grpc 1.18.0 → 1.22.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +4731 -7404
- data/etc/roots.pem +146 -0
- data/include/grpc/grpc.h +11 -6
- data/include/grpc/grpc_security.h +297 -4
- data/include/grpc/grpc_security_constants.h +1 -1
- data/include/grpc/impl/codegen/byte_buffer.h +13 -0
- data/include/grpc/impl/codegen/gpr_types.h +1 -1
- data/include/grpc/impl/codegen/grpc_types.h +30 -7
- data/include/grpc/impl/codegen/port_platform.h +88 -7
- data/include/grpc/impl/codegen/slice.h +2 -22
- data/include/grpc/impl/codegen/status.h +2 -1
- data/include/grpc/impl/codegen/sync_posix.h +18 -0
- data/include/grpc/slice.h +3 -3
- data/src/core/ext/filters/client_channel/backup_poller.cc +21 -16
- data/src/core/ext/filters/client_channel/backup_poller.h +8 -2
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +3 -1
- data/src/core/ext/filters/client_channel/client_channel.cc +2435 -1557
- data/src/core/ext/filters/client_channel/client_channel.h +2 -10
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -89
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +8 -33
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +22 -34
- data/src/core/ext/filters/client_channel/client_channel_factory.h +19 -38
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +9 -11
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +179 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +68 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +59 -55
- data/src/core/ext/filters/client_channel/health/health_check_client.h +20 -9
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +146 -157
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +29 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +844 -859
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +2 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +6 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +14 -12
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +16 -12
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +185 -312
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +143 -375
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +192 -245
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +1554 -955
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_secure.cc +0 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +2 -2
- data/src/core/ext/filters/client_channel/lb_policy.cc +115 -22
- data/src/core/ext/filters/client_channel/lb_policy.h +260 -129
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +5 -2
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +107 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +10 -3
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +96 -0
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +56 -0
- data/src/core/ext/filters/client_channel/parse_address.cc +24 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +121 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +84 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +3 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +179 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +24 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +111 -47
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +7 -13
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +39 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +0 -6
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -64
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +28 -0
- data/src/core/{lib/iomgr/network_status_tracker.cc → ext/filters/client_channel/resolver/dns/dns_resolver_selection.h} +8 -15
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +36 -82
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +111 -72
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +13 -8
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +28 -63
- data/src/core/ext/filters/client_channel/resolver.cc +54 -1
- data/src/core/ext/filters/client_channel/resolver.h +52 -23
- data/src/core/ext/filters/client_channel/resolver_factory.h +3 -1
- data/src/core/ext/filters/client_channel/resolver_registry.cc +5 -2
- data/src/core/ext/filters/client_channel/resolver_registry.h +5 -4
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +368 -241
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +58 -76
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +543 -0
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +139 -0
- data/src/core/ext/filters/client_channel/server_address.cc +4 -54
- data/src/core/ext/filters/client_channel/server_address.h +1 -13
- data/src/core/ext/filters/client_channel/service_config.cc +329 -0
- data/src/core/ext/filters/client_channel/service_config.h +205 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +803 -838
- data/src/core/ext/filters/client_channel/subchannel.h +295 -128
- data/src/core/ext/filters/client_channel/subchannel_interface.h +113 -0
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +97 -0
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +94 -0
- data/src/core/ext/filters/deadline/deadline_filter.cc +3 -4
- data/src/core/ext/filters/deadline/deadline_filter.h +3 -2
- data/src/core/ext/filters/http/client/http_client_filter.cc +7 -5
- data/src/core/ext/filters/http/client/http_client_filter.h +1 -1
- data/src/core/ext/filters/http/client_authority_filter.cc +6 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +4 -3
- data/src/core/ext/filters/http/server/http_server_filter.cc +18 -12
- data/src/core/ext/filters/max_age/max_age_filter.cc +5 -2
- data/src/core/ext/filters/message_size/message_size_filter.cc +119 -77
- data/src/core/ext/filters/message_size/message_size_filter.h +33 -0
- data/src/core/ext/transport/chttp2/alpn/alpn.h +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +13 -12
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +45 -47
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +134 -143
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +68 -21
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +4 -3
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +9 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +156 -94
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +33 -37
- data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +3 -2
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -4
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +8 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -4
