Package io.grpc

Class TlsServerCredentials.Builder

java.lang.Object

io.grpc.TlsServerCredentials.Builder

Enclosing class:

TlsServerCredentials

public static final class TlsServerCredentials.Builder
extends java.lang.Object

Builder for TlsServerCredentials.

Field Summary

Fields

Modifier and Type	Field	Description
private byte[]	certificateChain
private TlsServerCredentials.ClientAuth	clientAuth
private boolean	fakeFeature
private java.util.List<javax.net.ssl.KeyManager>	keyManagers
private byte[]	privateKey
private java.lang.String	privateKeyPassword
private byte[]	rootCertificates
private java.util.List<javax.net.ssl.TrustManager>	trustManagers

Constructor Summary

Constructors

Modifier	Constructor	Description
private	Builder()

Method Summary

Modifier and Type	Method	Description
ServerCredentials	build()	Construct the credentials.
private void	clearKeyManagers()
private void	clearTrustManagers()
TlsServerCredentials.Builder	clientAuth(TlsServerCredentials.ClientAuth clientAuth)	Indicates whether the server should expect a client's identity.
TlsServerCredentials.Builder	keyManager(java.io.File certChain, java.io.File privateKey)	Use the provided certificate chain and private key as the server's identity.
TlsServerCredentials.Builder	keyManager(java.io.File certChain, java.io.File privateKey, java.lang.String privateKeyPassword)	Use the provided certificate chain and possibly-encrypted private key as the server's identity.
TlsServerCredentials.Builder	keyManager(java.io.InputStream certChain, java.io.InputStream privateKey)	Use the provided certificate chain and private key as the server's identity.
TlsServerCredentials.Builder	keyManager(java.io.InputStream certChain, java.io.InputStream privateKey, java.lang.String privateKeyPassword)	Use the provided certificate chain and possibly-encrypted private key as the server's identity.
TlsServerCredentials.Builder	keyManager(javax.net.ssl.KeyManager... keyManagers)	Have the provided key manager select the server's identity.
TlsServerCredentials.Builder	requireFakeFeature()	Requires TlsServerCredentials.Feature.FAKE to be understood.
TlsServerCredentials.Builder	trustManager(java.io.File rootCerts)	Use the provided root certificates to verify the client's identity instead of the system's default.
TlsServerCredentials.Builder	trustManager(java.io.InputStream rootCerts)	Use the provided root certificates to verify the client's identity instead of the system's default.
TlsServerCredentials.Builder	trustManager(javax.net.ssl.TrustManager... trustManagers)	Have the provided trust manager verify the client's identity instead of the system's default.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

fakeFeature

private boolean fakeFeature

certificateChain

private byte[] certificateChain

privateKey

private byte[] privateKey

privateKeyPassword

private java.lang.String privateKeyPassword

keyManagers

private java.util.List<javax.net.ssl.KeyManager> keyManagers

clientAuth

private TlsServerCredentials.ClientAuth clientAuth

rootCertificates

private byte[] rootCertificates

trustManagers

private java.util.List<javax.net.ssl.TrustManager> trustManagers

Constructor Detail

Builder

private Builder()

Method Detail

requireFakeFeature

public TlsServerCredentials.Builder requireFakeFeature()

Requires TlsServerCredentials.Feature.FAKE to be understood. For use in testing consumers of this credential.

keyManager

public TlsServerCredentials.Builder keyManager(java.io.File certChain,
                                               java.io.File privateKey)
                                        throws java.io.IOException

Use the provided certificate chain and private key as the server's identity. Generally they should be PEM-encoded and the key is an unencrypted PKCS#8 key (file headers have "BEGIN CERTIFICATE" and "BEGIN PRIVATE KEY").

Throws:

java.io.IOException

keyManager

public TlsServerCredentials.Builder keyManager(java.io.File certChain,
                                               java.io.File privateKey,
                                               java.lang.String privateKeyPassword)
                                        throws java.io.IOException

Use the provided certificate chain and possibly-encrypted private key as the server's identity. Generally they should be PEM-encoded and the key is a PKCS#8 key. If the private key is unencrypted, then password must be null.

Throws:

java.io.IOException

keyManager

public TlsServerCredentials.Builder keyManager(java.io.InputStream certChain,
                                               java.io.InputStream privateKey)
                                        throws java.io.IOException

Use the provided certificate chain and private key as the server's identity. Generally they should be PEM-encoded and the key is an unencrypted PKCS#8 key (file headers have "BEGIN CERTIFICATE" and "BEGIN PRIVATE KEY").

Throws:

java.io.IOException

keyManager

public TlsServerCredentials.Builder keyManager(java.io.InputStream certChain,
                                               java.io.InputStream privateKey,
                                               java.lang.String privateKeyPassword)
                                        throws java.io.IOException

Use the provided certificate chain and possibly-encrypted private key as the server's identity. Generally they should be PEM-encoded and the key is a PKCS#8 key. If the private key is unencrypted, then password must be null.

Throws:

java.io.IOException

keyManager

public TlsServerCredentials.Builder keyManager(javax.net.ssl.KeyManager... keyManagers)

Have the provided key manager select the server's identity. Although multiple are allowed, only the first instance implementing a particular interface is used. So generally there will just be a single entry and it implements X509KeyManager.

clearKeyManagers

private void clearKeyManagers()

clientAuth

public TlsServerCredentials.Builder clientAuth(TlsServerCredentials.ClientAuth clientAuth)

Indicates whether the server should expect a client's identity. Must not be null. Defaults to TlsServerCredentials.ClientAuth.NONE.

trustManager

public TlsServerCredentials.Builder trustManager(java.io.File rootCerts)
                                          throws java.io.IOException

Use the provided root certificates to verify the client's identity instead of the system's default. Generally they should be PEM-encoded with all the certificates concatenated together (file header has "BEGIN CERTIFICATE", and would occur once per certificate).

Throws:

java.io.IOException

trustManager

public TlsServerCredentials.Builder trustManager(java.io.InputStream rootCerts)
                                          throws java.io.IOException

Use the provided root certificates to verify the client's identity instead of the system's default. Generally they should be PEM-encoded with all the certificates concatenated together (file header has "BEGIN CERTIFICATE", and would occur once per certificate).

Throws:

java.io.IOException

trustManager

public TlsServerCredentials.Builder trustManager(javax.net.ssl.TrustManager... trustManagers)

Have the provided trust manager verify the client's identity instead of the system's default. Although multiple are allowed, only the first instance implementing a particular interface is used. So generally there will just be a single entry and it implements X509TrustManager.

clearTrustManagers

private void clearTrustManagers()

build

public ServerCredentials build()

Construct the credentials.