grpc 1.17.1 → 1.18.0.pre1

data/src/core/lib/security/credentials/local/local_credentials.h

@@ -25,16 +25,37 @@
 
 #include "src/core/lib/security/credentials/credentials.h"
 
-/* Main struct for grpc local channel credential. */
-typedef struct grpc_local_credentials {
-  grpc_channel_credentials base;
-  grpc_local_connect_type connect_type;
-} grpc_local_credentials;
-
-/* Main struct for grpc local server credential. */
-typedef struct grpc_local_server_credentials {
-  grpc_server_credentials base;
-  grpc_local_connect_type connect_type;
-} grpc_local_server_credentials;
+/* Main class for grpc local channel credential. */
+class grpc_local_credentials final : public grpc_channel_credentials {
+ public:
+  explicit grpc_local_credentials(grpc_local_connect_type connect_type);
+  ~grpc_local_credentials() override = default;
+
+  grpc_core::RefCountedPtr<grpc_channel_security_connector>
+  create_security_connector(
+      grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds,
+      const char* target_name, const grpc_channel_args* args,
+      grpc_channel_args** new_args) override;
+
+  grpc_local_connect_type connect_type() const { return connect_type_; }
+
+ private:
+  grpc_local_connect_type connect_type_;
+};
+
+/* Main class for grpc local server credential. */
+class grpc_local_server_credentials final : public grpc_server_credentials {
+ public:
+  explicit grpc_local_server_credentials(grpc_local_connect_type connect_type);
+  ~grpc_local_server_credentials() override = default;
+
+  grpc_core::RefCountedPtr<grpc_server_security_connector>
+  create_security_connector() override;
+
+  grpc_local_connect_type connect_type() const { return connect_type_; }
+
+ private:
+  grpc_local_connect_type connect_type_;
+};
 
 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_LOCAL_LOCAL_CREDENTIALS_H */

data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc

@@ -22,6 +22,7 @@
 
 #include <string.h>
 
+#include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/security/util/json_util.h"
 #include "src/core/lib/surface/api_trace.h"
 
@@ -105,13 +106,12 @@ void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token* refresh_token) {
 // Oauth2 Token Fetcher credentials.
 //
 
-static void oauth2_token_fetcher_destruct(grpc_call_credentials* creds) {
-  grpc_oauth2_token_fetcher_credentials* c =
-      reinterpret_cast<grpc_oauth2_token_fetcher_credentials*>(creds);
-  GRPC_MDELEM_UNREF(c->access_token_md);
-  gpr_mu_destroy(&c->mu);
-  grpc_pollset_set_destroy(grpc_polling_entity_pollset_set(&c->pollent));
-  grpc_httpcli_context_destroy(&c->httpcli_context);
+grpc_oauth2_token_fetcher_credentials::
+    ~grpc_oauth2_token_fetcher_credentials() {
+  GRPC_MDELEM_UNREF(access_token_md_);
+  gpr_mu_destroy(&mu_);
+  grpc_pollset_set_destroy(grpc_polling_entity_pollset_set(&pollent_));
+  grpc_httpcli_context_destroy(&httpcli_context_);
 }
 
