Package io.grpc.util

Class AdvancedTlsX509TrustManager

java.lang.Object

javax.net.ssl.X509ExtendedTrustManager

io.grpc.util.AdvancedTlsX509TrustManager

All Implemented Interfaces:

javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager

@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8024")
@IgnoreJRERequirement
public final class AdvancedTlsX509TrustManager
extends javax.net.ssl.X509ExtendedTrustManager

AdvancedTlsX509TrustManager is an X509ExtendedTrustManager that allows users to configure advanced TLS features, such as root certificate reloading, peer cert custom verification, etc. For Android users: this class is only supported in API level 24 and above.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AdvancedTlsX509TrustManager.Builder
static interface	AdvancedTlsX509TrustManager.Closeable
static interface	AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier
static class	AdvancedTlsX509TrustManager.Verification

Method Summary

Modifier and Type	Method	Description
void	checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
void	checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType, java.net.Socket socket)
void	checkClientTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType, javax.net.ssl.SSLEngine engine)
void	checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType)
void	checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType, java.net.Socket socket)
void	checkServerTrusted(java.security.cert.X509Certificate[] chain, java.lang.String authType, javax.net.ssl.SSLEngine engine)
java.security.cert.X509Certificate[]	getAcceptedIssuers()
static AdvancedTlsX509TrustManager.Builder	newBuilder()
void	updateTrustCredentials(java.security.cert.X509Certificate[] trustCerts)	Updates the current cached trust certificates as well as the key store.
void	updateTrustCredentialsFromFile(java.io.File trustCertFile)	Updates the trust certificates from a local file path.
AdvancedTlsX509TrustManager.Closeable	updateTrustCredentialsFromFile(java.io.File trustCertFile, long period, java.util.concurrent.TimeUnit unit, java.util.concurrent.ScheduledExecutorService executor)	Schedules a ScheduledExecutorService to read trust certificates from a local file path periodically, and update the cached trust certs if there is an update.
void	useSystemDefaultTrustCerts()	Uses the default trust certificates stored on user's local system.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Throws:

java.security.cert.CertificateException

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType,
                               java.net.Socket socket)
                        throws java.security.cert.CertificateException

Specified by:

checkClientTrusted in class javax.net.ssl.X509ExtendedTrustManager

Throws:

java.security.cert.CertificateException

checkClientTrusted

public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType,
                               javax.net.ssl.SSLEngine engine)
                        throws java.security.cert.CertificateException

Specified by:

checkClientTrusted in class javax.net.ssl.X509ExtendedTrustManager

Throws:

java.security.cert.CertificateException

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType,
                               javax.net.ssl.SSLEngine engine)
                        throws java.security.cert.CertificateException

Specified by:

checkServerTrusted in class javax.net.ssl.X509ExtendedTrustManager

Throws:

java.security.cert.CertificateException

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType)
                        throws java.security.cert.CertificateException

Throws:

java.security.cert.CertificateException

checkServerTrusted

public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
                               java.lang.String authType,
                               java.net.Socket socket)
                        throws java.security.cert.CertificateException

Specified by:

checkServerTrusted in class javax.net.ssl.X509ExtendedTrustManager

Throws:

java.security.cert.CertificateException

getAcceptedIssuers

public java.security.cert.X509Certificate[] getAcceptedIssuers()

useSystemDefaultTrustCerts

public void useSystemDefaultTrustCerts()
                                throws java.security.cert.CertificateException,
                                       java.security.KeyStoreException,
                                       java.security.NoSuchAlgorithmException

Uses the default trust certificates stored on user's local system. After this is used, functions that will provide new credential data(e.g. updateTrustCredentials(), updateTrustCredentialsFromFile()) should not be called.

Throws:

java.security.cert.CertificateException

java.security.KeyStoreException

java.security.NoSuchAlgorithmException

updateTrustCredentials

public void updateTrustCredentials(java.security.cert.X509Certificate[] trustCerts)
                            throws java.io.IOException,
                                   java.security.GeneralSecurityException

Updates the current cached trust certificates as well as the key store.

Parameters:

trustCerts - the trust certificates that are going to be used

Throws:

java.io.IOException

java.security.GeneralSecurityException

updateTrustCredentialsFromFile

public AdvancedTlsX509TrustManager.Closeable updateTrustCredentialsFromFile(java.io.File trustCertFile,
                                                                            long period,
                                                                            java.util.concurrent.TimeUnit unit,
                                                                            java.util.concurrent.ScheduledExecutorService executor)
                                                                     throws java.io.IOException,
                                                                            java.security.GeneralSecurityException

Schedules a ScheduledExecutorService to read trust certificates from a local file path periodically, and update the cached trust certs if there is an update.

Parameters:

trustCertFile - the file on disk holding the trust certificates

period - the period between successive read-and-update executions

unit - the time unit of the initialDelay and period parameters

executor - the execute service we use to read and update the credentials

Returns:

an object that caller should close when the file refreshes are not needed

Throws:

java.io.IOException

java.security.GeneralSecurityException

updateTrustCredentialsFromFile

public void updateTrustCredentialsFromFile(java.io.File trustCertFile)
                                    throws java.io.IOException,
                                           java.security.GeneralSecurityException

Updates the trust certificates from a local file path.

Parameters:

trustCertFile - the file on disk holding the trust certificates

Throws:

java.io.IOException

java.security.GeneralSecurityException

newBuilder

public static AdvancedTlsX509TrustManager.Builder newBuilder()