grpc 1.32.0 → 1.33.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +175 -376
- data/include/grpc/grpc.h +0 -5
- data/include/grpc/grpc_security.h +16 -0
- data/include/grpc/impl/codegen/grpc_types.h +0 -5
- data/src/core/ext/filters/client_channel/client_channel.cc +204 -170
- data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
- data/src/core/ext/filters/client_channel/config_selector.h +34 -5
- data/src/core/ext/filters/client_channel/lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +106 -106
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -32
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +198 -126
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +439 -249
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds_drop.cc +571 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +727 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +553 -358
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +8 -39
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +4 -2
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +44 -43
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +5 -9
- data/src/core/ext/filters/client_channel/server_address.cc +80 -0
- data/src/core/ext/filters/client_channel/server_address.h +25 -36
- data/src/core/ext/filters/client_channel/service_config.cc +16 -13
- data/src/core/ext/filters/client_channel/service_config.h +7 -4
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
- data/src/core/ext/filters/client_channel/subchannel_interface.h +44 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +2 -1
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +17 -10
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +10 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +10 -0
- data/src/core/ext/transport/chttp2/transport/internal.h +5 -0
- data/src/core/ext/transport/chttp2/transport/parsing.cc +16 -2
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +29 -9
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +66 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +123 -45
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +310 -53
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +17 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +45 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +16 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +38 -15
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +54 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +123 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +40 -16
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +114 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +85 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +36 -16
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +86 -20
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +23 -6
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +54 -5
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +10 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +28 -11
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +184 -57
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +504 -69
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +6 -5
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +78 -26
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +236 -25
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +8 -9
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +19 -33
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +7 -3
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +16 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +65 -23
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +229 -47
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +20 -10
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +67 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +6 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +753 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +57 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +53 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +129 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +77 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +85 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +160 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +84 -0
- data/src/core/ext/xds/certificate_provider_factory.h +59 -0
- data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
- data/src/core/ext/xds/certificate_provider_registry.h +57 -0
- data/src/core/ext/xds/certificate_provider_store.h +50 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +377 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +102 -0
- data/src/core/ext/xds/xds_api.cc +301 -93
- data/src/core/ext/xds/xds_api.h +129 -92
- data/src/core/ext/xds/xds_channel_args.h +6 -3
- data/src/core/ext/xds/xds_client.cc +498 -410
- data/src/core/ext/xds/xds_client.h +105 -51
- data/src/core/ext/xds/xds_client_stats.cc +18 -12
- data/src/core/ext/xds/xds_client_stats.h +33 -5
- data/src/core/lib/channel/channel_args.h +0 -1
- data/src/core/lib/channel/channelz.cc +10 -45
- data/src/core/lib/channel/channelz.h +11 -19
- data/src/core/lib/channel/channelz_registry.cc +12 -11
- data/src/core/lib/channel/channelz_registry.h +3 -0
- data/src/core/lib/gpr/time_precise.cc +2 -0
- data/src/core/lib/gpr/time_precise.h +6 -2
- data/src/core/lib/gprpp/dual_ref_counted.h +336 -0
- data/src/core/lib/gprpp/ref_counted.h +51 -22
- data/src/core/lib/gprpp/ref_counted_ptr.h +153 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -5
- data/src/core/lib/iomgr/exec_ctx.h +10 -8
- data/src/core/lib/json/json_util.cc +58 -0
- data/src/core/lib/json/json_util.h +37 -0
- data/src/core/lib/security/certificate_provider.h +60 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +321 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +214 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +45 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.h +51 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +6 -10
- data/src/core/lib/security/security_connector/ssl_utils.h +5 -0
- data/src/core/lib/surface/channel.cc +9 -31
- data/src/core/lib/surface/channel.h +6 -1
- data/src/core/lib/surface/init.cc +26 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.h +2 -1
- data/src/core/lib/transport/connectivity_state.h +2 -2
- data/src/core/lib/transport/metadata.cc +11 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +35 -20
- data/src/core/tsi/ssl_transport_security.cc +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +3 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/err_data.c +465 -463
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -6
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +98 -11
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +51 -6
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +44 -2
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +221 -49
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +64 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +7 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +21 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +24 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +13 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +12 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +4 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +9 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +26 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +188 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +52 -43
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +18 -18
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +9 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +4 -8
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +2 -2
- metadata +72 -42
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -537
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1141
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -29
- data/src/core/ext/xds/xds_channel.h +0 -46
- data/src/core/ext/xds/xds_channel_secure.cc +0 -103
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
@@ -0,0 +1,59 @@
|
|
1
|
+
//
|
2
|
+
//
|
3
|
+
// Copyright 2020 gRPC authors.
