Add certificate provider factory, store and registry headers

BUILD

@@ -1734,6 +1734,9 @@ grpc_cc_library(
     ],
     hdrs = [
         "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h",
+        "src/core/ext/xds/certificate_provider_factory.h",
+        "src/core/ext/xds/certificate_provider_registry.h",
+        "src/core/ext/xds/certificate_provider_store.h",
         "src/core/ext/xds/xds_channel_args.h",
         "src/core/lib/security/certificate_provider.h",
         "src/core/lib/security/context/security_context.h",

BUILD.gn

@@ -542,6 +542,9 @@ config("grpc_config") {
         "src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h",
         "src/core/ext/upb-generated/validate/validate.upb.c",
         "src/core/ext/upb-generated/validate/validate.upb.h",
+        "src/core/ext/xds/certificate_provider_factory.h",
+        "src/core/ext/xds/certificate_provider_registry.h",
+        "src/core/ext/xds/certificate_provider_store.h",
         "src/core/ext/xds/xds_api.cc",
         "src/core/ext/xds/xds_api.h",
         "src/core/ext/xds/xds_bootstrap.cc",

build_autogenerated.yaml

@@ -534,6 +534,9 @@ libs:
   - src/core/ext/upb-generated/udpa/annotations/versioning.upb.h
   - src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h
   - src/core/ext/upb-generated/validate/validate.upb.h
+  - src/core/ext/xds/certificate_provider_factory.h
+  - src/core/ext/xds/certificate_provider_registry.h
+  - src/core/ext/xds/certificate_provider_store.h
   - src/core/ext/xds/xds_api.h
   - src/core/ext/xds/xds_bootstrap.h
   - src/core/ext/xds/xds_channel_args.h

gRPC-C++.podspec

@@ -367,6 +367,9 @@ Pod::Spec.new do |s|
                       'src/core/ext/upb-generated/udpa/annotations/versioning.upb.h',
                       'src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h',
                       'src/core/ext/upb-generated/validate/validate.upb.h',
+                      'src/core/ext/xds/certificate_provider_factory.h',
+                      'src/core/ext/xds/certificate_provider_registry.h',
+                      'src/core/ext/xds/certificate_provider_store.h',
                       'src/core/ext/xds/xds_api.h',
                       'src/core/ext/xds/xds_bootstrap.h',
                       'src/core/ext/xds/xds_channel_args.h',
@@ -866,6 +869,9 @@ Pod::Spec.new do |s|
                               'src/core/ext/upb-generated/udpa/annotations/versioning.upb.h',
                               'src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h',
                               'src/core/ext/upb-generated/validate/validate.upb.h',
+                              'src/core/ext/xds/certificate_provider_factory.h',
+                              'src/core/ext/xds/certificate_provider_registry.h',
+                              'src/core/ext/xds/certificate_provider_store.h',
                               'src/core/ext/xds/xds_api.h',
                               'src/core/ext/xds/xds_bootstrap.h',
                               'src/core/ext/xds/xds_channel_args.h',

gRPC-Core.podspec

@@ -528,6 +528,9 @@ Pod::Spec.new do |s|
                       'src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h',
                       'src/core/ext/upb-generated/validate/validate.upb.c',
                       'src/core/ext/upb-generated/validate/validate.upb.h',
+                      'src/core/ext/xds/certificate_provider_factory.h',
+                      'src/core/ext/xds/certificate_provider_registry.h',
+                      'src/core/ext/xds/certificate_provider_store.h',
                       'src/core/ext/xds/xds_api.cc',
                       'src/core/ext/xds/xds_api.h',
                       'src/core/ext/xds/xds_bootstrap.cc',
@@ -1278,6 +1281,9 @@ Pod::Spec.new do |s|
                               'src/core/ext/upb-generated/udpa/annotations/versioning.upb.h',
                               'src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h',
                               'src/core/ext/upb-generated/validate/validate.upb.h',
+                              'src/core/ext/xds/certificate_provider_factory.h',
+                              'src/core/ext/xds/certificate_provider_registry.h',
+                              'src/core/ext/xds/certificate_provider_store.h',
                               'src/core/ext/xds/xds_api.h',
                               'src/core/ext/xds/xds_bootstrap.h',
                               'src/core/ext/xds/xds_channel_args.h',

grpc.gemspec

@@ -446,6 +446,9 @@ Gem::Specification.new do |s|
   s.files += %w( src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h )
   s.files += %w( src/core/ext/upb-generated/validate/validate.upb.c )
   s.files += %w( src/core/ext/upb-generated/validate/validate.upb.h )
+  s.files += %w( src/core/ext/xds/certificate_provider_factory.h )
+  s.files += %w( src/core/ext/xds/certificate_provider_registry.h )
+  s.files += %w( src/core/ext/xds/certificate_provider_store.h )
   s.files += %w( src/core/ext/xds/xds_api.cc )
   s.files += %w( src/core/ext/xds/xds_api.h )
   s.files += %w( src/core/ext/xds/xds_bootstrap.cc )

package.xml

@@ -426,6 +426,9 @@
     <file baseinstalldir="/" name="src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h" role="src" />
     <file baseinstalldir="/" name="src/core/ext/upb-generated/validate/validate.upb.c" role="src" />
     <file baseinstalldir="/" name="src/core/ext/upb-generated/validate/validate.upb.h" role="src" />
+    <file baseinstalldir="/" name="src/core/ext/xds/certificate_provider_factory.h" role="src" />
+    <file baseinstalldir="/" name="src/core/ext/xds/certificate_provider_registry.h" role="src" />
+    <file baseinstalldir="/" name="src/core/ext/xds/certificate_provider_store.h" role="src" />
     <file baseinstalldir="/" name="src/core/ext/xds/xds_api.cc" role="src" />
     <file baseinstalldir="/" name="src/core/ext/xds/xds_api.h" role="src" />
     <file baseinstalldir="/" name="src/core/ext/xds/xds_bootstrap.cc" role="src" />

src/core/ext/xds/certificate_provider_factory.h

@@ -0,0 +1,59 @@
+//
+//
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+
+#ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_FACTORY_H
+#define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_FACTORY_H
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/lib/iomgr/error.h"
+#include "src/core/lib/json/json.h"
+#include "src/core/lib/security/certificate_provider.h"
+
+namespace grpc_core {
+
+// Factories for plugins. Each plugin implementation should create its own
+// factory implementation and register an instance with the registry.
+class CertificateProviderFactory {
+ public:
+  // Interface for configs for CertificateProviders.
+  class Config {
+   public:
+    virtual ~Config() = default;
+
+    // Name of the type of the CertificateProvider. Unique to each type of
+    // config.
+    virtual const char* name() const = 0;
+  };
+
+  virtual ~CertificateProviderFactory() = default;
+
+  // Name of the plugin.
+  virtual const char* name() const = 0;
+
+  virtual std::unique_ptr<Config> CreateCertificateProviderConfig(
+      const Json& config_json, grpc_error** error) = 0;
+
+  // Create a CertificateProvider instance from config.
+  virtual RefCountedPtr<grpc_tls_certificate_provider>
+  CreateCertificateProvider(std::unique_ptr<Config> config) = 0;
+};
+
+}  // namespace grpc_core
+
+#endif  // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_FACTORY_H

src/core/ext/xds/certificate_provider_registry.h

@@ -0,0 +1,57 @@
+//
+//
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+
+#ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_REGISTRY_H
+#define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_REGISTRY_H
+
+#include <grpc/support/port_platform.h>
+
+#include <string>
+
+#include "src/core/ext/xds/certificate_provider_factory.h"
+
+namespace grpc_core {
+
+// Global registry for all the certificate provider plugins.
+class CertificateProviderRegistry {
+ public:
+  // Returns the factory for the plugin keyed by name.
+  static CertificateProviderFactory* LookupCertificateProviderFactory(
+      const std::string& name);
+
+  // The following methods are used to create and populate the
+  // CertificateProviderRegistry. NOT THREAD SAFE -- to be used only during
+  // global gRPC initialization and shutdown.
+
+  // Global initialization of the registry.
+  static void InitRegistry();
+
+  // Global shutdown of the registry.
+  static void ShutdownRegistry();
+
+  // Register a provider with the registry. Can only be called after calling
+  // InitRegistry(). The key of the factory is extracted from factory
+  // parameter with method CertificateProviderFactory::name. If the same key
+  // is registered twice, an exception is raised.
+  static void RegisterCertificateProviderFactory(
+      std::unique_ptr<CertificateProviderFactory> factory);
+};
+
+}  // namespace grpc_core
+
+#endif  // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_REGISTRY_H

src/core/ext/xds/certificate_provider_store.h

@@ -0,0 +1,50 @@
+//
+//
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+
+#ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
+#define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
+
+#include <grpc/support/port_platform.h>
+
+#include <map>
+
+#include "src/core/lib/gprpp/ref_counted_ptr.h"
+#include "src/core/lib/gprpp/sync.h"
+#include "src/core/lib/security/certificate_provider.h"
+
+namespace grpc_core {
+
+// Map for xDS based grpc_tls_certificate_provider instances.
+class CertificateProviderStore {
+ public:
+  // If a provider corresponding to the config is found, a raw pointer to the
+  // grpc_tls_certificate_provider in the map is returned. If no provider is
+  // found for a key, a new provider is created. The CertificateProviderStore
+  // maintains a ref to the grpc_tls_certificate_provider for its entire
+  // lifetime.
+  RefCountedPtr<grpc_tls_certificate_provider> CreateOrGetCertificateProvider(
+      absl::string_view key);
+
+ private:
+  // Underlying map for the providers.
+  std::map<std::string, RefCountedPtr<grpc_tls_certificate_provider>> map_;
+};
+
+}  // namespace grpc_core
+
+#endif  // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H

src/core/lib/security/certificate_provider.h

@@ -21,6 +21,7 @@
 
 #include <grpc/support/port_platform.h>
 
+#include "src/core/lib/gprpp/ref_counted.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/iomgr/pollset_set.h"
 
@@ -38,7 +39,7 @@ struct grpc_tls_certificate_distributor;
 // contexts become valid or changed, a grpc_tls_certificate_provider should
 // notify its distributor so as to propagate the update to the watchers.
 struct grpc_tls_certificate_provider
-    : public RefCounted<grpc_tls_certificate_provider> {
+    : public grpc_core::RefCounted<grpc_tls_certificate_provider> {
  public:
   grpc_tls_certificate_provider()
       : interested_parties_(grpc_pollset_set_create()) {}
@@ -49,8 +50,8 @@ struct grpc_tls_certificate_provider
 
   grpc_pollset_set* interested_parties() const { return interested_parties_; }
 
-  virtual RefCountedPtr<grpc_tls_certificate_distributor> distributor()
-      const = 0;
+  virtual grpc_core::RefCountedPtr<grpc_tls_certificate_distributor>
+  distributor() const = 0;
 
  private:
   grpc_pollset_set* interested_parties_;

tools/doxygen/Doxyfile.c++.internal

@@ -1393,6 +1393,9 @@ src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c \
 src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h \
 src/core/ext/upb-generated/validate/validate.upb.c \
 src/core/ext/upb-generated/validate/validate.upb.h \
+src/core/ext/xds/certificate_provider_factory.h \
+src/core/ext/xds/certificate_provider_registry.h \
+src/core/ext/xds/certificate_provider_store.h \
 src/core/ext/xds/xds_api.cc \
 src/core/ext/xds/xds_api.h \
 src/core/ext/xds/xds_bootstrap.cc \

tools/doxygen/Doxyfile.core.internal

@@ -1217,6 +1217,9 @@ src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c \
 src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h \
 src/core/ext/upb-generated/validate/validate.upb.c \
 src/core/ext/upb-generated/validate/validate.upb.h \
+src/core/ext/xds/certificate_provider_factory.h \
+src/core/ext/xds/certificate_provider_registry.h \
+src/core/ext/xds/certificate_provider_store.h \
 src/core/ext/xds/xds_api.cc \
 src/core/ext/xds/xds_api.h \
 src/core/ext/xds/xds_bootstrap.cc \