 grpc_credentials_status
@@ -209,25 +209,29 @@ static void on_oauth2_token_fetcher_http_response(void* user_data,
   grpc_credentials_metadata_request* r =
       static_cast<grpc_credentials_metadata_request*>(user_data);
   grpc_oauth2_token_fetcher_credentials* c =
-      reinterpret_cast<grpc_oauth2_token_fetcher_credentials*>(r->creds);
+      reinterpret_cast<grpc_oauth2_token_fetcher_credentials*>(r->creds.get());
+  c->on_http_response(r, error);
+}
+
+void grpc_oauth2_token_fetcher_credentials::on_http_response(
+    grpc_credentials_metadata_request* r, grpc_error* error) {
   grpc_mdelem access_token_md = GRPC_MDNULL;
   grpc_millis token_lifetime;
   grpc_credentials_status status =
       grpc_oauth2_token_fetcher_credentials_parse_server_response(
           &r->response, &access_token_md, &token_lifetime);
   // Update cache and grab list of pending requests.
-  gpr_mu_lock(&c->mu);
-  c->token_fetch_pending = false;
-  c->access_token_md = GRPC_MDELEM_REF(access_token_md);
-  c->token_expiration =
+  gpr_mu_lock(&mu_);
+  token_fetch_pending_ = false;
+  access_token_md_ = GRPC_MDELEM_REF(access_token_md);
+  token_expiration_ =
       status == GRPC_CREDENTIALS_OK
           ? gpr_time_add(gpr_now(GPR_CLOCK_MONOTONIC),
                          gpr_time_from_millis(token_lifetime, GPR_TIMESPAN))
           : gpr_inf_past(GPR_CLOCK_MONOTONIC);
-  grpc_oauth2_pending_get_request_metadata* pending_request =
-      c->pending_requests;
-  c->pending_requests = nullptr;
-  gpr_mu_unlock(&c->mu);
+  grpc_oauth2_pending_get_request_metadata* pending_request = pending_requests_;
+  pending_requests_ = nullptr;
+  gpr_mu_unlock(&mu_);
   // Invoke callbacks for all pending requests.
   while (pending_request != nullptr) {
     if (status == GRPC_CREDENTIALS_OK) {
@@ -239,42 +243,40 @@ static void on_oauth2_token_fetcher_http_response(void* user_data,
     }
     GRPC_CLOSURE_SCHED(pending_request->on_request_metadata, error);
     grpc_polling_entity_del_from_pollset_set(
-        pending_request->pollent, grpc_polling_entity_pollset_set(&c->pollent));
+        pending_request->pollent, grpc_polling_entity_pollset_set(&pollent_));
     grpc_oauth2_pending_get_request_metadata* prev = pending_request;
     pending_request = pending_request->next;
     gpr_free(prev);
   }
   GRPC_MDELEM_UNREF(access_token_md);
-  grpc_call_credentials_unref(r->creds);
+  Unref();
   grpc_credentials_metadata_request_destroy(r);
 }
 
