xds: rename Sds to Security or Xds in various classes to eliminate re…

…ferences to SDS (grpc#9529)

xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java

@@ -20,7 +20,7 @@
 import static io.grpc.xds.InternalXdsAttributes.ATTR_DRAIN_GRACE_NANOS;
 import static io.grpc.xds.InternalXdsAttributes.ATTR_FILTER_CHAIN_SELECTOR_MANAGER;
 import static io.grpc.xds.XdsServerWrapper.ATTR_SERVER_ROUTING_CONFIG;
-import static io.grpc.xds.internal.sds.SdsProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER;
+import static io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.MoreObjects;

xds/src/main/java/io/grpc/xds/XdsChannelCredentials.java

@@ -22,7 +22,7 @@
 import io.grpc.ExperimentalApi;
 import io.grpc.netty.InternalNettyChannelCredentials;
 import io.grpc.netty.InternalProtocolNegotiator;
-import io.grpc.xds.internal.sds.SdsProtocolNegotiators;
+import io.grpc.xds.internal.sds.SecurityProtocolNegotiators;
 
 @ExperimentalApi("https://github.com/grpc/grpc-java/issues/7514")
 public class XdsChannelCredentials {
@@ -40,6 +40,6 @@ public static ChannelCredentials create(ChannelCredentials fallback) {
     InternalProtocolNegotiator.ClientFactory fallbackNegotiator =
         InternalNettyChannelCredentials.toNegotiator(checkNotNull(fallback, "fallback"));
     return InternalNettyChannelCredentials.create(
-        SdsProtocolNegotiators.clientProtocolNegotiatorFactory(fallbackNegotiator));
+        SecurityProtocolNegotiators.clientProtocolNegotiatorFactory(fallbackNegotiator));
   }
 }

xds/src/main/java/io/grpc/xds/XdsServerCredentials.java

@@ -22,7 +22,7 @@
 import io.grpc.ServerCredentials;
 import io.grpc.netty.InternalNettyServerCredentials;
 import io.grpc.netty.InternalProtocolNegotiator;
-import io.grpc.xds.internal.sds.SdsProtocolNegotiators;
+import io.grpc.xds.internal.sds.SecurityProtocolNegotiators;
 
 @ExperimentalApi("https://github.com/grpc/grpc-java/issues/7514")
 public class XdsServerCredentials {
@@ -40,6 +40,6 @@ public static ServerCredentials create(ServerCredentials fallback) {
     InternalProtocolNegotiator.ServerFactory fallbackNegotiator =
         InternalNettyServerCredentials.toNegotiator(checkNotNull(fallback, "fallback"));
     return InternalNettyServerCredentials.create(
-        SdsProtocolNegotiators.serverProtocolNegotiatorFactory(fallbackNegotiator));
+        SecurityProtocolNegotiators.serverProtocolNegotiatorFactory(fallbackNegotiator));
   }
 }

xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProvider.java

@@ -26,7 +26,7 @@
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.xds.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
-import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory;
+import io.grpc.xds.internal.sds.trust.XdsTrustManagerFactory;
 import io.netty.handler.ssl.SslContextBuilder;
 import java.security.cert.CertStoreException;
 import java.security.cert.X509Certificate;
@@ -62,7 +62,7 @@ protected final SslContextBuilder getSslContextBuilder(
     SslContextBuilder sslContextBuilder =
         GrpcSslContexts.forClient()
             .trustManager(
-                new SdsTrustManagerFactory(
+                new XdsTrustManagerFactory(
                     savedTrustedRoots.toArray(new X509Certificate[0]),
                     certificateValidationContextdationContext));
     if (isMtls()) {

xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProvider.java

@@ -26,7 +26,7 @@
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.xds.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
-import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory;
+import io.grpc.xds.internal.sds.trust.XdsTrustManagerFactory;
 import io.netty.handler.ssl.SslContextBuilder;
 
 import java.io.IOException;
@@ -66,7 +66,7 @@ protected final SslContextBuilder getSslContextBuilder(
     setClientAuthValues(
         sslContextBuilder,
         isMtls()
-            ? new SdsTrustManagerFactory(
+            ? new XdsTrustManagerFactory(
                 savedTrustedRoots.toArray(new X509Certificate[0]),
                 certificateValidationContextdationContext)
             : null);

xds/src/main/java/io/grpc/xds/internal/sds/SdsProtocolNegotiators.java → xds/src/main/java/io/grpc/xds/internal/sds/SecurityProtocolNegotiators.java

@@ -48,13 +48,14 @@
  * context.
  */
 @VisibleForTesting
-public final class SdsProtocolNegotiators {
+public final class SecurityProtocolNegotiators {
 
   // Prevent instantiation.
-  private SdsProtocolNegotiators() {
+  private SecurityProtocolNegotiators() {
   }
 
-  private static final Logger logger = Logger.getLogger(SdsProtocolNegotiators.class.getName());
+  private static final Logger logger
+      = Logger.getLogger(SecurityProtocolNegotiators.class.getName());
 
   private static final AsciiString SCHEME = AsciiString.of("http");
 

xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java

@@ -24,7 +24,7 @@
 import io.grpc.xds.EnvoyServerProtoData.BaseTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
-import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory;
+import io.grpc.xds.internal.sds.trust.XdsTrustManagerFactory;
 import io.netty.handler.ssl.ClientAuth;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
@@ -70,11 +70,11 @@ protected CommonTlsContext getCommonTlsContext() {
   }
 
   protected void setClientAuthValues(
-      SslContextBuilder sslContextBuilder, SdsTrustManagerFactory sdsTrustManagerFactory)
+      SslContextBuilder sslContextBuilder, XdsTrustManagerFactory xdsTrustManagerFactory)
       throws CertificateException, IOException, CertStoreException {
     DownstreamTlsContext downstreamTlsContext = getDownstreamTlsContext();
-    if (sdsTrustManagerFactory != null) {
-      sslContextBuilder.trustManager(sdsTrustManagerFactory);
+    if (xdsTrustManagerFactory != null) {
+      sslContextBuilder.trustManager(xdsTrustManagerFactory);
       sslContextBuilder.clientAuth(
           downstreamTlsContext.isRequireClientCertificate()
               ? ClientAuth.REQUIRE

xds/src/main/java/io/grpc/xds/internal/sds/SslContextProviderSupplier.java

@@ -29,7 +29,7 @@
 
 /**
  * Enables Client or server side to initialize this object with the received {@link BaseTlsContext}
- * and communicate it to the consumer i.e. {@link SdsProtocolNegotiators}
+ * and communicate it to the consumer i.e. {@link SecurityProtocolNegotiators}
  * to lazily evaluate the {@link SslContextProvider}. The supplier prevents credentials leakage in
  * cases where the user is not using xDS credentials but the client/server contains a non-default
  * {@link BaseTlsContext}.

xds/src/main/java/io/grpc/xds/internal/sds/trust/SdsTrustManagerFactory.java → xds/src/main/java/io/grpc/xds/internal/sds/trust/XdsTrustManagerFactory.java

@@ -43,29 +43,29 @@
 
 /**
  * Factory class used by providers of {@link TlsContextManagerImpl} to provide a
- * {@link SdsX509TrustManager} for trust and SAN checks.
+ * {@link XdsX509TrustManager} for trust and SAN checks.
  */
-public final class SdsTrustManagerFactory extends SimpleTrustManagerFactory {
+public final class XdsTrustManagerFactory extends SimpleTrustManagerFactory {
 
-  private static final Logger logger = Logger.getLogger(SdsTrustManagerFactory.class.getName());
-  private SdsX509TrustManager sdsX509TrustManager;
+  private static final Logger logger = Logger.getLogger(XdsTrustManagerFactory.class.getName());
+  private XdsX509TrustManager xdsX509TrustManager;
 
   /** Constructor constructs from a {@link CertificateValidationContext}. */
-  public SdsTrustManagerFactory(CertificateValidationContext certificateValidationContext)
+  public XdsTrustManagerFactory(CertificateValidationContext certificateValidationContext)
       throws CertificateException, IOException, CertStoreException {
     this(
         getTrustedCaFromCertContext(certificateValidationContext),
         certificateValidationContext,
         false);
   }
 
-  public SdsTrustManagerFactory(
+  public XdsTrustManagerFactory(
           X509Certificate[] certs, CertificateValidationContext staticCertificateValidationContext)
           throws CertStoreException {
     this(certs, staticCertificateValidationContext, true);
   }
 
-  private SdsTrustManagerFactory(
+  private XdsTrustManagerFactory(
       X509Certificate[] certs,
       CertificateValidationContext certificateValidationContext,
       boolean validationContextIsStatic)
@@ -75,7 +75,7 @@ private SdsTrustManagerFactory(
           certificateValidationContext == null || !certificateValidationContext.hasTrustedCa(),
           "only static certificateValidationContext expected");
     }
-    sdsX509TrustManager = createSdsX509TrustManager(certs, certificateValidationContext);
+    xdsX509TrustManager = createSdsX509TrustManager(certs, certificateValidationContext);
   }
 
   private static X509Certificate[] getTrustedCaFromCertContext(
@@ -100,7 +100,7 @@ private static X509Certificate[] getTrustedCaFromCertContext(
   }
 