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +74 -55
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +33 -11
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +3 -2
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +7 -14
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +10 -1
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +9 -5
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +9 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +43 -30
- data/src/core/ext/transport/chttp2/transport/parsing.cc +52 -70
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +70 -33
- data/src/core/ext/transport/inproc/inproc_transport.cc +26 -18
- data/src/core/lib/channel/channel_args.cc +2 -101
- data/src/core/lib/channel/channel_args.h +3 -37
- data/src/core/lib/channel/channel_stack.h +10 -6
- data/src/core/lib/channel/channel_trace.cc +4 -4
- data/src/core/lib/channel/channel_trace.h +4 -4
- data/src/core/lib/channel/channelz.cc +168 -38
- data/src/core/lib/channel/channelz.h +40 -44
- data/src/core/lib/channel/channelz_registry.cc +75 -107
- data/src/core/lib/channel/channelz_registry.h +10 -28
- data/src/core/lib/channel/connected_channel.cc +2 -2
- data/src/core/lib/channel/context.h +2 -2
- data/src/core/lib/channel/handshaker.cc +151 -218
- data/src/core/lib/channel/handshaker.h +110 -101
- data/src/core/lib/channel/handshaker_factory.h +11 -19
- data/src/core/lib/channel/handshaker_registry.cc +67 -51
- data/src/core/lib/channel/handshaker_registry.h +21 -16
- data/src/core/lib/compression/algorithm_metadata.h +3 -3
- data/src/core/lib/compression/compression.cc +14 -9
- data/src/core/lib/compression/compression_args.cc +127 -0
- data/src/core/lib/compression/compression_args.h +55 -0
- data/src/core/lib/compression/compression_internal.cc +16 -12
- data/src/core/lib/compression/compression_internal.h +1 -1
- data/src/core/lib/compression/stream_compression.cc +3 -2
- data/src/core/lib/compression/stream_compression.h +2 -2
- data/src/core/lib/compression/stream_compression_gzip.cc +9 -9
- data/src/core/lib/debug/trace.cc +13 -7
- data/src/core/lib/debug/trace.h +14 -1
- data/src/core/lib/gpr/arena.h +13 -9
- data/src/core/lib/gpr/cpu_posix.cc +5 -3
- data/src/core/lib/gpr/env.h +3 -6
- data/src/core/lib/gpr/env_linux.cc +6 -1
- data/src/core/lib/gpr/env_posix.cc +5 -0
- data/src/core/lib/gpr/env_windows.cc +7 -5
- data/src/core/lib/gpr/log.cc +9 -13
- data/src/core/lib/gpr/log_posix.cc +2 -1
- data/src/core/lib/gpr/string.cc +20 -7
- data/src/core/lib/gpr/string.h +10 -3
- data/src/core/lib/gpr/sync_posix.cc +65 -4
- data/src/core/lib/gpr/time.cc +8 -0
- data/src/core/lib/gpr/time_posix.cc +21 -2
- data/src/core/lib/gprpp/arena.cc +103 -0
- data/src/core/lib/gprpp/arena.h +121 -0
- data/src/core/lib/gprpp/atomic.h +75 -5
- data/src/core/lib/gprpp/fork.cc +13 -32
- data/src/core/lib/gprpp/fork.h +5 -1
- data/src/core/lib/gprpp/global_config.h +96 -0
- data/src/core/lib/gprpp/global_config_custom.h +29 -0
- data/src/core/lib/gprpp/global_config_env.cc +135 -0
- data/src/core/lib/gprpp/global_config_env.h +131 -0
- data/src/core/lib/gprpp/global_config_generic.h +44 -0
- data/src/core/lib/gprpp/inlined_vector.h +8 -0
- data/src/core/lib/gprpp/map.h +436 -0
- data/src/core/lib/gprpp/memory.h +2 -2
- data/src/core/lib/gprpp/optional.h +48 -0
- data/src/core/lib/gprpp/orphanable.h +6 -5
- data/src/core/lib/gprpp/{mutex_lock.h → pair.h} +15 -19
- data/src/core/lib/gprpp/ref_counted.h +36 -17
- data/src/core/lib/gprpp/sync.h +126 -0
- data/src/core/lib/gprpp/thd.h +42 -7
- data/src/core/lib/gprpp/thd_posix.cc +31 -13
- data/src/core/lib/gprpp/thd_windows.cc +47 -34
- data/src/core/lib/http/httpcli.cc +6 -5
- data/src/core/lib/http/httpcli_security_connector.cc +13 -15
- data/src/core/lib/http/parser.cc +3 -2
- data/src/core/lib/http/parser.h +2 -1
- data/src/core/lib/iomgr/buffer_list.cc +182 -24
- data/src/core/lib/iomgr/buffer_list.h +72 -10
- data/src/core/lib/iomgr/call_combiner.cc +84 -90
- data/src/core/lib/iomgr/call_combiner.h +75 -82
- data/src/core/lib/iomgr/cfstream_handle.cc +203 -0
- data/src/core/lib/iomgr/cfstream_handle.h +86 -0
- data/src/core/lib/iomgr/combiner.cc +11 -3
- data/src/core/lib/iomgr/combiner.h +1 -1
- data/src/core/lib/iomgr/endpoint.cc +2 -2
- data/src/core/lib/iomgr/endpoint.h +3 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +375 -0
- data/src/core/lib/iomgr/endpoint_cfstream.h +49 -0
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +2 -2
- data/src/core/lib/iomgr/error.cc +21 -17
- data/src/core/lib/iomgr/error.h +36 -6
- data/src/core/lib/iomgr/error_cfstream.cc +52 -0
- data/src/core/lib/iomgr/error_cfstream.h +31 -0
- data/src/core/lib/iomgr/error_internal.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +44 -28
- data/src/core/lib/iomgr/ev_epollex_linux.cc +173 -194
- data/src/core/lib/iomgr/ev_poll_posix.cc +16 -487
- data/src/core/lib/iomgr/ev_posix.cc +29 -19
- data/src/core/lib/iomgr/ev_posix.h +19 -3
- data/src/core/lib/iomgr/ev_windows.cc +2 -2
- data/src/core/lib/iomgr/exec_ctx.cc +1 -0
- data/src/core/lib/iomgr/exec_ctx.h +137 -8
- data/src/core/lib/iomgr/executor.cc +147 -95
- data/src/core/lib/iomgr/executor.h +55 -49
- data/src/core/lib/iomgr/fork_posix.cc +6 -5
- data/src/core/lib/{gprpp/atomic_with_std.h → iomgr/grpc_if_nametoindex.h} +8 -13
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +42 -0
- data/src/core/lib/iomgr/{network_status_tracker.h → grpc_if_nametoindex_unsupported.cc} +15 -9
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -5
- data/src/core/lib/iomgr/internal_errqueue.h +105 -3
- data/src/core/lib/iomgr/iomgr.cc +20 -13
- data/src/core/lib/iomgr/iomgr.h +15 -0
- data/src/core/lib/iomgr/iomgr_custom.cc +17 -3
- data/src/core/lib/iomgr/iomgr_custom.h +2 -0
- data/src/core/lib/iomgr/iomgr_internal.cc +10 -0
- data/src/core/lib/iomgr/iomgr_internal.h +12 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +19 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +93 -0
- data/src/core/lib/iomgr/iomgr_windows.cc +18 -2
- data/src/core/lib/iomgr/lockfree_event.cc +4 -4
- data/src/core/lib/iomgr/port.h +35 -0
- data/src/core/lib/iomgr/resolve_address_posix.cc +4 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +2 -1
- data/src/core/lib/iomgr/resource_quota.cc +40 -37
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +6 -2
- data/src/core/lib/iomgr/socket_windows.cc +19 -0
