io.grpc

Class TlsServerCredentials.Builder

java.lang.Object

io.grpc.TlsServerCredentials.Builder

Enclosing class:

TlsServerCredentials

public static final class TlsServerCredentials.Builder
extends Object

Builder for TlsServerCredentials.

Method Summary

Modifier and Type	Method and Description
ServerCredentials	build() Construct the credentials.
TlsServerCredentials.Builder	clientAuth(TlsServerCredentials.ClientAuth clientAuth) Indicates whether the server should expect a client's identity.
TlsServerCredentials.Builder	keyManager(File certChain, File privateKey) Use the provided certificate chain and private key as the server's identity.
TlsServerCredentials.Builder	keyManager(File certChain, File privateKey, String privateKeyPassword) Use the provided certificate chain and possibly-encrypted private key as the server's identity.
TlsServerCredentials.Builder	keyManager(InputStream certChain, InputStream privateKey) Use the provided certificate chain and private key as the server's identity.
TlsServerCredentials.Builder	keyManager(InputStream certChain, InputStream privateKey, String privateKeyPassword) Use the provided certificate chain and possibly-encrypted private key as the server's identity.
TlsServerCredentials.Builder	keyManager(KeyManager... keyManagers) Have the provided key manager select the server's identity.
TlsServerCredentials.Builder	requireFakeFeature() Requires TlsServerCredentials.Feature.FAKE to be understood.
TlsServerCredentials.Builder	trustManager(File rootCerts) Use the provided root certificates to verify the client's identity instead of the system's default.
TlsServerCredentials.Builder	trustManager(InputStream rootCerts) Use the provided root certificates to verify the client's identity instead of the system's default.
TlsServerCredentials.Builder	trustManager(TrustManager... trustManagers) Have the provided trust manager verify the client's identity instead of the system's default.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

requireFakeFeature

public TlsServerCredentials.Builder requireFakeFeature()

Requires TlsServerCredentials.Feature.FAKE to be understood. For use in testing consumers of this credential.

keyManager

public TlsServerCredentials.Builder keyManager(File certChain,
                                               File privateKey)
                                        throws IOException

Use the provided certificate chain and private key as the server's identity. Generally they should be PEM-encoded and the key is an unencrypted PKCS#8 key (file headers have "BEGIN CERTIFICATE" and "BEGIN PRIVATE KEY").

Throws:

IOException

keyManager

public TlsServerCredentials.Builder keyManager(File certChain,
                                               File privateKey,
                                               String privateKeyPassword)
                                        throws IOException

Use the provided certificate chain and possibly-encrypted private key as the server's identity. Generally they should be PEM-encoded and the key is a PKCS#8 key. If the private key is unencrypted, then password must be null.

Throws:

IOException

keyManager

public TlsServerCredentials.Builder keyManager(InputStream certChain,
                                               InputStream privateKey)
                                        throws IOException

Use the provided certificate chain and private key as the server's identity. Generally they should be PEM-encoded and the key is an unencrypted PKCS#8 key (file headers have "BEGIN CERTIFICATE" and "BEGIN PRIVATE KEY").

Throws:

IOException

keyManager

public TlsServerCredentials.Builder keyManager(InputStream certChain,
                                               InputStream privateKey,
                                               String privateKeyPassword)
                                        throws IOException

Use the provided certificate chain and possibly-encrypted private key as the server's identity. Generally they should be PEM-encoded and the key is a PKCS#8 key. If the private key is unencrypted, then password must be null.

Throws:

IOException

keyManager

public TlsServerCredentials.Builder keyManager(KeyManager... keyManagers)

Have the provided key manager select the server's identity. Although multiple are allowed, only the first instance implementing a particular interface is used. So generally there will just be a single entry and it implements X509KeyManager.

clientAuth

public TlsServerCredentials.Builder clientAuth(TlsServerCredentials.ClientAuth clientAuth)

Indicates whether the server should expect a client's identity. Must not be null. Defaults to TlsServerCredentials.ClientAuth.NONE.

trustManager

public TlsServerCredentials.Builder trustManager(File rootCerts)
                                          throws IOException

Use the provided root certificates to verify the client's identity instead of the system's default. Generally they should be PEM-encoded with all the certificates concatenated together (file header has "BEGIN CERTIFICATE", and would occur once per certificate).

Throws:

IOException

trustManager

public TlsServerCredentials.Builder trustManager(InputStream rootCerts)
                                          throws IOException

Use the provided root certificates to verify the client's identity instead of the system's default. Generally they should be PEM-encoded with all the certificates concatenated together (file header has "BEGIN CERTIFICATE", and would occur once per certificate).

Throws:

IOException

trustManager

public TlsServerCredentials.Builder trustManager(TrustManager... trustManagers)

Have the provided trust manager verify the client's identity instead of the system's default. Although multiple are allowed, only the first instance implementing a particular interface is used. So generally there will just be a single entry and it implements X509TrustManager.

build

public ServerCredentials build()

Construct the credentials.