Class CertificateProvider

java.lang.Object
io.grpc.xds.internal.security.certprovider.CertificateProvider
All Implemented Interfaces:
Closeable, Closeable, AutoCloseable
Direct Known Subclasses:
FileWatcherCertificateProvider

public abstract class CertificateProvider extends Object implements Closeable
A plug-in that provides certificates required by the xDS security component and created using the certificate-provider config from the xDS server.

We may move this out of the internal package and make this an official API in the future.

The plugin fetches certificates - root and optionally identity cert - required by xDS security.

  • Field Details

  • Constructor Details

    • CertificateProvider

      protected CertificateProvider(CertificateProvider.DistributorWatcher watcher, boolean notifyCertUpdates)
      Concrete subclasses will call this to register the CertificateProvider.Watcher.
      Parameters:
      watcher - to register
      notifyCertUpdates - if true, the provider is required to call the watcher’s updateCertificate method. Implies the Provider is capable of minting certificates. Used by server-side and mTLS client-side. Note the Provider is always required to call updateTrustedRoots to provide trusted-root updates.
  • Method Details

    • close

      public abstract void close()
      Releases all resources and stop cert refreshes and watcher updates.
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Specified by:
      close in interface Closeable
    • start

      public abstract void start()
      Starts the cert refresh and watcher update cycle.
    • getWatcher

    • isNotifyCertUpdates

      public boolean isNotifyCertUpdates()