grpc 0.10.0 → 0.11.0

data/ext/grpc/rb_channel_args.c

@@ -41,7 +41,8 @@
 
 static rb_data_type_t grpc_rb_channel_args_data_type = {
     "grpc_channel_args",
-    {GRPC_RB_GC_NOT_MARKED, GRPC_RB_GC_DONT_FREE, GRPC_RB_MEMSIZE_UNAVAILABLE},
+    {GRPC_RB_GC_NOT_MARKED, GRPC_RB_GC_DONT_FREE, GRPC_RB_MEMSIZE_UNAVAILABLE,
+     {NULL, NULL}},
     NULL, NULL,
     RUBY_TYPED_FREE_IMMEDIATELY
 };

data/ext/grpc/rb_completion_queue.c

@@ -56,7 +56,7 @@ typedef struct next_call_stack {
 static void *grpc_rb_completion_queue_next_no_gil(void *param) {
   next_call_stack *const next_call = (next_call_stack*)param;
   next_call->event =
-      grpc_completion_queue_next(next_call->cq, next_call->timeout);
+      grpc_completion_queue_next(next_call->cq, next_call->timeout, NULL);
   return NULL;
 }
 
@@ -64,7 +64,7 @@ static void *grpc_rb_completion_queue_next_no_gil(void *param) {
 static void *grpc_rb_completion_queue_pluck_no_gil(void *param) {
   next_call_stack *const next_call = (next_call_stack*)param;
   next_call->event = grpc_completion_queue_pluck(next_call->cq, next_call->tag,
-                                                 next_call->timeout);
+                                                 next_call->timeout, NULL);
   return NULL;
 }
 
@@ -82,7 +82,7 @@ static void grpc_rb_completion_queue_shutdown_drain(grpc_completion_queue *cq) {
   next_call.cq = cq;
   next_call.event.type = GRPC_QUEUE_TIMEOUT;
   /* TODO: the timeout should be a module level constant that defaults
-   * to gpr_inf_future.
+   * to gpr_inf_future(GPR_CLOCK_REALTIME).
    *
    * - at the moment this does not work, it stalls.  Using a small timeout like
    *   this one works, and leads to fast test run times; a longer timeout was
@@ -91,7 +91,8 @@ static void grpc_rb_completion_queue_shutdown_drain(grpc_completion_queue *cq) {
    * - investigate further, this is probably another example of C-level cleanup
    * not working consistently in all cases.
    */
-  next_call.timeout = gpr_time_add(gpr_now(), gpr_time_from_micros(5e3));
+  next_call.timeout = gpr_time_add(gpr_now(GPR_CLOCK_REALTIME),
+                                   gpr_time_from_micros(5e3, GPR_TIMESPAN));
   do {
     rb_thread_call_without_gvl(grpc_rb_completion_queue_next_no_gil,
                                (void *)&next_call, NULL, NULL);
@@ -118,7 +119,7 @@ static void grpc_rb_completion_queue_destroy(void *p) {
 static rb_data_type_t grpc_rb_completion_queue_data_type = {
     "grpc_completion_queue",
     {GRPC_RB_GC_NOT_MARKED, grpc_rb_completion_queue_destroy,
-     GRPC_RB_MEMSIZE_UNAVAILABLE},
+     GRPC_RB_MEMSIZE_UNAVAILABLE, {NULL, NULL}},
     NULL, NULL,
     /* cannot immediately free because grpc_rb_completion_queue_shutdown_drain
      * calls rb_thread_call_without_gvl. */
@@ -127,7 +128,7 @@ static rb_data_type_t grpc_rb_completion_queue_data_type = {
 
