certificate_provider_store.h
Go to the documentation of this file.
1 //
2 //
3 // Copyright 2020 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
20 #define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
21 
22 #include <grpc/support/port_platform.h>
23 
24 #include <map>
25 #include <string>
26 #include <utility>
27 
28 #include "absl/base/thread_annotations.h"
29 #include "absl/strings/string_view.h"
30 
31 #include <grpc/grpc_security.h>
32 
33 #include "src/core/ext/xds/certificate_provider_factory.h"
34 #include "src/core/lib/gpr/useful.h"
35 #include "src/core/lib/gprpp/orphanable.h"
36 #include "src/core/lib/gprpp/ref_counted_ptr.h"
37 #include "src/core/lib/gprpp/sync.h"
38 #include "src/core/lib/gprpp/unique_type_name.h"
39 #include "src/core/lib/iomgr/iomgr_fwd.h"
40 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
41 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
42 
43 namespace grpc_core {
44 
45 // Map for xDS based grpc_tls_certificate_provider instances.
46 class CertificateProviderStore
47  : public InternallyRefCounted<CertificateProviderStore> {
48  public:
49  struct PluginDefinition {
50  std::string plugin_name;
51  RefCountedPtr<CertificateProviderFactory::Config> config;
52  };
53 
54  // Maps plugin instance (opaque) name to plugin defition.
55  typedef std::map<std::string, PluginDefinition> PluginDefinitionMap;
56 
57  explicit CertificateProviderStore(PluginDefinitionMap plugin_config_map)
58  : plugin_config_map_(std::move(plugin_config_map)) {}
59 
60  // If a certificate provider corresponding to the instance name \a key is
61  // found, a ref to the grpc_tls_certificate_provider is returned. If no
62  // provider is found for the key, a new provider is created from the plugin
63  // definition map.
64  // Returns nullptr on failure to get or create a new certificate provider.
65  RefCountedPtr<grpc_tls_certificate_provider> CreateOrGetCertificateProvider(
66  absl::string_view key);
67 
68  void Orphan() override { Unref(); }
69 
70  private:
71  // A thin wrapper around `grpc_tls_certificate_provider` which allows removing
72  // the entry from the CertificateProviderStore when the refcount reaches zero.
73  class CertificateProviderWrapper : public grpc_tls_certificate_provider {
74  public:
75  CertificateProviderWrapper(
76  RefCountedPtr<grpc_tls_certificate_provider> certificate_provider,
77  RefCountedPtr<CertificateProviderStore> store, absl::string_view key)
78  : certificate_provider_(std::move(certificate_provider)),
79  store_(std::move(store)),
80  key_(key) {}
81 
82  ~CertificateProviderWrapper() override {
83  store_->ReleaseCertificateProvider(key_, this);
84  }
85 
86  RefCountedPtr<grpc_tls_certificate_distributor> distributor()
87  const override {
88  return certificate_provider_->distributor();
89  }
90 
91  grpc_pollset_set* interested_parties() const override {
92  return certificate_provider_->interested_parties();
93  }
94 
95  int CompareImpl(const grpc_tls_certificate_provider* other) const override {
96  // TODO(yashykt): This should probably delegate to the `Compare` method of
97  // the wrapped certificate_provider_ object.
98  return QsortCompare(
99  static_cast<const grpc_tls_certificate_provider*>(this), other);
100  }
101 
102  UniqueTypeName type() const override;
103 
104  absl::string_view key() const { return key_; }
105 
106  private:
107  RefCountedPtr<grpc_tls_certificate_provider> certificate_provider_;
108  RefCountedPtr<CertificateProviderStore> store_;
109  absl::string_view key_;
110  };
111 
112  RefCountedPtr<CertificateProviderWrapper> CreateCertificateProviderLocked(
113  absl::string_view key) ABSL_EXCLUSIVE_LOCKS_REQUIRED(mu_);
114 
115  // Releases a previously created certificate provider from the certificate
116  // provider map if the value matches \a wrapper.
117  void ReleaseCertificateProvider(absl::string_view key,
118  CertificateProviderWrapper* wrapper);
119 
120  Mutex mu_;
121  // Map of plugin configurations
122  const PluginDefinitionMap plugin_config_map_;
123  // Underlying map for the providers.
