grpc 1.17.1 → 1.18.0.pre1

data/src/core/lib/security/credentials/composite/composite_credentials.h

@@ -21,39 +21,75 @@
 
 #include <grpc/support/port_platform.h>
 
+#include "src/core/lib/gprpp/inlined_vector.h"
+#include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/security/credentials/credentials.h"
 
-typedef struct {
-  grpc_call_credentials** creds_array;
-  size_t num_creds;
-} grpc_call_credentials_array;
+/* -- Composite channel credentials. -- */
 
-const grpc_call_credentials_array*
-grpc_composite_call_credentials_get_credentials(
-    grpc_call_credentials* composite_creds);
+class grpc_composite_channel_credentials : public grpc_channel_credentials {
+ public:
+  grpc_composite_channel_credentials(
+      grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,
+      grpc_core::RefCountedPtr<grpc_call_credentials> call_creds)
+      : grpc_channel_credentials(channel_creds->type()),
+        inner_creds_(std::move(channel_creds)),
+        call_creds_(std::move(call_creds)) {}
 
-/* Returns creds if creds is of the specified type or the inner creds of the
-   specified type (if found), if the creds is of type COMPOSITE.
-   If composite_creds is not NULL, *composite_creds will point to creds if of
-   type COMPOSITE in case of success. */
-grpc_call_credentials* grpc_credentials_contains_type(
-    grpc_call_credentials* creds, const char* type,
-    grpc_call_credentials** composite_creds);
+  ~grpc_composite_channel_credentials() override = default;
 
-/* -- Composite channel credentials. -- */
+  grpc_core::RefCountedPtr<grpc_channel_credentials>
+  duplicate_without_call_credentials() override {
+    return inner_creds_;
+  }
+
+  grpc_core::RefCountedPtr<grpc_channel_security_connector>
+  create_security_connector(
+      grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
+      const char* target, const grpc_channel_args* args,
+      grpc_channel_args** new_args) override;
 
-typedef struct {
-  grpc_channel_credentials base;
-  grpc_channel_credentials* inner_creds;
-  grpc_call_credentials* call_creds;
-} grpc_composite_channel_credentials;
+  const grpc_channel_credentials* inner_creds() const {
+    return inner_creds_.get();
+  }
+  const grpc_call_credentials* call_creds() const { return call_creds_.get(); }
+  grpc_call_credentials* mutable_call_creds() { return call_creds_.get(); }
+
+ private:
+  grpc_core::RefCountedPtr<grpc_channel_credentials> inner_creds_;
+  grpc_core::RefCountedPtr<grpc_call_credentials> call_creds_;
+};
 
 /* -- Composite call credentials. -- */
 
-typedef struct {
-  grpc_call_credentials base;
-  grpc_call_credentials_array inner;
-} grpc_composite_call_credentials;
+class grpc_composite_call_credentials : public grpc_call_credentials {
+ public:
+  using CallCredentialsList =
+      grpc_core::InlinedVector<grpc_core::RefCountedPtr<grpc_call_credentials>,
+                               2>;
+
+  grpc_composite_call_credentials(
+      grpc_core::RefCountedPtr<grpc_call_credentials> creds1,
+      grpc_core::RefCountedPtr<grpc_call_credentials> creds2);
+  ~grpc_composite_call_credentials() override = default;
+
+  bool get_request_metadata(grpc_polling_entity* pollent,
+                            grpc_auth_metadata_context context,
+                            grpc_credentials_mdelem_array* md_array,
+                            grpc_closure* on_request_metadata,
+                            grpc_error** error) override;
+
+  void cancel_get_request_metadata(grpc_credentials_mdelem_array* md_array,
+                                   grpc_error* error) override;
+
+  const CallCredentialsList& inner() const { return inner_; }
+
+ private:
+  void push_to_inner(grpc_core::RefCountedPtr<grpc_call_credentials> creds,
+                     bool is_composite);
+
+  CallCredentialsList inner_;
+};
 