- data/src/core/lib/iomgr/socket_windows.h +8 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +216 -0
- data/src/core/lib/iomgr/tcp_client_custom.cc +2 -2
- data/src/core/lib/iomgr/tcp_client_posix.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +7 -5
- data/src/core/lib/iomgr/tcp_custom.cc +10 -14
- data/src/core/lib/iomgr/tcp_posix.cc +256 -140
- data/src/core/lib/iomgr/tcp_server.cc +5 -0
- data/src/core/lib/iomgr/tcp_server.h +24 -0
- data/src/core/lib/iomgr/tcp_server_custom.cc +14 -12
- data/src/core/lib/iomgr/tcp_server_posix.cc +86 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +13 -11
- data/src/core/lib/iomgr/tcp_uv.cc +5 -7
- data/src/core/lib/iomgr/tcp_windows.cc +8 -14
- data/src/core/lib/iomgr/timer.h +2 -1
- data/src/core/lib/iomgr/timer_generic.cc +16 -16
- data/src/core/lib/iomgr/timer_manager.cc +20 -11
- data/src/core/lib/iomgr/udp_server.cc +8 -6
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +1 -19
- data/src/core/lib/json/json.cc +1 -4
- data/src/core/lib/profiling/basic_timers.cc +10 -4
- data/src/core/lib/security/context/security_context.cc +6 -7
- data/src/core/lib/security/context/security_context.h +3 -4
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
- data/src/core/lib/security/credentials/composite/composite_credentials.h +4 -0
- data/src/core/lib/security/credentials/credentials.h +9 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -3
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +2 -1
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +10 -6
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +3 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +9 -8
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +192 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +210 -0
- data/src/core/lib/security/credentials/tls/spiffe_credentials.cc +129 -0
- data/src/core/lib/security/credentials/tls/spiffe_credentials.h +62 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +10 -8
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -12
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +7 -5
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +10 -8
- data/src/core/lib/security/security_connector/security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/security_connector.h +3 -3
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +39 -38
- data/src/core/lib/security/security_connector/ssl_utils.cc +164 -26
- data/src/core/lib/security/security_connector/ssl_utils.h +70 -1
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +426 -0
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +122 -0
- data/src/core/lib/security/transport/auth_filters.h +5 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +55 -50
- data/src/core/lib/security/transport/secure_endpoint.cc +6 -6
- data/src/core/lib/security/transport/security_handshaker.cc +271 -303
- data/src/core/lib/security/transport/security_handshaker.h +11 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +3 -3
- data/src/core/lib/slice/b64.h +2 -2
- data/src/core/lib/slice/percent_encoding.cc +3 -3
- data/src/core/lib/slice/percent_encoding.h +3 -3
- data/src/core/lib/slice/slice.cc +174 -122
- data/src/core/lib/slice/slice_buffer.cc +54 -21
- data/src/core/lib/slice/slice_hash_table.h +4 -4
- data/src/core/lib/slice/slice_intern.cc +49 -107
- data/src/core/lib/slice/slice_internal.h +264 -3
- data/src/core/lib/slice/slice_string_helpers.cc +10 -1
- data/src/core/lib/slice/slice_string_helpers.h +3 -1
- data/src/core/lib/slice/slice_utils.h +50 -0
- data/src/core/lib/slice/slice_weak_hash_table.h +6 -6
- data/src/core/lib/surface/api_trace.h +1 -1
- data/src/core/lib/surface/byte_buffer_reader.cc +17 -0
- data/src/core/lib/surface/call.cc +67 -46
- data/src/core/lib/surface/call.h +7 -2
- data/src/core/lib/surface/call_details.cc +0 -1
- data/src/core/lib/surface/channel.cc +89 -97
- data/src/core/lib/surface/channel.h +60 -6
- data/src/core/lib/surface/channel_init.h +5 -0
- data/src/core/lib/surface/completion_queue.cc +221 -216
- data/src/core/lib/surface/completion_queue.h +2 -1
- data/src/core/lib/surface/init.cc +82 -33
- data/src/core/lib/surface/init.h +1 -0
- data/src/core/lib/surface/init_secure.cc +1 -1
- data/src/core/lib/surface/lame_client.cc +5 -7
- data/src/core/lib/surface/server.cc +42 -47
- data/src/core/lib/surface/validate_metadata.cc +14 -8
- data/src/core/lib/surface/validate_metadata.h +13 -2
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/bdp_estimator.cc +3 -3
- data/src/core/lib/transport/bdp_estimator.h +2 -2
- data/src/core/lib/transport/connectivity_state.cc +10 -40
- data/src/core/lib/transport/connectivity_state.h +0 -8
- data/src/core/lib/transport/error_utils.cc +12 -0
- data/src/core/lib/transport/metadata.cc +258 -267
- data/src/core/lib/transport/metadata.h +227 -16
- data/src/core/lib/transport/metadata_batch.cc +1 -1
- data/src/core/lib/transport/metadata_batch.h +1 -1
- data/src/core/lib/transport/static_metadata.cc +477 -399
- data/src/core/lib/transport/static_metadata.h +273 -182
- data/src/core/lib/transport/status_metadata.cc +3 -3
- data/src/core/lib/transport/timeout_encoding.cc +1 -1
- data/src/core/lib/transport/timeout_encoding.h +1 -1
- data/src/core/lib/transport/transport.cc +39 -72
- data/src/core/lib/transport/transport.h +59 -24
- data/src/core/lib/transport/transport_impl.h +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +3 -3
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +1 -1
- data/src/core/tsi/alts/handshaker/alts_shared_resource.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +4 -3
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +1 -1
- data/src/core/tsi/fake_transport_security.cc +4 -4
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +12 -10
- data/src/core/tsi/ssl_transport_security.h +24 -4
- data/src/ruby/bin/math_pb.rb +18 -16
- data/src/ruby/ext/grpc/extconf.rb +12 -4
- data/src/ruby/ext/grpc/rb_call_credentials.c +8 -5
- data/src/ruby/ext/grpc/rb_channel.c +14 -10
- data/src/ruby/ext/grpc/rb_channel_credentials.c +8 -4
- data/src/ruby/ext/grpc/rb_compression_options.c +9 -7
- data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc.c +23 -24
- data/src/ruby/ext/grpc/rb_grpc.h +4 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +24 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +36 -0
- data/src/ruby/ext/grpc/rb_server.c +8 -4
- data/src/ruby/lib/grpc/errors.rb +22 -3
- data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/README.md +1 -1
- data/src/ruby/pb/grpc/health/v1/health_pb.rb +13 -10
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +18 -0
- data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +3 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +58 -56
- data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -0
- data/src/ruby/spec/errors_spec.rb +141 -0
- data/third_party/cares/cares/ares.h +12 -0
- data/third_party/cares/cares/ares_create_query.c +5 -1
- data/third_party/cares/cares/ares_data.c +74 -73
- data/third_party/cares/cares/ares_destroy.c +6 -1
- data/third_party/cares/cares/ares_gethostbyaddr.c +5 -5
- data/third_party/cares/cares/ares_gethostbyname.c +15 -4
- data/third_party/cares/cares/ares_getnameinfo.c +11 -0
- data/third_party/cares/cares/ares_init.c +274 -173
- data/third_party/cares/cares/ares_library_init.c +21 -3
- data/third_party/cares/cares/ares_options.c +6 -2
- data/third_party/cares/cares/ares_parse_naptr_reply.c +7 -6
- data/third_party/cares/cares/ares_parse_ptr_reply.c +4 -2
- data/third_party/cares/cares/ares_platform.c +7 -0
- data/third_party/cares/cares/ares_private.h +19 -11
- data/third_party/cares/cares/ares_process.c +27 -2
- data/third_party/cares/cares/ares_rules.h +1 -1
- data/third_party/cares/cares/ares_search.c +7 -0
- data/third_party/cares/cares/ares_send.c +6 -0
- data/third_party/cares/cares/ares_strsplit.c +174 -0
- data/third_party/cares/cares/ares_strsplit.h +43 -0
- data/third_party/cares/cares/ares_version.h +4 -4
- data/third_party/cares/cares/config-win32.h +1 -1
- data/third_party/cares/cares/inet_ntop.c +2 -3
- data/third_party/cares/config_darwin/ares_config.h +3 -0
- data/third_party/cares/config_freebsd/ares_config.h +3 -0
- data/third_party/cares/config_linux/ares_config.h +3 -0
- data/third_party/cares/config_openbsd/ares_config.h +3 -0
- metadata +83 -48
- data/src/core/ext/filters/client_channel/request_routing.cc +0 -936
- data/src/core/ext/filters/client_channel/request_routing.h +0 -177
- data/src/core/ext/filters/client_channel/subchannel_index.cc +0 -248
- data/src/core/ext/filters/client_channel/subchannel_index.h +0 -76
- data/src/core/lib/channel/handshaker_factory.cc +0 -42
- data/src/core/lib/gpr/arena.cc +0 -192
- data/src/core/lib/gprpp/atomic_with_atm.h +0 -57
- data/src/core/lib/iomgr/wakeup_fd_cv.cc +0 -107
- data/src/core/lib/iomgr/wakeup_fd_cv.h +0 -69
- data/src/core/lib/transport/service_config.cc +0 -106
- data/src/core/lib/transport/service_config.h +0 -249
|
@@ -46,7 +46,7 @@ void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair* kp,
|
|
|
46
46
|
|
|
47
47
|
grpc_ssl_credentials::grpc_ssl_credentials(
|
|
48
48
|
const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
|
|
49
|
-
const
|
|
49
|
+
const grpc_ssl_verify_peer_options* verify_options)
|
|
50
50
|
: grpc_channel_credentials(GRPC_CHANNEL_CREDENTIALS_TYPE_SSL) {
|
|
51
51
|
build_config(pem_root_certs, pem_key_cert_pair, verify_options);
|
|
52
52
|
}
|
|
@@ -94,7 +94,7 @@ grpc_ssl_credentials::create_security_connector(
|
|
|
94
94
|
|
|
95
95
|
void grpc_ssl_credentials::build_config(
|
|
96
96
|
const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
|
|
97
|
-
const
|
|
97
|
+
const grpc_ssl_verify_peer_options* verify_options) {
|
|
98
98
|
config_.pem_root_certs = gpr_strdup(pem_root_certs);
|
|
99
99
|
if (pem_key_cert_pair != nullptr) {
|
|
100
100
|
GPR_ASSERT(pem_key_cert_pair->private_key != nullptr);
|
|
@@ -117,6 +117,8 @@ void grpc_ssl_credentials::build_config(
|
|
|
117
117
|
}
|
|
118
118
|
}
|
|
119
119
|
|
|
120
|
+
/* Deprecated in favor of grpc_ssl_credentials_create_ex. Will be removed
|
|
121
|
+
* once all of its call sites are migrated to grpc_ssl_credentials_create_ex. */
|
|
120
122
|
grpc_channel_credentials* grpc_ssl_credentials_create(
|
|
121
123
|
const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
|
|
122
124
|
const verify_peer_options* verify_options, void* reserved) {
|
|
@@ -128,6 +130,22 @@ grpc_channel_credentials* grpc_ssl_credentials_create(
|
|
|
128
130
|
4, (pem_root_certs, pem_key_cert_pair, verify_options, reserved));
|
|
129
131
|
GPR_ASSERT(reserved == nullptr);
|
|
130
132
|
|
|
133
|
+
return grpc_core::New<grpc_ssl_credentials>(
|
|
134
|
+
pem_root_certs, pem_key_cert_pair,
|
|
135
|
+
reinterpret_cast<const grpc_ssl_verify_peer_options*>(verify_options));
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
grpc_channel_credentials* grpc_ssl_credentials_create_ex(
|
|
139
|
+
const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
|
|
140
|
+
const grpc_ssl_verify_peer_options* verify_options, void* reserved) {
|
|
141
|
+
GRPC_API_TRACE(
|
|
142
|
+
"grpc_ssl_credentials_create(pem_root_certs=%s, "
|
|
143
|
+
"pem_key_cert_pair=%p, "
|
|
144
|
+
"verify_options=%p, "
|
|
145
|
+
"reserved=%p)",
|
|
146
|
+
4, (pem_root_certs, pem_key_cert_pair, verify_options, reserved));
|
|
147
|
+
GPR_ASSERT(reserved == nullptr);
|
|
148
|
+
|
|
131
149
|
return grpc_core::New<grpc_ssl_credentials>(pem_root_certs, pem_key_cert_pair,
|
|
132
150
|
verify_options);
|
|
133
151
|
}
|
|
@@ -28,7 +28,7 @@ class grpc_ssl_credentials : public grpc_channel_credentials {
|
|
|
28
28
|
public:
|
|
29
29
|
grpc_ssl_credentials(const char* pem_root_certs,
|
|
30
30
|
grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
|
|
31
|
-
const
|
|
31
|
+
const grpc_ssl_verify_peer_options* verify_options);
|
|
32
32
|
|
|
33
33
|
~grpc_ssl_credentials() override;
|
|
34
34
|
|
|
@@ -41,7 +41,7 @@ class grpc_ssl_credentials : public grpc_channel_credentials {
|
|
|
41
41
|
private:
|
|
42
42
|
void build_config(const char* pem_root_certs,
|
|
43
43
|
grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
|
|
44
|
-
const
|
|
44
|
+
const grpc_ssl_verify_peer_options* verify_options);
|
|
45
45
|
|
|
46
46
|
grpc_ssl_config config_;
|
|
47
47
|
};
|
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
/*
|
|
2
|
+
*
|
|
3
|
+
* Copyright 2018 gRPC authors.
|
|
4
|
+
*
|
|
5
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
* you may not use this file except in compliance with the License.
|
|
7
|
+
* You may obtain a copy of the License at
|
|
8
|
+
*
|
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
*
|
|
11
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
* See the License for the specific language governing permissions and
|
|
15
|
+
* limitations under the License.