124  std::map<absl::string_view, CertificateProviderWrapper*>
125  certificate_providers_map_ ABSL_GUARDED_BY(mu_);
126 };
127 
128 } // namespace grpc_core
129 
130 #endif // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
grpc_core::CertificateProviderStore::CertificateProviderWrapper::interested_parties
grpc_pollset_set * interested_parties() const override
Definition: certificate_provider_store.h:91
orphanable.h
grpc_tls_certificate_distributor.h
grpc_core::InternallyRefCounted< CertificateProviderStore >::Unref
void Unref()
Definition: orphanable.h:100
grpc_core
Definition: call_metric_recorder.h:31
grpc_core::CertificateProviderStore::PluginDefinition::config
RefCountedPtr< CertificateProviderFactory::Config > config
Definition: certificate_provider_store.h:51
grpc_pollset_set
struct grpc_pollset_set grpc_pollset_set
Definition: iomgr_fwd.h:23
absl::string_view
Definition: abseil-cpp/absl/strings/string_view.h:167
grpc_core::CertificateProviderStore::PluginDefinition::plugin_name
std::string plugin_name
Definition: certificate_provider_store.h:50
useful.h
testing::internal::string
::std::string string
Definition: bloaty/third_party/protobuf/third_party/googletest/googletest/include/gtest/internal/gtest-port.h:881
grpc_security.h
grpc_core::CertificateProviderStore::ABSL_GUARDED_BY
std::map< absl::string_view, CertificateProviderWrapper * > certificate_providers_map_ ABSL_GUARDED_BY(mu_)
grpc_core::CertificateProviderStore::CreateOrGetCertificateProvider
RefCountedPtr< grpc_tls_certificate_provider > CreateOrGetCertificateProvider(absl::string_view key)
Definition: certificate_provider_store.cc:45
grpc_core::CertificateProviderStore::CertificateProviderWrapper::distributor
RefCountedPtr< grpc_tls_certificate_distributor > distributor() const override
Definition: certificate_provider_store.h:86
grpc_core::CertificateProviderStore::PluginDefinitionMap
std::map< std::string, PluginDefinition > PluginDefinitionMap
Definition: certificate_provider_store.h:55
grpc_core::CertificateProviderStore::CertificateProviderStore
CertificateProviderStore(PluginDefinitionMap plugin_config_map)
Definition: certificate_provider_store.h:57
grpc_core::CertificateProviderStore::CertificateProviderWrapper::CompareImpl
int CompareImpl(const grpc_tls_certificate_provider *other) const override
Definition: certificate_provider_store.h:95
grpc_tls_certificate_provider.h
grpc_core::RefCountedPtr
Definition: ref_counted_ptr.h:35
absl::move
constexpr absl::remove_reference_t< T > && move(T &&t) noexcept
Definition: abseil-cpp/absl/utility/utility.h:221
ABSL_EXCLUSIVE_LOCKS_REQUIRED
#define ABSL_EXCLUSIVE_LOCKS_REQUIRED(...)
Definition: abseil-cpp/absl/base/thread_annotations.h:145
grpc_core::CertificateProviderStore::CertificateProviderWrapper
Definition: certificate_provider_store.h:73
grpc_core::CertificateProviderStore::CertificateProviderWrapper::certificate_provider_
RefCountedPtr< grpc_tls_certificate_provider > certificate_provider_
Definition: certificate_provider_store.h:107
grpc_core::CertificateProviderStore::ReleaseCertificateProvider
void ReleaseCertificateProvider(absl::string_view key, CertificateProviderWrapper *wrapper)
Definition: certificate_provider_store.cc:88
grpc_core::CertificateProviderStore::CertificateProviderWrapper::key_
absl::string_view key_
Definition: certificate_provider_store.h:109
grpc_core::InternallyRefCounted
Definition: orphanable.h:73
wrapper
grpc_channel_wrapper * wrapper
Definition: src/php/ext/grpc/channel.h:48
grpc_core::CertificateProviderStore::mu_
Mutex mu_
Definition: certificate_provider_store.h:120
grpc_core::CertificateProviderStore::CertificateProviderWrapper::CertificateProviderWrapper
CertificateProviderWrapper(RefCountedPtr< grpc_tls_certificate_provider > certificate_provider, RefCountedPtr< CertificateProviderStore > store, absl::string_view key)
Definition: certificate_provider_store.h:75
grpc_core::Mutex
Definition: src/core/lib/gprpp/sync.h:61
key
const char * key
Definition: hpack_parser_table.cc:164
grpc_core::UniqueTypeName
Definition: unique_type_name.h:56
grpc_tls_certificate_provider::distributor
virtual grpc_core::RefCountedPtr< grpc_tls_certificate_distributor > distributor() const =0
grpc_core::QsortCompare
int QsortCompare(const T &a, const T &b)
Definition: useful.h:95
grpc_core::CertificateProviderStore::CertificateProviderWrapper::type
UniqueTypeName type() const override
Definition: certificate_provider_store.cc:33
grpc_core::CertificateProviderStore::PluginDefinition
Definition: certificate_provider_store.h:49
std
Definition: grpcpp/impl/codegen/async_unary_call.h:407
certificate_provider_factory.h
unique_type_name.h
ref_counted_ptr.h
grpc_tls_certificate_provider
Definition: grpc_tls_certificate_provider.h:53
grpc_core::CertificateProviderStore
Definition: certificate_provider_store.h:46
iomgr_fwd.h
grpc_core::CertificateProviderStore::CertificateProviderWrapper::key
absl::string_view key() const
Definition: certificate_provider_store.h:104
grpc_tls_certificate_provider::interested_parties
virtual grpc_pollset_set * interested_parties() const
Definition: grpc_tls_certificate_provider.h:56
grpc_core::CertificateProviderStore::CreateCertificateProviderLocked
RefCountedPtr< CertificateProviderWrapper > CreateCertificateProviderLocked(absl::string_view key) ABSL_EXCLUSIVE_LOCKS_REQUIRED(mu_)
Definition: certificate_provider_store.cc:66
grpc_core::CertificateProviderStore::Orphan
void Orphan() override
Definition: certificate_provider_store.h:68
grpc_core::CertificateProviderStore::CertificateProviderWrapper::store_
RefCountedPtr< CertificateProviderStore > store_
Definition: certificate_provider_store.h:108
grpc_core::CertificateProviderStore::CertificateProviderWrapper::~CertificateProviderWrapper
~CertificateProviderWrapper() override
Definition: certificate_provider_store.h:82
sync.h
grpc_core::CertificateProviderStore::plugin_config_map_
const PluginDefinitionMap plugin_config_map_
Definition: certificate_provider_store.h:122
port_platform.h

grpc
Author(s):
autogenerated on Fri May 16 2025 02:57:52