com.google.auth.mtls

Class X509Provider

java.lang.Object

com.google.auth.mtls.X509Provider

All Implemented Interfaces:

MtlsProvider

public class X509Provider
extends Object
implements MtlsProvider

This class implements MtlsProvider for the Google Auth library transport layer via WorkloadCertificateConfiguration. This is only meant to be used internally by Google Cloud libraries, and the public facing methods may be changed without notice, and have no guarantee of backwards compatibility.

Constructor Summary

Constructors

Constructor and Description
X509Provider() Creates a new X.509 provider that will check the environment variable path and the well known Gcloud certificate configuration location.
X509Provider(String certConfigPathOverride) Creates an X509 provider with an override path for the certificate configuration, bypassing the normal checks for the well known certificate configuration file path and environment variable.

Method Summary

Modifier and Type	Method and Description
String	getCertificatePath() Returns the path to the client certificate file specified by the loaded workload certificate configuration.
KeyStore	getKeyStore() Finds the certificate configuration file, then builds a Keystore using the X.509 certificate and private key pointed to by the configuration.
boolean	isAvailable() Returns true if the X509 mTLS provider is available.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509Provider

public X509Provider(String certConfigPathOverride)

Creates an X509 provider with an override path for the certificate configuration, bypassing the normal checks for the well known certificate configuration file path and environment variable. This is meant for internal Google Cloud usage and behavior may be changed without warning.

Parameters:

certConfigPathOverride - the path to read the certificate configuration from.

X509Provider

public X509Provider()

Creates a new X.509 provider that will check the environment variable path and the well known Gcloud certificate configuration location. This is meant for internal Google Cloud usage and behavior may be changed without warning.

Method Detail

getCertificatePath

public String getCertificatePath()
                          throws IOException

Returns the path to the client certificate file specified by the loaded workload certificate configuration.

If the configuration has not been loaded yet (e.g., if getKeyStore() has not been called), this method will attempt to load it first by searching the override path, environment variable, and well-known locations.

Returns:

The path to the certificate file.

Throws:

IOException - if the certificate configuration cannot be found or loaded, or if the configuration file does not specify a certificate path.

CertificateSourceUnavailableException - if the configuration file is not found.

getKeyStore

public KeyStore getKeyStore()
                     throws CertificateSourceUnavailableException,
                            IOException

Finds the certificate configuration file, then builds a Keystore using the X.509 certificate and private key pointed to by the configuration. This will check the following locations in order.

• The certificate config override path, if set.
• The path pointed to by the "GOOGLE_API_CERTIFICATE_CONFIG" environment variable
• The well known gcloud location for the certificate configuration file.

Specified by:

getKeyStore in interface MtlsProvider

Returns:

a KeyStore containing the X.509 certificate specified by the certificate configuration.

Throws:

CertificateSourceUnavailableException - if the certificate source is unavailable (ex. missing configuration file)

IOException - if a general I/O error occurs while creating the KeyStore

isAvailable

public boolean isAvailable()
                    throws IOException

Returns true if the X509 mTLS provider is available.

Specified by:

isAvailable in interface MtlsProvider

Throws:

IOException - if a general I/O error occurs while determining availability.