 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_COMPOSITE_COMPOSITE_CREDENTIALS_H \
         */

data/src/core/lib/security/credentials/credentials.cc

@@ -39,120 +39,24 @@
 
 /* -- Common. -- */
 
-grpc_credentials_metadata_request* grpc_credentials_metadata_request_create(
-    grpc_call_credentials* creds) {
-  grpc_credentials_metadata_request* r =
-      static_cast<grpc_credentials_metadata_request*>(
-          gpr_zalloc(sizeof(grpc_credentials_metadata_request)));
-  r->creds = grpc_call_credentials_ref(creds);
-  return r;
-}
-
-void grpc_credentials_metadata_request_destroy(
-    grpc_credentials_metadata_request* r) {
-  grpc_call_credentials_unref(r->creds);
-  grpc_http_response_destroy(&r->response);
-  gpr_free(r);
-}
-
-grpc_channel_credentials* grpc_channel_credentials_ref(
-    grpc_channel_credentials* creds) {
-  if (creds == nullptr) return nullptr;
-  gpr_ref(&creds->refcount);
-  return creds;
-}
-
-void grpc_channel_credentials_unref(grpc_channel_credentials* creds) {
-  if (creds == nullptr) return;
-  if (gpr_unref(&creds->refcount)) {
-    if (creds->vtable->destruct != nullptr) {
-      creds->vtable->destruct(creds);
-    }
-    gpr_free(creds);
-  }
-}
-
 void grpc_channel_credentials_release(grpc_channel_credentials* creds) {
   GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds));
   grpc_core::ExecCtx exec_ctx;
-  grpc_channel_credentials_unref(creds);
-}
-
-grpc_call_credentials* grpc_call_credentials_ref(grpc_call_credentials* creds) {
-  if (creds == nullptr) return nullptr;
-  gpr_ref(&creds->refcount);
-  return creds;
-}
-
-void grpc_call_credentials_unref(grpc_call_credentials* creds) {
-  if (creds == nullptr) return;
-  if (gpr_unref(&creds->refcount)) {
-    if (creds->vtable->destruct != nullptr) {
-      creds->vtable->destruct(creds);
-    }
-    gpr_free(creds);
-  }
+  if (creds) creds->Unref();
 }
 
 void grpc_call_credentials_release(grpc_call_credentials* creds) {
   GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds));
   grpc_core::ExecCtx exec_ctx;
-  grpc_call_credentials_unref(creds);
-}
-
-bool grpc_call_credentials_get_request_metadata(
-    grpc_call_credentials* creds, grpc_polling_entity* pollent,
-    grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array,
-    grpc_closure* on_request_metadata, grpc_error** error) {
-  if (creds == nullptr || creds->vtable->get_request_metadata == nullptr) {
-    return true;
-  }
-  return creds->vtable->get_request_metadata(creds, pollent, context, md_array,
-                                             on_request_metadata, error);
-}
-
-void grpc_call_credentials_cancel_get_request_metadata(
-    grpc_call_credentials* creds, grpc_credentials_mdelem_array* md_array,
-    grpc_error* error) {
-  if (creds == nullptr ||
-      creds->vtable->cancel_get_request_metadata == nullptr) {
-    return;
-  }
-  creds->vtable->cancel_get_request_metadata(creds, md_array, error);
-}
-
-grpc_security_status grpc_channel_credentials_create_security_connector(
-    grpc_channel_credentials* channel_creds, const char* target,
-    const grpc_channel_args* args, grpc_channel_security_connector** sc,
-    grpc_channel_args** new_args) {
-  *new_args = nullptr;
-  if (channel_creds == nullptr) {
-    return GRPC_SECURITY_ERROR;
-  }
-  GPR_ASSERT(channel_creds->vtable->create_security_connector != nullptr);
-  return channel_creds->vtable->create_security_connector(
-      channel_creds, nullptr, target, args, sc, new_args);
-}
-
-grpc_channel_credentials*
-grpc_channel_credentials_duplicate_without_call_credentials(
-    grpc_channel_credentials* channel_creds) {
-  if (channel_creds != nullptr && channel_creds->vtable != nullptr &&
-      channel_creds->vtable->duplicate_without_call_credentials != nullptr) {
-    return channel_creds->vtable->duplicate_without_call_credentials(
-        channel_creds);
-  } else {
-    return grpc_channel_credentials_ref(channel_creds);
-  }
+  if (creds) creds->Unref();
 }
 
 static void credentials_pointer_arg_destroy(void* p) {
-  grpc_channel_credentials_unref(static_cast<grpc_channel_credentials*>(p));
+  static_cast<grpc_channel_credentials*>(p)->Unref();
 }
 
 static void* credentials_pointer_arg_copy(void* p) {
-  return grpc_channel_credentials_ref(
-      static_cast<grpc_channel_credentials*>(p));
+  return static_cast<grpc_channel_credentials*>(p)->Ref().release();
 }
 
 static int credentials_pointer_cmp(void* a, void* b) { return GPR_ICMP(a, b); }
@@ -191,63 +95,35 @@ grpc_channel_credentials* grpc_channel_credentials_find_in_args(
   return nullptr;
 }
 
-grpc_server_credentials* grpc_server_credentials_ref(
-    grpc_server_credentials* creds) {
-  if (creds == nullptr) return nullptr;
-  gpr_ref(&creds->refcount);
-  return creds;
-}
-
-void grpc_server_credentials_unref(grpc_server_credentials* creds) {
-  if (creds == nullptr) return;
-  if (gpr_unref(&creds->refcount)) {
-    if (creds->vtable->destruct != nullptr) {
-      creds->vtable->destruct(creds);
-    }
-    if (creds->processor.destroy != nullptr &&
-        creds->processor.state != nullptr) {
-      creds->processor.destroy(creds->processor.state);
-    }
-    gpr_free(creds);
-  }
-}
-
 void grpc_server_credentials_release(grpc_server_credentials* creds) {
   GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds));
   grpc_core::ExecCtx exec_ctx;
-  grpc_server_credentials_unref(creds);
+  if (creds) creds->Unref();
 }
 
-grpc_security_status grpc_server_credentials_create_security_connector(
-    grpc_server_credentials* creds, grpc_server_security_connector** sc) {
-  if (creds == nullptr || creds->vtable->create_security_connector == nullptr) {
-    gpr_log(GPR_ERROR, "Server credentials cannot create security context.");
-    return GRPC_SECURITY_ERROR;
-  }
-  return creds->vtable->create_security_connector(creds, sc);
-}
-
-void grpc_server_credentials_set_auth_metadata_processor(
-    grpc_server_credentials* creds, grpc_auth_metadata_processor processor) {
+void grpc_server_credentials::set_auth_metadata_processor(
+    const grpc_auth_metadata_processor& processor) {
   GRPC_API_TRACE(
       "grpc_server_credentials_set_auth_metadata_processor("
       "creds=%p, "
       "processor=grpc_auth_metadata_processor { process: %p, state: %p })",
-      3, (creds, (void*)(intptr_t)processor.process, processor.state));
-  if (creds == nullptr) return;
-  if (creds->processor.destroy != nullptr &&
-      creds->processor.state != nullptr) {
-    creds->processor.destroy(creds->processor.state);
-  }
-  creds->processor = processor;
+      3, (this, (void*)(intptr_t)processor.process, processor.state));
+  DestroyProcessor();
+  processor_ = processor;
+}
+
+void grpc_server_credentials_set_auth_metadata_processor(
+    grpc_server_credentials* creds, grpc_auth_metadata_processor processor) {
+  GPR_DEBUG_ASSERT(creds != nullptr);
+  creds->set_auth_metadata_processor(processor);
 }
 