|
4
|
+
//
|
5
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
// you may not use this file except in compliance with the License.
|
7
|
+
// You may obtain a copy of the License at
|
8
|
+
//
|
9
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
//
|
11
|
+
// Unless required by applicable law or agreed to in writing, software
|
12
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
// See the License for the specific language governing permissions and
|
15
|
+
// limitations under the License.
|
16
|
+
//
|
17
|
+
//
|
18
|
+
|
19
|
+
#ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_FACTORY_H
|
20
|
+
#define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_FACTORY_H
|
21
|
+
|
22
|
+
#include <grpc/support/port_platform.h>
|
23
|
+
|
24
|
+
#include "src/core/lib/iomgr/error.h"
|
25
|
+
#include "src/core/lib/json/json.h"
|
26
|
+
#include "src/core/lib/security/certificate_provider.h"
|
27
|
+
|
28
|
+
namespace grpc_core {
|
29
|
+
|
30
|
+
// Factories for plugins. Each plugin implementation should create its own
|
31
|
+
// factory implementation and register an instance with the registry.
|
32
|
+
class CertificateProviderFactory {
|
33
|
+
public:
|
34
|
+
// Interface for configs for CertificateProviders.
|
35
|
+
class Config {
|
36
|
+
public:
|
37
|
+
virtual ~Config() = default;
|
38
|
+
|
39
|
+
// Name of the type of the CertificateProvider. Unique to each type of
|
40
|
+
// config.
|
41
|
+
virtual const char* name() const = 0;
|
42
|
+
};
|
43
|
+
|
44
|
+
virtual ~CertificateProviderFactory() = default;
|
45
|
+
|
46
|
+
// Name of the plugin.
|
47
|
+
virtual const char* name() const = 0;
|
48
|
+
|
49
|
+
virtual std::unique_ptr<Config> CreateCertificateProviderConfig(
|
50
|
+
const Json& config_json, grpc_error** error) = 0;
|
51
|
+
|
52
|
+
// Create a CertificateProvider instance from config.
|
53
|
+
virtual RefCountedPtr<grpc_tls_certificate_provider>
|
54
|
+
CreateCertificateProvider(std::unique_ptr<Config> config) = 0;
|
55
|
+
};
|
56
|
+
|
57
|
+
} // namespace grpc_core
|
58
|
+
|
59
|
+
#endif // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_FACTORY_H
|
@@ -0,0 +1,103 @@
|
|
1
|
+
//
|
2
|
+
//
|
3
|
+
// Copyright 2020 gRPC authors.
|
4
|
+
//
|
5
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
// you may not use this file except in compliance with the License.
|
7
|
+
// You may obtain a copy of the License at
|
8
|
+
//
|
9
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
//
|
11
|
+
// Unless required by applicable law or agreed to in writing, software
|
12
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
// See the License for the specific language governing permissions and
|
15
|
+
// limitations under the License.
|
16
|
+
//
|
17
|
+
//
|
18
|
+
|
19
|
+
#include <grpc/support/port_platform.h>
|
20
|
+
|
21
|
+
#include "absl/container/inlined_vector.h"
|
22
|
+
|
23
|
+
#include "src/core/ext/xds/certificate_provider_registry.h"
|
24
|
+
|
25
|
+
namespace grpc_core {
|
26
|
+
|
27
|
+
namespace {
|
28
|
+
|
29
|
+
class RegistryState {
|
30
|
+
public:
|
31
|
+
void RegisterCertificateProviderFactory(
|
32
|
+
std::unique_ptr<CertificateProviderFactory> factory) {
|
33
|
+
gpr_log(GPR_DEBUG, "registering certificate provider factory for \"%s\"",
|
34
|
+
factory->name());
|
35
|
+
for (size_t i = 0; i < factories_.size(); ++i) {
|
36
|
+
GPR_ASSERT(strcmp(factories_[i]->name(), factory->name()) != 0);
|
37
|
+
}
|
38
|
+
factories_.push_back(std::move(factory));
|
39
|
+
}
|
40
|
+
|
41
|
+
CertificateProviderFactory* LookupCertificateProviderFactory(
|
42
|
+
absl::string_view name) const {
|
43
|
+
for (size_t i = 0; i < factories_.size(); ++i) {
|
44
|
+
if (name == factories_[i]->name()) {
|
45
|
+
return factories_[i].get();
|
46
|
+
}
|
47
|
+
}
|
48
|
+
return nullptr;
|
49
|
+
}
|
50
|
+
|
51
|
+
private:
|
52
|
+
// We currently support 3 factories without doing additional
|
53
|
+
// allocation. This number could be raised if there is a case where
|
54
|
+
// more factories are needed and the additional allocations are
|
55
|
+
// hurting performance (which is unlikely, since these allocations
|
56
|
+
// only occur at gRPC initialization time).