-static bool oauth2_token_fetcher_get_request_metadata(
-    grpc_call_credentials* creds, grpc_polling_entity* pollent,
-    grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array,
-    grpc_closure* on_request_metadata, grpc_error** error) {
-  grpc_oauth2_token_fetcher_credentials* c =
-      reinterpret_cast<grpc_oauth2_token_fetcher_credentials*>(creds);
+bool grpc_oauth2_token_fetcher_credentials::get_request_metadata(
+    grpc_polling_entity* pollent, grpc_auth_metadata_context context,
+    grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata,
+    grpc_error** error) {
   // Check if we can use the cached token.
   grpc_millis refresh_threshold =
       GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS * GPR_MS_PER_SEC;
   grpc_mdelem cached_access_token_md = GRPC_MDNULL;
-  gpr_mu_lock(&c->mu);
-  if (!GRPC_MDISNULL(c->access_token_md) &&
+  gpr_mu_lock(&mu_);
+  if (!GRPC_MDISNULL(access_token_md_) &&
       gpr_time_cmp(
-          gpr_time_sub(c->token_expiration, gpr_now(GPR_CLOCK_MONOTONIC)),
+          gpr_time_sub(token_expiration_, gpr_now(GPR_CLOCK_MONOTONIC)),
           gpr_time_from_seconds(GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS,
                                 GPR_TIMESPAN)) > 0) {
-    cached_access_token_md = GRPC_MDELEM_REF(c->access_token_md);
+    cached_access_token_md = GRPC_MDELEM_REF(access_token_md_);
   }
   if (!GRPC_MDISNULL(cached_access_token_md)) {
-    gpr_mu_unlock(&c->mu);
+    gpr_mu_unlock(&mu_);
     grpc_credentials_mdelem_array_add(md_array, cached_access_token_md);
     GRPC_MDELEM_UNREF(cached_access_token_md);
     return true;
   }
   // Couldn't get the token from the cache.
-  // Add request to c->pending_requests and start a new fetch if needed.
+  // Add request to pending_requests_ and start a new fetch if needed.
   grpc_oauth2_pending_get_request_metadata* pending_request =
       static_cast<grpc_oauth2_pending_get_request_metadata*>(
           gpr_malloc(sizeof(*pending_request)));
@@ -282,41 +284,37 @@ static bool oauth2_token_fetcher_get_request_metadata(
   pending_request->on_request_metadata = on_request_metadata;
   pending_request->pollent = pollent;
   grpc_polling_entity_add_to_pollset_set(
-      pollent, grpc_polling_entity_pollset_set(&c->pollent));
-  pending_request->next = c->pending_requests;
-  c->pending_requests = pending_request;
+      pollent, grpc_polling_entity_pollset_set(&pollent_));
+  pending_request->next = pending_requests_;
+  pending_requests_ = pending_request;
   bool start_fetch = false;
-  if (!c->token_fetch_pending) {
-    c->token_fetch_pending = true;
+  if (!token_fetch_pending_) {
+    token_fetch_pending_ = true;
     start_fetch = true;
   }
-  gpr_mu_unlock(&c->mu);
+  gpr_mu_unlock(&mu_);
   if (start_fetch) {
-    grpc_call_credentials_ref(creds);
-    c->fetch_func(grpc_credentials_metadata_request_create(creds),
-                  &c->httpcli_context, &c->pollent,
-                  on_oauth2_token_fetcher_http_response,
-                  grpc_core::ExecCtx::Get()->Now() + refresh_threshold);
+    Ref().release();
+    fetch_oauth2(grpc_credentials_metadata_request_create(this->Ref()),
+                 &httpcli_context_, &pollent_,
+                 on_oauth2_token_fetcher_http_response,
+                 grpc_core::ExecCtx::Get()->Now() + refresh_threshold);
   }
   return false;
 }
 
-static void oauth2_token_fetcher_cancel_get_request_metadata(
-    grpc_call_credentials* creds, grpc_credentials_mdelem_array* md_array,
-    grpc_error* error) {
-  grpc_oauth2_token_fetcher_credentials* c =
-      reinterpret_cast<grpc_oauth2_token_fetcher_credentials*>(creds);
-  gpr_mu_lock(&c->mu);
+void grpc_oauth2_token_fetcher_credentials::cancel_get_request_metadata(
+    grpc_credentials_mdelem_array* md_array, grpc_error* error) {
+  gpr_mu_lock(&mu_);
   grpc_oauth2_pending_get_request_metadata* prev = nullptr;
-  grpc_oauth2_pending_get_request_metadata* pending_request =
-      c->pending_requests;
+  grpc_oauth2_pending_get_request_metadata* pending_request = pending_requests_;
   while (pending_request != nullptr) {
     if (pending_request->md_array == md_array) {
       // Remove matching pending request from the list.
       if (prev != nullptr) {
         prev->next = pending_request->next;
       } else {
-        c->pending_requests = pending_request->next;
+        pending_requests_ = pending_request->next;
       }
       // Invoke the callback immediately with an error.
       GRPC_CLOSURE_SCHED(pending_request->on_request_metadata,
@@ -327,96 +325,89 @@ static void oauth2_token_fetcher_cancel_get_request_metadata(
     prev = pending_request;
     pending_request = pending_request->next;
   }
-  gpr_mu_unlock(&c->mu);
+  gpr_mu_unlock(&mu_);
   GRPC_ERROR_UNREF(error);
 }
 
