file paths.
        Parameters:
        certFile - the file on disk holding the certificate chain
        keyFile - the file on disk holding the private key
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
      • updateIdentityCredentialsFromFile

        @Deprecated
        @InlineMe(replacement="this.updateIdentityCredentials(certFile, keyFile)")
        @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024")
        public void updateIdentityCredentialsFromFile​(java.io.File keyFile,
                                                      java.io.File certFile)
                                               throws java.io.IOException,
                                                      java.security.GeneralSecurityException
        Deprecated.
        Updates the private key and certificate chains from the local file paths.
        Parameters:
        keyFile - the file on disk holding the private key
        certFile - the file on disk holding the certificate chain
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
      • updateIdentityCredentialsFromFile

        @Deprecated
        @InlineMe(replacement="this.updateIdentityCredentials(certFile, keyFile, period, unit, executor)")
        @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024")
        public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentialsFromFile​(java.io.File keyFile,
                                                                                     java.io.File certFile,
                                                                                     long period,
                                                                                     java.util.concurrent.TimeUnit unit,
                                                                                     java.util.concurrent.ScheduledExecutorService executor)
                                                                              throws java.io.IOException,
                                                                                     java.security.GeneralSecurityException
        Schedules a ScheduledExecutorService to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated. You must close the returned Closeable before calling this method again or other update methods (updateIdentityCredentials(java.security.PrivateKey, java.security.cert.X509Certificate[]), updateIdentityCredentials(File, File)). Before scheduling the task, the method synchronously executes readAndUpdate once. The minimum refresh period of 1 minute is enforced.
        Parameters:
        keyFile - the file on disk holding the private key
        certFile - the file on disk holding the certificate chain
        period - the period between successive read-and-update executions
        unit - the time unit of the initialDelay and period parameters
        executor - the executor service we use to read and update the credentials
        Returns:
        an object that caller should close when the file refreshes are not needed
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
      • readAndUpdate

        private AdvancedTlsX509KeyManager.UpdateResult readAndUpdate​(java.io.File certFile,
                                                                     java.io.File keyFile,
                                                                     long oldKeyTime,
                                                                     long oldCertTime)
                                                              throws java.io.IOException,
                                                                     java.security.GeneralSecurityException
        Reads the private key and certificates specified in the path locations. Updates key and cert if both of their modified time changed since last read.
        Parameters:
        certFile - the file on disk holding the certificate chain
        keyFile - the file on disk holding the private key
        oldKeyTime - the time when the private key file is modified during last execution
        oldCertTime - the time when the certificate chain file is modified during last execution
        Returns:
        the result of this update execution
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException