Package org.keycloak.spi.infinispan

Interface JGroupsCertificateProvider

All Superinterfaces:

Provider

All Known Implementing Classes:

DatabaseJGroupsCertificateProvider, FileJGroupsCertificateProvider

public interface JGroupsCertificateProvider
extends Provider

A Provider for the TLS certificate for JGroups communication.

Implementation notes

If the method isEnabled() returns true, then the implementation must also implement keyManager() and trustManager().

If the method supportRotateAndReload() returns true, then the implementation must also implement rotateCertificate(), reloadCertificate() and nextRotation().

Field Summary

Fields

Modifier and Type	Field	Description
static final JGroupsCertificateProvider	DISABLED

Method Summary

Modifier and Type	Method	Description
default void	close()
default boolean	isEnabled()
default KeyManager	keyManager()	Returns a managed KeyManager.
default Duration	nextRotation()	Returns when the next certificate rotation is required.
default void	reloadCertificate()	Reloads the most recent certificate and apply it to the KeyManager and TrustManager.
default void	rotateCertificate()	A new certificate must be generated.
default boolean	supportRotateAndReload()
default TrustManager	trustManager()	Returns a managed TrustManager.

Field Details

DISABLED

static final JGroupsCertificateProvider DISABLED

Method Details

rotateCertificate

default void rotateCertificate()

A new certificate must be generated.

The generated certificate should not be used immediately, but only after reloadCertificate() is invoked.

This method must be implemented when supportRotateAndReload() returns true.

reloadCertificate

default void reloadCertificate()

Reloads the most recent certificate and apply it to the KeyManager and TrustManager.

This method must be implemented when supportRotateAndReload() returns true.

nextRotation

default Duration nextRotation()

Returns when the next certificate rotation is required.

It is used to automatically rotate certificates periodically.

This method must be implemented when supportRotateAndReload() returns true.

Returns:

The time until the next rotation.

keyManager

default KeyManager keyManager()

Returns a managed KeyManager.

If supportRotateAndReload() returns true, the instance returned must be updated with the new certificate when reloadCertificate(). This method is invoked only once at boot time.

This method must be implemented when isEnabled() returns true.

Returns:

The KeyManager to use by the SSLContext.

trustManager

default TrustManager trustManager()

Returns a managed TrustManager.

If supportRotateAndReload() returns true, the instance returned must be updated with the new certificate when reloadCertificate(). This method is invoked only once at boot time.

This method must be implemented when isEnabled() returns true.

Returns:

The TrustManager to use by the SSLContext.

supportRotateAndReload

default boolean supportRotateAndReload()

Returns:

true if rotation and reload requests is possible.

isEnabled

default boolean isEnabled()

Returns:

true if TLS is enabled for JGroups communication.

close

default void close()

Specified by:

close in interface Provider