Examples with CertificateProviderInstance io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance used on opensource projects

Search in sources :

Example 1 with CertificateProviderInstance

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance in project grpc-java by grpc.

the class CommonTlsContextTestsUtil method buildCommonTlsContextWithAdditionalValues.

/**
 * takes additional values and creates CombinedCertificateValidationContext as needed.
 */
@SuppressWarnings("deprecation")
static CommonTlsContext buildCommonTlsContextWithAdditionalValues(String certInstanceName, String certName, String validationContextCertInstanceName, String validationContextCertName, Iterable<StringMatcher> matchSubjectAltNames, Iterable<String> alpnNames) {
    CommonTlsContext.Builder builder = CommonTlsContext.newBuilder();
    CertificateProviderInstance certificateProviderInstance = CertificateProviderInstance.newBuilder().setInstanceName(certInstanceName).setCertificateName(certName).build();
    if (certificateProviderInstance != null) {
        builder.setTlsCertificateCertificateProviderInstance(certificateProviderInstance);
    }
    CertificateProviderInstance validationCertificateProviderInstance = CertificateProviderInstance.newBuilder().setInstanceName(validationContextCertInstanceName).setCertificateName(validationContextCertName).build();
    CertificateValidationContext certValidationContext = matchSubjectAltNames == null ? null : CertificateValidationContext.newBuilder().addAllMatchSubjectAltNames(matchSubjectAltNames).build();
    if (validationCertificateProviderInstance != null) {
        CombinedCertificateValidationContext.Builder combinedBuilder = CombinedCertificateValidationContext.newBuilder().setValidationContextCertificateProviderInstance(validationCertificateProviderInstance);
        if (certValidationContext != null) {
            combinedBuilder = combinedBuilder.setDefaultValidationContext(certValidationContext);
        }
        builder.setCombinedValidationContext(combinedBuilder);
    } else if (validationCertificateProviderInstance != null) {
        builder.setValidationContextCertificateProviderInstance(validationCertificateProviderInstance);
    } else if (certValidationContext != null) {
        builder.setValidationContext(certValidationContext);
    }
    if (alpnNames != null) {
        builder.addAllAlpnProtocols(alpnNames);
    }
    return builder.build();
}
Also used : CertificateProviderInstance(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance) CommonTlsContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext) CombinedCertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) CombinedCertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext)

Example 2 with CertificateProviderInstance

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance in project grpc-java by grpc.

the class ClientXdsClientTestBase method cdsResponseWithNewUpstreamTlsContext.

/**
 * CDS response containing new UpstreamTlsContext for a cluster.
 */
@Test
@SuppressWarnings("deprecation")
public void cdsResponseWithNewUpstreamTlsContext() {
    Assume.assumeTrue(useProtocolV3());
    DiscoveryRpcCall call = startResourceWatcher(CDS, CDS_RESOURCE, cdsResourceWatcher);
    // Management server sends back CDS response with UpstreamTlsContext.
    Any clusterEds = Any.pack(mf.buildEdsCluster(CDS_RESOURCE, "eds-cluster-foo.googleapis.com", "round_robin", null, null, true, mf.buildNewUpstreamTlsContext("cert-instance-name", "cert1"), "envoy.transport_sockets.tls", null));
    List<Any> clusters = ImmutableList.of(Any.pack(mf.buildLogicalDnsCluster("cluster-bar.googleapis.com", "dns-service-bar.googleapis.com", 443, "round_robin", null, null, false, null, null)), clusterEds, Any.pack(mf.buildEdsCluster("cluster-baz.googleapis.com", null, "round_robin", null, null, false, null, "envoy.transport_sockets.tls", null)));
    call.sendResponse(CDS, clusters, VERSION_1, "0000");
    // Client sent an ACK CDS request.
    call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
    verify(cdsResourceWatcher, times(1)).onChanged(cdsUpdateCaptor.capture());
    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
    CertificateProviderPluginInstance certificateProviderInstance = cdsUpdate.upstreamTlsContext().getCommonTlsContext().getValidationContext().getCaCertificateProviderInstance();
    assertThat(certificateProviderInstance.getInstanceName()).isEqualTo("cert-instance-name");
    assertThat(certificateProviderInstance.getCertificateName()).isEqualTo("cert1");
    verifyResourceMetadataAcked(CDS, CDS_RESOURCE, clusterEds, VERSION_1, TIME_INCREMENT);
    verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
}
Also used : CertificateProviderPluginInstance(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance) CdsUpdate(io.grpc.xds.XdsClient.CdsUpdate) Any(com.google.protobuf.Any) Test(org.junit.Test)

Example 3 with CertificateProviderInstance

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance in project grpc-java by grpc.

the class ClientXdsClientTestBase method cdsResponseWithUpstreamTlsContext.