 static void server_credentials_pointer_arg_destroy(void* p) {
-  grpc_server_credentials_unref(static_cast<grpc_server_credentials*>(p));
+  static_cast<grpc_server_credentials*>(p)->Unref();
 }
 
 static void* server_credentials_pointer_arg_copy(void* p) {
-  return grpc_server_credentials_ref(static_cast<grpc_server_credentials*>(p));
+  return static_cast<grpc_server_credentials*>(p)->Ref().release();
 }
 
 static int server_credentials_pointer_cmp(void* a, void* b) {

data/src/core/lib/security/credentials/credentials.h

@@ -26,6 +26,7 @@
 #include <grpc/support/sync.h>
 #include "src/core/lib/transport/metadata_batch.h"
 
+#include "src/core/lib/gprpp/ref_counted.h"
 #include "src/core/lib/http/httpcli.h"
 #include "src/core/lib/http/parser.h"
 #include "src/core/lib/iomgr/polling_entity.h"
@@ -90,44 +91,46 @@ void grpc_override_well_known_credentials_path_getter(
 
 #define GRPC_ARG_CHANNEL_CREDENTIALS "grpc.channel_credentials"
 
-typedef struct {
-  void (*destruct)(grpc_channel_credentials* c);
-
-  grpc_security_status (*create_security_connector)(
-      grpc_channel_credentials* c, grpc_call_credentials* call_creds,
+// This type is forward declared as a C struct and we cannot define it as a
+// class. Otherwise, compiler will complain about type mismatch due to
+// -Wmismatched-tags.
+struct grpc_channel_credentials
+    : grpc_core::RefCounted<grpc_channel_credentials> {
+ public:
+  explicit grpc_channel_credentials(const char* type) : type_(type) {}
+  virtual ~grpc_channel_credentials() = default;
+
+  // Creates a security connector for the channel. May also create new channel
+  // args for the channel to be used in place of the passed in const args if
+  // returned non NULL. In that case the caller is responsible for destroying
+  // new_args after channel creation.
+  virtual grpc_core::RefCountedPtr<grpc_channel_security_connector>
+  create_security_connector(
+      grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
       const char* target, const grpc_channel_args* args,
-      grpc_channel_security_connector** sc, grpc_channel_args** new_args);
-
-  grpc_channel_credentials* (*duplicate_without_call_credentials)(
-      grpc_channel_credentials* c);
-} grpc_channel_credentials_vtable;
-
-struct grpc_channel_credentials {
-  const grpc_channel_credentials_vtable* vtable;
-  const char* type;
-  gpr_refcount refcount;
+      grpc_channel_args** new_args) {
+    // Tell clang-tidy that call_creds cannot be passed as const-ref.
+    call_creds.reset();
+    GRPC_ABSTRACT;
+  }
+
+  // Creates a version of the channel credentials without any attached call
+  // credentials. This can be used in order to open a channel to a non-trusted
+  // gRPC load balancer.
+  virtual grpc_core::RefCountedPtr<grpc_channel_credentials>
+  duplicate_without_call_credentials() {
+    // By default we just increment the refcount.
+    return Ref();
+  }
+
+  const char* type() const { return type_; }
+
+  GRPC_ABSTRACT_BASE_CLASS
+
+ private:
+  const char* type_;
 };
 
