19 #ifndef GRPC_CORE_EXT_XDS_XDS_CERTIFICATE_PROVIDER_H
20 #define GRPC_CORE_EXT_XDS_XDS_CERTIFICATE_PROVIDER_H
27 #define GRPC_ARG_XDS_CERTIFICATE_PROVIDER \
28 "grpc.internal.xds_certificate_provider"
44 const std::string& cert_name, absl::string_view root_cert_name,
49 const std::string& cert_name, absl::string_view identity_cert_name,
51 identity_cert_distributor);
57 bool require_client_certificate);
61 const std::string&
cluster, std::vector<StringMatcher> matchers);
69 class ClusterCertificateState {
71 explicit ClusterCertificateState(
73 : xds_certificate_provider_(xds_certificate_provider) {}
75 ~ClusterCertificateState();
79 bool IsSafeToRemove()
const;
83 return identity_cert_distributor_ !=
nullptr;
87 const std::string& cert_name, absl::string_view root_cert_name,
88 RefCountedPtr<grpc_tls_certificate_distributor> root_cert_distributor);
90 const std::string& cert_name, absl::string_view identity_cert_name,
91 RefCountedPtr<grpc_tls_certificate_distributor>
92 identity_cert_distributor);
94 void UpdateRootCertWatcher(
95 const std::string& cert_name,
97 void UpdateIdentityCertWatcher(
98 const std::string& cert_name,
101 bool require_client_certificate()
const {
102 return require_client_certificate_;
104 void set_require_client_certificate(
bool require_client_certificate) {
105 require_client_certificate_ = require_client_certificate;
108 void WatchStatusCallback(
const std::string& cert_name,
109 bool root_being_watched,
110 bool identity_being_watched);
114 bool watching_root_certs_ =
false;
115 bool watching_identity_certs_ =
false;
116 std::string root_cert_name_;
117 std::string identity_cert_name_;
118 RefCountedPtr<grpc_tls_certificate_distributor> root_cert_distributor_;
119 RefCountedPtr<grpc_tls_certificate_distributor> identity_cert_distributor_;
121 root_cert_watcher_ =
nullptr;
123 identity_cert_watcher_ =
nullptr;
124 bool require_client_certificate_ =
false;
127 void WatchStatusCallback(std::string cert_name,
bool root_being_watched,
128 bool identity_being_watched);
130 RefCountedPtr<grpc_tls_certificate_distributor> distributor_;
133 std::map<std::string , std::unique_ptr<ClusterCertificateState>>
134 certificate_state_map_ ABSL_GUARDED_BY(mu_);
144 Mutex san_matchers_mu_;
145 std::map<std::string , std::vector<StringMatcher>>
146 san_matcher_map_ ABSL_GUARDED_BY(san_matchers_mu_);
Definition: xds_certificate_provider.h:32
static RefCountedPtr< XdsCertificateProvider > GetFromChannelArgs(const grpc_channel_args *args)
Definition: xds_certificate_provider.cc:397
bool ProvidesIdentityCerts(const std::string &cert_name)
Definition: xds_certificate_provider.cc:292
bool ProvidesRootCerts(const std::string &cert_name)
Definition: xds_certificate_provider.cc:268
grpc_core::RefCountedPtr< grpc_tls_certificate_distributor > distributor() const override
Definition: xds_certificate_provider.h:37
grpc_arg MakeChannelArg() const
Definition: xds_certificate_provider.cc:390
std::vector< StringMatcher > GetSanMatchers(const std::string &cluster)
Definition: xds_certificate_provider.cc:333
void UpdateRootCertNameAndDistributor(const std::string &cert_name, absl::string_view root_cert_name, RefCountedPtr< grpc_tls_certificate_distributor > root_cert_distributor)
Definition: xds_certificate_provider.cc:275
~XdsCertificateProvider() override
Definition: xds_certificate_provider.cc:264
void UpdateRequireClientCertificate(const std::string &cert_name, bool require_client_certificate)
Definition: xds_certificate_provider.cc:325
void UpdateIdentityCertNameAndDistributor(const std::string &cert_name, absl::string_view identity_cert_name, RefCountedPtr< grpc_tls_certificate_distributor > identity_cert_distributor)
Definition: xds_certificate_provider.cc:300
void UpdateSubjectAlternativeNameMatchers(const std::string &cluster, std::vector< StringMatcher > matchers)
Definition: xds_certificate_provider.cc:341
bool GetRequireClientCertificate(const std::string &cert_name)
Definition: xds_certificate_provider.cc:317
XdsCertificateProvider()
Definition: xds_certificate_provider.cc:258
Definition: grpc_tls_certificate_distributor.h:40
Round Robin Policy.
Definition: backend_metric.cc:26
A single argument...
Definition: grpc_types.h:103
An array of arguments that can be passed around.
Definition: grpc_types.h:132
Definition: grpc_tls_certificate_distributor.h:37
Definition: grpc_tls_certificate_provider.h:45
absl::string_view cluster
Definition: xds_resolver.cc:177