 /* Allocates a completion queue. */
 static VALUE grpc_rb_completion_queue_alloc(VALUE cls) {
-  grpc_completion_queue *cq = grpc_completion_queue_create();
+  grpc_completion_queue *cq = grpc_completion_queue_create(NULL);
   if (cq == NULL) {
     rb_raise(rb_eArgError, "could not create a completion queue: not sure why");
   }
@@ -143,7 +144,7 @@ grpc_event grpc_rb_completion_queue_pluck_event(VALUE self, VALUE tag,
   TypedData_Get_Struct(self, grpc_completion_queue,
                        &grpc_rb_completion_queue_data_type, next_call.cq);
   if (TYPE(timeout) == T_NIL) {
-    next_call.timeout = gpr_inf_future;
+    next_call.timeout = gpr_inf_future(GPR_CLOCK_REALTIME);
   } else {
     next_call.timeout = grpc_rb_time_timeval(timeout, /* absolute time*/ 0);
   }

data/ext/grpc/rb_credentials.c

@@ -89,7 +89,7 @@ static void grpc_rb_credentials_mark(void *p) {
 static rb_data_type_t grpc_rb_credentials_data_type = {
     "grpc_credentials",
     {grpc_rb_credentials_mark, grpc_rb_credentials_free,
-     GRPC_RB_MEMSIZE_UNAVAILABLE},
+     GRPC_RB_MEMSIZE_UNAVAILABLE, {NULL, NULL}},
     NULL,
     NULL,
     RUBY_TYPED_FREE_IMMEDIATELY};
@@ -154,7 +154,7 @@ static VALUE grpc_rb_default_credentials_create(VALUE cls) {
     Creates the default credential instances. */
 static VALUE grpc_rb_compute_engine_credentials_create(VALUE cls) {
   grpc_rb_credentials *wrapper = ALLOC(grpc_rb_credentials);
-  wrapper->wrapped = grpc_compute_engine_credentials_create();
+  wrapper->wrapped = grpc_google_compute_engine_credentials_create(NULL);
   if (wrapper->wrapped == NULL) {
     rb_raise(rb_eRuntimeError,
              "could not create composite engine credentials, not sure why");
@@ -181,8 +181,8 @@ static VALUE grpc_rb_composite_credentials_create(VALUE self, VALUE other) {
   TypedData_Get_Struct(other, grpc_rb_credentials,
                        &grpc_rb_credentials_data_type, other_wrapper);
   wrapper = ALLOC(grpc_rb_credentials);
-  wrapper->wrapped = grpc_composite_credentials_create(self_wrapper->wrapped,
-                                                       other_wrapper->wrapped);
+  wrapper->wrapped = grpc_composite_credentials_create(
+      self_wrapper->wrapped, other_wrapper->wrapped, NULL);
   if (wrapper->wrapped == NULL) {
     rb_raise(rb_eRuntimeError,
              "could not create composite credentials, not sure why");
@@ -234,12 +234,13 @@ static VALUE grpc_rb_credentials_init(int argc, VALUE *argv, VALUE self) {
     return Qnil;
   }
   if (pem_private_key == Qnil && pem_cert_chain == Qnil) {
-    creds = grpc_ssl_credentials_create(RSTRING_PTR(pem_root_certs), NULL);
+    creds =
+        grpc_ssl_credentials_create(RSTRING_PTR(pem_root_certs), NULL, NULL);
   } else {
     key_cert_pair.private_key = RSTRING_PTR(pem_private_key);
     key_cert_pair.cert_chain = RSTRING_PTR(pem_cert_chain);
     creds = grpc_ssl_credentials_create(RSTRING_PTR(pem_root_certs),
-                                        &key_cert_pair);
+                                        &key_cert_pair, NULL);
   }
   if (creds == NULL) {
     rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why");

data/ext/grpc/rb_grpc.c

@@ -51,7 +51,8 @@ static VALUE grpc_rb_cTimeVal = Qnil;
 
 static rb_data_type_t grpc_rb_timespec_data_type = {
     "gpr_timespec",
-    {GRPC_RB_GC_NOT_MARKED, GRPC_RB_GC_DONT_FREE, GRPC_RB_MEMSIZE_UNAVAILABLE},
+    {GRPC_RB_GC_NOT_MARKED, GRPC_RB_GC_DONT_FREE, GRPC_RB_MEMSIZE_UNAVAILABLE,
+     {NULL, NULL}},
     NULL,
     NULL,
     RUBY_TYPED_FREE_IMMEDIATELY};
@@ -75,6 +76,7 @@ VALUE grpc_rb_cannot_init(VALUE self) {
 
 /* Init/Clone func that fails by raising an exception. */
 VALUE grpc_rb_cannot_init_copy(VALUE copy, VALUE self) {
+  (void)self;
   rb_raise(rb_eTypeError,
            "initialization of %s only allowed from the gRPC native layer",
            rb_obj_classname(copy));
@@ -98,6 +100,7 @@ gpr_timespec grpc_rb_time_timeval(VALUE time, int interval) {
   const char *tstr = interval ? "time interval" : "time";
   const char *want = " want <secs from epoch>|<Time>|<GRPC::TimeConst.*>";
 
+  t.clock_type = GPR_CLOCK_REALTIME;
   switch (TYPE(time)) {
     case T_DATA:
       if (CLASS_OF(time) == grpc_rb_cTimeVal) {
@@ -136,7 +139,7 @@ gpr_timespec grpc_rb_time_timeval(VALUE time, int interval) {
           rb_raise(rb_eRangeError, "%f out of Time range",
                    RFLOAT_VALUE(time));
         }
-        t.tv_nsec = (time_t)(d * 1e9 + 0.5);
+        t.tv_nsec = (int)(d * 1e9 + 0.5);
       }
       break;
 
@@ -206,10 +209,12 @@ static ID id_to_s;
 /* Converts a wrapped time constant to a standard time. */
 static VALUE grpc_rb_time_val_to_time(VALUE self) {
   gpr_timespec *time_const = NULL;
+  gpr_timespec real_time;
   TypedData_Get_Struct(self, gpr_timespec, &grpc_rb_timespec_data_type,
                        time_const);
-  return rb_funcall(rb_cTime, id_at, 2, INT2NUM(time_const->tv_sec),
-                    INT2NUM(time_const->tv_nsec));
+  real_time = gpr_convert_clock_type(*time_const, GPR_CLOCK_REALTIME);
+  return rb_funcall(rb_cTime, id_at, 2, INT2NUM(real_time.tv_sec),
+                    INT2NUM(real_time.tv_nsec));
 }
 
 /* Invokes inspect on the ctime version of the time val. */
@@ -222,24 +227,31 @@ static VALUE grpc_rb_time_val_to_s(VALUE self) {
   return rb_funcall(grpc_rb_time_val_to_time(self), id_to_s, 0);
 }
 
+static gpr_timespec zero_realtime;
+static gpr_timespec inf_future_realtime;
+static gpr_timespec inf_past_realtime;
+
 /* Adds a module with constants that map to gpr's static timeval structs. */
 static void Init_grpc_time_consts() {
   VALUE grpc_rb_mTimeConsts =
       rb_define_module_under(grpc_rb_mGrpcCore, "TimeConsts");
   grpc_rb_cTimeVal =
       rb_define_class_under(grpc_rb_mGrpcCore, "TimeSpec", rb_cObject);
+  zero_realtime = gpr_time_0(GPR_CLOCK_REALTIME);
+  inf_future_realtime = gpr_inf_future(GPR_CLOCK_REALTIME);
+  inf_past_realtime = gpr_inf_past(GPR_CLOCK_REALTIME);
   rb_define_const(
       grpc_rb_mTimeConsts, "ZERO",
       TypedData_Wrap_Struct(grpc_rb_cTimeVal, &grpc_rb_timespec_data_type,
-                            (void *)&gpr_time_0));
+                            (void *)&zero_realtime));
   rb_define_const(
       grpc_rb_mTimeConsts, "INFINITE_FUTURE",
       TypedData_Wrap_Struct(grpc_rb_cTimeVal, &grpc_rb_timespec_data_type,
-                            (void *)&gpr_inf_future));
+                            (void *)&inf_future_realtime));
   rb_define_const(
       grpc_rb_mTimeConsts, "INFINITE_PAST",
       TypedData_Wrap_Struct(grpc_rb_cTimeVal, &grpc_rb_timespec_data_type,
-                            (void *)&gpr_inf_past));
+                            (void *)&inf_past_realtime));
   rb_define_method(grpc_rb_cTimeVal, "to_time", grpc_rb_time_val_to_time, 0);
   rb_define_method(grpc_rb_cTimeVal, "inspect", grpc_rb_time_val_inspect, 0);
   rb_define_method(grpc_rb_cTimeVal, "to_s", grpc_rb_time_val_to_s, 0);
@@ -250,7 +262,10 @@ static void Init_grpc_time_consts() {
   id_tv_nsec = rb_intern("tv_nsec");
 }
 