|
57
|
+
absl::InlinedVector<std::unique_ptr<CertificateProviderFactory>, 3>
|
58
|
+
factories_;
|
59
|
+
};
|
60
|
+
|
61
|
+
static RegistryState* g_state = nullptr;
|
62
|
+
|
63
|
+
} // namespace
|
64
|
+
|
65
|
+
//
|
66
|
+
// CertificateProviderRegistry
|
67
|
+
//
|
68
|
+
|
69
|
+
CertificateProviderFactory*
|
70
|
+
CertificateProviderRegistry::LookupCertificateProviderFactory(
|
71
|
+
absl::string_view name) {
|
72
|
+
GPR_ASSERT(g_state != nullptr);
|
73
|
+
return g_state->LookupCertificateProviderFactory(name);
|
74
|
+
}
|
75
|
+
|
76
|
+
void CertificateProviderRegistry::InitRegistry() {
|
77
|
+
if (g_state == nullptr) g_state = new RegistryState();
|
78
|
+
}
|
79
|
+
|
80
|
+
void CertificateProviderRegistry::ShutdownRegistry() {
|
81
|
+
delete g_state;
|
82
|
+
g_state = nullptr;
|
83
|
+
}
|
84
|
+
|
85
|
+
void CertificateProviderRegistry::RegisterCertificateProviderFactory(
|
86
|
+
std::unique_ptr<CertificateProviderFactory> factory) {
|
87
|
+
InitRegistry();
|
88
|
+
g_state->RegisterCertificateProviderFactory(std::move(factory));
|
89
|
+
}
|
90
|
+
|
91
|
+
} // namespace grpc_core
|
92
|
+
|
93
|
+
//
|
94
|
+
// Plugin registration
|
95
|
+
//
|
96
|
+
|
97
|
+
void grpc_certificate_provider_registry_init() {
|
98
|
+
grpc_core::CertificateProviderRegistry::InitRegistry();
|
99
|
+
}
|
100
|
+
|
101
|
+
void grpc_certificate_provider_registry_shutdown() {
|
102
|
+
grpc_core::CertificateProviderRegistry::ShutdownRegistry();
|
103
|
+
}
|
@@ -0,0 +1,57 @@
|
|
1
|
+
//
|
2
|
+
//
|
3
|
+
// Copyright 2020 gRPC authors.
|
4
|
+
//
|
5
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
// you may not use this file except in compliance with the License.
|
7
|
+
// You may obtain a copy of the License at
|
8
|
+
//
|
9
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
//
|
11
|
+
// Unless required by applicable law or agreed to in writing, software
|
12
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
// See the License for the specific language governing permissions and
|
15
|
+
// limitations under the License.
|
16
|
+
//
|
17
|
+
//
|
18
|
+
|
19
|
+
#ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_REGISTRY_H
|
20
|
+
#define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_REGISTRY_H
|
21
|
+
|
22
|
+
#include <grpc/support/port_platform.h>
|
23
|
+
|
24
|
+
#include <string>
|
25
|
+
|
26
|
+
#include "src/core/ext/xds/certificate_provider_factory.h"
|
27
|
+
|
28
|
+
namespace grpc_core {
|
29
|
+
|
30
|
+
// Global registry for all the certificate provider plugins.
|
31
|
+
class CertificateProviderRegistry {
|
32
|
+
public:
|
33
|
+
// Returns the factory for the plugin keyed by name.
|
34
|
+
static CertificateProviderFactory* LookupCertificateProviderFactory(
|
35
|
+
absl::string_view name);
|
36
|
+
|
37
|
+
// The following methods are used to create and populate the
|
38
|
+
// CertificateProviderRegistry. NOT THREAD SAFE -- to be used only during
|
39
|
+
// global gRPC initialization and shutdown.
|
40
|
+
|
41
|
+
// Global initialization of the registry.
|
42
|
+
static void InitRegistry();
|
43
|
+
|
44
|
+
// Global shutdown of the registry.
