grpc 1.12.0 → 1.13.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +314 -23
- data/include/grpc/impl/codegen/fork.h +4 -4
- data/include/grpc/impl/codegen/grpc_types.h +1 -1
- data/include/grpc/impl/codegen/port_platform.h +3 -0
- data/src/boringssl/err_data.c +256 -246
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel.cc +367 -272
- data/src/core/ext/filters/client_channel/lb_policy.h +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +42 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +36 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +36 -102
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +37 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +22 -19
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver.h +1 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +0 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +3 -3
- data/src/core/ext/filters/http/client_authority_filter.cc +5 -4
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +4 -4
- data/src/core/ext/filters/http/server/http_server_filter.cc +123 -131
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +9 -8
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -19
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +10 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +4 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -12
- data/src/core/ext/transport/chttp2/transport/writing.cc +6 -6
- data/src/core/lib/channel/channel_stack.cc +0 -5
- data/src/core/lib/channel/channel_stack.h +1 -1
- data/src/core/lib/channel/channel_stack_builder.cc +0 -3
- data/src/core/lib/channel/channel_stack_builder.h +0 -2
- data/src/core/lib/channel/channel_trace.cc +3 -3
- data/src/core/lib/channel/channelz_registry.cc +77 -0
- data/src/core/lib/channel/channelz_registry.h +99 -0
- data/src/core/lib/channel/handshaker.cc +20 -1
- data/src/core/lib/debug/stats.h +7 -0
- data/src/core/lib/debug/stats_data.cc +5 -0
- data/src/core/lib/debug/stats_data.h +120 -0
- data/src/core/lib/debug/trace.h +11 -9
- data/src/core/lib/gprpp/fork.cc +260 -0
- data/src/core/lib/gprpp/fork.h +79 -0
- data/src/core/lib/gprpp/memory.h +12 -0
- data/src/core/lib/gprpp/orphanable.h +2 -6
- data/src/core/lib/gprpp/ref_counted.h +2 -6
- data/src/core/lib/gprpp/thd.h +0 -3
- data/src/core/lib/gprpp/thd_posix.cc +4 -53
- data/src/core/lib/gprpp/thd_windows.cc +0 -7
- data/src/core/lib/http/httpcli_security_connector.cc +1 -3
- data/src/core/lib/iomgr/combiner.cc +19 -2
- data/src/core/lib/iomgr/combiner.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +2 -2
- data/src/core/lib/iomgr/ev_epollex_linux.cc +59 -3
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +1 -1
- data/src/core/lib/iomgr/ev_poll_posix.cc +2 -2
- data/src/core/lib/iomgr/ev_posix.cc +11 -4
- data/src/core/lib/iomgr/ev_posix.h +6 -0
- data/src/core/lib/iomgr/exec_ctx.cc +9 -9
- data/src/core/lib/iomgr/exec_ctx.h +39 -20
- data/src/core/lib/iomgr/fork_posix.cc +30 -18
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
- data/src/core/lib/iomgr/polling_entity.cc +11 -2
- data/src/core/lib/iomgr/pollset_custom.cc +2 -2
- data/src/core/lib/iomgr/port.h +38 -1
- data/src/core/lib/iomgr/resolve_address.h +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -1
- data/src/core/lib/iomgr/resource_quota.cc +1 -1
- data/src/core/lib/iomgr/sockaddr_posix.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_client_custom.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_posix.cc +3 -2
- data/src/core/lib/iomgr/tcp_custom.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +18 -10
- data/src/core/lib/iomgr/tcp_server_posix.cc +9 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +16 -4
- data/src/core/lib/iomgr/timer.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +113 -41
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +88 -115
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +16 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/security_connector/alts_security_connector.cc +2 -1
- data/src/core/lib/security/security_connector/security_connector.cc +7 -7
- data/src/core/lib/security/transport/security_handshaker.cc +1 -0
- data/src/core/lib/security/util/json_util.cc +4 -0
- data/src/core/lib/slice/slice_buffer.cc +15 -3
- data/src/core/lib/surface/call.cc +31 -17
- data/src/core/lib/surface/call.h +5 -0
- data/src/core/lib/surface/channel.cc +2 -5
- data/src/core/lib/surface/completion_queue.cc +1 -3
- data/src/core/lib/surface/completion_queue.h +0 -1
- data/src/core/lib/surface/init.cc +7 -8
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -1
- data/src/core/lib/transport/transport.h +4 -8