-static void grpc_rb_shutdown(ruby_vm_t *vm) { grpc_shutdown(); }
+static void grpc_rb_shutdown(ruby_vm_t *vm) {
+  (void)vm;
+  grpc_shutdown();
+}
 
 /* Initialize the GRPC module structs */
 

data/ext/grpc/rb_server.c

@@ -49,6 +49,9 @@ static VALUE grpc_rb_cServer = Qnil;
 /* id_at is the constructor method of the ruby standard Time class. */
 static ID id_at;
 
+/* id_insecure_server is used to indicate that a server is insecure */
+static VALUE id_insecure_server;
+
 /* grpc_rb_server wraps a grpc_server.  It provides a peer ruby object,
   'mark' to minimize copying when a server is created from ruby. */
 typedef struct grpc_rb_server {
@@ -94,7 +97,8 @@ static void grpc_rb_server_mark(void *p) {
 
 static const rb_data_type_t grpc_rb_server_data_type = {
     "grpc_server",
-    {grpc_rb_server_mark, grpc_rb_server_free, GRPC_RB_MEMSIZE_UNAVAILABLE},
+    {grpc_rb_server_mark, grpc_rb_server_free, GRPC_RB_MEMSIZE_UNAVAILABLE,
+     {NULL, NULL}},
     NULL,
     NULL,
     /* It is unsafe to specify RUBY_TYPED_FREE_IMMEDIATELY because the free function would block
@@ -127,7 +131,7 @@ static VALUE grpc_rb_server_init(VALUE self, VALUE cqueue, VALUE channel_args) {
   TypedData_Get_Struct(self, grpc_rb_server, &grpc_rb_server_data_type,
                        wrapper);
   grpc_rb_hash_convert_to_channel_args(channel_args, &args);
-  srv = grpc_server_create(&args);
+  srv = grpc_server_create(&args, NULL);
 
   if (args.args != NULL) {
     xfree(args.args); /* Allocated by grpc_rb_hash_convert_to_channel_args */
@@ -135,7 +139,7 @@ static VALUE grpc_rb_server_init(VALUE self, VALUE cqueue, VALUE channel_args) {
   if (srv == NULL) {
     rb_raise(rb_eRuntimeError, "could not create a gRPC server, not sure why");
   }
-  grpc_server_register_completion_queue(srv, cq);
+  grpc_server_register_completion_queue(srv, cq, NULL);
   wrapper->wrapped = srv;
 
   /* Add the cq as the server's mark object. This ensures the ruby cq can't be
@@ -212,6 +216,7 @@ static VALUE grpc_rb_server_request_call(VALUE self, VALUE cqueue,
   grpc_call_error err;
   request_call_stack st;
   VALUE result;
+  gpr_timespec deadline;
   TypedData_Get_Struct(self, grpc_rb_server, &grpc_rb_server_data_type, s);
   if (s->wrapped == NULL) {
     rb_raise(rb_eRuntimeError, "destroyed!");
@@ -232,6 +237,7 @@ static VALUE grpc_rb_server_request_call(VALUE self, VALUE cqueue,
                grpc_call_error_detail_of(err), err);
       return Qnil;
     }
+
     ev = grpc_rb_completion_queue_pluck_event(cqueue, tag_new, timeout);
     if (ev.type == GRPC_QUEUE_TIMEOUT) {
       grpc_request_call_stack_cleanup(&st);
@@ -244,15 +250,13 @@ static VALUE grpc_rb_server_request_call(VALUE self, VALUE cqueue,
     }
 