|
|
16
|
+
*
|
|
17
|
+
*/
|
|
18
|
+
|
|
19
|
+
#include <grpc/support/port_platform.h>
|
|
20
|
+
|
|
21
|
+
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
|
|
22
|
+
|
|
23
|
+
#include <stdlib.h>
|
|
24
|
+
#include <string.h>
|
|
25
|
+
|
|
26
|
+
#include <grpc/support/alloc.h>
|
|
27
|
+
#include <grpc/support/log.h>
|
|
28
|
+
#include <grpc/support/string_util.h>
|
|
29
|
+
|
|
30
|
+
/** -- gRPC TLS key materials config API implementation. -- **/
|
|
31
|
+
void grpc_tls_key_materials_config::set_key_materials(
|
|
32
|
+
grpc_core::UniquePtr<char> pem_root_certs,
|
|
33
|
+
PemKeyCertPairList pem_key_cert_pair_list) {
|
|
34
|
+
pem_key_cert_pair_list_ = std::move(pem_key_cert_pair_list);
|
|
35
|
+
pem_root_certs_ = std::move(pem_root_certs);
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
/** -- gRPC TLS credential reload config API implementation. -- **/
|
|
39
|
+
grpc_tls_credential_reload_config::grpc_tls_credential_reload_config(
|
|
40
|
+
const void* config_user_data,
|
|
41
|
+
int (*schedule)(void* config_user_data,
|
|
42
|
+
grpc_tls_credential_reload_arg* arg),
|
|
43
|
+
void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
|
|
44
|
+
void (*destruct)(void* config_user_data))
|
|
45
|
+
: config_user_data_(const_cast<void*>(config_user_data)),
|
|
46
|
+
schedule_(schedule),
|
|
47
|
+
cancel_(cancel),
|
|
48
|
+
destruct_(destruct) {}
|
|
49
|
+
|
|
50
|
+
grpc_tls_credential_reload_config::~grpc_tls_credential_reload_config() {
|
|
51
|
+
if (destruct_ != nullptr) {
|
|
52
|
+
destruct_((void*)config_user_data_);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
/** -- gRPC TLS server authorization check API implementation. -- **/
|
|
57
|
+
grpc_tls_server_authorization_check_config::
|
|
58
|
+
grpc_tls_server_authorization_check_config(
|
|
59
|
+
const void* config_user_data,
|
|
60
|
+
int (*schedule)(void* config_user_data,
|
|
61
|
+
grpc_tls_server_authorization_check_arg* arg),
|
|
62
|
+
void (*cancel)(void* config_user_data,
|
|
63
|
+
grpc_tls_server_authorization_check_arg* arg),
|
|
64
|
+
void (*destruct)(void* config_user_data))
|
|
65
|
+
: config_user_data_(const_cast<void*>(config_user_data)),
|
|
66
|
+
schedule_(schedule),
|
|
67
|
+
cancel_(cancel),
|
|
68
|
+
destruct_(destruct) {}
|
|
69
|
+
|
|
70
|
+
grpc_tls_server_authorization_check_config::
|
|
71
|
+
~grpc_tls_server_authorization_check_config() {
|
|
72
|
+
if (destruct_ != nullptr) {
|
|
73
|
+
destruct_((void*)config_user_data_);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
/** -- Wrapper APIs declared in grpc_security.h -- **/
|
|
78
|
+
grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
|
|
79
|
+
return grpc_core::New<grpc_tls_credentials_options>();
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
int grpc_tls_credentials_options_set_cert_request_type(
|
|
83
|
+
grpc_tls_credentials_options* options,
|
|
84
|
+
grpc_ssl_client_certificate_request_type type) {
|
|
85
|
+
if (options == nullptr) {
|
|
86
|
+
gpr_log(GPR_ERROR,
|
|
87
|
+
"Invalid nullptr arguments to "
|
|
88
|
+
"grpc_tls_credentials_options_set_cert_request_type()");
|
|
89
|
+
return 0;
|
|
90
|
+
}
|
|
91
|
+
options->set_cert_request_type(type);
|
|
92
|
+
return 1;
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
int grpc_tls_credentials_options_set_key_materials_config(
|
|
96
|
+
grpc_tls_credentials_options* options,
|
|
97
|
+
grpc_tls_key_materials_config* config) {
|
|
98
|
+
if (options == nullptr || config == nullptr) {
|
|
99
|
+
gpr_log(GPR_ERROR,
|
|
100
|
+
"Invalid nullptr arguments to "
|
|
101
|
+
"grpc_tls_credentials_options_set_key_materials_config()");
|
|
102
|
+
return 0;
|
|
103
|
+
}
|
|
104
|
+
options->set_key_materials_config(config->Ref());
|
|
105
|
+
return 1;
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
int grpc_tls_credentials_options_set_credential_reload_config(
|
|
109
|
+
grpc_tls_credentials_options* options,
|
|
110
|
+
grpc_tls_credential_reload_config* config) {
|
|
111
|
+
if (options == nullptr || config == nullptr) {
|
|
112
|
+
gpr_log(GPR_ERROR,
|
|
113
|
+
"Invalid nullptr arguments to "
|
|
114
|
+
"grpc_tls_credentials_options_set_credential_reload_config()");
|
|
115
|
+
return 0;
|
|
116
|
+
}
|
|
117
|
+
options->set_credential_reload_config(config->Ref());
|
|
118
|
+
return 1;
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
int grpc_tls_credentials_options_set_server_authorization_check_config(
|
|
122
|
+
grpc_tls_credentials_options* options,
|
|
123
|
+
grpc_tls_server_authorization_check_config* config) {
|
|
124
|
+
if (options == nullptr || config == nullptr) {
|
|
125
|
+
gpr_log(
|
|
126
|
+
GPR_ERROR,
|
|
127
|
+
"Invalid nullptr arguments to "
|
|
128
|
+
"grpc_tls_credentials_options_set_server_authorization_check_config()");
|
|
129
|
+
return 0;
|
|
130
|
+
}
|
|
131
|
+
options->set_server_authorization_check_config(config->Ref());
|
|
132
|
+
return 1;
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
grpc_tls_key_materials_config* grpc_tls_key_materials_config_create() {
|
|
136
|
+
return grpc_core::New<grpc_tls_key_materials_config>();
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
int grpc_tls_key_materials_config_set_key_materials(
|
|
140
|
+
grpc_tls_key_materials_config* config, const char* root_certs,
|
|
141
|
+
const grpc_ssl_pem_key_cert_pair** key_cert_pairs, size_t num) {
|
|
142
|
+
if (config == nullptr || key_cert_pairs == nullptr || num == 0) {
|
|
143
|
+
gpr_log(GPR_ERROR,
|
|
144
|
+
"Invalid arguments to "
|
|
145
|
+
"grpc_tls_key_materials_config_set_key_materials()");
|
|
146
|
+
return 0;
|
|
147
|
+
}
|
|
148
|
+
grpc_core::UniquePtr<char> pem_root(const_cast<char*>(root_certs));
|
|
149
|
+
grpc_tls_key_materials_config::PemKeyCertPairList cert_pair_list;
|
|
150
|
+
for (size_t i = 0; i < num; i++) {
|
|
151
|
+
grpc_core::PemKeyCertPair key_cert_pair(
|
|
152
|
+
const_cast<grpc_ssl_pem_key_cert_pair*>(key_cert_pairs[i]));
|
|
153
|
+
cert_pair_list.emplace_back(std::move(key_cert_pair));
|
|
154
|
+
}
|
|
155
|
+
config->set_key_materials(std::move(pem_root), std::move(cert_pair_list));
|
|
156
|
+
gpr_free(key_cert_pairs);
|
|
157
|
+
return 1;
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
grpc_tls_credential_reload_config* grpc_tls_credential_reload_config_create(
|
|
161
|
+
const void* config_user_data,
|
|
162
|
+
int (*schedule)(void* config_user_data,
|
|
163
|
+
grpc_tls_credential_reload_arg* arg),
|
|
164
|
+
void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
|
|
165
|
+
void (*destruct)(void* config_user_data)) {
|
|
166
|
+
if (schedule == nullptr) {
|
|
167
|
+
gpr_log(
|
|
168
|
+
GPR_ERROR,
|
|
169
|
+
"Schedule API is nullptr in creating TLS credential reload config.");
|
|
170
|
+
return nullptr;
|
|
171
|
+
}
|
|
172
|
+
return grpc_core::New<grpc_tls_credential_reload_config>(
|
|
173
|
+
config_user_data, schedule, cancel, destruct);
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
grpc_tls_server_authorization_check_config*
|
|
177
|
+
grpc_tls_server_authorization_check_config_create(
|
|
178
|
+
const void* config_user_data,
|
|
179
|
+
int (*schedule)(void* config_user_data,
|
|
180
|
+
grpc_tls_server_authorization_check_arg* arg),
|
|
181
|
+
void (*cancel)(void* config_user_data,
|
|
182
|
+
grpc_tls_server_authorization_check_arg* arg),
|
|
183
|
+
void (*destruct)(void* config_user_data)) {
|
|
184
|
+
if (schedule == nullptr) {
|
|
185
|
+
gpr_log(GPR_ERROR,
|
|
186
|
+
"Schedule API is nullptr in creating TLS server authorization "
|
|
187
|
+
"check config.");
|
|
188
|
+
return nullptr;
|
|
189
|
+
}
|
|
190
|
+
return grpc_core::New<grpc_tls_server_authorization_check_config>(
|
|
191
|
+
config_user_data, schedule, cancel, destruct);
|
|
192
|
+
}
|
|
@@ -0,0 +1,210 @@
|
|
|
1
|
+
/*
|
|
2
|
+
*
|
|
3
|
+
* Copyright 2018 gRPC authors.