-static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials* c,
-                                      grpc_fetch_oauth2_func fetch_func) {
-  memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials));
-  c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
-  gpr_ref_init(&c->base.refcount, 1);
-  gpr_mu_init(&c->mu);
-  c->token_expiration = gpr_inf_past(GPR_CLOCK_MONOTONIC);
-  c->fetch_func = fetch_func;
-  c->pollent =
-      grpc_polling_entity_create_from_pollset_set(grpc_pollset_set_create());
-  grpc_httpcli_context_init(&c->httpcli_context);
+grpc_oauth2_token_fetcher_credentials::grpc_oauth2_token_fetcher_credentials()
+    : grpc_call_credentials(GRPC_CALL_CREDENTIALS_TYPE_OAUTH2),
+      token_expiration_(gpr_inf_past(GPR_CLOCK_MONOTONIC)),
+      pollent_(grpc_polling_entity_create_from_pollset_set(
+          grpc_pollset_set_create())) {
+  gpr_mu_init(&mu_);
+  grpc_httpcli_context_init(&httpcli_context_);
 }
 
 //
 //  Google Compute Engine credentials.
 //
 
-static grpc_call_credentials_vtable compute_engine_vtable = {
-    oauth2_token_fetcher_destruct, oauth2_token_fetcher_get_request_metadata,
-    oauth2_token_fetcher_cancel_get_request_metadata};
+namespace {
+
+class grpc_compute_engine_token_fetcher_credentials
+    : public grpc_oauth2_token_fetcher_credentials {
+ public:
+  grpc_compute_engine_token_fetcher_credentials() = default;
+  ~grpc_compute_engine_token_fetcher_credentials() override = default;
+
+ protected:
+  void fetch_oauth2(grpc_credentials_metadata_request* metadata_req,
+                    grpc_httpcli_context* http_context,
+                    grpc_polling_entity* pollent,
+                    grpc_iomgr_cb_func response_cb,
+                    grpc_millis deadline) override {
+    grpc_http_header header = {(char*)"Metadata-Flavor", (char*)"Google"};
+    grpc_httpcli_request request;
+    memset(&request, 0, sizeof(grpc_httpcli_request));
+    request.host = (char*)GRPC_COMPUTE_ENGINE_METADATA_HOST;
+    request.http.path = (char*)GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH;
+    request.http.hdr_count = 1;
+    request.http.hdrs = &header;
+    /* TODO(ctiller): Carry the resource_quota in ctx and share it with the host
+       channel. This would allow us to cancel an authentication query when under
+       extreme memory pressure. */
+    grpc_resource_quota* resource_quota =
+        grpc_resource_quota_create("oauth2_credentials");
+    grpc_httpcli_get(http_context, pollent, resource_quota, &request, deadline,
+                     GRPC_CLOSURE_CREATE(response_cb, metadata_req,
+                                         grpc_schedule_on_exec_ctx),
+                     &metadata_req->response);
+    grpc_resource_quota_unref_internal(resource_quota);
+  }
+};
 
-static void compute_engine_fetch_oauth2(
-    grpc_credentials_metadata_request* metadata_req,
-    grpc_httpcli_context* httpcli_context, grpc_polling_entity* pollent,
-    grpc_iomgr_cb_func response_cb, grpc_millis deadline) {
-  grpc_http_header header = {(char*)"Metadata-Flavor", (char*)"Google"};
-  grpc_httpcli_request request;
-  memset(&request, 0, sizeof(grpc_httpcli_request));
-  request.host = (char*)GRPC_COMPUTE_ENGINE_METADATA_HOST;
-  request.http.path = (char*)GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH;
-  request.http.hdr_count = 1;
-  request.http.hdrs = &header;
-  /* TODO(ctiller): Carry the resource_quota in ctx and share it with the host
-     channel. This would allow us to cancel an authentication query when under
-     extreme memory pressure. */
-  grpc_resource_quota* resource_quota =
-      grpc_resource_quota_create("oauth2_credentials");
-  grpc_httpcli_get(
-      httpcli_context, pollent, resource_quota, &request, deadline,
-      GRPC_CLOSURE_CREATE(response_cb, metadata_req, grpc_schedule_on_exec_ctx),
-      &metadata_req->response);
-  grpc_resource_quota_unref_internal(resource_quota);
-}
+}  // namespace
 
