github.com/hxx258456/ccgo@v0.0.5-0.20230213014102-48b35f46f66f/grpc/credentials/tls/certprovider/provider.go (about) 1 /* 2 * 3 * Copyright 2020 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 // Package certprovider defines APIs for Certificate Providers in gRPC. 20 // 21 // Experimental 22 // 23 // Notice: All APIs in this package are experimental and may be removed in a 24 // later release. 25 package certprovider 26 27 import ( 28 "context" 29 "errors" 30 31 "github.com/hxx258456/ccgo/x509" 32 33 tls "github.com/hxx258456/ccgo/gmtls" 34 35 "github.com/hxx258456/ccgo/grpc/internal" 36 ) 37 38 func init() { 39 internal.GetCertificateProviderBuilder = getBuilder 40 } 41 42 var ( 43 // errProviderClosed is returned by Distributor.KeyMaterial when it is 44 // closed. 45 errProviderClosed = errors.New("provider instance is closed") 46 47 // m is a map from name to Provider builder. 48 m = make(map[string]Builder) 49 ) 50 51 // Register registers the Provider builder, whose name as returned by its Name() 52 // method will be used as the name registered with this builder. Registered 53 // Builders are used by the Store to create Providers. 54 func Register(b Builder) { 55 m[b.Name()] = b 56 } 57 58 // getBuilder returns the Provider builder registered with the given name. 59 // If no builder is registered with the provided name, nil will be returned. 60 func getBuilder(name string) Builder { 61 if b, ok := m[name]; ok { 62 return b 63 } 64 return nil 65 } 66 67 // Builder creates a Provider. 68 type Builder interface { 69 // ParseConfig parses the given config, which is in a format specific to individual 70 // implementations, and returns a BuildableConfig on success. 71 ParseConfig(interface{}) (*BuildableConfig, error) 72 73 // Name returns the name of providers built by this builder. 74 Name() string 75 } 76 77 // Provider makes it possible to keep channel credential implementations up to 78 // date with secrets that they rely on to secure communications on the 79 // underlying channel. 80 // 81 // Provider implementations are free to rely on local or remote sources to fetch 82 // the latest secrets, and free to share any state between different 83 // instantiations as they deem fit. 84 type Provider interface { 85 // KeyMaterial returns the key material sourced by the Provider. 86 // Callers are expected to use the returned value as read-only. 87 KeyMaterial(ctx context.Context) (*KeyMaterial, error) 88 89 // Close cleans up resources allocated by the Provider. 90 Close() 91 } 92 93 // KeyMaterial wraps the certificates and keys returned by a Provider instance. 94 type KeyMaterial struct { 95 // Certs contains a slice of cert/key pairs used to prove local identity. 96 Certs []tls.Certificate 97 // Roots contains the set of trusted roots to validate the peer's identity. 98 Roots *x509.CertPool 99 } 100 101 // BuildOptions contains parameters passed to a Provider at build time. 102 type BuildOptions struct { 103 // CertName holds the certificate name, whose key material is of interest to 104 // the caller. 105 CertName string 106 // WantRoot indicates if the caller is interested in the root certificate. 107 WantRoot bool 108 // WantIdentity indicates if the caller is interested in the identity 109 // certificate. 110 WantIdentity bool 111 }