- data/src/core/lib/transport/transport_op_string.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +19 -7
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +10 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +28 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +3 -0
- data/src/core/tsi/fake_transport_security.cc +1 -0
- data/src/core/tsi/ssl_transport_security.cc +238 -110
- data/src/core/tsi/transport_security.cc +14 -0
- data/src/core/tsi/transport_security.h +2 -0
- data/src/core/tsi/transport_security_interface.h +11 -1
- data/src/ruby/bin/math_client.rb +17 -9
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +4 -1
- data/third_party/boringssl/crypto/asn1/a_int.c +33 -28
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +24 -22
- data/third_party/boringssl/crypto/asn1/a_utf8.c +13 -11
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +3 -0
- data/third_party/boringssl/crypto/bio/fd.c +1 -0
- data/third_party/boringssl/crypto/bio/file.c +2 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +6 -5
- data/third_party/boringssl/crypto/bytestring/ber.c +1 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +116 -16
- data/third_party/boringssl/crypto/bytestring/cbs.c +150 -20
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +171 -0
- data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +2 -0
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +1 -2
- data/third_party/boringssl/crypto/cpu-aarch64-fuchsia.c +55 -0
- data/third_party/boringssl/crypto/cpu-aarch64-linux.c +2 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +16 -54
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +11 -542
- data/third_party/boringssl/crypto/fipsmodule/bn/add.c +33 -64
- data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +4 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +122 -70
- data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +32 -71
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +58 -112
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +198 -122
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +31 -65
- data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +2 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +98 -15
- data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +124 -81
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +8 -30
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +303 -347
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +2 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +3 -4
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +199 -222
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +27 -47
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +45 -28
- data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +10 -10
- data/third_party/boringssl/crypto/fipsmodule/des/internal.h +2 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +78 -47
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +35 -54
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +3 -10
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +36 -22
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +59 -90
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +29 -48
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +17 -26
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +15 -11
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +45 -51
- data/third_party/boringssl/crypto/fipsmodule/ec/{util-64.c → util.c} +0 -5
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +144 -264
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +78 -56
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +256 -0
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +36 -32
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +9 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +16 -10
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +255 -102
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +581 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/internal.h +39 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/kdf.c +165 -0
- data/third_party/boringssl/crypto/internal.h +65 -2
- data/third_party/boringssl/crypto/mem.c +0 -2
- data/third_party/boringssl/crypto/obj/obj.c +6 -73
- data/third_party/boringssl/crypto/thread_pthread.c +35 -5
- data/third_party/boringssl/crypto/x509/a_strex.c +11 -11
- data/third_party/boringssl/crypto/x509/x_name.c +13 -0
- data/third_party/boringssl/include/openssl/aead.h +4 -0
- data/third_party/boringssl/include/openssl/asn1.h +1 -3
- data/third_party/boringssl/include/openssl/base.h +1 -14
- data/third_party/boringssl/include/openssl/bio.h +1 -1
- data/third_party/boringssl/include/openssl/bn.h +49 -15