     /* build the NewServerRpc struct result */
+    deadline = gpr_convert_clock_type(st.details.deadline, GPR_CLOCK_REALTIME);
     result = rb_struct_new(
-        grpc_rb_sNewServerRpc,
-        rb_str_new2(st.details.method),
+        grpc_rb_sNewServerRpc, rb_str_new2(st.details.method),
         rb_str_new2(st.details.host),
-        rb_funcall(rb_cTime, id_at, 2, INT2NUM(st.details.deadline.tv_sec),
-                   INT2NUM(st.details.deadline.tv_nsec)),
-        grpc_rb_md_ary_to_h(&st.md_ary),
-        grpc_rb_wrap_call(call),
-        NULL);
+        rb_funcall(rb_cTime, id_at, 2, INT2NUM(deadline.tv_sec),
+                   INT2NUM(deadline.tv_nsec)),
+        grpc_rb_md_ary_to_h(&st.md_ary), grpc_rb_wrap_call(call), NULL);
     grpc_request_call_stack_cleanup(&st);
     return result;
   }
@@ -298,43 +302,22 @@ static VALUE grpc_rb_server_destroy(int argc, VALUE *argv, VALUE self) {
   if (s->wrapped != NULL) {
     grpc_server_shutdown_and_notify(s->wrapped, cq, NULL);
     ev = grpc_rb_completion_queue_pluck_event(cqueue, Qnil, timeout);
-
     if (!ev.success) {
-      rb_warn("server shutdown failed, there will be a LEAKED object warning");
-      return Qnil;
-      /*
-         TODO: renable the rb_raise below.
-
-         At the moment if the timeout is INFINITE_FUTURE as recommended, the
-         pluck blocks forever, even though
-
-         the outstanding server_request_calls correctly fail on the other
-         thread that they are running on.
-
-         it's almost as if calls that fail on the other thread do not get
-         cleaned up by shutdown request, even though it caused htem to
-         terminate.
-
-         rb_raise(rb_eRuntimeError, "grpc server shutdown did not succeed");
-         return Qnil;
-
-         The workaround is just to use a timeout and return without really
-         shutting down the server, and rely on the grpc core garbage collection
-         it down as a 'LEAKED OBJECT'.
-
-      */
+      rb_warn("server shutdown failed, cancelling the calls, objects may leak");
+      grpc_server_cancel_all_calls(s->wrapped);
+      return Qfalse;
     }
     grpc_server_destroy(s->wrapped);
     s->wrapped = NULL;
   }
-  return Qnil;
+  return Qtrue;
 }
 
 /*
   call-seq:
     // insecure port
     insecure_server = Server.new(cq, {'arg1': 'value1'})
-    insecure_server.add_http2_port('mydomain:50051')
+    insecure_server.add_http2_port('mydomain:50051', :this_port_is_insecure)
 
     // secure port
     server_creds = ...
@@ -342,22 +325,24 @@ static VALUE grpc_rb_server_destroy(int argc, VALUE *argv, VALUE self) {
     secure_server.add_http_port('mydomain:50051', server_creds)
 
     Adds a http2 port to server */
-static VALUE grpc_rb_server_add_http2_port(int argc, VALUE *argv, VALUE self) {
-  VALUE port = Qnil;
-  VALUE rb_creds = Qnil;
+static VALUE grpc_rb_server_add_http2_port(VALUE self, VALUE port,
+                                           VALUE rb_creds) {
   grpc_rb_server *s = NULL;
   grpc_server_credentials *creds = NULL;
   int recvd_port = 0;
 
-  /* "11" == 1 mandatory args, 1 (rb_creds) is optional */
-  rb_scan_args(argc, argv, "11", &port, &rb_creds);
-
   TypedData_Get_Struct(self, grpc_rb_server, &grpc_rb_server_data_type, s);
   if (s->wrapped == NULL) {
     rb_raise(rb_eRuntimeError, "destroyed!");
     return Qnil;
-  } else if (rb_creds == Qnil) {
-    recvd_port = grpc_server_add_http2_port(s->wrapped, StringValueCStr(port));
+  } else if (TYPE(rb_creds) == T_SYMBOL) {
+    if (id_insecure_server != SYM2ID(rb_creds)) {
+      rb_raise(rb_eTypeError,
+               "bad creds symbol, want :this_port_is_insecure");
+      return Qnil;
+    }
+    recvd_port =
+        grpc_server_add_insecure_http2_port(s->wrapped, StringValueCStr(port));
     if (recvd_port == 0) {
       rb_raise(rb_eRuntimeError,
                "could not add port %s to server, not sure why",
@@ -397,8 +382,9 @@ void Init_grpc_server() {
   rb_define_alias(grpc_rb_cServer, "close", "destroy");
   rb_define_method(grpc_rb_cServer, "add_http2_port",
                    grpc_rb_server_add_http2_port,
-                   -1);
+                   2);
   id_at = rb_intern("at");
+  id_insecure_server = rb_intern("this_port_is_insecure");
 }
 
