Class CertificateProvider
- java.lang.Object
-
- io.grpc.xds.internal.security.certprovider.CertificateProvider
-
- All Implemented Interfaces:
Closeable
,java.io.Closeable
,java.lang.AutoCloseable
- Direct Known Subclasses:
FileWatcherCertificateProvider
public abstract class CertificateProvider extends java.lang.Object implements Closeable
A plug-in that provides certificates required by the xDS security component and created using the certificate-provider config from the xDS server.We may move this out of the internal package and make this an official API in the future.
The plugin fetches certificates - root and optionally identity cert - required by xDS security.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
CertificateProvider.DistributorWatcher
static interface
CertificateProvider.Watcher
A watcher is registered to receive certificate updates.
-
Field Summary
Fields Modifier and Type Field Description private boolean
notifyCertUpdates
private CertificateProvider.DistributorWatcher
watcher
-
Constructor Summary
Constructors Modifier Constructor Description protected
CertificateProvider(CertificateProvider.DistributorWatcher watcher, boolean notifyCertUpdates)
Concrete subclasses will call this to register theCertificateProvider.Watcher
.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description abstract void
close()
Releases all resources and stop cert refreshes and watcher updates.CertificateProvider.DistributorWatcher
getWatcher()
boolean
isNotifyCertUpdates()
abstract void
start()
Starts the cert refresh and watcher update cycle.
-
-
-
Field Detail
-
watcher
private final CertificateProvider.DistributorWatcher watcher
-
notifyCertUpdates
private final boolean notifyCertUpdates
-
-
Constructor Detail
-
CertificateProvider
protected CertificateProvider(CertificateProvider.DistributorWatcher watcher, boolean notifyCertUpdates)
Concrete subclasses will call this to register theCertificateProvider.Watcher
.- Parameters:
watcher
- to registernotifyCertUpdates
- if true, the provider is required to call the watcher’s updateCertificate method. Implies the Provider is capable of minting certificates. Used by server-side and mTLS client-side. Note the Provider is always required to call updateTrustedRoots to provide trusted-root updates.
-
-
Method Detail
-
close
public abstract void close()
Releases all resources and stop cert refreshes and watcher updates.
-
start
public abstract void start()
Starts the cert refresh and watcher update cycle.
-
getWatcher
public CertificateProvider.DistributorWatcher getWatcher()
-
isNotifyCertUpdates
public boolean isNotifyCertUpdates()
-
-