Class CertificateProvider

  • All Implemented Interfaces:
    Closeable, java.io.Closeable, java.lang.AutoCloseable
    Direct Known Subclasses:
    FileWatcherCertificateProvider

    public abstract class CertificateProvider
    extends java.lang.Object
    implements Closeable
    A plug-in that provides certificates required by the xDS security component and created using the certificate-provider config from the xDS server.

    We may move this out of the internal package and make this an official API in the future.

    The plugin fetches certificates - root and optionally identity cert - required by xDS security.

    • Constructor Detail

      • CertificateProvider

        protected CertificateProvider​(CertificateProvider.DistributorWatcher watcher,
                                      boolean notifyCertUpdates)
        Concrete subclasses will call this to register the CertificateProvider.Watcher.
        Parameters:
        watcher - to register
        notifyCertUpdates - if true, the provider is required to call the watcher’s updateCertificate method. Implies the Provider is capable of minting certificates. Used by server-side and mTLS client-side. Note the Provider is always required to call updateTrustedRoots to provide trusted-root updates.
    • Method Detail

      • close

        public abstract void close()
        Releases all resources and stop cert refreshes and watcher updates.
        Specified by:
        close in interface java.lang.AutoCloseable
        Specified by:
        close in interface Closeable
        Specified by:
        close in interface java.io.Closeable
      • start

        public abstract void start()
        Starts the cert refresh and watcher update cycle.
      • isNotifyCertUpdates

        public boolean isNotifyCertUpdates()