From 6f8e44a7f52e94491423b3fa8e41463e916514a8 Mon Sep 17 00:00:00 2001 From: sanjaypujare Date: Sat, 24 Sep 2022 00:05:15 -0700 Subject: [PATCH] xds: security code refactoring/renaming (#9555) * xds: security code refactoring/renaming 1) move certprovider package under security 2) refactor inner Factory into CertProviderClientSslContextProviderFactory and CertProviderServerSslContextProviderFactory 3) Make CertProviderClientSslContextProvider and CertProviderServerSslContextProvider non-public 4) use only public (non package private) types like SslContextProvider (instead of CertProviderClientSslContextProvider etc) --- .../ClientSslContextProviderFactory.java | 8 +- .../security/DynamicSslContextProvider.java | 2 + .../ServerSslContextProviderFactory.java | 8 +- .../internal/security/SslContextProvider.java | 2 + .../CertProviderClientSslContextProvider.java | 47 +----------- ...oviderClientSslContextProviderFactory.java | 76 +++++++++++++++++++ .../CertProviderServerSslContextProvider.java | 62 +++------------ ...oviderServerSslContextProviderFactory.java | 76 +++++++++++++++++++ .../CertProviderSslContextProvider.java | 2 +- .../certprovider/CertificateProvider.java | 2 +- .../CertificateProviderProvider.java | 4 +- .../CertificateProviderRegistry.java | 2 +- .../CertificateProviderStore.java | 5 +- .../FileWatcherCertificateProvider.java | 2 +- ...ileWatcherCertificateProviderProvider.java | 2 +- .../ClientSslContextProviderFactoryTest.java | 40 ++++++---- .../SecurityProtocolNegotiatorsTest.java | 2 +- .../ServerSslContextProviderFactoryTest.java | 33 ++++---- ...tProviderClientSslContextProviderTest.java | 20 ++--- ...tProviderServerSslContextProviderTest.java | 22 +++--- .../CertificateProviderStoreTest.java | 2 +- .../CommonCertProviderTestUtils.java | 4 +- ...atcherCertificateProviderProviderTest.java | 2 +- .../FileWatcherCertificateProviderTest.java | 4 +- .../certprovider/TestCertificateProvider.java | 2 +- 25 files changed, 261 insertions(+), 170 deletions(-) rename xds/src/main/java/io/grpc/xds/internal/{ => security}/certprovider/CertProviderClientSslContextProvider.java (58%) create mode 100644 xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java rename xds/src/main/java/io/grpc/xds/internal/{ => security}/certprovider/CertProviderServerSslContextProvider.java (52%) create mode 100644 xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderFactory.java rename xds/src/main/java/io/grpc/xds/internal/{ => security}/certprovider/CertProviderSslContextProvider.java (99%) rename xds/src/main/java/io/grpc/xds/internal/{ => security}/certprovider/CertificateProvider.java (98%) rename xds/src/main/java/io/grpc/xds/internal/{ => security}/certprovider/CertificateProviderProvider.java (93%) rename xds/src/main/java/io/grpc/xds/internal/{ => security}/certprovider/CertificateProviderRegistry.java (98%) rename xds/src/main/java/io/grpc/xds/internal/{ => security}/certprovider/CertificateProviderStore.java (98%) rename xds/src/main/java/io/grpc/xds/internal/{ => security}/certprovider/FileWatcherCertificateProvider.java (99%) rename xds/src/main/java/io/grpc/xds/internal/{ => security}/certprovider/FileWatcherCertificateProviderProvider.java (99%) rename xds/src/test/java/io/grpc/xds/internal/{ => security}/certprovider/CertProviderClientSslContextProviderTest.java (95%) rename xds/src/test/java/io/grpc/xds/internal/{ => security}/certprovider/CertProviderServerSslContextProviderTest.java (95%) rename xds/src/test/java/io/grpc/xds/internal/{ => security}/certprovider/CertificateProviderStoreTest.java (99%) rename xds/src/test/java/io/grpc/xds/internal/{ => security}/certprovider/CommonCertProviderTestUtils.java (94%) rename xds/src/test/java/io/grpc/xds/internal/{ => security}/certprovider/FileWatcherCertificateProviderProviderTest.java (99%) rename xds/src/test/java/io/grpc/xds/internal/{ => security}/certprovider/FileWatcherCertificateProviderTest.java (99%) rename xds/src/test/java/io/grpc/xds/internal/{ => security}/certprovider/TestCertificateProvider.java (98%) diff --git a/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java b/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java index c7f2dfc001..4bf11fba3f 100644 --- a/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java @@ -20,23 +20,23 @@ import static com.google.common.base.Preconditions.checkNotNull; import io.grpc.xds.Bootstrapper.BootstrapInfo; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; -import io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider; import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory; +import io.grpc.xds.internal.security.certprovider.CertProviderClientSslContextProviderFactory; /** Factory to create client-side SslContextProvider from UpstreamTlsContext. */ final class ClientSslContextProviderFactory implements ValueFactory { private BootstrapInfo bootstrapInfo; - private final CertProviderClientSslContextProvider.Factory + private final CertProviderClientSslContextProviderFactory certProviderClientSslContextProviderFactory; ClientSslContextProviderFactory(BootstrapInfo bootstrapInfo) { - this(bootstrapInfo, CertProviderClientSslContextProvider.Factory.getInstance()); + this(bootstrapInfo, CertProviderClientSslContextProviderFactory.getInstance()); } ClientSslContextProviderFactory( - BootstrapInfo bootstrapInfo, CertProviderClientSslContextProvider.Factory factory) { + BootstrapInfo bootstrapInfo, CertProviderClientSslContextProviderFactory factory) { this.bootstrapInfo = bootstrapInfo; this.certProviderClientSslContextProviderFactory = factory; } diff --git a/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java