 grpc_call_credentials* grpc_google_compute_engine_credentials_create(
     void* reserved) {
-  grpc_oauth2_token_fetcher_credentials* c =
-      static_cast<grpc_oauth2_token_fetcher_credentials*>(
-          gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials)));
   GRPC_API_TRACE("grpc_compute_engine_credentials_create(reserved=%p)", 1,
                  (reserved));
   GPR_ASSERT(reserved == nullptr);
-  init_oauth2_token_fetcher(c, compute_engine_fetch_oauth2);
-  c->base.vtable = &compute_engine_vtable;
-  return &c->base;
+  return grpc_core::MakeRefCounted<
+             grpc_compute_engine_token_fetcher_credentials>()
+      .release();
 }
 
 //
 // Google Refresh Token credentials.
 //
 
-static void refresh_token_destruct(grpc_call_credentials* creds) {
-  grpc_google_refresh_token_credentials* c =
-      reinterpret_cast<grpc_google_refresh_token_credentials*>(creds);
-  grpc_auth_refresh_token_destruct(&c->refresh_token);
-  oauth2_token_fetcher_destruct(&c->base.base);
+grpc_google_refresh_token_credentials::
+    ~grpc_google_refresh_token_credentials() {
+  grpc_auth_refresh_token_destruct(&refresh_token_);
 }
 
-static grpc_call_credentials_vtable refresh_token_vtable = {
-    refresh_token_destruct, oauth2_token_fetcher_get_request_metadata,
-    oauth2_token_fetcher_cancel_get_request_metadata};
-
-static void refresh_token_fetch_oauth2(
+void grpc_google_refresh_token_credentials::fetch_oauth2(
     grpc_credentials_metadata_request* metadata_req,
     grpc_httpcli_context* httpcli_context, grpc_polling_entity* pollent,
     grpc_iomgr_cb_func response_cb, grpc_millis deadline) {
-  grpc_google_refresh_token_credentials* c =
-      reinterpret_cast<grpc_google_refresh_token_credentials*>(
-          metadata_req->creds);
   grpc_http_header header = {(char*)"Content-Type",
                              (char*)"application/x-www-form-urlencoded"};
   grpc_httpcli_request request;
   char* body = nullptr;
   gpr_asprintf(&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING,
-               c->refresh_token.client_id, c->refresh_token.client_secret,
-               c->refresh_token.refresh_token);
+               refresh_token_.client_id, refresh_token_.client_secret,
+               refresh_token_.refresh_token);
   memset(&request, 0, sizeof(grpc_httpcli_request));
   request.host = (char*)GRPC_GOOGLE_OAUTH2_SERVICE_HOST;
   request.http.path = (char*)GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH;
@@ -437,20 +428,19 @@ static void refresh_token_fetch_oauth2(
   gpr_free(body);
 }
 
-grpc_call_credentials*
+grpc_google_refresh_token_credentials::grpc_google_refresh_token_credentials(
+    grpc_auth_refresh_token refresh_token)
+    : refresh_token_(refresh_token) {}
+
+grpc_core::RefCountedPtr<grpc_call_credentials>
 grpc_refresh_token_credentials_create_from_auth_refresh_token(
     grpc_auth_refresh_token refresh_token) {
-  grpc_google_refresh_token_credentials* c;
   if (!grpc_auth_refresh_token_is_valid(&refresh_token)) {
     gpr_log(GPR_ERROR, "Invalid input for refresh token credentials creation");
     return nullptr;
   }
-  c = static_cast<grpc_google_refresh_token_credentials*>(
-      gpr_zalloc(sizeof(grpc_google_refresh_token_credentials)));
-  init_oauth2_token_fetcher(&c->base, refresh_token_fetch_oauth2);
-  c->base.base.vtable = &refresh_token_vtable;
-  c->refresh_token = refresh_token;
-  return &c->base.base;
+  return grpc_core::MakeRefCounted<grpc_google_refresh_token_credentials>(
+      refresh_token);
 }
 
 static char* create_loggable_refresh_token(grpc_auth_refresh_token* token) {
@@ -478,59 +468,50 @@ grpc_call_credentials* grpc_google_refresh_token_credentials_create(
     gpr_free(loggable_token);
   }
   GPR_ASSERT(reserved == nullptr);
-  return grpc_refresh_token_credentials_create_from_auth_refresh_token(token);
+  return grpc_refresh_token_credentials_create_from_auth_refresh_token(token)
+      .release();
 }
 
