|
16 | 16 |
|
17 | 17 | package com.linecorp.armeria.xds; |
18 | 18 |
|
| 19 | +import java.util.Optional; |
| 20 | + |
19 | 21 | import com.linecorp.armeria.common.annotation.Nullable; |
20 | 22 |
|
21 | 23 | import io.envoyproxy.envoy.config.core.v3.ConfigSource; |
22 | 24 | import io.envoyproxy.envoy.config.core.v3.TransportSocket; |
23 | | -import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext; |
24 | 25 | import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext; |
25 | 26 | import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext; |
26 | 27 | import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig; |
@@ -52,47 +53,50 @@ protected Subscription onStart(SnapshotWatcher<TransportSocketSnapshot> watcher) |
52 | 53 | UpstreamTlsContext.class); |
53 | 54 | final CommonTlsContext commonTlsContext = tlsContext.getCommonTlsContext(); |
54 | 55 |
|
55 | | - final SnapshotStream<CertificateValidationContextSnapshot> validationStream; |
| 56 | + final SnapshotStream<Optional<CertificateValidationContextSnapshot>> validationStream; |
56 | 57 |
|
57 | 58 | if (commonTlsContext.hasValidationContext()) { |
58 | 59 | final Secret secret = Secret.newBuilder() |
59 | 60 | .setValidationContext(commonTlsContext.getValidationContext()) |
60 | 61 | .build(); |
61 | 62 | final SecretStream secretStream = new SecretStream(secret, context); |
62 | | - validationStream = secretStream.switchMap( |
63 | | - resource -> new CertificateValidationContextStream(context, resource)); |
| 63 | + validationStream = secretStream |
| 64 | + .switchMap(resource -> new CertificateValidationContextStream(context, resource)) |
| 65 | + .map(Optional::of); |
64 | 66 | } else if (commonTlsContext.hasValidationContextSdsSecretConfig()) { |
65 | 67 | final SdsSecretConfig sdsConfig = commonTlsContext.getValidationContextSdsSecretConfig(); |
66 | 68 | final SecretStream secretStream = new SecretStream(sdsConfig, configSource, context); |
67 | | - validationStream = secretStream.switchMap( |
68 | | - resource -> new CertificateValidationContextStream(context, resource)); |
| 69 | + validationStream = secretStream |
| 70 | + .switchMap(resource -> new CertificateValidationContextStream(context, resource)) |
| 71 | + .map(Optional::of); |
69 | 72 | } else if (commonTlsContext.hasCombinedValidationContext()) { |
70 | 73 | final CombinedCertificateValidationContext combined = |
71 | 74 | commonTlsContext.getCombinedValidationContext(); |
72 | 75 | final SdsSecretConfig sdsConfig = combined.getValidationContextSdsSecretConfig(); |
73 | 76 | final SecretStream secretStream = new SecretStream(sdsConfig, configSource, context); |
74 | 77 | validationStream = secretStream.switchMap(resource -> new CertificateValidationContextStream( |
75 | | - context, resource, combined.getDefaultValidationContext())); |
| 78 | + context, resource, combined.getDefaultValidationContext())) |
| 79 | + .map(Optional::of); |
76 | 80 | } else { |
77 | | - validationStream = SnapshotStream.just(new CertificateValidationContextSnapshot( |
78 | | - CertificateValidationContext.getDefaultInstance())); |
| 81 | + validationStream = SnapshotStream.empty(); |
79 | 82 | } |
80 | 83 |
|
81 | | - final SnapshotStream<TlsCertificateSnapshot> tlsCertStream; |
| 84 | + final SnapshotStream<Optional<TlsCertificateSnapshot>> tlsCertStream; |
82 | 85 | if (!commonTlsContext.getTlsCertificatesList().isEmpty()) { |
83 | 86 | final TlsCertificate tlsCertificate = commonTlsContext.getTlsCertificatesList().get(0); |
84 | 87 | final Secret secret = Secret.newBuilder().setTlsCertificate(tlsCertificate).build(); |
85 | 88 | final SecretStream secretStream = new SecretStream(secret, context); |
86 | | - tlsCertStream = secretStream.switchMap(resource -> new TlsCertificateStream(context, resource)); |
| 89 | + tlsCertStream = secretStream.switchMap(resource -> new TlsCertificateStream(context, resource)) |
| 90 | + .map(Optional::of); |
87 | 91 | } else if (!commonTlsContext.getTlsCertificateSdsSecretConfigsList().isEmpty()) { |
88 | 92 | final SdsSecretConfig sdsConfig = |
89 | 93 | commonTlsContext.getTlsCertificateSdsSecretConfigsList().get(0); |
90 | 94 | final SecretStream secretStream = new SecretStream(sdsConfig, configSource, context); |
91 | | - tlsCertStream = secretStream.switchMap(resource -> new TlsCertificateStream(context, resource)); |
| 95 | + tlsCertStream = secretStream.switchMap(resource -> new TlsCertificateStream(context, resource)) |
| 96 | + .map(Optional::of); |
92 | 97 | } else { |
93 | 98 | // static |
94 | | - tlsCertStream = SnapshotStream.just( |
95 | | - new TlsCertificateSnapshot(TlsCertificate.getDefaultInstance(), null)); |
| 99 | + tlsCertStream = SnapshotStream.empty(); |
96 | 100 | } |
97 | 101 |
|
98 | 102 | final SnapshotStream<TransportSocketSnapshot> stream = |
|
0 commit comments