/**
 * CDS response containing UpstreamTlsContext for a cluster.
 */
@Test
@SuppressWarnings("deprecation")
public void cdsResponseWithUpstreamTlsContext() {
    Assume.assumeTrue(useProtocolV3());
    DiscoveryRpcCall call = startResourceWatcher(CDS, CDS_RESOURCE, cdsResourceWatcher);
    // Management server sends back CDS response with UpstreamTlsContext.
    Any clusterEds = Any.pack(mf.buildEdsCluster(CDS_RESOURCE, "eds-cluster-foo.googleapis.com", "round_robin", null, null, true, mf.buildUpstreamTlsContext("cert-instance-name", "cert1"), "envoy.transport_sockets.tls", null));
    List<Any> clusters = ImmutableList.of(Any.pack(mf.buildLogicalDnsCluster("cluster-bar.googleapis.com", "dns-service-bar.googleapis.com", 443, "round_robin", null, null, false, null, null)), clusterEds, Any.pack(mf.buildEdsCluster("cluster-baz.googleapis.com", null, "round_robin", null, null, false, null, "envoy.transport_sockets.tls", null)));
    call.sendResponse(CDS, clusters, VERSION_1, "0000");
    // Client sent an ACK CDS request.
    call.verifyRequest(CDS, CDS_RESOURCE, VERSION_1, "0000", NODE);
    verify(cdsResourceWatcher, times(1)).onChanged(cdsUpdateCaptor.capture());
    CdsUpdate cdsUpdate = cdsUpdateCaptor.getValue();
    CommonTlsContext.CertificateProviderInstance certificateProviderInstance = cdsUpdate.upstreamTlsContext().getCommonTlsContext().getCombinedValidationContext().getValidationContextCertificateProviderInstance();
    assertThat(certificateProviderInstance.getInstanceName()).isEqualTo("cert-instance-name");
    assertThat(certificateProviderInstance.getCertificateName()).isEqualTo("cert1");
    verifyResourceMetadataAcked(CDS, CDS_RESOURCE, clusterEds, VERSION_1, TIME_INCREMENT);
    verifySubscribedResourcesMetadataSizes(0, 1, 0, 0);
}
Also used : CdsUpdate(io.grpc.xds.XdsClient.CdsUpdate) CommonTlsContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext) Any(com.google.protobuf.Any) Test(org.junit.Test)

Example 4 with CertificateProviderInstance

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance in project grpc-java by grpc.

the class CommonTlsContextTestsUtil method addCertificateValidationContext.

@SuppressWarnings("deprecation")
private static CommonTlsContext.Builder addCertificateValidationContext(CommonTlsContext.Builder builder, String rootInstanceName, String rootCertName, CertificateValidationContext staticCertValidationContext) {
    if (rootInstanceName != null) {
        CertificateProviderInstance providerInstance = CertificateProviderInstance.newBuilder().setInstanceName(rootInstanceName).setCertificateName(rootCertName).build();
        if (staticCertValidationContext != null) {
            CombinedCertificateValidationContext combined = CombinedCertificateValidationContext.newBuilder().setDefaultValidationContext(staticCertValidationContext).setValidationContextCertificateProviderInstance(providerInstance).build();
            return builder.setCombinedValidationContext(combined);
        }
        builder = builder.setValidationContextCertificateProviderInstance(providerInstance);
    }
    return builder;
}
Also used : CertificateProviderInstance(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance) CombinedCertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext)

Example 5 with CertificateProviderInstance

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance in project grpc-java by grpc.

the class ClientSslContextProviderFactoryTest method addFilenames.

@SuppressWarnings("deprecation")
static CommonTlsContext.Builder addFilenames(CommonTlsContext.Builder builder, String certChain, String privateKey, String trustCa) {
    TlsCertificate tlsCert = TlsCertificate.newBuilder().setCertificateChain(DataSource.newBuilder().setFilename(certChain)).setPrivateKey(DataSource.newBuilder().setFilename(privateKey)).build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().setTrustedCa(DataSource.newBuilder().setFilename(trustCa)).build();
    CommonTlsContext.CertificateProviderInstance certificateProviderInstance = builder.getValidationContextCertificateProviderInstance();
    CommonTlsContext.CombinedCertificateValidationContext.Builder combinedBuilder = CommonTlsContext.CombinedCertificateValidationContext.newBuilder();
    combinedBuilder.setDefaultValidationContext(certContext).setValidationContextCertificateProviderInstance(certificateProviderInstance);
    return builder.addTlsCertificates(tlsCert).setCombinedValidationContext(combinedBuilder.build());
}
Also used : CommonTlsContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext) TlsCertificate(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsCertificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)

Aggregations

CommonTlsContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext)3 Any (com.google.protobuf.Any)2 CertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)2 CertificateProviderInstance (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance)2 CombinedCertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext)2 CdsUpdate (io.grpc.xds.XdsClient.CdsUpdate)2 Test (org.junit.Test)2 CertificateProviderPluginInstance (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance)1 TlsCertificate (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsCertificate)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial