xds: security code refactoring/renaming (#9555)

* xds: security code refactoring/renaming 1) move certprovider package under security 2) refactor inner Factory into CertProviderClientSslContextProviderFactory and CertProviderServerSslContextProviderFactory 3) Make CertProviderClientSslContextProvider and CertProviderServerSslContextProvider non-public 4) use only public (non package private) types like SslContextProvider (instead of CertProviderClientSslContextProvider etc)
2022-09-24 00:05:15 -07:00 · 2022-09-24 00:05:15 -07:00 · 6f8e44a7f5
parent 0cda133c52
commit 6f8e44a7f5
25 changed files with 261 additions and 170 deletions
--- a/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/ClientSslContextProviderFactory.java
@ -20,23 +20,23 @@ import static com.google.common.base.Preconditions.checkNotNull;
 import io.grpc.xds.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider;
 import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory;
 import io.grpc.xds.internal.security.certprovider.CertProviderClientSslContextProviderFactory;
 /** Factory to create client-side SslContextProvider from UpstreamTlsContext. */
 final class ClientSslContextProviderFactory
    implements ValueFactory<UpstreamTlsContext, SslContextProvider> {
  private BootstrapInfo bootstrapInfo;
-  private final CertProviderClientSslContextProvider.Factory
+  private final CertProviderClientSslContextProviderFactory
      certProviderClientSslContextProviderFactory;
  ClientSslContextProviderFactory(BootstrapInfo bootstrapInfo) {
-    this(bootstrapInfo, CertProviderClientSslContextProvider.Factory.getInstance());
+    this(bootstrapInfo, CertProviderClientSslContextProviderFactory.getInstance());
  }
  ClientSslContextProviderFactory(
-      BootstrapInfo bootstrapInfo, CertProviderClientSslContextProvider.Factory factory) {
+      BootstrapInfo bootstrapInfo, CertProviderClientSslContextProviderFactory factory) {
    this.bootstrapInfo = bootstrapInfo;
    this.certProviderClientSslContextProviderFactory = factory;
  }
--- a/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/DynamicSslContextProvider.java
@ -21,6 +21,7 @@ import static com.google.common.base.Preconditions.checkNotNull;
 import com.google.common.collect.ImmutableList;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.Internal;
 import io.grpc.Status;
 import io.grpc.xds.EnvoyServerProtoData.BaseTlsContext;
 import io.netty.handler.ssl.ApplicationProtocolConfig;
@ -34,6 +35,7 @@ import java.util.List;
 import javax.annotation.Nullable;
 /** Base class for dynamic {@link SslContextProvider}s. */
@Internal
 public abstract class DynamicSslContextProvider extends SslContextProvider {
  protected final List<Callback> pendingCallbacks = new ArrayList<>();
--- a/xds/src/main/java/io/grpc/xds/internal/security/ServerSslContextProviderFactory.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/ServerSslContextProviderFactory.java
@ -20,23 +20,23 @@ import static com.google.common.base.Preconditions.checkNotNull;
 import io.grpc.xds.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.internal.certprovider.CertProviderServerSslContextProvider;
 import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory;
 import io.grpc.xds.internal.security.certprovider.CertProviderServerSslContextProviderFactory;
 /** Factory to create server-side SslContextProvider from DownstreamTlsContext. */
 final class ServerSslContextProviderFactory
    implements ValueFactory<DownstreamTlsContext, SslContextProvider> {
  private BootstrapInfo bootstrapInfo;
-  private final CertProviderServerSslContextProvider.Factory
+  private final CertProviderServerSslContextProviderFactory
      certProviderServerSslContextProviderFactory;
  ServerSslContextProviderFactory(BootstrapInfo bootstrapInfo) {
-    this(bootstrapInfo, CertProviderServerSslContextProvider.Factory.getInstance());
+    this(bootstrapInfo, CertProviderServerSslContextProviderFactory.getInstance());
  }
  ServerSslContextProviderFactory(
-      BootstrapInfo bootstrapInfo, CertProviderServerSslContextProvider.Factory factory) {
+      BootstrapInfo bootstrapInfo, CertProviderServerSslContextProviderFactory factory) {
    this.bootstrapInfo = bootstrapInfo;
    this.certProviderServerSslContextProviderFactory = factory;
  }
--- a/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/SslContextProvider.java
@ -21,6 +21,7 @@ import static com.google.common.base.Preconditions.checkState;
 import com.google.common.annotations.VisibleForTesting;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.Internal;
 import io.grpc.xds.EnvoyServerProtoData.BaseTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
@ -39,6 +40,7 @@ import java.util.concurrent.Executor;
 * stream that is receiving the requested secret(s) or it could represent file-system based
 * secret(s) that are dynamic.
 */
@Internal
 public abstract class SslContextProvider implements Closeable {
  protected final BaseTlsContext tlsContext;
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProvider.java
@ -14,15 +14,13 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.base.Preconditions.checkNotNull;
 import com.google.common.annotations.VisibleForTesting;
 import io.envoyproxy.envoy.config.core.v3.Node;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.Internal;
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.xds.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
@ -34,10 +32,9 @@ import java.util.Map;
 import javax.annotation.Nullable;
 /** A client SslContext provider using CertificateProviderInstance to fetch secrets. */
-@Internal
+final class CertProviderClientSslContextProvider extends CertProviderSslContextProvider {
 public final class CertProviderClientSslContextProvider extends CertProviderSslContextProvider {
-  private CertProviderClientSslContextProvider(
+  CertProviderClientSslContextProvider(
      Node node,
      @Nullable Map<String, CertificateProviderInfo> certProviders,
      CommonTlsContext.CertificateProviderInstance certInstance,
@ -71,42 +68,4 @@ public final class CertProviderClientSslContextProvider extends CertProviderSslC
    return sslContextBuilder;
  }
  /** Creates CertProviderClientSslContextProvider. */
  @Internal
  public static final class Factory {
    private static final Factory DEFAULT_INSTANCE =
        new Factory(CertificateProviderStore.getInstance());
    private final CertificateProviderStore certificateProviderStore;
    @VisibleForTesting public Factory(CertificateProviderStore certificateProviderStore) {
      this.certificateProviderStore = certificateProviderStore;
    }
    public static Factory getInstance() {
      return DEFAULT_INSTANCE;
    }
    /** Creates a {@link CertProviderClientSslContextProvider}. */
    public CertProviderClientSslContextProvider getProvider(
        UpstreamTlsContext upstreamTlsContext,
        Node node,
        @Nullable Map<String, CertificateProviderInfo> certProviders) {
      checkNotNull(upstreamTlsContext, "upstreamTlsContext");
      CommonTlsContext commonTlsContext = upstreamTlsContext.getCommonTlsContext();
      CertificateValidationContext staticCertValidationContext = getStaticValidationContext(
          commonTlsContext);
      CommonTlsContext.CertificateProviderInstance rootCertInstance = getRootCertProviderInstance(
          commonTlsContext);
      CommonTlsContext.CertificateProviderInstance certInstance = getCertProviderInstance(
          commonTlsContext);
      return new CertProviderClientSslContextProvider(
          node,
          certProviders,
          certInstance,
          rootCertInstance,
          staticCertValidationContext,
          upstreamTlsContext,
          certificateProviderStore);
    }
  }
 }
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderFactory.java
@ -0,0 +1,76 @@
 /*
 * Copyright 2022 The gRPC Authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.base.Preconditions.checkNotNull;
 import com.google.common.annotations.VisibleForTesting;
 import io.envoyproxy.envoy.config.core.v3.Node;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.Internal;
 import io.grpc.xds.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.internal.security.SslContextProvider;
 import java.util.Map;
 import javax.annotation.Nullable;
 /**
 * Creates CertProviderClientSslContextProvider.
 */
@Internal
 public final class CertProviderClientSslContextProviderFactory {
  private static final CertProviderClientSslContextProviderFactory DEFAULT_INSTANCE =
      new CertProviderClientSslContextProviderFactory(CertificateProviderStore.getInstance());
  private final CertificateProviderStore certificateProviderStore;
  @VisibleForTesting
  public CertProviderClientSslContextProviderFactory(
      CertificateProviderStore certificateProviderStore) {
    this.certificateProviderStore = certificateProviderStore;
  }
  public static CertProviderClientSslContextProviderFactory getInstance() {
    return DEFAULT_INSTANCE;
  }
  /**
   * Creates a {@link CertProviderClientSslContextProvider}.
   */
  public SslContextProvider getProvider(
      UpstreamTlsContext upstreamTlsContext,
      Node node,
      @Nullable Map<String, CertificateProviderInfo> certProviders) {
    checkNotNull(upstreamTlsContext, "upstreamTlsContext");
    CommonTlsContext commonTlsContext = upstreamTlsContext.getCommonTlsContext();
    CertificateValidationContext staticCertValidationContext
        = CertProviderSslContextProvider.getStaticValidationContext(commonTlsContext);
    CommonTlsContext.CertificateProviderInstance rootCertInstance
        = CertProviderSslContextProvider.getRootCertProviderInstance(commonTlsContext);
    CommonTlsContext.CertificateProviderInstance certInstance
        = CertProviderSslContextProvider.getCertProviderInstance(commonTlsContext);
    return new CertProviderClientSslContextProvider(
        node,
        certProviders,
        certInstance,
        rootCertInstance,
        staticCertValidationContext,
        upstreamTlsContext,
        certificateProviderStore);
  }
 }
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.java
@ -14,21 +14,18 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.base.Preconditions.checkNotNull;
 import com.google.common.annotations.VisibleForTesting;
 import io.envoyproxy.envoy.config.core.v3.Node;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.Internal;
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.xds.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.internal.security.trust.XdsTrustManagerFactory;
 import io.netty.handler.ssl.SslContextBuilder;
 import java.io.IOException;
 import java.security.cert.CertStoreException;
 import java.security.cert.CertificateException;
@ -37,17 +34,16 @@ import java.util.Map;
 import javax.annotation.Nullable;
 /** A server SslContext provider using CertificateProviderInstance to fetch secrets. */
-@Internal
+final class CertProviderServerSslContextProvider extends CertProviderSslContextProvider {
 public final class CertProviderServerSslContextProvider extends CertProviderSslContextProvider {
-  private CertProviderServerSslContextProvider(
+  CertProviderServerSslContextProvider(
-          Node node,
+      Node node,
-          @Nullable Map<String, CertificateProviderInfo> certProviders,
+      @Nullable Map<String, CertificateProviderInfo> certProviders,
-          CommonTlsContext.CertificateProviderInstance certInstance,
+      CommonTlsContext.CertificateProviderInstance certInstance,
-          CommonTlsContext.CertificateProviderInstance rootCertInstance,
+      CommonTlsContext.CertificateProviderInstance rootCertInstance,
-          CertificateValidationContext staticCertValidationContext,
+      CertificateValidationContext staticCertValidationContext,
-          DownstreamTlsContext downstreamTlsContext,
+      DownstreamTlsContext downstreamTlsContext,
-          CertificateProviderStore certificateProviderStore) {
+      CertificateProviderStore certificateProviderStore) {
    super(
        node,
        certProviders,
@ -74,42 +70,4 @@ public final class CertProviderServerSslContextProvider extends CertProviderSslC
    return sslContextBuilder;
  }
  /** Creates CertProviderServerSslContextProvider. */
  @Internal
  public static final class Factory {
    private static final Factory DEFAULT_INSTANCE =
        new Factory(CertificateProviderStore.getInstance());
    private final CertificateProviderStore certificateProviderStore;
    @VisibleForTesting public Factory(CertificateProviderStore certificateProviderStore) {
      this.certificateProviderStore = certificateProviderStore;
    }
    public static Factory getInstance() {
      return DEFAULT_INSTANCE;
    }
    /** Creates a {@link CertProviderServerSslContextProvider}. */
    public CertProviderServerSslContextProvider getProvider(
        DownstreamTlsContext downstreamTlsContext,
        Node node,
        @Nullable Map<String, CertificateProviderInfo> certProviders) {
      checkNotNull(downstreamTlsContext, "downstreamTlsContext");
      CommonTlsContext commonTlsContext = downstreamTlsContext.getCommonTlsContext();
      CertificateValidationContext staticCertValidationContext = getStaticValidationContext(
          commonTlsContext);
      CommonTlsContext.CertificateProviderInstance rootCertInstance = getRootCertProviderInstance(
          commonTlsContext);
      CommonTlsContext.CertificateProviderInstance certInstance = getCertProviderInstance(
          commonTlsContext);
      return new CertProviderServerSslContextProvider(
          node,
          certProviders,
          certInstance,
          rootCertInstance,
          staticCertValidationContext,
          downstreamTlsContext,
          certificateProviderStore);
    }
  }
 }
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderFactory.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderFactory.java
@ -0,0 +1,76 @@
 /*
 * Copyright 2022 The gRPC Authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.base.Preconditions.checkNotNull;
 import com.google.common.annotations.VisibleForTesting;
 import io.envoyproxy.envoy.config.core.v3.Node;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.grpc.Internal;
 import io.grpc.xds.Bootstrapper.CertificateProviderInfo;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.internal.security.SslContextProvider;
 import java.util.Map;
 import javax.annotation.Nullable;
 /**
 * Creates CertProviderServerSslContextProvider.
 */
@Internal
 public final class CertProviderServerSslContextProviderFactory {
  private static final CertProviderServerSslContextProviderFactory DEFAULT_INSTANCE =
      new CertProviderServerSslContextProviderFactory(CertificateProviderStore.getInstance());
  private final CertificateProviderStore certificateProviderStore;
  @VisibleForTesting
  public CertProviderServerSslContextProviderFactory(
      CertificateProviderStore certificateProviderStore) {
    this.certificateProviderStore = certificateProviderStore;
  }
  public static CertProviderServerSslContextProviderFactory getInstance() {
    return DEFAULT_INSTANCE;
  }
  /**
   * Creates a {@link CertProviderServerSslContextProvider}.
   */
  public SslContextProvider getProvider(
      DownstreamTlsContext downstreamTlsContext,
      Node node,
      @Nullable Map<String, CertificateProviderInfo> certProviders) {
    checkNotNull(downstreamTlsContext, "downstreamTlsContext");
    CommonTlsContext commonTlsContext = downstreamTlsContext.getCommonTlsContext();
    CertificateValidationContext staticCertValidationContext
        = CertProviderSslContextProvider.getStaticValidationContext(commonTlsContext);
    CommonTlsContext.CertificateProviderInstance rootCertInstance
        = CertProviderSslContextProvider.getRootCertProviderInstance(commonTlsContext);
    CommonTlsContext.CertificateProviderInstance certInstance
        = CertProviderSslContextProvider.getCertProviderInstance(commonTlsContext);
    return new CertProviderServerSslContextProvider(
        node,
        certProviders,
        certInstance,
        rootCertInstance,
        staticCertValidationContext,
        downstreamTlsContext,
        certificateProviderStore);
  }
 }
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import io.envoyproxy.envoy.config.core.v3.Node;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProvider.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.base.Preconditions.checkNotNull;
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderProvider.java
@ -14,10 +14,10 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import io.grpc.Internal;
-import io.grpc.xds.internal.certprovider.CertificateProvider.Watcher;
+import io.grpc.xds.internal.security.certprovider.CertificateProvider.Watcher;
 /**
 * Provider of {@link CertificateProvider}s. Implemented by the implementer of the plugin. We may
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderRegistry.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderRegistry.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.base.Preconditions.checkNotNull;
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStore.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStore.java
@ -14,12 +14,11 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import com.google.common.annotations.VisibleForTesting;
 import io.grpc.xds.internal.certprovider.CertificateProvider.Watcher;
 import io.grpc.xds.internal.security.ReferenceCountingMap;
-
+import io.grpc.xds.internal.security.certprovider.CertificateProvider.Watcher;
 import java.io.Closeable;
 import java.util.Objects;
 import java.util.logging.Level;
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProvider.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.base.Preconditions.checkNotNull;
--- a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java
+++ b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProvider.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
--- a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
@ -32,12 +32,12 @@ import io.grpc.xds.Bootstrapper;
 import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.XdsInitializationException;
-import io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider;
+import io.grpc.xds.internal.security.certprovider.CertProviderClientSslContextProviderFactory;
-import io.grpc.xds.internal.certprovider.CertificateProvider;
+import io.grpc.xds.internal.security.certprovider.CertificateProvider;
-import io.grpc.xds.internal.certprovider.CertificateProviderProvider;
+import io.grpc.xds.internal.security.certprovider.CertificateProviderProvider;
-import io.grpc.xds.internal.certprovider.CertificateProviderRegistry;
+import io.grpc.xds.internal.security.certprovider.CertificateProviderRegistry;
-import io.grpc.xds.internal.certprovider.CertificateProviderStore;
+import io.grpc.xds.internal.security.certprovider.CertificateProviderStore;
-import io.grpc.xds.internal.certprovider.TestCertificateProvider;
+import io.grpc.xds.internal.security.certprovider.TestCertificateProvider;
 import java.io.IOException;
 import org.junit.Assert;
 import org.junit.Before;
@ -53,7 +53,7 @@ public class ClientSslContextProviderFactoryTest {
  CertificateProviderRegistry certificateProviderRegistry;
  CertificateProviderStore certificateProviderStore;
-  CertProviderClientSslContextProvider.Factory certProviderClientSslContextProviderFactory;
+  CertProviderClientSslContextProviderFactory certProviderClientSslContextProviderFactory;
  ClientSslContextProviderFactory clientSslContextProviderFactory;
  @Before
@ -61,7 +61,7 @@ public class ClientSslContextProviderFactoryTest {
    certificateProviderRegistry = new CertificateProviderRegistry();
    certificateProviderStore = new CertificateProviderStore(certificateProviderRegistry);
    certProviderClientSslContextProviderFactory =
-        new CertProviderClientSslContextProvider.Factory(certificateProviderStore);
+        new CertProviderClientSslContextProviderFactory(certificateProviderStore);
  }
  @Test
@ -84,12 +84,14 @@ public class ClientSslContextProviderFactoryTest {
                    bootstrapInfo, certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider =
        clientSslContextProviderFactory.create(upstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderClientSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
    // verify that bootstrapInfo is cached...
    sslContextProvider =
        clientSslContextProviderFactory.create(upstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderClientSslContextProvider");
  }
  @Test
@ -117,7 +119,8 @@ public class ClientSslContextProviderFactoryTest {
                    bootstrapInfo, certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider =
        clientSslContextProviderFactory.create(upstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderClientSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
  }
@ -142,7 +145,8 @@ public class ClientSslContextProviderFactoryTest {
                    bootstrapInfo, certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider =
            clientSslContextProviderFactory.create(upstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderClientSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
  }
@ -175,7 +179,8 @@ public class ClientSslContextProviderFactoryTest {
                    certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider =
            clientSslContextProviderFactory.create(upstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderClientSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
  }
@ -204,7 +209,8 @@ public class ClientSslContextProviderFactoryTest {
                    bootstrapInfo, certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider =
        clientSslContextProviderFactory.create(upstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderClientSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
    verifyWatcher(sslContextProvider, watcherCaptor[1]);
  }
@ -240,7 +246,8 @@ public class ClientSslContextProviderFactoryTest {
            bootstrapInfo, certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider =
        clientSslContextProviderFactory.create(upstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderClientSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
    verifyWatcher(sslContextProvider, watcherCaptor[1]);
  }
@ -273,7 +280,8 @@ public class ClientSslContextProviderFactoryTest {
            bootstrapInfo, certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider =
        clientSslContextProviderFactory.create(upstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderClientSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
  }
--- a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java
@ -51,9 +51,9 @@ import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.InternalXdsAttributes;
 import io.grpc.xds.TlsContextManager;
 import io.grpc.xds.internal.certprovider.CommonCertProviderTestUtils;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSdsHandler;
 import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSdsProtocolNegotiator;
 import io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPipeline;
--- a/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/ServerSslContextProviderFactoryTest.java
@ -29,10 +29,10 @@ import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.XdsInitializationException;
-import io.grpc.xds.internal.certprovider.CertProviderServerSslContextProvider;
+import io.grpc.xds.internal.security.certprovider.CertProviderServerSslContextProviderFactory;
-import io.grpc.xds.internal.certprovider.CertificateProvider;
+import io.grpc.xds.internal.security.certprovider.CertificateProvider;
-import io.grpc.xds.internal.certprovider.CertificateProviderRegistry;
+import io.grpc.xds.internal.security.certprovider.CertificateProviderRegistry;
-import io.grpc.xds.internal.certprovider.CertificateProviderStore;
+import io.grpc.xds.internal.security.certprovider.CertificateProviderStore;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@ -44,7 +44,7 @@ public class ServerSslContextProviderFactoryTest {
  CertificateProviderRegistry certificateProviderRegistry;
  CertificateProviderStore certificateProviderStore;
-  CertProviderServerSslContextProvider.Factory certProviderServerSslContextProviderFactory;
+  CertProviderServerSslContextProviderFactory certProviderServerSslContextProviderFactory;
  ServerSslContextProviderFactory serverSslContextProviderFactory;
  @Before
@ -52,7 +52,7 @@ public class ServerSslContextProviderFactoryTest {
    certificateProviderRegistry = new CertificateProviderRegistry();
    certificateProviderStore = new CertificateProviderStore(certificateProviderRegistry);
    certProviderServerSslContextProviderFactory =
-        new CertProviderServerSslContextProvider.Factory(certificateProviderStore);
+        new CertProviderServerSslContextProviderFactory(certificateProviderStore);
  }
  @Test
@ -76,12 +76,14 @@ public class ServerSslContextProviderFactoryTest {
                    bootstrapInfo, certProviderServerSslContextProviderFactory);
    SslContextProvider sslContextProvider =
        serverSslContextProviderFactory.create(downstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderServerSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
    // verify that bootstrapInfo is cached...