- data/third_party/boringssl/include/openssl/bytestring.h +49 -24
- data/third_party/boringssl/include/openssl/crypto.h +4 -0
- data/third_party/boringssl/include/openssl/ec_key.h +7 -3
- data/third_party/boringssl/include/openssl/err.h +9 -9
- data/third_party/boringssl/include/openssl/evp.h +1 -1
- data/third_party/boringssl/include/openssl/rsa.h +34 -10
- data/third_party/boringssl/include/openssl/ssl.h +160 -17
- data/third_party/boringssl/include/openssl/stack.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +10 -2
- data/third_party/boringssl/include/openssl/x509.h +3 -0
- data/third_party/boringssl/ssl/d1_both.cc +16 -2
- data/third_party/boringssl/ssl/dtls_method.cc +1 -1
- data/third_party/boringssl/ssl/handoff.cc +285 -0
- data/third_party/boringssl/ssl/handshake.cc +26 -12
- data/third_party/boringssl/ssl/handshake_client.cc +65 -31
- data/third_party/boringssl/ssl/handshake_server.cc +14 -2
- data/third_party/boringssl/ssl/internal.h +132 -79
- data/third_party/boringssl/ssl/s3_both.cc +2 -2
- data/third_party/boringssl/ssl/s3_lib.cc +3 -1
- data/third_party/boringssl/ssl/s3_pkt.cc +0 -18
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +1 -4
- data/third_party/boringssl/ssl/ssl_asn1.cc +47 -43
- data/third_party/boringssl/ssl/ssl_cipher.cc +8 -8
- data/third_party/boringssl/ssl/ssl_key_share.cc +3 -1
- data/third_party/boringssl/ssl/ssl_lib.cc +83 -14
- data/third_party/boringssl/ssl/ssl_privkey.cc +6 -0
- data/third_party/boringssl/ssl/ssl_stat.cc +6 -6
- data/third_party/boringssl/ssl/ssl_versions.cc +12 -85
- data/third_party/boringssl/ssl/ssl_x509.cc +59 -61
- data/third_party/boringssl/ssl/t1_enc.cc +73 -124
- data/third_party/boringssl/ssl/t1_lib.cc +367 -41
- data/third_party/boringssl/ssl/tls13_both.cc +8 -0
- data/third_party/boringssl/ssl/tls13_client.cc +98 -184
- data/third_party/boringssl/ssl/tls13_enc.cc +88 -158
- data/third_party/boringssl/ssl/tls13_server.cc +91 -137
- data/third_party/boringssl/ssl/tls_method.cc +0 -17
- data/third_party/boringssl/ssl/tls_record.cc +1 -10
- data/third_party/boringssl/third_party/fiat/curve25519.c +921 -2753
- data/third_party/boringssl/third_party/fiat/curve25519_tables.h +7880 -0
- data/third_party/boringssl/third_party/fiat/internal.h +32 -20
- data/third_party/boringssl/third_party/fiat/p256.c +1824 -0
- metadata +64 -64
- data/src/core/lib/channel/channel_trace_registry.cc +0 -80
- data/src/core/lib/channel/channel_trace_registry.h +0 -43
- data/src/core/lib/gpr/fork.cc +0 -78
- data/src/core/lib/gpr/fork.h +0 -35
- data/src/core/tsi/transport_security_adapter.cc +0 -235
- data/src/core/tsi/transport_security_adapter.h +0 -41
- data/src/ruby/bin/apis/google/protobuf/empty.rb +0 -29
- data/src/ruby/bin/apis/pubsub_demo.rb +0 -241
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +0 -159
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +0 -88
- data/src/ruby/pb/test/client.rb +0 -764
- data/src/ruby/pb/test/server.rb +0 -252
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +0 -247
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +0 -1674
@@ -172,7 +172,7 @@ static bool wait_until(grpc_millis next) {
|
|
172
172
|
|
173
173
|
if (grpc_timer_check_trace.enabled()) {
|
174
174
|
grpc_millis wait_time = next - grpc_core::ExecCtx::Get()->Now();
|
175
|
-
gpr_log(GPR_INFO, "sleep for a %"
|
175
|
+
gpr_log(GPR_INFO, "sleep for a %" PRId64 " milliseconds", wait_time);
|
176
176
|
}
|
177
177
|
} else { // g_timed_waiter == true && next >= g_timed_waiter_deadline
|
178
178
|
next = GRPC_MILLIS_INF_FUTURE;
|
@@ -45,6 +45,7 @@ typedef enum {
|
|
45
45
|
#define GRPC_CHANNEL_CREDENTIALS_TYPE_SSL "Ssl"
|
46
46
|
#define GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY \
|
47
47
|
"FakeTransportSecurity"
|
48
|
+
#define GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT "GoogleDefault"
|
48
49
|
|
49
50
|
#define GRPC_CALL_CREDENTIALS_TYPE_OAUTH2 "Oauth2"
|
50
51
|
#define GRPC_CALL_CREDENTIALS_TYPE_JWT "Jwt"
|
@@ -26,12 +26,16 @@
|
|
26
26
|
#include <grpc/support/log.h>
|
27
27
|
#include <grpc/support/sync.h>
|
28
28
|
|
29
|
+
#include "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h"
|
30
|
+
#include "src/core/lib/channel/channel_args.h"
|
29
31
|
#include "src/core/lib/gpr/env.h"
|
30
32
|
#include "src/core/lib/gpr/string.h"
|
31
33
|
#include "src/core/lib/http/httpcli.h"
|
32
34
|
#include "src/core/lib/http/parser.h"
|
33
35
|
#include "src/core/lib/iomgr/load_file.h"
|
34
36
|
#include "src/core/lib/iomgr/polling_entity.h"
|
37
|
+
#include "src/core/lib/security/credentials/alts/alts_credentials.h"
|
38
|
+
#include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