   @VisibleForTesting
-  static SdsX509TrustManager createSdsX509TrustManager(
+  static XdsX509TrustManager createSdsX509TrustManager(
       X509Certificate[] certs, CertificateValidationContext certContext) throws CertStoreException {
     TrustManagerFactory tmf = null;
     try {
@@ -133,7 +133,7 @@ static SdsX509TrustManager createSdsX509TrustManager(
     if (myDelegate == null) {
       throw new CertStoreException("Native X509 TrustManager not found.");
     }
-    return new SdsX509TrustManager(certContext, myDelegate);
+    return new XdsX509TrustManager(certContext, myDelegate);
   }
 
   @Override
@@ -148,6 +148,6 @@ protected void engineInit(ManagerFactoryParameters managerFactoryParameters) thr
 
   @Override
   protected TrustManager[] engineGetTrustManagers() {
-    return new TrustManager[] {sdsX509TrustManager};
+    return new TrustManager[] {xdsX509TrustManager};
   }
 }

xds/src/main/java/io/grpc/xds/internal/sds/trust/SdsX509TrustManager.java → xds/src/main/java/io/grpc/xds/internal/sds/trust/XdsX509TrustManager.java

@@ -41,7 +41,7 @@
  * Extension of {@link X509ExtendedTrustManager} that implements verification of
  * SANs (subject-alternate-names) against the list in CertificateValidationContext.
  */
-final class SdsX509TrustManager extends X509ExtendedTrustManager implements X509TrustManager {
+final class XdsX509TrustManager extends X509ExtendedTrustManager implements X509TrustManager {
 
   // ref: io.grpc.okhttp.internal.OkHostnameVerifier and
   // sun.security.x509.GeneralNameInterface
@@ -52,8 +52,8 @@ final class SdsX509TrustManager extends X509ExtendedTrustManager implements X509
   private final X509ExtendedTrustManager delegate;
   private final CertificateValidationContext certContext;
 
-  SdsX509TrustManager(@Nullable CertificateValidationContext certContext,
-      X509ExtendedTrustManager delegate) {
+  XdsX509TrustManager(@Nullable CertificateValidationContext certContext,
+                      X509ExtendedTrustManager delegate) {
     checkNotNull(delegate, "delegate");
     this.certContext = certContext;
     this.delegate = delegate;

xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java

@@ -18,7 +18,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.XdsServerWrapper.ATTR_SERVER_ROUTING_CONFIG;
-import static io.grpc.xds.internal.sds.SdsProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER;
+import static io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER;
 import static org.junit.Assert.fail;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;

xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java

@@ -18,7 +18,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector.NO_FILTER_CHAIN;
-import static io.grpc.xds.internal.sds.SdsProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER;
+import static io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER;
 import static org.junit.Assert.fail;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.any;

xds/src/test/java/io/grpc/xds/internal/sds/SdsProtocolNegotiatorsTest.java → xds/src/test/java/io/grpc/xds/internal/sds/SecurityProtocolNegotiatorsTest.java

@@ -22,7 +22,7 @@
 import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
 import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_KEY_FILE;
 import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
-import static io.grpc.xds.internal.sds.SdsProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER;
+import static io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -52,8 +52,8 @@
 import io.grpc.xds.InternalXdsAttributes;
 import io.grpc.xds.TlsContextManager;
 import io.grpc.xds.internal.certprovider.CommonCertProviderTestUtils;
-import io.grpc.xds.internal.sds.SdsProtocolNegotiators.ClientSdsHandler;
-import io.grpc.xds.internal.sds.SdsProtocolNegotiators.ClientSdsProtocolNegotiator;
+import io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ClientSdsHandler;
+import io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ClientSdsProtocolNegotiator;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPipeline;
@@ -83,9 +83,9 @@
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
-/** Unit tests for {@link SdsProtocolNegotiators}. */
+/** Unit tests for {@link SecurityProtocolNegotiators}. */
 @RunWith(JUnit4.class)
-public class SdsProtocolNegotiatorsTest {
+public class SecurityProtocolNegotiatorsTest {
 
   private final GrpcHttp2ConnectionHandler grpcHandler =
       FakeGrpcHttp2ConnectionHandler.newHandler();
@@ -156,8 +156,8 @@ public void clientSdsHandler_addLast()
     SslContextProviderSupplier sslContextProviderSupplier =
         new SslContextProviderSupplier(upstreamTlsContext,
             new TlsContextManagerImpl(bootstrapInfoForClient));
-    SdsProtocolNegotiators.ClientSdsHandler clientSdsHandler =
-        new SdsProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier);
+    SecurityProtocolNegotiators.ClientSdsHandler clientSdsHandler =
+        new SecurityProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier);
     pipeline.addLast(clientSdsHandler);
     channelHandlerCtx = pipeline.context(clientSdsHandler);
     assertNotNull(channelHandlerCtx); // clientSdsHandler ctx is non-null since we just added it
@@ -221,8 +221,8 @@ public SocketAddress remoteAddress() {
             "google_cloud_private_spiffe-server", true, true);
 
