Package com.google.auth.mtls

Class X509Provider

java.lang.Object

com.google.auth.mtls.X509Provider

All Implemented Interfaces:

MtlsProvider

@InternalApi
public class X509Provider
extends Object
implements MtlsProvider

This class implements MtlsProvider for the Google Auth library transport layer via WorkloadCertificateConfiguration. This is only meant to be used internally by Google Cloud libraries, and the public facing methods may be changed without notice, and have no guarantee of backwards compatibility.

Constructor Summary

Constructors

Constructor	Description
X509Provider()	Creates a new X.509 provider that will check the environment variable path and the well known Gcloud certificate configuration location.
X509Provider(EnvironmentProvider envProvider, PropertyProvider propProvider, String certConfigPathOverride)	Creates an X509 provider with an override path for the certificate configuration, bypassing the normal checks for the well known certificate configuration file path and environment variable.
X509Provider(String certConfigPathOverride)	Creates an X509 provider with an override path for the certificate configuration.

Method Summary

Modifier and Type	Method	Description
KeyStore	getKeyStore()	Finds the certificate configuration file, then builds a Keystore using the X.509 certificate and private key pointed to by the configuration.
boolean	isAvailable()	Returns true if the X509 mTLS provider is available.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

X509Provider

@InternalApi
public X509Provider(EnvironmentProvider envProvider,
 PropertyProvider propProvider,
 String certConfigPathOverride)

Creates an X509 provider with an override path for the certificate configuration, bypassing the normal checks for the well known certificate configuration file path and environment variable. This is meant for internal Google Cloud usage and behavior may be changed without warning.

Parameters:

envProvider - environment provider used for environment variables

propProvider - property provider used for system properties

certConfigPathOverride - the path to read the certificate configuration from.

X509Provider

public X509Provider(String certConfigPathOverride)

Creates an X509 provider with an override path for the certificate configuration.

Parameters:

certConfigPathOverride - the path to read the certificate configuration from.

X509Provider

public X509Provider()

Creates a new X.509 provider that will check the environment variable path and the well known Gcloud certificate configuration location. This is meant for internal Google Cloud usage and behavior may be changed without warning.

Method Details

getKeyStore

public KeyStore getKeyStore()
                     throws CertificateSourceUnavailableException,
IOException

Finds the certificate configuration file, then builds a Keystore using the X.509 certificate and private key pointed to by the configuration. This will check the following locations in order.

• The certificate config override path, if set.
• The path pointed to by the "GOOGLE_API_CERTIFICATE_CONFIG" environment variable
• The well known gcloud location for the certificate configuration file.

Specified by:

getKeyStore in interface MtlsProvider

Returns:

a KeyStore containing the X.509 certificate specified by the certificate configuration.

Throws:

CertificateSourceUnavailableException - if the certificate source is unavailable (ex. missing configuration file)

IOException - if a general I/O error occurs while creating the KeyStore

isAvailable

public boolean isAvailable()
                    throws IOException

Returns true if the X509 mTLS provider is available.

Specified by:

isAvailable in interface MtlsProvider

Throws:

IOException - if a general I/O error occurs while determining availability.