    sslContextProvider =
        serverSslContextProviderFactory.create(downstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderServerSslContextProvider");
  }
  @Test
@ -113,7 +115,8 @@ public class ServerSslContextProviderFactoryTest {
                    bootstrapInfo, certProviderServerSslContextProviderFactory);
    SslContextProvider sslContextProvider =
        serverSslContextProviderFactory.create(downstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderServerSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
  }
@ -139,7 +142,8 @@ public class ServerSslContextProviderFactoryTest {
                    bootstrapInfo, certProviderServerSslContextProviderFactory);
    SslContextProvider sslContextProvider =
            serverSslContextProviderFactory.create(downstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderServerSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
  }
@ -173,7 +177,8 @@ public class ServerSslContextProviderFactoryTest {
                    bootstrapInfo, certProviderServerSslContextProviderFactory);
    SslContextProvider sslContextProvider =
            serverSslContextProviderFactory.create(downstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderServerSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
  }
@ -203,7 +208,8 @@ public class ServerSslContextProviderFactoryTest {
                    bootstrapInfo, certProviderServerSslContextProviderFactory);
    SslContextProvider sslContextProvider =
        serverSslContextProviderFactory.create(downstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderServerSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
    verifyWatcher(sslContextProvider, watcherCaptor[1]);
  }
@ -241,7 +247,8 @@ public class ServerSslContextProviderFactoryTest {
            bootstrapInfo, certProviderServerSslContextProviderFactory);
    SslContextProvider sslContextProvider =
        serverSslContextProviderFactory.create(downstreamTlsContext);
-    assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class);
+    assertThat(sslContextProvider.getClass().getSimpleName()).isEqualTo(
        "CertProviderServerSslContextProvider");
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
    verifyWatcher(sslContextProvider, watcherCaptor[1]);
  }
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
@ -14,11 +14,10 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.internal.certprovider.CommonCertProviderTestUtils.getCertFromResourceName;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_KEY_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
@ -26,6 +25,7 @@ import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_P
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_KEY_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.doChecksOnSslContext;
 import static io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils.getCertFromResourceName;
 import static org.junit.Assert.fail;
 import com.google.common.annotations.VisibleForTesting;
@ -56,14 +56,14 @@ public class CertProviderClientSslContextProviderTest {
  CertificateProviderRegistry certificateProviderRegistry;
  CertificateProviderStore certificateProviderStore;
-  private CertProviderClientSslContextProvider.Factory certProviderClientSslContextProviderFactory;
+  private CertProviderClientSslContextProviderFactory certProviderClientSslContextProviderFactory;
  @Before
  public void setUp() throws Exception {
    certificateProviderRegistry = new CertificateProviderRegistry();
    certificateProviderStore = new CertificateProviderStore(certificateProviderRegistry);
    certProviderClientSslContextProviderFactory =
-        new CertProviderClientSslContextProvider.Factory(certificateProviderStore);
+        new CertProviderClientSslContextProviderFactory(certificateProviderStore);
  }
  /** Helper method to build CertProviderClientSslContextProvider. */
@ -81,10 +81,11 @@ public class CertProviderClientSslContextProviderTest {
            "root-default",
            alpnProtocols,
            staticCertValidationContext);
-    return certProviderClientSslContextProviderFactory.getProvider(
+    return (CertProviderClientSslContextProvider)
-        upstreamTlsContext,
+        certProviderClientSslContextProviderFactory.getProvider(
-        bootstrapInfo.node().toEnvoyProtoNode(),
+            upstreamTlsContext,
-        bootstrapInfo.certProviders());
+            bootstrapInfo.node().toEnvoyProtoNode(),
            bootstrapInfo.certProviders());
  }
  /** Helper method to build CertProviderClientSslContextProvider. */
@ -102,7 +103,8 @@ public class CertProviderClientSslContextProviderTest {
                    "root-default",
                    alpnProtocols,
                    staticCertValidationContext);
-    return certProviderClientSslContextProviderFactory.getProvider(
+    return (CertProviderClientSslContextProvider)
        certProviderClientSslContextProviderFactory.getProvider(
            upstreamTlsContext,
            bootstrapInfo.node().toEnvoyProtoNode(),
            bootstrapInfo.certProviders());
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderTest.java
@ -14,10 +14,9 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.internal.certprovider.CommonCertProviderTestUtils.getCertFromResourceName;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_KEY_FILE;