     TlsContextManagerImpl tlsContextManager = new TlsContextManagerImpl(bootstrapInfoForServer);
-    SdsProtocolNegotiators.HandlerPickerHandler handlerPickerHandler =
-        new SdsProtocolNegotiators.HandlerPickerHandler(grpcHandler,
+    SecurityProtocolNegotiators.HandlerPickerHandler handlerPickerHandler =
+        new SecurityProtocolNegotiators.HandlerPickerHandler(grpcHandler,
                 InternalProtocolNegotiators.serverPlaintext());
     pipeline.addLast(handlerPickerHandler);
     channelHandlerCtx = pipeline.context(handlerPickerHandler);
@@ -236,7 +236,7 @@ public SocketAddress remoteAddress() {
     pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.withAttributes(event, attr));
     channelHandlerCtx = pipeline.context(handlerPickerHandler);
     assertThat(channelHandlerCtx).isNull();
-    channelHandlerCtx = pipeline.context(SdsProtocolNegotiators.ServerSdsHandler.class);
+    channelHandlerCtx = pipeline.context(SecurityProtocolNegotiators.ServerSdsHandler.class);
     assertThat(channelHandlerCtx).isNotNull();
 
     SslContextProviderSupplier sslContextProviderSupplier =
@@ -259,7 +259,7 @@ protected void onException(Throwable throwable) {
     Object fromFuture = future.get(2, TimeUnit.SECONDS);
     assertThat(fromFuture).isInstanceOf(SslContext.class);
     channel.runPendingTasks();
-    channelHandlerCtx = pipeline.context(SdsProtocolNegotiators.ServerSdsHandler.class);
+    channelHandlerCtx = pipeline.context(SecurityProtocolNegotiators.ServerSdsHandler.class);
     assertThat(channelHandlerCtx).isNull();
 
     // pipeline should only have SslHandler and ServerTlsHandler
@@ -287,8 +287,8 @@ public SocketAddress localAddress() {
         };
     pipeline = channel.pipeline();
 
-    SdsProtocolNegotiators.HandlerPickerHandler handlerPickerHandler =
-        new SdsProtocolNegotiators.HandlerPickerHandler(
+    SecurityProtocolNegotiators.HandlerPickerHandler handlerPickerHandler =
+        new SecurityProtocolNegotiators.HandlerPickerHandler(
             grpcHandler, mockProtocolNegotiator);
     pipeline.addLast(handlerPickerHandler);
     channelHandlerCtx = pipeline.context(handlerPickerHandler);
@@ -313,8 +313,8 @@ public void serverSdsHandler_nullTlsContext_expectFallbackProtocolNegotiator() {
     ChannelHandler mockChannelHandler = mock(ChannelHandler.class);
     ProtocolNegotiator mockProtocolNegotiator = mock(ProtocolNegotiator.class);
     when(mockProtocolNegotiator.newHandler(grpcHandler)).thenReturn(mockChannelHandler);
-    SdsProtocolNegotiators.HandlerPickerHandler handlerPickerHandler =
-        new SdsProtocolNegotiators.HandlerPickerHandler(
+    SecurityProtocolNegotiators.HandlerPickerHandler handlerPickerHandler =
+        new SecurityProtocolNegotiators.HandlerPickerHandler(
             grpcHandler, mockProtocolNegotiator);
     pipeline.addLast(handlerPickerHandler);
     channelHandlerCtx = pipeline.context(handlerPickerHandler);
@@ -333,8 +333,8 @@ public void serverSdsHandler_nullTlsContext_expectFallbackProtocolNegotiator() {
 
   @Test
   public void nullTlsContext_nullFallbackProtocolNegotiator_expectException() {
-    SdsProtocolNegotiators.HandlerPickerHandler handlerPickerHandler =
-        new SdsProtocolNegotiators.HandlerPickerHandler(
+    SecurityProtocolNegotiators.HandlerPickerHandler handlerPickerHandler =
+        new SecurityProtocolNegotiators.HandlerPickerHandler(
             grpcHandler, null);
     pipeline.addLast(handlerPickerHandler);
     channelHandlerCtx = pipeline.context(handlerPickerHandler);
@@ -368,8 +368,8 @@ public void clientSdsProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent()
     SslContextProviderSupplier sslContextProviderSupplier =
         new SslContextProviderSupplier(upstreamTlsContext,
             new TlsContextManagerImpl(bootstrapInfoForClient));
-    SdsProtocolNegotiators.ClientSdsHandler clientSdsHandler =
-        new SdsProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier);
+    SecurityProtocolNegotiators.ClientSdsHandler clientSdsHandler =
+        new SecurityProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier);
 
     pipeline.addLast(clientSdsHandler);
     channelHandlerCtx = pipeline.context(clientSdsHandler);