public class X509Provider implements MtlsProviderThis class implements MtlsProvider for the Google Auth library transport layer via WorkloadCertificateConfiguration. This is only meant to be used internally by Google Cloud libraries, and the public facing methods may be changed without notice, and have no guarantee of backwards compatibility.
Implements
MtlsProviderConstructors
X509Provider()
public X509Provider()Creates a new X.509 provider that will check the environment variable path and the well known Gcloud certificate configuration location. This is meant for internal Google Cloud usage and behavior may be changed without warning.
X509Provider(String certConfigPathOverride)
public X509Provider(String certConfigPathOverride)Creates an X509 provider with an override path for the certificate configuration, bypassing the normal checks for the well known certificate configuration file path and environment variable. This is meant for internal Google Cloud usage and behavior may be changed without warning.
| Parameter | |
|---|---|
| Name | Description |
certConfigPathOverride |
Stringthe path to read the certificate configuration from. |
Methods
getCertificatePath()
public String getCertificatePath()Returns the path to the client certificate file specified by the loaded workload certificate configuration.
If the configuration has not been loaded yet (e.g., if #getKeyStore() has not been called), this method will attempt to load it first by searching the override path, environment variable, and well-known locations.
| Returns | |
|---|---|
| Type | Description |
String |
The path to the certificate file. |
| Exceptions | |
|---|---|
| Type | Description |
IOException |
if the certificate configuration cannot be found or loaded, or if the configuration file does not specify a certificate path. |
getKeyStore()
public KeyStore getKeyStore()Finds the certificate configuration file, then builds a Keystore using the X.509 certificate and private key pointed to by the configuration. This will check the following locations in order.
- The certificate config override path, if set.
- The path pointed to by the "GOOGLE_API_CERTIFICATE_CONFIG" environment variable
- The well known gcloud location for the certificate configuration file.
| Returns | |
|---|---|
| Type | Description |
KeyStore |
a KeyStore containing the X.509 certificate specified by the certificate configuration. |
| Exceptions | |
|---|---|
| Type | Description |
CertificateSourceUnavailableException |
if the certificate source is unavailable (ex. missing configuration file) |
IOException |
if the certificate source is unavailable (ex. missing configuration file) |
isAvailable()
public boolean isAvailable()Returns true if the X509 mTLS provider is available.
| Returns | |
|---|---|
| Type | Description |
boolean |
|
| Exceptions | |
|---|---|
| Type | Description |
IOException |
if a general I/O error occurs while determining availability. |