|
35
39
|
#include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
|
36
40
|
#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
|
37
41
|
#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
|
@@ -45,11 +49,12 @@
|
|
45
49
|
|
46
50
|
/* -- Default credentials. -- */
|
47
51
|
|
48
|
-
static grpc_channel_credentials*
|
49
|
-
static int
|
52
|
+
static grpc_channel_credentials* g_default_credentials = nullptr;
|
53
|
+
static int g_compute_engine_detection_done = 0;
|
50
54
|
static gpr_mu g_state_mu;
|
51
|
-
static gpr_mu* g_polling_mu;
|
52
55
|
static gpr_once g_once = GPR_ONCE_INIT;
|
56
|
+
static grpc_core::internal::grpc_gce_tenancy_checker g_gce_tenancy_checker =
|
57
|
+
grpc_alts_is_running_on_gcp;
|
53
58
|
|
54
59
|
static void init_default_credentials(void) { gpr_mu_init(&g_state_mu); }
|
55
60
|
|
@@ -60,103 +65,54 @@ typedef struct {
|
|
60
65
|
grpc_http_response response;
|
61
66
|
} compute_engine_detector;
|
62
67
|
|
63
|
-
static void
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
/* Internet providers can return a generic response to all requests, so
|
70
|
-
it is necessary to check that metadata header is present also. */
|
71
|
-
size_t i;
|
72
|
-
for (i = 0; i < detector->response.hdr_count; i++) {
|
73
|
-
grpc_http_header* header = &detector->response.hdrs[i];
|
74
|
-
if (strcmp(header->key, "Metadata-Flavor") == 0 &&
|
75
|
-
strcmp(header->value, "Google") == 0) {
|
76
|
-
detector->success = 1;
|
77
|
-
break;
|
78
|
-
}
|
79
|
-
}
|
80
|
-
}
|
81
|
-
gpr_mu_lock(g_polling_mu);
|
82
|
-
detector->is_done = 1;
|
83
|
-
GRPC_LOG_IF_ERROR(
|
84
|
-
"Pollset kick",
|
85
|
-
grpc_pollset_kick(grpc_polling_entity_pollset(&detector->pollent),
|
86
|
-
nullptr));
|
87
|
-
gpr_mu_unlock(g_polling_mu);
|
68
|
+
static void google_default_credentials_destruct(
|
69
|
+
grpc_channel_credentials* creds) {
|
70
|
+
grpc_google_default_channel_credentials* c =
|
71
|
+
reinterpret_cast<grpc_google_default_channel_credentials*>(creds);
|
72
|
+
grpc_channel_credentials_unref(c->alts_creds);
|
73
|
+
grpc_channel_credentials_unref(c->ssl_creds);
|
88
74
|
}
|
89
75
|
|
90
|
-
static
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
grpc_core::ExecCtx::Get()->Now() + max_detection_delay,
|
123
|
-
GRPC_CLOSURE_CREATE(on_compute_engine_detection_http_response, &detector,
|
124
|
-
grpc_schedule_on_exec_ctx),
|
125
|
-
&detector.response);
|
126
|
-
grpc_resource_quota_unref_internal(resource_quota);
|
127
|
-
|
128
|
-
grpc_core::ExecCtx::Get()->Flush();
|
129
|
-
|
130
|
-
/* Block until we get the response. This is not ideal but this should only be
|
131
|
-
called once for the lifetime of the process by the default credentials. */
|
132
|
-
gpr_mu_lock(g_polling_mu);
|
133
|
-
while (!detector.is_done) {
|
134
|
-
grpc_pollset_worker* worker = nullptr;
|
135
|
-
if (!GRPC_LOG_IF_ERROR(
|
136
|
-
"pollset_work",
|
137
|
-
grpc_pollset_work(grpc_polling_entity_pollset(&detector.pollent),
|
138
|
-
&worker, GRPC_MILLIS_INF_FUTURE))) {
|
139
|
-
detector.is_done = 1;
|
140
|
-
detector.success = 0;
|
141
|
-
}
|
76
|
+
static grpc_security_status google_default_create_security_connector(
|
77
|
+
grpc_channel_credentials* creds, grpc_call_credentials* call_creds,
|
78
|
+
const char* target, const grpc_channel_args* args,
|
79
|
+
grpc_channel_security_connector** sc, grpc_channel_args** new_args) {
|
80
|
+
grpc_google_default_channel_credentials* c =
|
81
|
+
reinterpret_cast<grpc_google_default_channel_credentials*>(creds);
|
82
|
+
bool is_grpclb_load_balancer = grpc_channel_arg_get_bool(
|
83
|
+
grpc_channel_args_find(args, GRPC_ARG_ADDRESS_IS_GRPCLB_LOAD_BALANCER),
|
84
|
+
false);
|
85
|
+
bool is_backend_from_grpclb_load_balancer = grpc_channel_arg_get_bool(
|
86
|
+
grpc_channel_args_find(
|
87
|
+
args, GRPC_ARG_ADDRESS_IS_BACKEND_FROM_GRPCLB_LOAD_BALANCER),
|
88
|
+
false);
|
89
|
+
bool use_alts =
|
90
|
+
is_grpclb_load_balancer || is_backend_from_grpclb_load_balancer;
|
91
|
+
grpc_security_status status = GRPC_SECURITY_ERROR;
|
92
|
+
status = use_alts ? c->alts_creds->vtable->create_security_connector(
|
93
|
+
c->alts_creds, call_creds, target, args, sc, new_args)
|
94
|
+
: c->ssl_creds->vtable->create_security_connector(
|
95
|
+
c->ssl_creds, call_creds, target, args, sc, new_args);
|
96
|
+
/* grpclb-specific channel args are removed from the channel args set
|
97
|
+
* to ensure backends and fallback adresses will have the same set of channel
|
98
|
+
* args. By doing that, it guarantees the connections to backends will not be
|
99
|
+
* torn down and re-connected when switching in and out of fallback mode.
|
100
|
+
*/
|
101
|
+
if (use_alts) {
|
102
|
+
static const char* args_to_remove[] = {
|
103
|
+
GRPC_ARG_ADDRESS_IS_GRPCLB_LOAD_BALANCER,
|
104
|
+
GRPC_ARG_ADDRESS_IS_BACKEND_FROM_GRPCLB_LOAD_BALANCER,
|
105
|
+
};
|
106
|
+
*new_args = grpc_channel_args_copy_and_add_and_remove(
|
107
|
+
args, args_to_remove, GPR_ARRAY_SIZE(args_to_remove), nullptr, 0);
|
142
108
|
}
|
143
|
-
|
144
|
-
|
145
|
-
grpc_httpcli_context_destroy(&context);
|
146
|
-
GRPC_CLOSURE_INIT(&destroy_closure, destroy_pollset,
|
147
|
-
grpc_polling_entity_pollset(&detector.pollent),
|
148
|
-
grpc_schedule_on_exec_ctx);
|
149
|
-
grpc_pollset_shutdown(grpc_polling_entity_pollset(&detector.pollent),
|
150
|
-
&destroy_closure);
|
151
|
-
g_polling_mu = nullptr;
|
152
|
-
grpc_core::ExecCtx::Get()->Flush();
|
153
|
-
|
154
|
-
gpr_free(grpc_polling_entity_pollset(&detector.pollent));
|
155
|
-
grpc_http_response_destroy(&detector.response);
|
156
|
-
|
157
|
-
return detector.success;
|
109
|
+
return status;
|
158
110
|
}
|
159
111
|
|
112
|
+
static grpc_channel_credentials_vtable google_default_credentials_vtable = {
|
113
|
+
google_default_credentials_destruct,
|
114
|
+
google_default_create_security_connector, nullptr};
|
115
|
+
|
160
116
|
/* Takes ownership of creds_path if not NULL. */
|
161
117
|
static grpc_error* create_default_creds_from_path(
|
162
118
|
char* creds_path, grpc_call_credentials** creds) {
|
@@ -234,8 +190,8 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) {
|
|
234
190
|
|
235
191
|
gpr_mu_lock(&g_state_mu);
|
236
192
|
|
237
|
-
if (
|
238
|
-
result = grpc_channel_credentials_ref(
|
193
|
+
if (g_default_credentials != nullptr) {
|
194
|
+
result = grpc_channel_credentials_ref(g_default_credentials);
|
239
195
|
goto end;
|
240
196
|
}
|
241
197
|
|
@@ -253,9 +209,9 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) {
|
|
253
209
|
|
254
210
|
/* At last try to see if we're on compute engine (do the detection only once
|
255
211
|
since it requires a network test). */
|
256
|
-
if (!
