Package io.grpc.util
Class AdvancedTlsX509KeyManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedKeyManager
-
- io.grpc.util.AdvancedTlsX509KeyManager
-
- All Implemented Interfaces:
javax.net.ssl.KeyManager
,javax.net.ssl.X509KeyManager
public final class AdvancedTlsX509KeyManager extends javax.net.ssl.X509ExtendedKeyManager
AdvancedTlsX509KeyManager is anX509ExtendedKeyManager
that allows users to configure advanced TLS features, such as private key and certificate chain reloading.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
AdvancedTlsX509KeyManager.Closeable
Mainly used to avoid throwing IO Exceptions in java.io.Closeable.private static class
AdvancedTlsX509KeyManager.KeyInfo
private class
AdvancedTlsX509KeyManager.LoadFilePathExecution
private static class
AdvancedTlsX509KeyManager.UpdateResult
-
Field Summary
Fields Modifier and Type Field Description private AdvancedTlsX509KeyManager.KeyInfo
keyInfo
private static java.util.logging.Logger
log
private static int
MINIMUM_REFRESH_PERIOD_IN_MINUTES
-
Constructor Summary
Constructors Constructor Description AdvancedTlsX509KeyManager()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description java.lang.String
chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
java.lang.String
chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
java.lang.String
chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
java.lang.String
chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
java.security.cert.X509Certificate[]
getCertificateChain(java.lang.String alias)
java.lang.String[]
getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
java.security.PrivateKey
getPrivateKey(java.lang.String alias)
java.lang.String[]
getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
private AdvancedTlsX509KeyManager.UpdateResult
readAndUpdate(java.io.File certFile, java.io.File keyFile, long oldKeyTime, long oldCertTime)
Reads the private key and certificates specified in the path locations.void
updateIdentityCredentials(java.io.File certFile, java.io.File keyFile)
Updates certificate chains and the private key from the local file paths.AdvancedTlsX509KeyManager.Closeable
updateIdentityCredentials(java.io.File certFile, java.io.File keyFile, long period, java.util.concurrent.TimeUnit unit, java.util.concurrent.ScheduledExecutorService executor)
Schedules aScheduledExecutorService
to read certificate chains and private key from the local file paths periodically, and update the cached identity credentials if they are both updated.void
updateIdentityCredentials(java.security.cert.X509Certificate[] certs, java.security.PrivateKey key)
Updates the current cached private key and cert chains.void
updateIdentityCredentials(java.security.PrivateKey key, java.security.cert.X509Certificate[] certs)
Deprecated.void
updateIdentityCredentialsFromFile(java.io.File keyFile, java.io.File certFile)
Deprecated.UseupdateIdentityCredentials(File, File)
instead.AdvancedTlsX509KeyManager.Closeable
updateIdentityCredentialsFromFile(java.io.File keyFile, java.io.File certFile, long period, java.util.concurrent.TimeUnit unit, java.util.concurrent.ScheduledExecutorService executor)
Deprecated.