 /* Gets the wrapped server from the ruby wrapper */

data/ext/grpc/rb_server_credentials.c

@@ -89,7 +89,7 @@ static void grpc_rb_server_credentials_mark(void *p) {
 static const rb_data_type_t grpc_rb_server_credentials_data_type = {
     "grpc_server_credentials",
     {grpc_rb_server_credentials_mark, grpc_rb_server_credentials_free,
-     GRPC_RB_MEMSIZE_UNAVAILABLE},
+     GRPC_RB_MEMSIZE_UNAVAILABLE, {NULL, NULL}},
     NULL, NULL,
     RUBY_TYPED_FREE_IMMEDIATELY
 };
@@ -135,61 +135,117 @@ static VALUE grpc_rb_server_credentials_init_copy(VALUE copy, VALUE orig) {
   return copy;
 }
 
-/* The attribute used on the mark object to hold the pem_root_certs. */
+/* The attribute used on the mark object to preserve the pem_root_certs. */
 static ID id_pem_root_certs;
 
-/* The attribute used on the mark object to hold the pem_private_key. */
-static ID id_pem_private_key;
+/* The attribute used on the mark object to preserve the pem_key_certs */
+static ID id_pem_key_certs;
 
-/* The attribute used on the mark object to hold the pem_private_key. */
-static ID id_pem_cert_chain;
+/* The key used to access the pem cert in a key_cert pair hash */
+static VALUE sym_cert_chain;
+
+/* The key used to access the pem private key in a key_cert pair hash */
+static VALUE sym_private_key;
 
 /*
   call-seq:
-    creds = ServerCredentials.new(pem_root_certs, pem_private_key,
-                                  pem_cert_chain)
-    creds = ServerCredentials.new(nil, pem_private_key,
-                                  pem_cert_chain)
-
-    pem_root_certs: (required) PEM encoding of the server root certificate
-    pem_private_key: (optional) PEM encoding of the server's private key
-    pem_cert_chain: (optional) PEM encoding of the server's cert chain
+    creds = ServerCredentials.new(nil,
+                                  [{private_key: <pem_private_key1>,
+                                   {cert_chain: <pem_cert_chain1>}],
+                                  force_client_auth)
+    creds = ServerCredentials.new(pem_root_certs,
+                                  [{private_key: <pem_private_key1>,
+                                   {cert_chain: <pem_cert_chain1>}],
+                                  force_client_auth)
+
+    pem_root_certs: (optional) PEM encoding of the server root certificate
+    pem_private_key: (required) PEM encoding of the server's private keys
+    force_client_auth: indicatees
 
