core, netty: allow InputStream based certs

core/src/main/java/io/grpc/ServerBuilder.java

@@ -17,6 +17,7 @@
 package io.grpc;
 
 import java.io.File;
+import java.io.InputStream;
 import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
@@ -150,6 +151,22 @@ public T addStreamTracerFactory(ServerStreamTracer.Factory factory) {
    */
   public abstract T useTransportSecurity(File certChain, File privateKey);
 
+  /**
+   * Makes the server use TLS.
+   *
+   * @param certChain InputStream containing the full certificate chain
+   * @param privateKey InputStream containing the private key
+   *
+   * @return this
+   * @throws UnsupportedOperationException if the server does not support TLS, or does not support
+   *         reading these files from an InputStream.
+   * @since 1.12.0
+   */
+  public T useTransportSecurity(InputStream certChain, InputStream privateKey) {
+    throw new UnsupportedOperationException();
+  }
+
+
   /**
    * Set the decompression registry for use in the channel.  This is an advanced API call and
    * shouldn't be used unless you are using custom message encoding.   The default supported

netty/src/main/java/io/grpc/netty/GrpcSslContexts.java

@@ -31,6 +31,7 @@
 import io.netty.handler.ssl.SslProvider;
 import io.netty.handler.ssl.SupportedCipherSuiteFilter;
 import java.io.File;
+import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.security.Provider;
@@ -140,6 +141,27 @@ public static SslContextBuilder forServer(
     return configure(SslContextBuilder.forServer(keyCertChainFile, keyFile, keyPassword));
   }
 
+  /**
+   * Creates a SslContextBuilder with ciphers and APN appropriate for gRPC.
+   *
+   * @see SslContextBuilder#forServer(InputStream, InputStream)
+   * @see #configure(SslContextBuilder)
+   */
+  public static SslContextBuilder forServer(InputStream keyCertChain, InputStream key) {
+    return configure(SslContextBuilder.forServer(keyCertChain, key));
+  }
+
+  /**
+   * Creates a SslContextBuilder with ciphers and APN appropriate for gRPC.
+   *
+   * @see SslContextBuilder#forServer(InputStream, InputStream, String)
+   * @see #configure(SslContextBuilder)
+   */
+  public static SslContextBuilder forServer(
+      InputStream keyCertChain, InputStream key, String keyPassword) {
+    return configure(SslContextBuilder.forServer(keyCertChain, key, keyPassword));
+  }
+
   /**
    * Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if
    * an application requires particular settings it should override the options set here.

netty/src/main/java/io/grpc/netty/NettyServerBuilder.java

@@ -38,6 +38,7 @@
 import io.netty.channel.socket.nio.NioServerSocketChannel;
 import io.netty.handler.ssl.SslContext;
 import java.io.File;
+import java.io.InputStream;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.util.HashMap;
@@ -438,4 +439,15 @@ public NettyServerBuilder useTransportSecurity(File certChain, File privateKey)
     }
     return this;
   }
+
+  @Override
+  public NettyServerBuilder useTransportSecurity(InputStream certChain, InputStream privateKey) {
+    try {
+      sslContext = GrpcSslContexts.forServer(certChain, privateKey).build();
+    } catch (SSLException e) {
+      // This should likely be some other, easier to catch exception.
+      throw new RuntimeException(e);
+    }
+    return this;
+  }
 }

netty/src/test/java/io/grpc/netty/TlsTest.java

@@ -176,7 +176,6 @@ public void basicClientServerIntegrationTest() throws Exception {
     client.unaryRpc(SimpleRequest.getDefaultInstance());
   }
 
-
   /**
    * Tests that a server configured to require client authentication refuses to accept connections
    * from a client that has an untrusted certificate.