1 //
2 //
3 // Copyright 2020 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
20 #define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
21 
22 #include <grpc/support/port_platform.h>
23 
24 #include <map>
25 
26 #include "absl/strings/string_view.h"
27 
28 #include "src/core/ext/xds/certificate_provider_factory.h"
29 #include "src/core/lib/gprpp/orphanable.h"
30 #include "src/core/lib/gprpp/ref_counted_ptr.h"
31 #include "src/core/lib/gprpp/sync.h"
32 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
33 
34 namespace grpc_core {
35 
36 // Map for xDS based grpc_tls_certificate_provider instances.
37 class CertificateProviderStore
38     : public InternallyRefCounted<CertificateProviderStore> {
39  public:
40   struct PluginDefinition {
41     std::string plugin_name;
42     RefCountedPtr<CertificateProviderFactory::Config> config;
43   };
44 
45   // Maps plugin instance (opaque) name to plugin defition.
46   typedef std::map<std::string, PluginDefinition> PluginDefinitionMap;
47 
CertificateProviderStore(PluginDefinitionMap plugin_config_map)48   explicit CertificateProviderStore(PluginDefinitionMap plugin_config_map)
49       : plugin_config_map_(std::move(plugin_config_map)) {}
50 
51   // If a certificate provider corresponding to the instance name \a key is
52   // found, a ref to the grpc_tls_certificate_provider is returned. If no
53   // provider is found for the key, a new provider is created from the plugin
54   // definition map.
55   // Returns nullptr on failure to get or create a new certificate provider.
56   RefCountedPtr<grpc_tls_certificate_provider> CreateOrGetCertificateProvider(
57       absl::string_view key);
58 
Orphan()59   void Orphan() override { Unref(); }
60 
61  private:
62   // A thin wrapper around `grpc_tls_certificate_provider` which allows removing
63   // the entry from the CertificateProviderStore when the refcount reaches zero.
64   class CertificateProviderWrapper : public grpc_tls_certificate_provider {
65    public:
CertificateProviderWrapper(RefCountedPtr<grpc_tls_certificate_provider> certificate_provider,RefCountedPtr<CertificateProviderStore> store,absl::string_view key)66     CertificateProviderWrapper(
67         RefCountedPtr<grpc_tls_certificate_provider> certificate_provider,
68         RefCountedPtr<CertificateProviderStore> store, absl::string_view key)
69         : certificate_provider_(std::move(certificate_provider)),
70           store_(std::move(store)),
71           key_(key) {}
72 
~CertificateProviderWrapper()73     ~CertificateProviderWrapper() override {
74       store_->ReleaseCertificateProvider(key_, this);
75     }
76 
distributor()77     grpc_core::RefCountedPtr<grpc_tls_certificate_distributor> distributor()
78         const override {
79       return certificate_provider_->distributor();
80     }
81 
interested_parties()82     grpc_pollset_set* interested_parties() const override {
83       return certificate_provider_->interested_parties();
84     }
85 
key()86     absl::string_view key() const { return key_; }
87 
88    private:
89     RefCountedPtr<grpc_tls_certificate_provider> certificate_provider_;
90     RefCountedPtr<CertificateProviderStore> store_;
91     absl::string_view key_;
92   };
93 
94   RefCountedPtr<CertificateProviderWrapper> CreateCertificateProviderLocked(
95       absl::string_view key);
96 
97   // Releases a previously created certificate provider from the certificate
98   // provider map if the value matches \a wrapper.
99   void ReleaseCertificateProvider(absl::string_view key,
100                                   CertificateProviderWrapper* wrapper);
101 
102   Mutex mu_;
103   // Map of plugin configurations
104   PluginDefinitionMap plugin_config_map_;
105   // Underlying map for the providers.
106   std::map<absl::string_view, CertificateProviderWrapper*>
107       certificate_providers_map_;
108 };
109 
110 }  // namespace grpc_core
111 
112 #endif  // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
113