 //
 // Oauth2 Access Token credentials.
 //
 
-static void access_token_destruct(grpc_call_credentials* creds) {
-  grpc_access_token_credentials* c =
-      reinterpret_cast<grpc_access_token_credentials*>(creds);
-  GRPC_MDELEM_UNREF(c->access_token_md);
+grpc_access_token_credentials::~grpc_access_token_credentials() {
+  GRPC_MDELEM_UNREF(access_token_md_);
 }
 
-static bool access_token_get_request_metadata(
-    grpc_call_credentials* creds, grpc_polling_entity* pollent,
-    grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array,
-    grpc_closure* on_request_metadata, grpc_error** error) {
-  grpc_access_token_credentials* c =
-      reinterpret_cast<grpc_access_token_credentials*>(creds);
-  grpc_credentials_mdelem_array_add(md_array, c->access_token_md);
+bool grpc_access_token_credentials::get_request_metadata(
+    grpc_polling_entity* pollent, grpc_auth_metadata_context context,
+    grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata,
+    grpc_error** error) {
+  grpc_credentials_mdelem_array_add(md_array, access_token_md_);
   return true;
 }
 
-static void access_token_cancel_get_request_metadata(
-    grpc_call_credentials* c, grpc_credentials_mdelem_array* md_array,
-    grpc_error* error) {
+void grpc_access_token_credentials::cancel_get_request_metadata(
+    grpc_credentials_mdelem_array* md_array, grpc_error* error) {
   GRPC_ERROR_UNREF(error);
 }
 
-static grpc_call_credentials_vtable access_token_vtable = {
-    access_token_destruct, access_token_get_request_metadata,
-    access_token_cancel_get_request_metadata};
+grpc_access_token_credentials::grpc_access_token_credentials(
+    const char* access_token)
+    : grpc_call_credentials(GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) {
+  char* token_md_value;
+  gpr_asprintf(&token_md_value, "Bearer %s", access_token);
+  grpc_core::ExecCtx exec_ctx;
+  access_token_md_ = grpc_mdelem_from_slices(
+      grpc_slice_from_static_string(GRPC_AUTHORIZATION_METADATA_KEY),
+      grpc_slice_from_copied_string(token_md_value));
+  gpr_free(token_md_value);
+}
 
 grpc_call_credentials* grpc_access_token_credentials_create(
     const char* access_token, void* reserved) {
-  grpc_access_token_credentials* c =
-      static_cast<grpc_access_token_credentials*>(
-          gpr_zalloc(sizeof(grpc_access_token_credentials)));
   GRPC_API_TRACE(
       "grpc_access_token_credentials_create(access_token=<redacted>, "
       "reserved=%p)",
       1, (reserved));
   GPR_ASSERT(reserved == nullptr);
-  c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
-  c->base.vtable = &access_token_vtable;
-  gpr_ref_init(&c->base.refcount, 1);
-  char* token_md_value;
-  gpr_asprintf(&token_md_value, "Bearer %s", access_token);
-  grpc_core::ExecCtx exec_ctx;
-  c->access_token_md = grpc_mdelem_from_slices(
-      grpc_slice_from_static_string(GRPC_AUTHORIZATION_METADATA_KEY),
-      grpc_slice_from_copied_string(token_md_value));
-
-  gpr_free(token_md_value);
-  return &c->base;
+  return grpc_core::MakeRefCounted<grpc_access_token_credentials>(access_token)
+      .release();
 }