-grpc_channel_credentials* grpc_channel_credentials_ref(
-    grpc_channel_credentials* creds);
-void grpc_channel_credentials_unref(grpc_channel_credentials* creds);
-
-/* Creates a security connector for the channel. May also create new channel
-   args for the channel to be used in place of the passed in const args if
-   returned non NULL. In that case the caller is responsible for destroying
-   new_args after channel creation. */
-grpc_security_status grpc_channel_credentials_create_security_connector(
-    grpc_channel_credentials* creds, const char* target,
-    const grpc_channel_args* args, grpc_channel_security_connector** sc,
-    grpc_channel_args** new_args);
-
-/* Creates a version of the channel credentials without any attached call
-   credentials. This can be used in order to open a channel to a non-trusted
-   gRPC load balancer. */
-grpc_channel_credentials*
-grpc_channel_credentials_duplicate_without_call_credentials(
-    grpc_channel_credentials* creds);
-
 /* Util to encapsulate the channel credentials in a channel arg. */
 grpc_arg grpc_channel_credentials_to_arg(grpc_channel_credentials* credentials);
 
@@ -158,44 +161,39 @@ void grpc_credentials_mdelem_array_destroy(grpc_credentials_mdelem_array* list);
 
 /* --- grpc_call_credentials. --- */
 
-typedef struct {
-  void (*destruct)(grpc_call_credentials* c);
-  bool (*get_request_metadata)(grpc_call_credentials* c,
-                               grpc_polling_entity* pollent,
-                               grpc_auth_metadata_context context,
-                               grpc_credentials_mdelem_array* md_array,
-                               grpc_closure* on_request_metadata,
-                               grpc_error** error);
-  void (*cancel_get_request_metadata)(grpc_call_credentials* c,
-                                      grpc_credentials_mdelem_array* md_array,
-                                      grpc_error* error);
-} grpc_call_credentials_vtable;
-
-struct grpc_call_credentials {
-  const grpc_call_credentials_vtable* vtable;
-  const char* type;
-  gpr_refcount refcount;
+// This type is forward declared as a C struct and we cannot define it as a
+// class. Otherwise, compiler will complain about type mismatch due to
+// -Wmismatched-tags.
+struct grpc_call_credentials
+    : public grpc_core::RefCounted<grpc_call_credentials> {
+ public:
+  explicit grpc_call_credentials(const char* type) : type_(type) {}
+  virtual ~grpc_call_credentials() = default;
+
+  // Returns true if completed synchronously, in which case \a error will
+  // be set to indicate the result.  Otherwise, \a on_request_metadata will
+  // be invoked asynchronously when complete.  \a md_array will be populated
+  // with the resulting metadata once complete.
+  virtual bool get_request_metadata(grpc_polling_entity* pollent,
+                                    grpc_auth_metadata_context context,
+                                    grpc_credentials_mdelem_array* md_array,
+                                    grpc_closure* on_request_metadata,
+                                    grpc_error** error) GRPC_ABSTRACT;
+
+  // Cancels a pending asynchronous operation started by
+  // grpc_call_credentials_get_request_metadata() with the corresponding
+  // value of \a md_array.
+  virtual void cancel_get_request_metadata(
+      grpc_credentials_mdelem_array* md_array, grpc_error* error) GRPC_ABSTRACT;
+
+  const char* type() const { return type_; }
+
+  GRPC_ABSTRACT_BASE_CLASS
+
+ private:
+  const char* type_;
 };
 
-grpc_call_credentials* grpc_call_credentials_ref(grpc_call_credentials* creds);
-void grpc_call_credentials_unref(grpc_call_credentials* creds);
-
-/// Returns true if completed synchronously, in which case \a error will
-/// be set to indicate the result.  Otherwise, \a on_request_metadata will
-/// be invoked asynchronously when complete.  \a md_array will be populated
-/// with the resulting metadata once complete.
-bool grpc_call_credentials_get_request_metadata(
-    grpc_call_credentials* creds, grpc_polling_entity* pollent,
-    grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array,
-    grpc_closure* on_request_metadata, grpc_error** error);
-
-/// Cancels a pending asynchronous operation started by
-/// grpc_call_credentials_get_request_metadata() with the corresponding
-/// value of \a md_array.
-void grpc_call_credentials_cancel_get_request_metadata(
-    grpc_call_credentials* c, grpc_credentials_mdelem_array* md_array,
-    grpc_error* error);
-
 /* Metadata-only credentials with the specified key and value where
    asynchronicity can be simulated for testing. */
 grpc_call_credentials* grpc_md_only_test_credentials_create(
@@ -203,26 +201,40 @@ grpc_call_credentials* grpc_md_only_test_credentials_create(
 