|
|
4
|
+
*
|
|
5
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
* you may not use this file except in compliance with the License.
|
|
7
|
+
* You may obtain a copy of the License at
|
|
8
|
+
*
|
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
*
|
|
11
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
* See the License for the specific language governing permissions and
|
|
15
|
+
* limitations under the License.
|
|
16
|
+
*
|
|
17
|
+
*/
|
|
18
|
+
|
|
19
|
+
#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
|
|
20
|
+
#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
|
|
21
|
+
|
|
22
|
+
#include <grpc/support/port_platform.h>
|
|
23
|
+
|
|
24
|
+
#include <grpc/grpc_security.h>
|
|
25
|
+
|
|
26
|
+
#include "src/core/lib/gprpp/inlined_vector.h"
|
|
27
|
+
#include "src/core/lib/gprpp/ref_counted.h"
|
|
28
|
+
#include "src/core/lib/security/security_connector/ssl_utils.h"
|
|
29
|
+
|
|
30
|
+
/** TLS key materials config. **/
|
|
31
|
+
struct grpc_tls_key_materials_config
|
|
32
|
+
: public grpc_core::RefCounted<grpc_tls_key_materials_config> {
|
|
33
|
+
public:
|
|
34
|
+
typedef grpc_core::InlinedVector<grpc_core::PemKeyCertPair, 1>
|
|
35
|
+
PemKeyCertPairList;
|
|
36
|
+
|
|
37
|
+
/** Getters for member fields. **/
|
|
38
|
+
const char* pem_root_certs() const { return pem_root_certs_.get(); }
|
|
39
|
+
const PemKeyCertPairList& pem_key_cert_pair_list() const {
|
|
40
|
+
return pem_key_cert_pair_list_;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
/** Setters for member fields. **/
|
|
44
|
+
void set_key_materials(grpc_core::UniquePtr<char> pem_root_certs,
|
|
45
|
+
PemKeyCertPairList pem_key_cert_pair_list);
|
|
46
|
+
|
|
47
|
+
private:
|
|
48
|
+
PemKeyCertPairList pem_key_cert_pair_list_;
|
|
49
|
+
grpc_core::UniquePtr<char> pem_root_certs_;
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
/** TLS credential reload config. **/
|
|
53
|
+
struct grpc_tls_credential_reload_config
|
|
54
|
+
: public grpc_core::RefCounted<grpc_tls_credential_reload_config> {
|
|
55
|
+
public:
|
|
56
|
+
grpc_tls_credential_reload_config(
|
|
57
|
+
const void* config_user_data,
|
|
58
|
+
int (*schedule)(void* config_user_data,
|
|
59
|
+
grpc_tls_credential_reload_arg* arg),
|
|
60
|
+
void (*cancel)(void* config_user_data,
|
|
61
|
+
grpc_tls_credential_reload_arg* arg),
|
|
62
|
+
void (*destruct)(void* config_user_data));
|
|
63
|
+
~grpc_tls_credential_reload_config();
|
|
64
|
+
|
|
65
|
+
int Schedule(grpc_tls_credential_reload_arg* arg) const {
|
|
66
|
+
return schedule_(config_user_data_, arg);
|
|
67
|
+
}
|
|
68
|
+
void Cancel(grpc_tls_credential_reload_arg* arg) const {
|
|
69
|
+
if (cancel_ == nullptr) {
|
|
70
|
+
gpr_log(GPR_ERROR, "cancel API is nullptr.");
|
|
71
|
+
return;
|
|
72
|
+
}
|
|
73
|
+
cancel_(config_user_data_, arg);
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
private:
|
|
77
|
+
/** config-specific, read-only user data that works for all channels created
|
|
78
|
+
with a credential using the config. */
|
|
79
|
+
void* config_user_data_;
|
|
80
|
+
/** callback function for invoking credential reload API. The implementation
|
|
81
|
+
of this method has to be non-blocking, but can be performed synchronously
|
|
82
|
+
or asynchronously.
|
|
83
|
+
If processing occurs synchronously, it populates \a arg->key_materials, \a
|
|
84
|
+
arg->status, and \a arg->error_details and returns zero.
|
|
85
|
+
If processing occurs asynchronously, it returns a non-zero value.
|
|
86
|
+
Application then invokes \a arg->cb when processing is completed. Note that
|
|
87
|
+
\a arg->cb cannot be invoked before \a schedule returns.
|
|
88
|
+
*/
|
|
89
|
+
int (*schedule_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
|
|
90
|
+
/** callback function for cancelling a credential reload request scheduled via
|
|
91
|
+
an asynchronous \a schedule. \a arg is used to pinpoint an exact reloading
|
|
92
|
+
request to be cancelled, and the operation may not have any effect if the
|
|
93
|
+
request has already been processed. */
|
|
94
|
+
void (*cancel_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
|
|
95
|
+
/** callback function for cleaning up any data associated with credential
|
|
96
|
+
reload config. */
|
|
97
|
+
void (*destruct_)(void* config_user_data);
|
|
98
|
+
};
|
|
99
|
+
|
|
100
|
+
/** TLS server authorization check config. **/
|
|
101
|
+
struct grpc_tls_server_authorization_check_config
|
|
102
|
+
: public grpc_core::RefCounted<grpc_tls_server_authorization_check_config> {
|
|
103
|
+
public:
|
|
104
|
+
grpc_tls_server_authorization_check_config(
|
|
105
|
+
const void* config_user_data,
|
|
106
|
+
int (*schedule)(void* config_user_data,
|
|
107
|
+
grpc_tls_server_authorization_check_arg* arg),
|
|
108
|
+
void (*cancel)(void* config_user_data,
|
|
109
|
+
grpc_tls_server_authorization_check_arg* arg),
|
|
110
|
+
void (*destruct)(void* config_user_data));
|
|
111
|
+
~grpc_tls_server_authorization_check_config();
|
|
112
|
+
|
|
113
|
+
int Schedule(grpc_tls_server_authorization_check_arg* arg) const {
|
|
114
|
+
return schedule_(config_user_data_, arg);
|
|
115
|
+
}
|
|
116
|
+
void Cancel(grpc_tls_server_authorization_check_arg* arg) const {
|
|
117
|
+
if (cancel_ == nullptr) {
|
|
118
|
+
gpr_log(GPR_ERROR, "cancel API is nullptr.");
|
|
119
|
+
return;
|
|
120
|
+
}
|
|
121
|
+
cancel_(config_user_data_, arg);
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
private:
|
|
125
|
+
/** config-specific, read-only user data that works for all channels created
|
|
126
|
+
with a Credential using the config. */
|
|
127
|
+
void* config_user_data_;
|
|
128
|
+
|
|
129
|
+
/** callback function for invoking server authorization check. The
|
|
130
|
+
implementation of this method has to be non-blocking, but can be performed
|
|
131
|
+
synchronously or asynchronously.
