package xds

import "google.golang.org/grpc/internal/credentials/xds"

Package xds contains non-user facing functionality of the xds credentials.

Index

Functions

func HandshakeInfoFromAttributes 

func HandshakeInfoFromAttributes(attr *attributes.Attributes) *atomic.Pointer[HandshakeInfo]

HandshakeInfoFromAttributes returns a pointer to the *HandshakeInfo stored in attr.

func Hostname 

func Hostname(attr *attributes.Attributes) string

Hostname returns the endpoint hostname stored in attr.

func SetAddressHostname 

func SetAddressHostname(addr resolver.Address, hostname string) resolver.Address

SetAddressHostname returns a copy of addr in which the Attributes field is updated with the provided hostname.

func SetHandshakeInfo 

func SetHandshakeInfo(addr resolver.Address, hiPtr *atomic.Pointer[HandshakeInfo]) resolver.Address

SetHandshakeInfo returns a copy of addr in which the Attributes field is updated with hiPtr.

Types

type HandshakeInfo 

type HandshakeInfo struct {
	// contains filtered or unexported fields
}

HandshakeInfo wraps all the security configuration required by client and server handshake methods in xds credentials. The xDS implementation will be responsible for populating these fields.

func NewHandshakeInfo 

func NewHandshakeInfo(rootProvider certprovider.Provider, identityProvider certprovider.Provider, sanMatchers []matcher.StringMatcher, requireClientCert bool, sni string, validateSANUsingSNI bool, useAutoHostSNI bool) *HandshakeInfo

NewHandshakeInfo returns a new handshake info configured with the provided options.

func (*HandshakeInfo) ClientSideTLSConfig 

func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context, hostname string) (*tls.Config, error)

ClientSideTLSConfig constructs a tls.Config to be used in a client-side handshake based on the contents of the HandshakeInfo.

hostname is passed as a parameter here instead of being part of the HandshakeInfo because HandshakeInfo contains cluster-level security configuration that applies to all endpoints in the cluster, while hostname is specific to each endpoint. This allows sharing a single HandshakeInfo instance across multiple endpoints in the same cluster.

func (*HandshakeInfo) Equal 

func (hi *HandshakeInfo) Equal(other *HandshakeInfo) bool

Equal reports whether the handshake info structs are identical.

func (*HandshakeInfo) GetSANMatchersForTesting 

func (hi *HandshakeInfo) GetSANMatchersForTesting() []matcher.StringMatcher

GetSANMatchersForTesting returns the SAN matchers stored in HandshakeInfo. To be used only for testing purposes.

func (*HandshakeInfo) MatchingSANExists 

func (hi *HandshakeInfo) MatchingSANExists(cert *x509.Certificate) bool

MatchingSANExists returns true if the SANs contained in cert match the criteria enforced by the list of SAN matchers in HandshakeInfo.

If the list of SAN matchers in the HandshakeInfo is empty, this function returns true for all input certificates.

func (*HandshakeInfo) ServerSideTLSConfig 

func (hi *HandshakeInfo) ServerSideTLSConfig(ctx context.Context) (*tls.Config, error)

ServerSideTLSConfig constructs a tls.Config to be used in a server-side handshake based on the contents of the HandshakeInfo.

func (*HandshakeInfo) UseFallbackCreds 

func (hi *HandshakeInfo) UseFallbackCreds() bool

UseFallbackCreds returns true when fallback credentials are to be used based on the contents of the HandshakeInfo.

Source Files

handshake_info.go

Version
v1.82.0-dev
Published
Apr 15, 2026
Platform
js/wasm
Imports
14 packages
Last checked
36 minutes ago

Tools for package owners.