 /* --- grpc_server_credentials. --- */
 
-typedef struct {
-  void (*destruct)(grpc_server_credentials* c);
-  grpc_security_status (*create_security_connector)(
-      grpc_server_credentials* c, grpc_server_security_connector** sc);
-} grpc_server_credentials_vtable;
-
-struct grpc_server_credentials {
-  const grpc_server_credentials_vtable* vtable;
-  const char* type;
-  gpr_refcount refcount;
-  grpc_auth_metadata_processor processor;
-};
+// This type is forward declared as a C struct and we cannot define it as a
+// class. Otherwise, compiler will complain about type mismatch due to
+// -Wmismatched-tags.
+struct grpc_server_credentials
+    : public grpc_core::RefCounted<grpc_server_credentials> {
+ public:
+  explicit grpc_server_credentials(const char* type) : type_(type) {}
 
-grpc_security_status grpc_server_credentials_create_security_connector(
-    grpc_server_credentials* creds, grpc_server_security_connector** sc);
+  virtual ~grpc_server_credentials() { DestroyProcessor(); }
 
-grpc_server_credentials* grpc_server_credentials_ref(
-    grpc_server_credentials* creds);
+  virtual grpc_core::RefCountedPtr<grpc_server_security_connector>
+  create_security_connector() GRPC_ABSTRACT;
 
-void grpc_server_credentials_unref(grpc_server_credentials* creds);
+  const char* type() const { return type_; }
+
+  const grpc_auth_metadata_processor& auth_metadata_processor() const {
+    return processor_;
+  }
+  void set_auth_metadata_processor(
+      const grpc_auth_metadata_processor& processor);
+
+  GRPC_ABSTRACT_BASE_CLASS
+
+ private:
+  void DestroyProcessor() {
+    if (processor_.destroy != nullptr && processor_.state != nullptr) {
+      processor_.destroy(processor_.state);
+    }
+  }
+
+  const char* type_;
+  grpc_auth_metadata_processor processor_ =
+      grpc_auth_metadata_processor();  // Zero-initialize the C struct.
+};
 
 #define GRPC_SERVER_CREDENTIALS_ARG "grpc.server_credentials"
 
@@ -233,15 +245,27 @@ grpc_server_credentials* grpc_find_server_credentials_in_args(
 
 /* -- Credentials Metadata Request. -- */
 
-typedef struct {
-  grpc_call_credentials* creds;
+struct grpc_credentials_metadata_request {
+  explicit grpc_credentials_metadata_request(
+      grpc_core::RefCountedPtr<grpc_call_credentials> creds)
+      : creds(std::move(creds)) {}
+  ~grpc_credentials_metadata_request() {
+    grpc_http_response_destroy(&response);
+  }
+
+  grpc_core::RefCountedPtr<grpc_call_credentials> creds;
   grpc_http_response response;
-} grpc_credentials_metadata_request;
+};
 
-grpc_credentials_metadata_request* grpc_credentials_metadata_request_create(
-    grpc_call_credentials* creds);
+inline grpc_credentials_metadata_request*
+grpc_credentials_metadata_request_create(
+    grpc_core::RefCountedPtr<grpc_call_credentials> creds) {
+  return grpc_core::New<grpc_credentials_metadata_request>(std::move(creds));
+}
 
-void grpc_credentials_metadata_request_destroy(
-    grpc_credentials_metadata_request* r);
+inline void grpc_credentials_metadata_request_destroy(
+    grpc_credentials_metadata_request* r) {
+  grpc_core::Delete(r);
+}
 
 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H */