-
-
-
Field Detail
-
log
private static final java.util.logging.Logger log
-
MINIMUM_REFRESH_PERIOD_IN_MINUTES
private static final int MINIMUM_REFRESH_PERIOD_IN_MINUTES
- See Also:
- Constant Field Values
-
keyInfo
private volatile AdvancedTlsX509KeyManager.KeyInfo keyInfo
-
-
Method Detail
-
getPrivateKey
public java.security.PrivateKey getPrivateKey(java.lang.String alias)
-
getCertificateChain
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
-
getClientAliases
public java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
-
chooseClientAlias
public java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
-
chooseEngineClientAlias
public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
- Overrides:
chooseEngineClientAlias
in classjavax.net.ssl.X509ExtendedKeyManager
-
getServerAliases
public java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
-
chooseServerAlias
public java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
-
chooseEngineServerAlias
public java.lang.String chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
- Overrides:
chooseEngineServerAlias
in classjavax.net.ssl.X509ExtendedKeyManager
-
updateIdentityCredentials
@Deprecated @InlineMe(replacement="this.updateIdentityCredentials(certs, key)") @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public void updateIdentityCredentials(java.security.PrivateKey key, java.security.cert.X509Certificate[] certs)
Deprecated.Updates the current cached private key and cert chains.- Parameters:
key
- the private key that is going to be usedcerts
- the certificate chain that is going to be used
-
updateIdentityCredentials
public void updateIdentityCredentials(java.security.cert.X509Certificate[] certs, java.security.PrivateKey key)
Updates the current cached private key and cert chains.- Parameters:
certs
- the certificate chain that is going to be usedkey
- the private key that is going to be used
-
updateIdentityCredentials
public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentials(java.io.File certFile, java.io.File keyFile, long period, java.util.concurrent.TimeUnit unit, java.util.concurrent.ScheduledExecutorService executor) throws java.io.IOException, java.security.GeneralSecurityException
Schedules aScheduledExecutorService
to read certificate chains and private key from the local file paths periodically, and update the cached identity credentials if they are both updated. You must close the returned Closeable before calling this method again or other update methods (updateIdentityCredentials(java.security.PrivateKey, java.security.cert.X509Certificate[])
,updateIdentityCredentials(File, File)
). Before scheduling the task, the method synchronously executesreadAndUpdate
once. The minimum refresh period of 1 minute is enforced.- Parameters:
certFile
- the file on disk holding the certificate chainkeyFile
- the file on disk holding the private keyperiod
- the period between successive read-and-update executionsunit
- the time unit of the initialDelay and period parametersexecutor
- the executor service we use to read and update the credentials- Returns:
- an object that caller should close when the file refreshes are not needed
- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
updateIdentityCredentials
public void updateIdentityCredentials(java.io.File certFile, java.io.File keyFile) throws java.io.IOException, java.security.GeneralSecurityException
Updates certificate chains and the private key from the local file paths.- Parameters:
certFile
- the file on disk holding the certificate chainkeyFile
- the file on disk holding the private key- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
updateIdentityCredentialsFromFile
@Deprecated @InlineMe(replacement="this.updateIdentityCredentials(certFile, keyFile)") @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public void updateIdentityCredentialsFromFile(java.io.File keyFile, java.io.File certFile) throws java.io.IOException, java.security.GeneralSecurityException
Deprecated.UseupdateIdentityCredentials(File, File)
instead.Updates the private key and certificate chains from the local file paths.- Parameters:
keyFile
- the file on disk holding the private keycertFile
- the file on disk holding the certificate chain- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
updateIdentityCredentialsFromFile
@Deprecated @InlineMe(replacement="this.updateIdentityCredentials(certFile, keyFile, period, unit, executor)") @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024") public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentialsFromFile(java.io.File keyFile, java.io.File certFile, long period, java.util.concurrent.TimeUnit unit, java.util.concurrent.ScheduledExecutorService executor) throws java.io.IOException, java.security.GeneralSecurityException
Deprecated.Schedules aScheduledExecutorService
to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated. You must close the returned Closeable before calling this method again or other update methods (updateIdentityCredentials(java.security.PrivateKey, java.security.cert.X509Certificate[])
,updateIdentityCredentials(File, File)
). Before scheduling the task, the method synchronously executesreadAndUpdate
once. The minimum refresh period of 1 minute is enforced.- Parameters:
keyFile
- the file on disk holding the private keycertFile
- the file on disk holding the certificate chainperiod
- the period between successive read-and-update executionsunit
- the time unit of the initialDelay and period parametersexecutor
- the executor service we use to read and update the credentials- Returns:
- an object that caller should close when the file refreshes are not needed
- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
readAndUpdate
private AdvancedTlsX509KeyManager.UpdateResult readAndUpdate(java.io.File certFile, java.io.File keyFile, long oldKeyTime, long oldCertTime) throws java.io.IOException, java.security.GeneralSecurityException
Reads the private key and certificates specified in the path locations. Updateskey
andcert
if both of their modified time changed since last read.- Parameters:
certFile
- the file on disk holding the certificate chainkeyFile
- the file on disk holding the private keyoldKeyTime
- the time when the private key file is modified during last executionoldCertTime
- the time when the certificate chain file is modified during last execution- Returns:
- the result of this update execution
- Throws:
java.io.IOException
java.security.GeneralSecurityException
-
-