|
|
132
|
+
If processing occurs synchronously, it populates \a arg->result, \a
|
|
133
|
+
arg->status, and \a arg->error_details, and returns zero.
|
|
134
|
+
If processing occurs asynchronously, it returns a non-zero value.
|
|
135
|
+
Application then invokes \a arg->cb when processing is completed. Note that
|
|
136
|
+
\a arg->cb cannot be invoked before \a schedule() returns.
|
|
137
|
+
*/
|
|
138
|
+
int (*schedule_)(void* config_user_data,
|
|
139
|
+
grpc_tls_server_authorization_check_arg* arg);
|
|
140
|
+
|
|
141
|
+
/** callback function for canceling a server authorization check request. */
|
|
142
|
+
void (*cancel_)(void* config_user_data,
|
|
143
|
+
grpc_tls_server_authorization_check_arg* arg);
|
|
144
|
+
|
|
145
|
+
/** callback function for cleaning up any data associated with server
|
|
146
|
+
authorization check config. */
|
|
147
|
+
void (*destruct_)(void* config_user_data);
|
|
148
|
+
};
|
|
149
|
+
|
|
150
|
+
/* TLS credentials options. */
|
|
151
|
+
struct grpc_tls_credentials_options
|
|
152
|
+
: public grpc_core::RefCounted<grpc_tls_credentials_options> {
|
|
153
|
+
public:
|
|
154
|
+
~grpc_tls_credentials_options() {
|
|
155
|
+
if (key_materials_config_.get() != nullptr) {
|
|
156
|
+
key_materials_config_.get()->Unref();
|
|
157
|
+
}
|
|
158
|
+
if (credential_reload_config_.get() != nullptr) {
|
|
159
|
+
credential_reload_config_.get()->Unref();
|
|
160
|
+
}
|
|
161
|
+
if (server_authorization_check_config_.get() != nullptr) {
|
|
162
|
+
server_authorization_check_config_.get()->Unref();
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
/* Getters for member fields. */
|
|
167
|
+
grpc_ssl_client_certificate_request_type cert_request_type() const {
|
|
168
|
+
return cert_request_type_;
|
|
169
|
+
}
|
|
170
|
+
grpc_tls_key_materials_config* key_materials_config() const {
|
|
171
|
+
return key_materials_config_.get();
|
|
172
|
+
}
|
|
173
|
+
grpc_tls_credential_reload_config* credential_reload_config() const {
|
|
174
|
+
return credential_reload_config_.get();
|
|
175
|
+
}
|
|
176
|
+
grpc_tls_server_authorization_check_config*
|
|
177
|
+
server_authorization_check_config() const {
|
|
178
|
+
return server_authorization_check_config_.get();
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
/* Setters for member fields. */
|
|
182
|
+
void set_cert_request_type(
|
|
183
|
+
const grpc_ssl_client_certificate_request_type type) {
|
|
184
|
+
cert_request_type_ = type;
|
|
185
|
+
}
|
|
186
|
+
void set_key_materials_config(
|
|
187
|
+
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> config) {
|
|
188
|
+
key_materials_config_ = std::move(config);
|
|
189
|
+
}
|
|
190
|
+
void set_credential_reload_config(
|
|
191
|
+
grpc_core::RefCountedPtr<grpc_tls_credential_reload_config> config) {
|
|
192
|
+
credential_reload_config_ = std::move(config);
|
|
193
|
+
}
|
|
194
|
+
void set_server_authorization_check_config(
|
|
195
|
+
grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
|
|
196
|
+
config) {
|
|
197
|
+
server_authorization_check_config_ = std::move(config);
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
private:
|
|
201
|
+
grpc_ssl_client_certificate_request_type cert_request_type_;
|
|
202
|
+
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> key_materials_config_;
|
|
203
|
+
grpc_core::RefCountedPtr<grpc_tls_credential_reload_config>
|
|
204
|
+
credential_reload_config_;
|
|
205
|
+
grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
|
|
206
|
+
server_authorization_check_config_;
|
|
207
|
+
};
|
|
208
|
+
|
|
209
|
+
#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H \
|
|
210
|
+
*/
|
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
/*
|
|
2
|
+
*
|
|
3
|
+
* Copyright 2018 gRPC authors.
|
|
4
|
+
*
|
|
5
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
* you may not use this file except in compliance with the License.
|
|
7
|
+
* You may obtain a copy of the License at
|
|
8
|
+
*
|
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
*
|
|
11
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
* See the License for the specific language governing permissions and
|
|
15
|
+
* limitations under the License.
