Class CertificateProvider
java.lang.Object
io.grpc.xds.internal.security.certprovider.CertificateProvider
- All Implemented Interfaces:
Closeable
,Closeable
,AutoCloseable
- Direct Known Subclasses:
FileWatcherCertificateProvider
A plug-in that provides certificates required by the xDS security component and created
using the certificate-provider config from the xDS server.
We may move this out of the internal package and make this an official API in the future.
The plugin fetches certificates - root and optionally identity cert - required by xDS security.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final class
static interface
A watcher is registered to receive certificate updates. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final boolean
private final CertificateProvider.DistributorWatcher
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
CertificateProvider
(CertificateProvider.DistributorWatcher watcher, boolean notifyCertUpdates) Concrete subclasses will call this to register theCertificateProvider.Watcher
. -
Method Summary
-
Field Details
-
watcher
-
notifyCertUpdates
private final boolean notifyCertUpdates
-
-
Constructor Details
-
CertificateProvider
protected CertificateProvider(CertificateProvider.DistributorWatcher watcher, boolean notifyCertUpdates) Concrete subclasses will call this to register theCertificateProvider.Watcher
.- Parameters:
watcher
- to registernotifyCertUpdates
- if true, the provider is required to call the watcher’s updateCertificate method. Implies the Provider is capable of minting certificates. Used by server-side and mTLS client-side. Note the Provider is always required to call updateTrustedRoots to provide trusted-root updates.
-
-
Method Details
-
close
public abstract void close()Releases all resources and stop cert refreshes and watcher updates. -
start
public abstract void start()Starts the cert refresh and watcher update cycle. -
getWatcher
-
isNotifyCertUpdates
public boolean isNotifyCertUpdates()
-