|
257
|
-
int need_compute_engine_creds =
|
258
|
-
|
212
|
+
if (!g_compute_engine_detection_done) {
|
213
|
+
int need_compute_engine_creds = g_gce_tenancy_checker();
|
214
|
+
g_compute_engine_detection_done = 1;
|
259
215
|
if (need_compute_engine_creds) {
|
260
216
|
call_creds = grpc_google_compute_engine_credentials_create(nullptr);
|
261
217
|
if (call_creds == nullptr) {
|
@@ -269,18 +225,25 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) {
|
|
269
225
|
end:
|
270
226
|
if (result == nullptr) {
|
271
227
|
if (call_creds != nullptr) {
|
272
|
-
/*
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
|
228
|
+
/* Create google default credentials. */
|
229
|
+
auto creds = static_cast<grpc_google_default_channel_credentials*>(
|
230
|
+
gpr_zalloc(sizeof(grpc_google_default_channel_credentials)));
|
231
|
+
creds->base.vtable = &google_default_credentials_vtable;
|
232
|
+
creds->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT;
|
233
|
+
gpr_ref_init(&creds->base.refcount, 1);
|
234
|
+
creds->ssl_creds = grpc_ssl_credentials_create(nullptr, nullptr, nullptr);
|
235
|
+
GPR_ASSERT(creds->ssl_creds != nullptr);
|
236
|
+
grpc_alts_credentials_options* options =
|
237
|
+
grpc_alts_credentials_client_options_create();
|
238
|
+
creds->alts_creds = grpc_alts_credentials_create(options);
|
239
|
+
grpc_alts_credentials_options_destroy(options);
|
240
|
+
/* Add a global reference so that it can be cached and re-served. */
|
241
|
+
g_default_credentials = grpc_composite_channel_credentials_create(
|
242
|
+
&creds->base, call_creds, nullptr);
|
243
|
+
GPR_ASSERT(g_default_credentials != nullptr);
|
244
|
+
grpc_channel_credentials_unref(&creds->base);
|
282
245
|
grpc_call_credentials_unref(call_creds);
|
283
|
-
result =
|
246
|
+
result = grpc_channel_credentials_ref(g_default_credentials);
|
284
247
|
} else {
|
285
248
|
gpr_log(GPR_ERROR, "Could not create google default credentials.");
|
286
249
|
}
|
@@ -295,15 +258,25 @@ end:
|
|
295
258
|
return result;
|
296
259
|
}
|
297
260
|
|
261
|
+
namespace grpc_core {
|
262
|
+
namespace internal {
|
263
|
+
|
264
|
+
void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker) {
|
265
|
+
g_gce_tenancy_checker = checker;
|
266
|
+
}
|
267
|
+
|
268
|
+
} // namespace internal
|
269
|
+
} // namespace grpc_core
|
270
|
+
|
298
271
|
void grpc_flush_cached_google_default_credentials(void) {
|
299
272
|
grpc_core::ExecCtx exec_ctx;
|
300
273
|
gpr_once_init(&g_once, init_default_credentials);
|
301
274
|
gpr_mu_lock(&g_state_mu);
|
302
|
-
if (
|
303
|
-
grpc_channel_credentials_unref(
|
304
|
-
|
275
|
+
if (g_default_credentials != nullptr) {
|
276
|
+
grpc_channel_credentials_unref(g_default_credentials);
|
277
|
+
g_default_credentials = nullptr;
|
305
278
|
}
|
306
|
-
|
279
|
+
g_compute_engine_detection_done = 0;
|
307
280
|
gpr_mu_unlock(&g_state_mu);
|
308
281
|
}
|
309
282
|
|
@@ -39,7 +39,23 @@
|
|
39
39
|
"/" GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE
|
40
40
|
#endif
|
41
41
|
|
42
|
+
typedef struct {
|
43
|
+
grpc_channel_credentials base;
|
44
|
+
grpc_channel_credentials* alts_creds;
|
45
|
+
grpc_channel_credentials* ssl_creds;
|
46
|
+
} grpc_google_default_channel_credentials;
|
47
|
+
|
42
48
|
void grpc_flush_cached_google_default_credentials(void);
|
43
49
|
|
50
|
+
namespace grpc_core {
|
51
|
+
namespace internal {
|
52
|
+
|
53
|
+
typedef bool (*grpc_gce_tenancy_checker)(void);
|
54
|
+
|
55
|
+
void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker);
|
56
|
+
|
57
|
+
} // namespace internal
|
58
|
+
} // namespace grpc_core
|
59
|
+
|
44
60
|
#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_GOOGLE_DEFAULT_CREDENTIALS_H \
|
45
61
|
*/
|
@@ -219,9 +219,11 @@ static void on_oauth2_token_fetcher_http_response(void* user_data,
|
|
219
219
|
gpr_mu_lock(&c->mu);
|
220
220
|
c->token_fetch_pending = false;
|
221
221
|
