dubbo.apache.org/dubbo-go/v3@v3.1.1/xds/credentials/certprovider/provider.go (about) 1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 /* 19 * 20 * Copyright 2020 gRPC authors. 21 * 22 */ 23 24 // Package certprovider defines APIs for Certificate Providers in gRPC. 25 26 package certprovider 27 28 import ( 29 "context" 30 "crypto/tls" 31 "crypto/x509" 32 "errors" 33 ) 34 35 var ( 36 // errProviderClosed is returned by Distributor.KeyMaterial when it is 37 // closed. 38 errProviderClosed = errors.New("provider instance is closed") 39 40 // m is a map from name to Provider builder. 41 m = make(map[string]Builder) 42 ) 43 44 // Register registers the Provider builder, whose name as returned by its Name() 45 // method will be used as the name registered with this builder. Registered 46 // Builders are used by the Store to create Providers. 47 func Register(b Builder) { 48 m[b.Name()] = b 49 } 50 51 // GetBuilder returns the Provider builder registered with the given name. 52 // If no builder is registered with the provided name, nil will be returned. 53 func GetBuilder(name string) Builder { 54 if b, ok := m[name]; ok { 55 return b 56 } 57 return nil 58 } 59 60 // Builder creates a Provider. 61 type Builder interface { 62 // ParseConfig parses the given config, which is in a format specific to individual 63 // implementations, and returns a BuildableConfig on success. 64 ParseConfig(interface{}) (*BuildableConfig, error) 65 66 // Name returns the name of providers built by this builder. 67 Name() string 68 } 69 70 // Provider makes it possible to keep channel credential implementations up to 71 // date with secrets that they rely on to secure communications on the 72 // underlying channel. 73 // 74 // Provider implementations are free to rely on local or remote sources to fetch 75 // the latest secrets, and free to share any state between different 76 // instantiations as they deem fit. 77 type Provider interface { 78 // KeyMaterial returns the key material sourced by the Provider. 79 // Callers are expected to use the returned value as read-only. 80 KeyMaterial(ctx context.Context) (*KeyMaterial, error) 81 82 // Close cleans up resources allocated by the Provider. 83 Close() 84 } 85 86 // KeyMaterial wraps the certificates and keys returned by a Provider instance. 87 type KeyMaterial struct { 88 // Certs contains a slice of cert/key pairs used to prove local identity. 89 Certs []tls.Certificate 90 // Roots contains the set of trusted roots to validate the peer's identity. 91 Roots *x509.CertPool 92 } 93 94 // BuildOptions contains parameters passed to a Provider at build time. 95 type BuildOptions struct { 96 // CertName holds the certificate name, whose key material is of interest to 97 // the caller. 98 CertName string 99 // WantRoot indicates if the caller is interested in the root certificate. 100 WantRoot bool 101 // WantIdentity indicates if the caller is interested in the identity 102 // certificate. 103 WantIdentity bool 104 }