index 64c6ff8b6b..6bf66d022f 100644 --- a/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java @@ -21,6 +21,7 @@ import static com.google.common.base.Preconditions.checkNotNull; import com.google.common.collect.ImmutableList; import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext; import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext; +import io.grpc.Internal; import io.grpc.Status; import io.grpc.xds.EnvoyServerProtoData.BaseTlsContext; import io.netty.handler.ssl.ApplicationProtocolConfig; @@ -34,6 +35,7 @@ import java.util.List; import javax.annotation.Nullable; /** Base class for dynamic {@link SslContextProvider}s. */ +@Internal public abstract class DynamicSslContextProvider extends SslContextProvider { protected final List pendingCallbacks = new ArrayList<>(); diff --git a/xds/src/main/java/io/grpc/xds/internal/security/ServerSslContextProviderFactory.java b/xds/src/main/java/io/grpc/xds/internal/security/ServerSslContextProviderFactory.java index 14e038c9a4..6206ccdcfe 100644 --- a/xds/src/main/java/io/grpc/xds/internal/security/ServerSslContextProviderFactory.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/ServerSslContextProviderFactory.java @@ -20,23 +20,23 @@ import static com.google.common.base.Preconditions.checkNotNull; import io.grpc.xds.Bootstrapper.BootstrapInfo; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; -import io.grpc.xds.internal.certprovider.CertProviderServerSslContextProvider; import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory; +import io.grpc.xds.internal.security.certprovider.CertProviderServerSslContextProviderFactory; /** Factory to create server-side SslContextProvider from DownstreamTlsContext. */ final class ServerSslContextProviderFactory implements ValueFactory { private BootstrapInfo bootstrapInfo; - private final CertProviderServerSslContextProvider.Factory + private final CertProviderServerSslContextProviderFactory certProviderServerSslContextProviderFactory; ServerSslContextProviderFactory(BootstrapInfo bootstrapInfo) { - this(bootstrapInfo, CertProviderServerSslContextProvider.Factory.getInstance()); + this(bootstrapInfo, CertProviderServerSslContextProviderFactory.getInstance()); } ServerSslContextProviderFactory( - BootstrapInfo bootstrapInfo, CertProviderServerSslContextProvider.Factory factory) { + BootstrapInfo bootstrapInfo, CertProviderServerSslContextProviderFactory factory) { this.bootstrapInfo = bootstrapInfo; this.certProviderServerSslContextProviderFactory = factory; } diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java index 1768394089..7544f5d9fc 100644 --- a/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java @@ -21,6 +21,7 @@ import static com.google.common.base.Preconditions.checkState; import com.google.common.annotations.VisibleForTesting; import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext; +import io.grpc.Internal; import io.grpc.xds.EnvoyServerProtoData.BaseTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; @@ -39,6 +40,7 @@ import java.util.concurrent.Executor; * stream that is receiving the requested secret(s) or it could represent file-system based * secret(s) that are dynamic. */ +@Internal public abstract class SslContextProvider implements Closeable { protected final BaseTlsContext tlsContext; diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java similarity index 58% rename from xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProvider.java rename to xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java index d8d71be197..3953fd5c46 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java @@ -14,15 +14,13 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.base.Preconditions.checkNotNull; -import com.google.common.annotations.VisibleForTesting; import io.envoyproxy.envoy.config.core.v3.Node; import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext; import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext; -import io.grpc.Internal; import io.grpc.netty.GrpcSslContexts; import io.grpc.xds.Bootstrapper.CertificateProviderInfo; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; @@ -34,10 +32,9 @@ import java.util.Map; import javax.annotation.Nullable; /** A client SslContext provider using CertificateProviderInstance to fetch secrets. */ -@Internal -public final class CertProviderClientSslContextProvider extends CertProviderSslContextProvider { +final class CertProviderClientSslContextProvider extends CertProviderSslContextProvider { - private CertProviderClientSslContextProvider( + CertProviderClientSslContextProvider( Node node, @Nullable Map certProviders, CommonTlsContext.CertificateProviderInstance certInstance, @@ -71,42 +68,4 @@ public final class CertProviderClientSslContextProvider extends CertProviderSslC return sslContextBuilder; } - /** Creates CertProviderClientSslContextProvider. */ - @Internal - public static final class Factory { - private static final Factory DEFAULT_INSTANCE = - new Factory(CertificateProviderStore.getInstance()); - private final CertificateProviderStore certificateProviderStore; - - @VisibleForTesting public Factory(CertificateProviderStore certificateProviderStore) { - this.certificateProviderStore = certificateProviderStore; - } - - public static Factory getInstance() { - return DEFAULT_INSTANCE; - } - - /** Creates a {@link CertProviderClientSslContextProvider}. */ - public CertProviderClientSslContextProvider getProvider( - UpstreamTlsContext upstreamTlsContext, - Node node, - @Nullable Map certProviders) { - checkNotNull(upstreamTlsContext, "upstreamTlsContext"); - CommonTlsContext commonTlsContext = upstreamTlsContext.getCommonTlsContext(); - CertificateValidationContext staticCertValidationContext = getStaticValidationContext( - commonTlsContext); - CommonTlsContext.CertificateProviderInstance rootCertInstance = getRootCertProviderInstance( - commonTlsContext); - CommonTlsContext.CertificateProviderInstance certInstance = getCertProviderInstance( - commonTlsContext); - return new CertProviderClientSslContextProvider( - node, - certProviders, - certInstance, - rootCertInstance, - staticCertValidationContext, - upstreamTlsContext, - certificateProviderStore); - } - } } diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java new file mode 100644 index 0000000000..ef91cb5670 --- /dev/null +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java @@ -0,0 +1,76 @@ +/* + * Copyright 2022 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.xds.internal.security.certprovider; + +import static com.google.common.base.Preconditions.checkNotNull; + +import com.google.common.annotations.VisibleForTesting; +import io.envoyproxy.envoy.config.core.v3.Node; +import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext; +import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext; +import io.grpc.Internal; +import io.grpc.xds.Bootstrapper.CertificateProviderInfo; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; +import io.grpc.xds.internal.security.SslContextProvider; +import java.util.Map; +import javax.annotation.Nullable; + +/** + * Creates CertProviderClientSslContextProvider. + */ +@Internal +public final class CertProviderClientSslContextProviderFactory { + + private static final CertProviderClientSslContextProviderFactory DEFAULT_INSTANCE = + new CertProviderClientSslContextProviderFactory(CertificateProviderStore.getInstance()); + private final CertificateProviderStore certificateProviderStore; + + @VisibleForTesting + public CertProviderClientSslContextProviderFactory( + CertificateProviderStore certificateProviderStore) { + this.certificateProviderStore = certificateProviderStore; + } + + public static CertProviderClientSslContextProviderFactory getInstance() { + return DEFAULT_INSTANCE; + } + + /** + * Creates a {@link CertProviderClientSslContextProvider}. + */ + public SslContextProvider getProvider( + UpstreamTlsContext upstreamTlsContext, + Node node, + @Nullable Map certProviders) { + checkNotNull(upstreamTlsContext, "upstreamTlsContext"); + CommonTlsContext commonTlsContext = upstreamTlsContext.getCommonTlsContext(); + CertificateValidationContext staticCertValidationContext + = CertProviderSslContextProvider.getStaticValidationContext(commonTlsContext); + CommonTlsContext.CertificateProviderInstance rootCertInstance + = CertProviderSslContextProvider.getRootCertProviderInstance(commonTlsContext); + CommonTlsContext.CertificateProviderInstance certInstance + = CertProviderSslContextProvider.getCertProviderInstance(commonTlsContext); + return new CertProviderClientSslContextProvider( + node, + certProviders, + certInstance, + rootCertInstance, + staticCertValidationContext, + upstreamTlsContext, + certificateProviderStore); + } +} diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java similarity index 52% rename from xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProvider.java rename to xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java index 036591c092..9d936f02dc 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java @@ -14,21 +14,18 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.base.Preconditions.checkNotNull; -import com.google.common.annotations.VisibleForTesting; import io.envoyproxy.envoy.config.core.v3.Node; import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext; import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext; -import io.grpc.Internal; import io.grpc.netty.GrpcSslContexts; import io.grpc.xds.Bootstrapper.CertificateProviderInfo; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.internal.security.trust.XdsTrustManagerFactory; import io.netty.handler.ssl.SslContextBuilder; - import java.io.IOException; import java.security.cert.CertStoreException; import java.security.cert.CertificateException; @@ -37,17 +34,16 @@ import java.util.Map; import javax.annotation.Nullable; /** A server SslContext provider using CertificateProviderInstance to fetch secrets. */ -@Internal -public final class CertProviderServerSslContextProvider extends CertProviderSslContextProvider { +final class CertProviderServerSslContextProvider extends CertProviderSslContextProvider { - private CertProviderServerSslContextProvider( - Node node, - @Nullable Map certProviders, - CommonTlsContext.CertificateProviderInstance certInstance, - CommonTlsContext.CertificateProviderInstance rootCertInstance, - CertificateValidationContext staticCertValidationContext, - DownstreamTlsContext downstreamTlsContext, - CertificateProviderStore certificateProviderStore) { + CertProviderServerSslContextProvider( + Node node, + @Nullable Map certProviders, + CommonTlsContext.CertificateProviderInstance certInstance, + CommonTlsContext.CertificateProviderInstance rootCertInstance, + CertificateValidationContext staticCertValidationContext, + DownstreamTlsContext downstreamTlsContext, + CertificateProviderStore certificateProviderStore) { super( node, certProviders, @@ -74,42 +70,4 @@ public final class CertProviderServerSslContextProvider extends CertProviderSslC return sslContextBuilder; } - /** Creates CertProviderServerSslContextProvider. */ - @Internal - public static final class Factory { - private static final Factory DEFAULT_INSTANCE = - new Factory(CertificateProviderStore.getInstance()); - private