c->access_token_md = GRPC_MDELEM_REF(access_token_md);
|
222
|
-
c->token_expiration =
|
223
|
-
|
224
|
-
|
222
|
+
c->token_expiration =
|
223
|
+
status == GRPC_CREDENTIALS_OK
|
224
|
+
? gpr_time_add(gpr_now(GPR_CLOCK_MONOTONIC),
|
225
|
+
gpr_time_from_millis(token_lifetime, GPR_TIMESPAN))
|
226
|
+
: gpr_inf_past(GPR_CLOCK_MONOTONIC);
|
225
227
|
grpc_oauth2_pending_get_request_metadata* pending_request =
|
226
228
|
c->pending_requests;
|
227
229
|
c->pending_requests = nullptr;
|
@@ -259,8 +261,10 @@ static bool oauth2_token_fetcher_get_request_metadata(
|
|
259
261
|
grpc_mdelem cached_access_token_md = GRPC_MDNULL;
|
260
262
|
gpr_mu_lock(&c->mu);
|
261
263
|
if (!GRPC_MDISNULL(c->access_token_md) &&
|
262
|
-
(
|
263
|
-
|
264
|
+
gpr_time_cmp(
|
265
|
+
gpr_time_sub(c->token_expiration, gpr_now(GPR_CLOCK_MONOTONIC)),
|
266
|
+
gpr_time_from_seconds(GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS,
|
267
|
+
GPR_TIMESPAN)) > 0) {
|
264
268
|
cached_access_token_md = GRPC_MDELEM_REF(c->access_token_md);
|
265
269
|
}
|
266
270
|
if (!GRPC_MDISNULL(cached_access_token_md)) {
|
@@ -333,7 +337,7 @@ static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials* c,
|
|
333
337
|
c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
|
334
338
|
gpr_ref_init(&c->base.refcount, 1);
|
335
339
|
gpr_mu_init(&c->mu);
|
336
|
-
c->token_expiration =
|
340
|
+
c->token_expiration = gpr_inf_past(GPR_CLOCK_MONOTONIC);
|
337
341
|
c->fetch_func = fetch_func;
|
338
342
|
c->pollent =
|
339
343
|
grpc_polling_entity_create_from_pollset_set(grpc_pollset_set_create());
|
@@ -71,7 +71,7 @@ typedef struct {
|
|
71
71
|
grpc_call_credentials base;
|
72
72
|
gpr_mu mu;
|
73
73
|
grpc_mdelem access_token_md;
|
74
|
-
|
74
|
+
gpr_timespec token_expiration;
|
75
75
|
bool token_fetch_pending;
|
76
76
|
grpc_oauth2_pending_get_request_metadata* pending_requests;
|
77
77
|
grpc_httpcli_context httpcli_context;
|
@@ -30,6 +30,7 @@
|
|
30
30
|
|
31
31
|
#include "src/core/lib/security/credentials/alts/alts_credentials.h"
|
32
32
|
#include "src/core/lib/security/transport/security_handshaker.h"
|
33
|
+
#include "src/core/lib/slice/slice_internal.h"
|
33
34
|
#include "src/core/lib/transport/transport.h"
|
34
35
|
#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
|
35
36
|
|
@@ -133,7 +134,7 @@ grpc_security_status grpc_alts_auth_context_from_tsi_peer(
|
|
133
134
|
rpc_versions_prop->value.data, rpc_versions_prop->value.length);
|
134
135
|
bool decode_result =
|
135
136
|
grpc_gcp_rpc_protocol_versions_decode(slice, &peer_versions);
|
136
|
-
|
137
|
+
grpc_slice_unref_internal(slice);
|
137
138
|
if (!decode_result) {
|
138
139
|
gpr_log(GPR_ERROR, "Invalid peer rpc protocol versions.");
|
139
140
|
return GRPC_SECURITY_ERROR;
|
@@ -44,7 +44,6 @@
|
|
44
44
|
#include "src/core/lib/security/transport/target_authority_table.h"
|
45
45
|
#include "src/core/tsi/fake_transport_security.h"
|
46
46
|
#include "src/core/tsi/ssl_transport_security.h"
|
47
|
-
#include "src/core/tsi/transport_security_adapter.h"
|
48
47
|
|
49
48
|
grpc_core::DebugOnlyTraceFlag grpc_trace_security_connector_refcount(
|
50
49
|
false, "security_connector_refcount");
|
@@ -70,8 +69,11 @@ void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb) {
|
|
70
69
|
|
71
70
|
/* Defines the cipher suites that we accept by default. All these cipher suites
|
72
71
|
are compliant with HTTP2. */
|
73
|
-
#define GRPC_SSL_CIPHER_SUITES
|
74
|
-
"ECDHE-
|
72
|
+
#define GRPC_SSL_CIPHER_SUITES \
|
73
|
+
"ECDHE-ECDSA-AES128-GCM-SHA256:" \
|
74
|
+
"ECDHE-ECDSA-AES256-GCM-SHA384:" \
|
75
|
+
"ECDHE-RSA-AES128-GCM-SHA256:" \
|
76
|
+
"ECDHE-RSA-AES256-GCM-SHA384"
|
75
77
|
|
76
78
|
static gpr_once cipher_suites_once = GPR_ONCE_INIT;
|
77
79
|
static const char* cipher_suites = nullptr;
|
@@ -673,8 +675,7 @@ static void ssl_channel_add_handshakers(grpc_channel_security_connector* sc,
|
|
673
675
|
}
|
674
676
|
// Create handshakers.
