xds/src/main/java/io/grpc/xds/internal/security/TlsContextManagerImpl.java - platform/external/grpc-grpc-java - Git at Google

 /*
  * Copyright 2019 The gRPC Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package io.grpc.xds.internal.security;

 import static com.google.common.base.Preconditions.checkNotNull;

 import com.google.common.annotations.VisibleForTesting;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.xds.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.TlsContextManager;
 import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory;

 /**
  * Class to manage {@link SslContextProvider} objects created from inputs we get from xDS. Used by
  * gRPC-xds to access the SslContext's and is not public API. This manager manages the life-cycle of
  * {@link SslContextProvider} objects as shared resources via ref-counting as described in {@link
  * ReferenceCountingMap}.
  */
 public final class TlsContextManagerImpl implements TlsContextManager {

   private final ReferenceCountingMap<UpstreamTlsContext, SslContextProvider> mapForClients;
   private final ReferenceCountingMap<DownstreamTlsContext, SslContextProvider> mapForServers;

   /**
    * Create a TlsContextManagerImpl instance using the passed in {@link BootstrapInfo}.
    */
   @VisibleForTesting public TlsContextManagerImpl(BootstrapInfo bootstrapInfo) {
     this(
         new ClientSslContextProviderFactory(bootstrapInfo),
         new ServerSslContextProviderFactory(bootstrapInfo));
   }

   @VisibleForTesting
   TlsContextManagerImpl(
       ValueFactory<UpstreamTlsContext, SslContextProvider> clientFactory,
       ValueFactory<DownstreamTlsContext, SslContextProvider> serverFactory) {
     checkNotNull(clientFactory, "clientFactory");
     checkNotNull(serverFactory, "serverFactory");
     mapForClients = new ReferenceCountingMap<>(clientFactory);
     mapForServers = new ReferenceCountingMap<>(serverFactory);
   }

   @Override
   public SslContextProvider findOrCreateServerSslContextProvider(
       DownstreamTlsContext downstreamTlsContext) {
     checkNotNull(downstreamTlsContext, "downstreamTlsContext");
     CommonTlsContext.Builder builder = downstreamTlsContext.getCommonTlsContext().toBuilder();
     downstreamTlsContext =
         new DownstreamTlsContext(
             builder.build(), downstreamTlsContext.isRequireClientCertificate());
     return mapForServers.get(downstreamTlsContext);
   }

   @Override
   public SslContextProvider findOrCreateClientSslContextProvider(
       UpstreamTlsContext upstreamTlsContext) {
     checkNotNull(upstreamTlsContext, "upstreamTlsContext");
     CommonTlsContext.Builder builder = upstreamTlsContext.getCommonTlsContext().toBuilder();
     upstreamTlsContext = new UpstreamTlsContext(builder.build());
     return mapForClients.get(upstreamTlsContext);
   }

   @Override
   public SslContextProvider releaseClientSslContextProvider(
       SslContextProvider clientSslContextProvider) {
     checkNotNull(clientSslContextProvider, "clientSslContextProvider");
     return mapForClients.release(clientSslContextProvider.getUpstreamTlsContext(),
         clientSslContextProvider);
   }

   @Override
   public SslContextProvider releaseServerSslContextProvider(
       SslContextProvider serverSslContextProvider) {
     checkNotNull(serverSslContextProvider, "serverSslContextProvider");
     return mapForServers.release(serverSslContextProvider.getDownstreamTlsContext(),
         serverSslContextProvider);
   }
 }
	/*
	* Copyright 2019 The gRPC Authors
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package io.grpc.xds.internal.security;

	import static com.google.common.base.Preconditions.checkNotNull;

	import com.google.common.annotations.VisibleForTesting;
	import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
	import io.grpc.xds.Bootstrapper.BootstrapInfo;
	import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
	import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
	import io.grpc.xds.TlsContextManager;
	import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory;

	/**
	* Class to manage {@link SslContextProvider} objects created from inputs we get from xDS. Used by
	* gRPC-xds to access the SslContext's and is not public API. This manager manages the life-cycle of
	* {@link SslContextProvider} objects as shared resources via ref-counting as described in {@link
	* ReferenceCountingMap}.
	*/
	public final class TlsContextManagerImpl implements TlsContextManager {

	private final ReferenceCountingMap<UpstreamTlsContext, SslContextProvider> mapForClients;
	private final ReferenceCountingMap<DownstreamTlsContext, SslContextProvider> mapForServers;

	/**
	* Create a TlsContextManagerImpl instance using the passed in {@link BootstrapInfo}.
	*/
	@VisibleForTesting public TlsContextManagerImpl(BootstrapInfo bootstrapInfo) {
	this(
	new ClientSslContextProviderFactory(bootstrapInfo),
	new ServerSslContextProviderFactory(bootstrapInfo));
	}

	@VisibleForTesting
	TlsContextManagerImpl(
	ValueFactory<UpstreamTlsContext, SslContextProvider> clientFactory,
	ValueFactory<DownstreamTlsContext, SslContextProvider> serverFactory) {
	checkNotNull(clientFactory, "clientFactory");
	checkNotNull(serverFactory, "serverFactory");
	mapForClients = new ReferenceCountingMap<>(clientFactory);
	mapForServers = new ReferenceCountingMap<>(serverFactory);
	}

	@Override
	public SslContextProvider findOrCreateServerSslContextProvider(
	DownstreamTlsContext downstreamTlsContext) {
	checkNotNull(downstreamTlsContext, "downstreamTlsContext");
	CommonTlsContext.Builder builder = downstreamTlsContext.getCommonTlsContext().toBuilder();
	downstreamTlsContext =
	new DownstreamTlsContext(
	builder.build(), downstreamTlsContext.isRequireClientCertificate());
	return mapForServers.get(downstreamTlsContext);
	}

	@Override
	public SslContextProvider findOrCreateClientSslContextProvider(
	UpstreamTlsContext upstreamTlsContext) {
	checkNotNull(upstreamTlsContext, "upstreamTlsContext");
	CommonTlsContext.Builder builder = upstreamTlsContext.getCommonTlsContext().toBuilder();
	upstreamTlsContext = new UpstreamTlsContext(builder.build());
	return mapForClients.get(upstreamTlsContext);
	}

	@Override
	public SslContextProvider releaseClientSslContextProvider(
	SslContextProvider clientSslContextProvider) {
	checkNotNull(clientSslContextProvider, "clientSslContextProvider");
	return mapForClients.release(clientSslContextProvider.getUpstreamTlsContext(),
	clientSslContextProvider);
	}

	@Override
	public SslContextProvider releaseServerSslContextProvider(
	SslContextProvider serverSslContextProvider) {
	checkNotNull(serverSslContextProvider, "serverSslContextProvider");
	return mapForServers.release(serverSslContextProvider.getDownstreamTlsContext(),
	serverSslContextProvider);
	}
	}