final CertificateProviderStore certificateProviderStore; - - @VisibleForTesting public Factory(CertificateProviderStore certificateProviderStore) { - this.certificateProviderStore = certificateProviderStore; - } - - public static Factory getInstance() { - return DEFAULT_INSTANCE; - } - - /** Creates a {@link CertProviderServerSslContextProvider}. */ - public CertProviderServerSslContextProvider getProvider( - DownstreamTlsContext downstreamTlsContext, - Node node, - @Nullable Map certProviders) { - checkNotNull(downstreamTlsContext, "downstreamTlsContext"); - CommonTlsContext commonTlsContext = downstreamTlsContext.getCommonTlsContext(); - CertificateValidationContext staticCertValidationContext = getStaticValidationContext( - commonTlsContext); - CommonTlsContext.CertificateProviderInstance rootCertInstance = getRootCertProviderInstance( - commonTlsContext); - CommonTlsContext.CertificateProviderInstance certInstance = getCertProviderInstance( - commonTlsContext); - return new CertProviderServerSslContextProvider( - node, - certProviders, - certInstance, - rootCertInstance, - staticCertValidationContext, - downstreamTlsContext, - certificateProviderStore); - } - } } diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderFactory.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderFactory.java new file mode 100644 index 0000000000..3189d49f27 --- /dev/null +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderFactory.java @@ -0,0 +1,76 @@ +/* + * Copyright 2022 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.xds.internal.security.certprovider; + +import static com.google.common.base.Preconditions.checkNotNull; + +import com.google.common.annotations.VisibleForTesting; +import io.envoyproxy.envoy.config.core.v3.Node; +import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext; +import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext; +import io.grpc.Internal; +import io.grpc.xds.Bootstrapper.CertificateProviderInfo; +import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; +import io.grpc.xds.internal.security.SslContextProvider; +import java.util.Map; +import javax.annotation.Nullable; + +/** + * Creates CertProviderServerSslContextProvider. + */ +@Internal +public final class CertProviderServerSslContextProviderFactory { + + private static final CertProviderServerSslContextProviderFactory DEFAULT_INSTANCE = + new CertProviderServerSslContextProviderFactory(CertificateProviderStore.getInstance()); + private final CertificateProviderStore certificateProviderStore; + + @VisibleForTesting + public CertProviderServerSslContextProviderFactory( + CertificateProviderStore certificateProviderStore) { + this.certificateProviderStore = certificateProviderStore; + } + + public static CertProviderServerSslContextProviderFactory getInstance() { + return DEFAULT_INSTANCE; + } + + /** + * Creates a {@link CertProviderServerSslContextProvider}. + */ + public SslContextProvider getProvider( + DownstreamTlsContext downstreamTlsContext, + Node node, + @Nullable Map certProviders) { + checkNotNull(downstreamTlsContext, "downstreamTlsContext"); + CommonTlsContext commonTlsContext = downstreamTlsContext.getCommonTlsContext(); + CertificateValidationContext staticCertValidationContext + = CertProviderSslContextProvider.getStaticValidationContext(commonTlsContext); + CommonTlsContext.CertificateProviderInstance rootCertInstance + = CertProviderSslContextProvider.getRootCertProviderInstance(commonTlsContext); + CommonTlsContext.CertificateProviderInstance certInstance + = CertProviderSslContextProvider.getCertProviderInstance(commonTlsContext); + return new CertProviderServerSslContextProvider( + node, + certProviders, + certInstance, + rootCertInstance, + staticCertValidationContext, + downstreamTlsContext, + certificateProviderStore); + } +} diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java similarity index 99% rename from xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderSslContextProvider.java rename to xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java index 0bdbf36e9e..065501fa53 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderSslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import io.envoyproxy.envoy.config.core.v3.Node; import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext; diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProvider.java similarity index 98% rename from xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProvider.java rename to xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProvider.java index 3ecbba6cb3..a0d5d0fc69 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProvider.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.base.Preconditions.checkNotNull; diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProviderProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderProvider.java similarity index 93% rename from xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProviderProvider.java rename to xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderProvider.java index a426542eea..e2e26ead50 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProviderProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderProvider.java @@ -14,10 +14,10 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import io.grpc.Internal; -import io.grpc.xds.internal.certprovider.CertificateProvider.Watcher; +import io.grpc.xds.internal.security.certprovider.CertificateProvider.Watcher; /** * Provider of {@link CertificateProvider}s. Implemented by the implementer of the plugin. We may diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProviderRegistry.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderRegistry.java similarity index 98% rename from xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProviderRegistry.java rename to xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderRegistry.java index 12eb6f6573..2c320b7996 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProviderRegistry.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderRegistry.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.base.Preconditions.checkNotNull; diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProviderStore.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStore.java similarity index 98% rename from xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProviderStore.java rename to xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStore.java index 08ed25bf9c..0fe342a36c 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertificateProviderStore.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStore.java @@ -14,12 +14,11 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import com.google.common.annotations.VisibleForTesting; -import io.grpc.xds.internal.certprovider.CertificateProvider.Watcher; import io.grpc.xds.internal.security.ReferenceCountingMap; - +import io.grpc.xds.internal.security.certprovider.CertificateProvider.Watcher; import java.io.Closeable; import java.util.Objects; import java.util.logging.Level; diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProvider.java similarity index 99% rename from xds/src/main/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProvider.java rename to xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProvider.java index 4cddc19ea4..e5855f55b0 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProvider.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.base.Preconditions.checkNotNull; diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProviderProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java similarity index 99% rename from xds/src/main/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProviderProvider.java rename to xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java index c1b0ce3f50..c4b140442c 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProviderProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.base.Preconditions.checkNotNull; diff --git a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java index 8e81c24170..4f85afc2ea 100644 --- a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java @@ -32,12 +32,12 @@ import io.grpc.xds.Bootstrapper; import io.grpc.xds.CommonBootstrapperTestUtils; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.XdsInitializationException; -import io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider; -import io.grpc.xds.internal.certprovider.CertificateProvider; -import io.grpc.xds.internal.certprovider.CertificateProviderProvider; -import io.grpc.xds.internal.certprovider.CertificateProviderRegistry; -import io.grpc.xds.internal.certprovider.CertificateProviderStore; -import io.grpc.xds.internal.certprovider.TestCertificateProvider; +import io.grpc.xds.internal.security.certprovider.CertProviderClientSslContextProviderFactory; +import io.grpc.xds.internal.security.certprovider.CertificateProvider; +import io.grpc.xds.internal.security.certprovider.CertificateProviderProvider; +import io.grpc.xds.internal.security.certprovider.CertificateProviderRegistry; +import io.grpc.xds.internal.security.certprovider.CertificateProviderStore; +import io.grpc.xds.internal.security.certprovider.TestCertificateProvider; import java.io.IOException; import org.junit.Assert; import org.junit.Before; @@ -53,7 +53,7 @@ public class ClientSslContextProviderFactoryTest { CertificateProviderRegistry certificateProviderRegistry; CertificateProviderStore certificateProviderStore; - CertProviderClientSslContextProvider.Factory certProviderClientSslContextProviderFactory; + CertProviderClientSslContextProviderFactory certProviderClientSslContextProviderFactory; ClientSslContextProviderFactory clientSslContextProviderFactory; @Before @@ -61,7 +61,7 @@ public class ClientSslContextProviderFactoryTest { certificateProviderRegistry = new CertificateProviderRegistry(); certificateProviderStore = new CertificateProviderStore(certificateProviderRegistry); certProviderClientSslContextProviderFactory = - new CertProviderClientSslContextProvider.Factory(certificateProviderStore); + new CertProviderClientSslContextProviderFactory(certificateProviderStore); } @Test @@ -84,12 +84,14 @@ public class ClientSslContextProviderFactoryTest { bootstrapInfo, certProviderClientSslContextProviderFactory); SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderClientSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); // verify that bootstrapInfo is cached... sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderClientSslContextProvider"); } @Test @@ -117,7 +119,8 @@ public class ClientSslContextProviderFactoryTest { bootstrapInfo, certProviderClientSslContextProviderFactory); SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderClientSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); } @@ -142,7 +145,8 @@ public class ClientSslContextProviderFactoryTest { bootstrapInfo, certProviderClientSslContextProviderFactory); SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderClientSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); } @@ -175,7 +179,8 @@ public class ClientSslContextProviderFactoryTest { certProviderClientSslContextProviderFactory); SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderClientSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); } @@ -204,7 +209,8 @@ public class ClientSslContextProviderFactoryTest { bootstrapInfo, certProviderClientSslContextProviderFactory); SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderClientSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); verifyWatcher(sslContextProvider, watcherCaptor[1]); } @@ -240,7 +246,8 @@ public class ClientSslContextProviderFactoryTest { bootstrapInfo, certProviderClientSslContextProviderFactory); SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderClientSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); verifyWatcher(sslContextProvider, watcherCaptor[1]); } @@ -273,7 +280,8 @@ public class ClientSslContextProviderFactoryTest { bootstrapInfo, certProviderClientSslContextProviderFactory); SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderClientSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); } diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java index 7355b45693..0531189f2a 100644 --- a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java @@ -51,9 +51,9 @@ import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.InternalXdsAttributes; import io.grpc.xds.TlsContextManager; -import io.grpc.xds.internal.certprovider.CommonCertProviderTestUtils; import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSdsHandler; import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSdsProtocolNegotiator; +import io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelPipeline; diff --git a/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java index 902138c06d..07648194f7 100644 --- a/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java @@ -29,10 +29,10 @@ import io.grpc.xds.CommonBootstrapperTestUtils; import io.grpc.xds.EnvoyServerProtoData; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.XdsInitializationException; -import io.grpc.xds.internal.certprovider.CertProviderServerSslContextProvider; -import io.grpc.xds.internal.certprovider.CertificateProvider; -import io.grpc.xds.internal.certprovider.CertificateProviderRegistry; -import io.grpc.xds.internal.certprovider.CertificateProviderStore; +import io.grpc.xds.internal.security.certprovider.CertProviderServerSslContextProviderFactory; +import io.grpc.xds.internal.security.certprovider.CertificateProvider; +import io.grpc.xds.internal.security.certprovider.CertificateProviderRegistry; +import io.grpc.xds.internal.security.certprovider.CertificateProviderStore; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -44,7 +44,7 @@ public class ServerSslContextProviderFactoryTest { CertificateProviderRegistry certificateProviderRegistry; CertificateProviderStore certificateProviderStore; - CertProviderServerSslContextProvider.Factory certProviderServerSslContextProviderFactory; + CertProviderServerSslContextProviderFactory certProviderServerSslContextProviderFactory; ServerSslContextProviderFactory serverSslContextProviderFactory; @Before @@ -52,7 +52,7 @@ public class ServerSslContextProviderFactoryTest { certificateProviderRegistry = new CertificateProviderRegistry(); certificateProviderStore = new CertificateProviderStore(certificateProviderRegistry); certProviderServerSslContextProviderFactory = - new CertProviderServerSslContextProvider.Factory(certificateProviderStore); + new CertProviderServerSslContextProviderFactory(certificateProviderStore); } @Test @@ -76,12 +76,14 @@ public class ServerSslContextProviderFactoryTest { bootstrapInfo, certProviderServerSslContextProviderFactory); SslContextProvider sslContextProvider = serverSslContextProviderFactory.create(downstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderServerSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); // verify that bootstrapInfo is cached... sslContextProvider = serverSslContextProviderFactory.create(downstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderServerSslContextProvider"); } @Test @@ -113,7 +115,8 @@ public class ServerSslContextProviderFactoryTest { bootstrapInfo, certProviderServerSslContextProviderFactory); SslContextProvider sslContextProvider = serverSslContextProviderFactory.create(downstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderServerSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); } @@ -139,7 +142,8 @@ public class ServerSslContextProviderFactoryTest { bootstrapInfo, certProviderServerSslContextProviderFactory); SslContextProvider sslContextProvider = serverSslContextProviderFactory.create(downstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderServerSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); } @@ -173,7 +177,8 @@ public class ServerSslContextProviderFactoryTest { bootstrapInfo, certProviderServerSslContextProviderFactory); SslContextProvider sslContextProvider = serverSslContextProviderFactory.create(downstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderServerSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); } @@ -203,7 +208,8 @@ public class ServerSslContextProviderFactoryTest { bootstrapInfo, certProviderServerSslContextProviderFactory); SslContextProvider sslContextProvider = serverSslContextProviderFactory.create(downstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderServerSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); verifyWatcher(sslContextProvider, watcherCaptor[1]); } @@ -241,7 +247,8 @@ public class ServerSslContextProviderFactoryTest { bootstrapInfo, certProviderServerSslContextProviderFactory); SslContextProvider sslContextProvider = serverSslContextProviderFactory.create(downstreamTlsContext); - assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class); + assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo( + "CertProviderServerSslContextProvider"); verifyWatcher(sslContextProvider, watcherCaptor[0]); verifyWatcher(sslContextProvider, watcherCaptor[1]); } diff --git a/xds/src/test/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java similarity index 95% rename from xds/src/test/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProviderTest.java rename to xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java index 8495d9bcf0..857d4b017c 100644 --- a/xds/src/test/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProviderTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java @@ -14,11 +14,10 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.truth.Truth.assertThat; -import static io.grpc.xds.internal.certprovider.CommonCertProviderTestUtils.getCertFromResourceName; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_KEY_FILE; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE; @@ -26,6 +25,7 @@ import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_P import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_KEY_FILE; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.doChecksOnSslContext; +import static io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils.getCertFromResourceName; import static org.junit.Assert.fail; import com.google.common.annotations.VisibleForTesting; @@ -56,14 +56,14 @@ public class CertProviderClientSslContextProviderTest { CertificateProviderRegistry certificateProviderRegistry; CertificateProviderStore certificateProviderStore; - private CertProviderClientSslContextProvider.Factory certProviderClientSslContextProviderFactory; + private CertProviderClientSslContextProviderFactory certProviderClientSslContextProviderFactory; @Before public void setUp() throws Exception { certificateProviderRegistry = new CertificateProviderRegistry(); certificateProviderStore = new CertificateProviderStore(certificateProviderRegistry); certProviderClientSslContextProviderFactory = - new CertProviderClientSslContextProvider.Factory(certificateProviderStore); + new CertProviderClientSslContextProviderFactory(certificateProviderStore); } /** Helper method to build CertProviderClientSslContextProvider. */ @@ -81,10 +81,11 @@ public class CertProviderClientSslContextProviderTest { "root-default", alpnProtocols, staticCertValidationContext); - return certProviderClientSslContextProviderFactory.getProvider( - upstreamTlsContext, - bootstrapInfo.node().toEnvoyProtoNode(), - bootstrapInfo.certProviders()); + return (CertProviderClientSslContextProvider) + certProviderClientSslContextProviderFactory.getProvider( + upstreamTlsContext, + bootstrapInfo.node().toEnvoyProtoNode(), + bootstrapInfo.certProviders()); } /** Helper method to build CertProviderClientSslContextProvider. */ @@ -102,7 +103,8 @@ public class CertProviderClientSslContextProviderTest { "root-default", alpnProtocols, staticCertValidationContext); - return certProviderClientSslContextProviderFactory.getProvider( + return (CertProviderClientSslContextProvider) + certProviderClientSslContextProviderFactory.getProvider( upstreamTlsContext, bootstrapInfo.node().toEnvoyProtoNode(), bootstrapInfo.certProviders()); diff --git a/xds/src/test/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java similarity index 95% rename from xds/src/test/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProviderTest.java rename to xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java index 8ce52e3233..14d772c779 100644 --- a/xds/src/test/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProviderTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java @@ -14,10 +14,9 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.truth.Truth.assertThat; -import static io.grpc.xds.internal.certprovider.CommonCertProviderTestUtils.getCertFromResourceName; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_KEY_FILE; @@ -25,6 +24,7 @@ import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_P import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_KEY_FILE; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.doChecksOnSslContext; +import static io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils.getCertFromResourceName; import static org.junit.Assert.fail; import com.google.common.collect.ImmutableList; @@ -35,9 +35,9 @@ import io.envoyproxy.envoy.type.matcher.v3.StringMatcher; import io.grpc.xds.Bootstrapper; import io.grpc.xds.CommonBootstrapperTestUtils; import io.grpc.xds.EnvoyServerProtoData; -import io.grpc.xds.internal.certprovider.CertProviderClientSslContextProviderTest.QueuedExecutor; import io.grpc.xds.internal.security.CommonTlsContextTestsUtil; import io.grpc.xds.internal.security.CommonTlsContextTestsUtil.TestCallback; +import io.grpc.xds.internal.security.certprovider.CertProviderClientSslContextProviderTest.QueuedExecutor; import java.util.Arrays; import org.junit.Before; import org.junit.Test; @@ -50,14 +50,14 @@ public class CertProviderServerSslContextProviderTest { CertificateProviderRegistry certificateProviderRegistry; CertificateProviderStore certificateProviderStore; - private CertProviderServerSslContextProvider.Factory certProviderServerSslContextProviderFactory; + private CertProviderServerSslContextProviderFactory certProviderServerSslContextProviderFactory; @Before public void setUp() throws Exception { certificateProviderRegistry = new CertificateProviderRegistry(); certificateProviderStore = new CertificateProviderStore(certificateProviderRegistry); certProviderServerSslContextProviderFactory = - new CertProviderServerSslContextProvider.Factory(certificateProviderStore); + new