|
|
16
|
+
*
|
|
17
|
+
*/
|
|
18
|
+
|
|
19
|
+
#include <grpc/support/port_platform.h>
|
|
20
|
+
|
|
21
|
+
#include "src/core/lib/security/credentials/tls/spiffe_credentials.h"
|
|
22
|
+
|
|
23
|
+
#include <cstring>
|
|
24
|
+
|
|
25
|
+
#include <grpc/grpc.h>
|
|
26
|
+
#include <grpc/support/alloc.h>
|
|
27
|
+
#include <grpc/support/log.h>
|
|
28
|
+
#include <grpc/support/string_util.h>
|
|
29
|
+
|
|
30
|
+
#include "src/core/lib/channel/channel_args.h"
|
|
31
|
+
#include "src/core/lib/security/security_connector/tls/spiffe_security_connector.h"
|
|
32
|
+
|
|
33
|
+
#define GRPC_CREDENTIALS_TYPE_SPIFFE "Spiffe"
|
|
34
|
+
|
|
35
|
+
namespace {
|
|
36
|
+
|
|
37
|
+
bool CredentialOptionSanityCheck(const grpc_tls_credentials_options* options,
|
|
38
|
+
bool is_client) {
|
|
39
|
+
if (options == nullptr) {
|
|
40
|
+
gpr_log(GPR_ERROR, "SPIFFE TLS credentials options is nullptr.");
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
if (options->key_materials_config() == nullptr &&
|
|
44
|
+
options->credential_reload_config() == nullptr) {
|
|
45
|
+
gpr_log(
|
|
46
|
+
GPR_ERROR,
|
|
47
|
+
"SPIFFE TLS credentials options must specify either key materials or "
|
|
48
|
+
"credential reload config.");
|
|
49
|
+
return false;
|
|
50
|
+
}
|
|
51
|
+
if (!is_client && options->server_authorization_check_config() != nullptr) {
|
|
52
|
+
gpr_log(GPR_INFO,
|
|
53
|
+
"Server's credentials options should not contain server "
|
|
54
|
+
"authorization check config.");
|
|
55
|
+
}
|
|
56
|
+
return true;
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
} // namespace
|
|
60
|
+
|
|
61
|
+
SpiffeCredentials::SpiffeCredentials(
|
|
62
|
+
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
|
|
63
|
+
: grpc_channel_credentials(GRPC_CREDENTIALS_TYPE_SPIFFE),
|
|
64
|
+
options_(std::move(options)) {}
|
|
65
|
+
|
|
66
|
+
SpiffeCredentials::~SpiffeCredentials() {}
|
|
67
|
+
|
|
68
|
+
grpc_core::RefCountedPtr<grpc_channel_security_connector>
|
|
69
|
+
SpiffeCredentials::create_security_connector(
|
|
70
|
+
grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
|
|
71
|
+
const char* target_name, const grpc_channel_args* args,
|
|
72
|
+
grpc_channel_args** new_args) {
|
|
73
|
+
const char* overridden_target_name = nullptr;
|
|
74
|
+
tsi_ssl_session_cache* ssl_session_cache = nullptr;
|
|
75
|
+
for (size_t i = 0; args != nullptr && i < args->num_args; i++) {
|
|
76
|
+
grpc_arg* arg = &args->args[i];
|
|
77
|
+
if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 &&
|
|
78
|
+
arg->type == GRPC_ARG_STRING) {
|
|
79
|
+
overridden_target_name = arg->value.string;
|
|
80
|
+
}
|
|
81
|
+
if (strcmp(arg->key, GRPC_SSL_SESSION_CACHE_ARG) == 0 &&
|
|
82
|
+
arg->type == GRPC_ARG_POINTER) {
|
|
83
|
+
ssl_session_cache =
|
|
84
|
+
static_cast<tsi_ssl_session_cache*>(arg->value.pointer.p);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
grpc_core::RefCountedPtr<grpc_channel_security_connector> sc =
|
|
88
|
+
SpiffeChannelSecurityConnector::CreateSpiffeChannelSecurityConnector(
|
|
89
|
+
this->Ref(), std::move(call_creds), target_name,
|
|
90
|
+
overridden_target_name, ssl_session_cache);
|
|
91
|
+
if (sc == nullptr) {
|
|
92
|
+
return nullptr;
|
|
93
|
+
}
|
|
94
|
+
grpc_arg new_arg = grpc_channel_arg_string_create(
|
|
95
|
+
(char*)GRPC_ARG_HTTP2_SCHEME, (char*)"https");
|
|
96
|
+
*new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1);
|
|
97
|
+
return sc;
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
SpiffeServerCredentials::SpiffeServerCredentials(
|
|
101
|
+
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
|
|
102
|
+
: grpc_server_credentials(GRPC_CREDENTIALS_TYPE_SPIFFE),
|
|
103
|
+
options_(std::move(options)) {}
|
|
104
|
+
|
|
105
|
+
SpiffeServerCredentials::~SpiffeServerCredentials() {}
|
|
106
|
+
|
|
107
|
+
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
|
108
|
+
SpiffeServerCredentials::create_security_connector() {
|
|
109
|
+
return SpiffeServerSecurityConnector::CreateSpiffeServerSecurityConnector(
|
|
110
|
+
this->Ref());
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
grpc_channel_credentials* grpc_tls_spiffe_credentials_create(
|
|
114
|
+
grpc_tls_credentials_options* options) {
|
|
115
|
+
if (!CredentialOptionSanityCheck(options, true /* is_client */)) {
|
|
116
|
+
return nullptr;
|
|
117
|
+
}
|
|
118
|
+
return grpc_core::New<SpiffeCredentials>(
|
|
119
|
+
grpc_core::RefCountedPtr<grpc_tls_credentials_options>(options));
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
grpc_server_credentials* grpc_tls_spiffe_server_credentials_create(
|
|
123
|
+
grpc_tls_credentials_options* options) {
|
|
124
|
+
if (!CredentialOptionSanityCheck(options, false /* is_client */)) {
|
|
125
|
+
return nullptr;
|
|
126
|
+
}
|
|
127
|
+
return grpc_core::New<SpiffeServerCredentials>(
|
|
128
|
+
grpc_core::RefCountedPtr<grpc_tls_credentials_options>(options));
|
|
129
|
+
}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
/*
|
|
2
|
+
*
|
|
3
|
+
* Copyright 2018 gRPC authors.
|
|
4
|
+
*
|
|
5
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
* you may not use this file except in compliance with the License.
|
|
7
|
+
* You may obtain a copy of the License at
|
|
8
|
+
*
|
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
*
|
|
11
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
* See the License for the specific language governing permissions and
|
|
15
|
+
* limitations under the License.
|
|
16
|
+
*
|
|
17
|
+
*/
|
|
18
|
+
|
|
19
|
+
#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_SPIFFE_CREDENTIALS_H
|
|
20
|
+
#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_SPIFFE_CREDENTIALS_H
|
|
21
|
+
|
|
22
|
+
#include <grpc/support/port_platform.h>
|
|
23
|
+
|
|
24
|
+
#include <grpc/grpc_security.h>
|
|
25
|
+
|
|
26
|
+
#include "src/core/lib/security/credentials/credentials.h"
|
|
27
|
+
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
|
|
28
|
+
|
|
29
|
+
class SpiffeCredentials final : public grpc_channel_credentials {
|
|
30
|
+
public:
|
|
31
|
+
explicit SpiffeCredentials(
|
|
32
|
+
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options);
|
|
33
|
+
~SpiffeCredentials() override;
|
|
34
|
+
|
|
35
|
+
grpc_core::RefCountedPtr<grpc_channel_security_connector>
|
|
36
|
+
create_security_connector(
|
|
37
|
+
grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
|
|
38
|
+
const char* target_name, const grpc_channel_args* args,
|
|
39
|
+
grpc_channel_args** new_args) override;
|
|
40
|
+
|
|
41
|
+
const grpc_tls_credentials_options& options() const { return *options_; }
|
|
42
|
+
|
|
43
|
+
private:
|
|
44
|
+
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options_;
|
|
45
|
+
};
|
|
46
|
+
|
|
47
|
+
class SpiffeServerCredentials final : public grpc_server_credentials {
|
|
48
|
+
public:
|
|
49
|
+
explicit SpiffeServerCredentials(
|
|
50
|
+
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options);
|
|
51
|
+
~SpiffeServerCredentials() override;
|
|
52
|
+
|
|
53
|
+
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
|
54
|
+
create_security_connector() override;
|
|
55
|
+
|
|
56
|
+
const grpc_tls_credentials_options& options() const { return *options_; }
|
|
57
|
+
|
|
58
|
+
private:
|
|
59
|
+
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options_;
|
|
60
|
+
};
|
|
61
|
+
|
|
62
|
+
#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_SPIFFE_CREDENTIALS_H */
|