@ -25,6 +24,7 @@ import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_P
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_KEY_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.doChecksOnSslContext;
 import static io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils.getCertFromResourceName;
 import static org.junit.Assert.fail;
 import com.google.common.collect.ImmutableList;
@ -35,9 +35,9 @@ import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
 import io.grpc.xds.Bootstrapper;
 import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData;
 import io.grpc.xds.internal.certprovider.CertProviderClientSslContextProviderTest.QueuedExecutor;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil.TestCallback;
 import io.grpc.xds.internal.security.certprovider.CertProviderClientSslContextProviderTest.QueuedExecutor;
 import java.util.Arrays;
 import org.junit.Before;
 import org.junit.Test;
@ -50,14 +50,14 @@ public class CertProviderServerSslContextProviderTest {
  CertificateProviderRegistry certificateProviderRegistry;
  CertificateProviderStore certificateProviderStore;
-  private CertProviderServerSslContextProvider.Factory certProviderServerSslContextProviderFactory;
+  private CertProviderServerSslContextProviderFactory certProviderServerSslContextProviderFactory;
  @Before
  public void setUp() throws Exception {
    certificateProviderRegistry = new CertificateProviderRegistry();
    certificateProviderStore = new CertificateProviderStore(certificateProviderRegistry);
    certProviderServerSslContextProviderFactory =
-        new CertProviderServerSslContextProvider.Factory(certificateProviderStore);
+        new CertProviderServerSslContextProviderFactory(certificateProviderStore);
  }
  /** Helper method to build CertProviderServerSslContextProvider. */
@ -77,10 +77,11 @@ public class CertProviderServerSslContextProviderTest {
            alpnProtocols,
            staticCertValidationContext,
            requireClientCert);
-    return certProviderServerSslContextProviderFactory.getProvider(
+    return (CertProviderServerSslContextProvider)
-        downstreamTlsContext,
+        certProviderServerSslContextProviderFactory.getProvider(
-        bootstrapInfo.node().toEnvoyProtoNode(),
+            downstreamTlsContext,
-        bootstrapInfo.certProviders());
+            bootstrapInfo.node().toEnvoyProtoNode(),
            bootstrapInfo.certProviders());
  }
  /** Helper method to build CertProviderServerSslContextProvider. */
@ -100,7 +101,8 @@ public class CertProviderServerSslContextProviderTest {
                    alpnProtocols,
                    staticCertValidationContext,
                    requireClientCert);
-    return certProviderServerSslContextProviderFactory.getProvider(
+    return (CertProviderServerSslContextProvider)
        certProviderServerSslContextProviderFactory.getProvider(
            downstreamTlsContext,
            bootstrapInfo.node().toEnvoyProtoNode(),
            bootstrapInfo.certProviders());
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStoreTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertificateProviderStoreTest.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.fail;
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CommonCertProviderTestUtils.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CommonCertProviderTestUtils.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static java.nio.charset.StandardCharsets.UTF_8;
@ -22,7 +22,7 @@ import com.google.common.io.CharStreams;
 import io.grpc.internal.FakeClock;
 import io.grpc.internal.TimeProvider;
 import io.grpc.internal.testing.TestUtils;
-import io.grpc.xds.internal.certprovider.FileWatcherCertificateProviderProvider.ScheduledExecutorServiceFactory;
+import io.grpc.xds.internal.security.certprovider.FileWatcherCertificateProviderProvider.ScheduledExecutorServiceFactory;
 import io.grpc.xds.internal.security.trust.CertificateUtils;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderProviderTest.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.truth.Truth.assertThat;
 import static org.junit.Assert.fail;
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderTest.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/FileWatcherCertificateProviderTest.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE;
@ -34,8 +34,8 @@ import static org.mockito.Mockito.verify;
 import io.grpc.Status;
 import io.grpc.internal.TimeProvider;
 import io.grpc.xds.internal.certprovider.CertificateProvider.DistributorWatcher;
 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil;
 import io.grpc.xds.internal.security.certprovider.CertificateProvider.DistributorWatcher;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
--- a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/TestCertificateProvider.java
+++ b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/TestCertificateProvider.java
@ -14,7 +14,7 @@
 * limitations under the License.
 */
-package io.grpc.xds.internal.certprovider;
+package io.grpc.xds.internal.security.certprovider;
 public class TestCertificateProvider extends CertificateProvider {
  Object config;