CertProviderServerSslContextProviderFactory(certificateProviderStore); } /** Helper method to build CertProviderServerSslContextProvider. */ @@ -77,10 +77,11 @@ public class CertProviderServerSslContextProviderTest { alpnProtocols, staticCertValidationContext, requireClientCert); - return certProviderServerSslContextProviderFactory.getProvider( - downstreamTlsContext, - bootstrapInfo.node().toEnvoyProtoNode(), - bootstrapInfo.certProviders()); + return (CertProviderServerSslContextProvider) + certProviderServerSslContextProviderFactory.getProvider( + downstreamTlsContext, + bootstrapInfo.node().toEnvoyProtoNode(), + bootstrapInfo.certProviders()); } /** Helper method to build CertProviderServerSslContextProvider. */ @@ -100,7 +101,8 @@ public class CertProviderServerSslContextProviderTest { alpnProtocols, staticCertValidationContext, requireClientCert); - return certProviderServerSslContextProviderFactory.getProvider( + return (CertProviderServerSslContextProvider) + certProviderServerSslContextProviderFactory.getProvider( downstreamTlsContext, bootstrapInfo.node().toEnvoyProtoNode(), bootstrapInfo.certProviders()); diff --git a/xds/src/test/java/io/grpc/xds/internal/certprovider/CertificateProviderStoreTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStoreTest.java similarity index 99% rename from xds/src/test/java/io/grpc/xds/internal/certprovider/CertificateProviderStoreTest.java rename to xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStoreTest.java index 33ec6b291e..8f77de7b5e 100644 --- a/xds/src/test/java/io/grpc/xds/internal/certprovider/CertificateProviderStoreTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStoreTest.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.truth.Truth.assertThat; import static org.junit.Assert.fail; diff --git a/xds/src/test/java/io/grpc/xds/internal/certprovider/CommonCertProviderTestUtils.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CommonCertProviderTestUtils.java similarity index 94% rename from xds/src/test/java/io/grpc/xds/internal/certprovider/CommonCertProviderTestUtils.java rename to xds/src/test/java/io/grpc/xds/internal/security/certprovider/CommonCertProviderTestUtils.java index 86264f2885..c62aa2d3a8 100644 --- a/xds/src/test/java/io/grpc/xds/internal/certprovider/CommonCertProviderTestUtils.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CommonCertProviderTestUtils.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static java.nio.charset.StandardCharsets.UTF_8; @@ -22,7 +22,7 @@ import com.google.common.io.CharStreams; import io.grpc.internal.FakeClock; import io.grpc.internal.TimeProvider; import io.grpc.internal.testing.TestUtils; -import io.grpc.xds.internal.certprovider.FileWatcherCertificateProviderProvider.ScheduledExecutorServiceFactory; +import io.grpc.xds.internal.security.certprovider.FileWatcherCertificateProviderProvider.ScheduledExecutorServiceFactory; import io.grpc.xds.internal.security.trust.CertificateUtils; import java.io.ByteArrayInputStream; import java.io.IOException; diff --git a/xds/src/test/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProviderProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProviderTest.java similarity index 99% rename from xds/src/test/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProviderProviderTest.java rename to xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProviderTest.java index d113b52005..9f7b13f86e 100644 --- a/xds/src/test/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProviderProviderTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProviderTest.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.truth.Truth.assertThat; import static org.junit.Assert.fail; diff --git a/xds/src/test/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderTest.java similarity index 99% rename from xds/src/test/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProviderTest.java rename to xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderTest.java index 7cfae61782..dd4cf37b88 100644 --- a/xds/src/test/java/io/grpc/xds/internal/certprovider/FileWatcherCertificateProviderTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderTest.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; import static com.google.common.truth.Truth.assertThat; import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE; @@ -34,8 +34,8 @@ import static org.mockito.Mockito.verify; import io.grpc.Status; import io.grpc.internal.TimeProvider; -import io.grpc.xds.internal.certprovider.CertificateProvider.DistributorWatcher; import io.grpc.xds.internal.security.CommonTlsContextTestsUtil; +import io.grpc.xds.internal.security.certprovider.CertificateProvider.DistributorWatcher; import java.io.File; import java.io.IOException; import java.nio.file.Files; diff --git a/xds/src/test/java/io/grpc/xds/internal/certprovider/TestCertificateProvider.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/TestCertificateProvider.java similarity index 98% rename from xds/src/test/java/io/grpc/xds/internal/certprovider/TestCertificateProvider.java rename to xds/src/test/java/io/grpc/xds/internal/security/certprovider/TestCertificateProvider.java index 9253d071fb..aba7a91081 100644 --- a/xds/src/test/java/io/grpc/xds/internal/certprovider/TestCertificateProvider.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/TestCertificateProvider.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package io.grpc.xds.internal.certprovider; +package io.grpc.xds.internal.security.certprovider; public class TestCertificateProvider extends CertificateProvider { Object config;