io.grpc.xds.internal.security.certprovider.CertProviderSslContextProvider

All Implemented Interfaces:: CertificateProvider.Watcher, Closeable, Closeable, AutoCloseable

Direct Known Subclasses:: CertProviderClientSslContextProvider, CertProviderServerSslContextProvider

abstract class CertProviderSslContextProvider extends DynamicSslContextProvider implements CertificateProvider.Watcher

Base class for CertProviderClientSslContextProvider.

Nested Class Summary

Nested classes/interfaces inherited from class SslContextProvider
SslContextProvider.Callback, SslContextProvider.SslContextGetter
Field Summary

Fields

Modifier and Type

Field

Description

private final CertificateProviderStore.Handle

certHandle

private final CommonTlsContext.CertificateProviderInstance

certInstance

private final CertificateProviderStore.Handle

rootCertHandle

private final CommonTlsContext.CertificateProviderInstance

rootCertInstance

protected List<X509Certificate>

savedCertChain

protected PrivateKey

savedKey

protected List<X509Certificate>

savedTrustedRoots

Fields inherited from class DynamicSslContextProvider
pendingCallbacks, sslContext, staticCertificateValidationContext

Fields inherited from class SslContextProvider
tlsContext
Constructor Summary

Constructors

Modifier

Constructor

Description

protected

CertProviderSslContextProvider(Node node, Map<String, Bootstrapper.CertificateProviderInfo> certProviders, CommonTlsContext.CertificateProviderInstance certInstance, CommonTlsContext.CertificateProviderInstance rootCertInstance, CertificateValidationContext staticCertValidationContext, EnvoyServerProtoData.BaseTlsContext tlsContext, CertificateProviderStore certificateProviderStore)
Method Summary

Modifier and Type

Method

Description

private void

clearKeysAndCerts()

final void

close()

Closes this provider and releases any resources.

protected final CertificateValidationContext

generateCertificateValidationContext()

private static Bootstrapper.CertificateProviderInfo

getCertProviderConfig(Map<String, Bootstrapper.CertificateProviderInfo> certProviders, String pluginInstanceName)

protected static CommonTlsContext.CertificateProviderInstance

getCertProviderInstance(CommonTlsContext commonTlsContext)

protected static CommonTlsContext.CertificateProviderInstance

getRootCertProviderInstance(CommonTlsContext commonTlsContext)

protected static CertificateValidationContext

getStaticValidationContext(CommonTlsContext commonTlsContext)

protected final boolean

isClientSideTls()

protected final boolean

isMtls()

protected final boolean

isServerSideTls()

final void

updateCertificate(PrivateKey key, List<X509Certificate> certChain)

private void

updateSslContextWhenReady()

final void

updateTrustedRoots(List<X509Certificate> trustedRoots)

Methods inherited from class DynamicSslContextProvider
addCallback, callPerformCallback, getSslContext, getSslContextBuilder, onError, updateSslContext

Methods inherited from class SslContextProvider
getCommonTlsContext, getDownstreamTlsContext, getUpstreamTlsContext, performCallback, setClientAuthValues

Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface CertificateProvider.Watcher
onError

Field Details
- certHandle
  
  @Nullable private final CertificateProviderStore.Handle certHandle
- rootCertHandle
  
  @Nullable private final CertificateProviderStore.Handle rootCertHandle
- certInstance
  
  @Nullable private final CommonTlsContext.CertificateProviderInstance certInstance
- rootCertInstance
  
  @Nullable private final CommonTlsContext.CertificateProviderInstance rootCertInstance
- savedKey
  
  @Nullable protected PrivateKey savedKey
- savedCertChain
  
  @Nullable protected List<X509Certificate> savedCertChain
- savedTrustedRoots
  
  @Nullable protected List<X509Certificate> savedTrustedRoots
Constructor Details
- CertProviderSslContextProvider
  
  protected CertProviderSslContextProvider(Node node, @Nullable Map<String, Bootstrapper.CertificateProviderInfo> certProviders, CommonTlsContext.CertificateProviderInstance certInstance, CommonTlsContext.CertificateProviderInstance rootCertInstance, CertificateValidationContext staticCertValidationContext, EnvoyServerProtoData.BaseTlsContext tlsContext, CertificateProviderStore certificateProviderStore)
Method Details
- getCertProviderConfig
  
  private static Bootstrapper.CertificateProviderInfo getCertProviderConfig(@Nullable Map<String, Bootstrapper.CertificateProviderInfo> certProviders, String pluginInstanceName)
- getCertProviderInstance
  
  @Nullable protected static CommonTlsContext.CertificateProviderInstance getCertProviderInstance(CommonTlsContext commonTlsContext)
- getStaticValidationContext
  
  @Nullable protected static CertificateValidationContext getStaticValidationContext(CommonTlsContext commonTlsContext)
- getRootCertProviderInstance
  
  @Nullable protected static CommonTlsContext.CertificateProviderInstance getRootCertProviderInstance(CommonTlsContext commonTlsContext)
- updateCertificate
  
  public final void updateCertificate(PrivateKey key, List<X509Certificate> certChain)
  
  Specified by:
  
  updateCertificate in interface CertificateProvider.Watcher
- updateTrustedRoots
  
  public final void updateTrustedRoots(List<X509Certificate> trustedRoots)
  
  Specified by:
  
  updateTrustedRoots in interface CertificateProvider.Watcher
- updateSslContextWhenReady
  
  private void updateSslContextWhenReady()
- clearKeysAndCerts
  
  private void clearKeysAndCerts()
- isMtls
  
  protected final boolean isMtls()
- isClientSideTls
  
  protected final boolean isClientSideTls()
- isServerSideTls
  
  protected final boolean isServerSideTls()
- generateCertificateValidationContext
  
  protected final CertificateValidationContext generateCertificateValidationContext()
  
  Specified by:
  
  generateCertificateValidationContext in class DynamicSslContextProvider
- close
  
  public final void close()
  
  Description copied from class: SslContextProvider
  
  Closes this provider and releases any resources.
  
  Specified by:
  
  close in interface AutoCloseable
  
  Specified by:
  
  close in interface Closeable
  
  Specified by:
  
  close in interface Closeable
  
  Specified by:
  
  close in class SslContextProvider

Class CertProviderSslContextProvider

Nested Class Summary

Nested classes/interfaces inherited from class SslContextProvider

Field Summary

Fields inherited from class DynamicSslContextProvider

Fields inherited from class SslContextProvider

Constructor Summary

Method Summary

Methods inherited from class DynamicSslContextProvider

Methods inherited from class SslContextProvider

Methods inherited from class Object

Methods inherited from interface CertificateProvider.Watcher

Field Details

certHandle

rootCertHandle

certInstance

rootCertInstance

savedKey

savedCertChain

savedTrustedRoots

Constructor Details

CertProviderSslContextProvider

Method Details

getCertProviderConfig

getCertProviderInstance

getStaticValidationContext

getRootCertProviderInstance

updateCertificate

updateTrustedRoots

updateSslContextWhenReady

clearKeysAndCerts

isMtls

isClientSideTls

isServerSideTls

generateCertificateValidationContext

close