     Initializes ServerCredential instances. */
 static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs,
-                                             VALUE pem_private_key,
-                                             VALUE pem_cert_chain) {
-  /* TODO support multiple key cert pairs in the ruby API. */
+                                             VALUE pem_key_certs,
+                                             VALUE force_client_auth) {
   grpc_rb_server_credentials *wrapper = NULL;
   grpc_server_credentials *creds = NULL;
-  grpc_ssl_pem_key_cert_pair key_cert_pair = {NULL, NULL};
-  TypedData_Get_Struct(self, grpc_rb_server_credentials,
-                       &grpc_rb_server_credentials_data_type, wrapper);
-  if (pem_cert_chain == Qnil) {
-    rb_raise(rb_eRuntimeError,
-             "could not create a server credential: nil pem_cert_chain");
+  grpc_ssl_pem_key_cert_pair *key_cert_pairs = NULL;
+  VALUE cert = Qnil;
+  VALUE key = Qnil;
+  VALUE key_cert = Qnil;
+  int auth_client = 0;
+  int num_key_certs = 0;
+  int i;
+
+  if (NIL_P(force_client_auth) ||
+      !(force_client_auth == Qfalse || force_client_auth == Qtrue)) {
+    rb_raise(rb_eTypeError,
+             "bad force_client_auth: got:<%s> want: <True|False|nil>",
+             rb_obj_classname(force_client_auth));
     return Qnil;
-  } else if (pem_private_key == Qnil) {
-    rb_raise(rb_eRuntimeError,
-             "could not create a server credential: nil pem_private_key");
+  }
+  if (NIL_P(pem_key_certs) || TYPE(pem_key_certs) != T_ARRAY) {
+    rb_raise(rb_eTypeError, "bad pem_key_certs: got:<%s> want: <Array>",
+             rb_obj_classname(pem_key_certs));
+    return Qnil;
+  }
+  num_key_certs = RARRAY_LEN(pem_key_certs);
+  if (num_key_certs == 0) {
+    rb_raise(rb_eTypeError, "bad pem_key_certs: it had no elements");
     return Qnil;
   }
-  key_cert_pair.private_key = RSTRING_PTR(pem_private_key);
-  key_cert_pair.cert_chain = RSTRING_PTR(pem_cert_chain);
+  for (i = 0; i < num_key_certs; i++) {
+    key_cert = rb_ary_entry(pem_key_certs, i);
+    if (key_cert == Qnil) {
+      rb_raise(rb_eTypeError,
+               "could not create a server credential: nil key_cert");
+      return Qnil;
+    } else if (TYPE(key_cert) != T_HASH) {
+      rb_raise(rb_eTypeError,
+               "could not create a server credential: want <Hash>, got <%s>",
+               rb_obj_classname(key_cert));
+      return Qnil;
+    } else if (rb_hash_aref(key_cert, sym_private_key) == Qnil) {
+      rb_raise(rb_eTypeError,
+               "could not create a server credential: want nil private key");
+      return Qnil;
+    } else if (rb_hash_aref(key_cert, sym_cert_chain) == Qnil) {
+      rb_raise(rb_eTypeError,
+               "could not create a server credential: want nil cert chain");
+      return Qnil;
+    }
+  }
+
+  auth_client = TYPE(force_client_auth) == T_TRUE;
+  key_cert_pairs = ALLOC_N(grpc_ssl_pem_key_cert_pair, num_key_certs);
+  for (i = 0; i < num_key_certs; i++) {
+    key_cert = rb_ary_entry(pem_key_certs, i);
+    key = rb_hash_aref(key_cert, sym_private_key);
+    cert = rb_hash_aref(key_cert, sym_cert_chain);
+    key_cert_pairs[i].private_key = RSTRING_PTR(key);
+    key_cert_pairs[i].cert_chain = RSTRING_PTR(cert);
+  }
+
+  TypedData_Get_Struct(self, grpc_rb_server_credentials,
+                       &grpc_rb_server_credentials_data_type, wrapper);
+
   if (pem_root_certs == Qnil) {
-    creds = grpc_ssl_server_credentials_create(NULL, &key_cert_pair, 1);
+    creds = grpc_ssl_server_credentials_create(NULL, key_cert_pairs,
+                                               num_key_certs,
+                                               auth_client, NULL);
   } else {
     creds = grpc_ssl_server_credentials_create(RSTRING_PTR(pem_root_certs),
-                                               &key_cert_pair, 1);
+                                               key_cert_pairs, num_key_certs,
+                                               auth_client, NULL);
   }
+  xfree(key_cert_pairs);
   if (creds == NULL) {
     rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why");
+    return Qnil;
   }
   wrapper->wrapped = creds;
 
   /* Add the input objects as hidden fields to preserve them. */
-  rb_ivar_set(self, id_pem_cert_chain, pem_cert_chain);
-  rb_ivar_set(self, id_pem_private_key, pem_private_key);
+  rb_ivar_set(self, id_pem_key_certs, pem_key_certs);
   rb_ivar_set(self, id_pem_root_certs, pem_root_certs);
 
   return self;
@@ -209,9 +265,10 @@ void Init_grpc_server_credentials() {
   rb_define_method(grpc_rb_cServerCredentials, "initialize_copy",
                    grpc_rb_server_credentials_init_copy, 1);
 
-  id_pem_cert_chain = rb_intern("__pem_cert_chain");
-  id_pem_private_key = rb_intern("__pem_private_key");
+  id_pem_key_certs = rb_intern("__pem_key_certs");
   id_pem_root_certs = rb_intern("__pem_root_certs");
+  sym_private_key = ID2SYM(rb_intern("private_key"));
+  sym_cert_chain = ID2SYM(rb_intern("cert_chain"));
 }
 
 /* Gets the wrapped grpc_server_credentials from the ruby wrapper */