|
675
677
|
grpc_handshake_manager_add(
|
676
|
-
handshake_mgr, grpc_security_handshaker_create(
|
677
|
-
tsi_create_adapter_handshaker(tsi_hs), &sc->base));
|
678
|
+
handshake_mgr, grpc_security_handshaker_create(tsi_hs, &sc->base));
|
678
679
|
}
|
679
680
|
|
680
681
|
static const char** fill_alpn_protocol_strings(size_t* num_alpn_protocols) {
|
@@ -782,8 +783,7 @@ static void ssl_server_add_handshakers(grpc_server_security_connector* sc,
|
|
782
783
|
}
|
783
784
|
// Create handshakers.
|
784
785
|
grpc_handshake_manager_add(
|
785
|
-
handshake_mgr, grpc_security_handshaker_create(
|
786
|
-
tsi_create_adapter_handshaker(tsi_hs), &sc->base));
|
786
|
+
handshake_mgr, grpc_security_handshaker_create(tsi_hs, &sc->base));
|
787
787
|
}
|
788
788
|
|
789
789
|
int grpc_ssl_host_matches_name(const tsi_peer* peer, const char* peer_name) {
|
@@ -380,6 +380,7 @@ static void security_handshaker_shutdown(grpc_handshaker* handshaker,
|
|
380
380
|
gpr_mu_lock(&h->mu);
|
381
381
|
if (!h->shutdown) {
|
382
382
|
h->shutdown = true;
|
383
|
+
tsi_handshaker_shutdown(h->handshaker);
|
383
384
|
grpc_endpoint_shutdown(h->args->endpoint, GRPC_ERROR_REF(why));
|
384
385
|
cleanup_args_for_failure_locked(h);
|
385
386
|
}
|
@@ -29,6 +29,10 @@ const char* grpc_json_get_string_property(const grpc_json* json,
|
|
29
29
|
const char* prop_name) {
|
30
30
|
grpc_json* child;
|
31
31
|
for (child = json->child; child != nullptr; child = child->next) {
|
32
|
+
if (child->key == nullptr) {
|
33
|
+
gpr_log(GPR_ERROR, "Invalid (null) JSON key encountered");
|
34
|
+
return nullptr;
|
35
|
+
}
|
32
36
|
if (strcmp(child->key, prop_name) == 0) break;
|
33
37
|
}
|
34
38
|
if (child == nullptr || child->type != GRPC_JSON_STRING) {
|
@@ -333,14 +333,26 @@ void grpc_slice_buffer_trim_end(grpc_slice_buffer* sb, size_t n,
|
|
333
333
|
size_t slice_len = GRPC_SLICE_LENGTH(slice);
|
334
334
|
if (slice_len > n) {
|
335
335
|
sb->slices[idx] = grpc_slice_split_head(&slice, slice_len - n);
|
336
|
-
|
336
|
+
if (garbage) {
|
337
|
+
grpc_slice_buffer_add_indexed(garbage, slice);
|
338
|
+
} else {
|
339
|
+
grpc_slice_unref_internal(slice);
|
340
|
+
}
|
337
341
|
return;
|
338
342
|
} else if (slice_len == n) {
|
339
|
-
|
343
|
+
if (garbage) {
|
344
|
+
grpc_slice_buffer_add_indexed(garbage, slice);
|
345
|
+
} else {
|
346
|
+
grpc_slice_unref_internal(slice);
|
347
|
+
}
|
340
348
|
sb->count = idx;
|
341
349
|
return;
|
342
350
|
} else {
|
343
|
-
|
351
|
+
if (garbage) {
|
352
|
+
grpc_slice_buffer_add_indexed(garbage, slice);
|
353
|
+
} else {
|
354
|
+
grpc_slice_unref_internal(slice);
|
355
|
+
}
|
344
356
|
n -= slice_len;
|
345
357
|
sb->count = idx;
|
346
358
|
}
|