Package io.grpc.xds.internal.security.certprovider

Class CertificateProvider

  • All Implemented Interfaces:
    Closeable, java.io.Closeable, java.lang.AutoCloseable
    Direct Known Subclasses:
    FileWatcherCertificateProvider
    public abstract class CertificateProvider
extends java.lang.Object
implements Closeable
    A plug-in that provides certificates required by the xDS security component and created using the certificate-provider config from the xDS server.

    We may move this out of the internal package and make this an official API in the future.

    The plugin fetches certificates - root and optionally identity cert - required by xDS security.

    • Constructor Detail

      • CertificateProvider

        protected CertificateProvider​(CertificateProvider.DistributorWatcher watcher,
                              boolean notifyCertUpdates)
        Concrete subclasses will call this to register the CertificateProvider.Watcher.
        Parameters:
        watcher - to register
        notifyCertUpdates - if true, the provider is required to call the watcher’s updateCertificate method. Implies the Provider is capable of minting certificates. Used by server-side and mTLS client-side. Note the Provider is always required to call updateTrustedRoots to provide trusted-root updates.

    • Method Detail

      • close

        public abstract void close()
        Releases all resources and stop cert refreshes and watcher updates.
        Specified by:
        close in interface java.lang.AutoCloseable
        Specified by:
        close in interface Closeable
        Specified by:
        close in interface java.io.Closeable

      • start

        public abstract void start()
        Starts the cert refresh and watcher update cycle.

      • isNotifyCertUpdates

        public boolean isNotifyCertUpdates()