|
45
|
+
static void ShutdownRegistry();
|
46
|
+
|
47
|
+
// Register a provider with the registry. Can only be called after calling
|
48
|
+
// InitRegistry(). The key of the factory is extracted from factory
|
49
|
+
// parameter with method CertificateProviderFactory::name. If the same key
|
50
|
+
// is registered twice, an exception is raised.
|
51
|
+
static void RegisterCertificateProviderFactory(
|
52
|
+
std::unique_ptr<CertificateProviderFactory> factory);
|
53
|
+
};
|
54
|
+
|
55
|
+
} // namespace grpc_core
|
56
|
+
|
57
|
+
#endif // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_REGISTRY_H
|
@@ -0,0 +1,50 @@
|
|
1
|
+
//
|
2
|
+
//
|
3
|
+
// Copyright 2020 gRPC authors.
|
4
|
+
//
|
5
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
// you may not use this file except in compliance with the License.
|
7
|
+
// You may obtain a copy of the License at
|
8
|
+
//
|
9
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
//
|
11
|
+
// Unless required by applicable law or agreed to in writing, software
|
12
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
// See the License for the specific language governing permissions and
|
15
|
+
// limitations under the License.
|
16
|
+
//
|
17
|
+
//
|
18
|
+
|
19
|
+
#ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
|
20
|
+
#define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
|
21
|
+
|
22
|
+
#include <grpc/support/port_platform.h>
|
23
|
+
|
24
|
+
#include <map>
|
25
|
+
|
26
|
+
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
27
|
+
#include "src/core/lib/gprpp/sync.h"
|
28
|
+
#include "src/core/lib/security/certificate_provider.h"
|
29
|
+
|
30
|
+
namespace grpc_core {
|
31
|
+
|
32
|
+
// Map for xDS based grpc_tls_certificate_provider instances.
|
33
|
+
class CertificateProviderStore {
|
34
|
+
public:
|
35
|
+
// If a provider corresponding to the config is found, a raw pointer to the
|
36
|
+
// grpc_tls_certificate_provider in the map is returned. If no provider is
|
37
|
+
// found for a key, a new provider is created. The CertificateProviderStore
|
38
|
+
// maintains a ref to the grpc_tls_certificate_provider for its entire
|
39
|
+
// lifetime.
|
40
|
+
RefCountedPtr<grpc_tls_certificate_provider> CreateOrGetCertificateProvider(
|
41
|
+
absl::string_view key);
|
42
|
+
|
43
|
+
private:
|
44
|
+
// Underlying map for the providers.
|
45
|
+
std::map<std::string, RefCountedPtr<grpc_tls_certificate_provider>> map_;
|
46
|
+
};
|
47
|
+
|
48
|
+
} // namespace grpc_core
|
49
|
+
|
50
|
+
#endif // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H
|
@@ -0,0 +1,377 @@
|
|
1
|
+
//
|
2
|
+
//
|
3
|
+
// Copyright 2020 gRPC authors.
|
4
|
+
//
|
5
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
// you may not use this file except in compliance with the License.
|
7
|
+
// You may obtain a copy of the License at
|
8
|
+
//
|
9
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
//
|
11
|
+
// Unless required by applicable law or agreed to in writing, software
|
12
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
// See the License for the specific language governing permissions and
|
15
|
+
// limitations under the License.
|
16
|
+
//
|
17
|
+
//
|
18
|
+
|
19
|
+
#include <grpc/support/port_platform.h>
|
20
|
+
|
21
|
+
#include "src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h"
|
22
|
+
|
23
|
+
#include <sstream>
|
24
|
+
#include <type_traits>
|
25
|
+
|
26
|
+
#include "absl/strings/str_cat.h"
|
27
|
+
|
28
|
+
#include <grpc/support/string_util.h>
|
29
|
+
|
30
|
+
#include "src/core/lib/gpr/string.h"
|
31
|
+
#include "src/core/lib/iomgr/error.h"
|
32
|
+
#include "src/core/lib/json/json_util.h"
|
33
|
+
|
34
|
+
namespace grpc_core {
|
35
|
+
|
36
|
+
namespace {
|
37
|
+
|
38
|
+
const char* kMeshCaPlugin = "meshCA";
|
39
|
+
|
40
|
+
//
|
41
|
+
// Helper functions for extracting types from JSON
|
42
|
+
//
|
43
|
+
template <typename NumericType, typename ErrorVectorType>
|
44
|
+
bool ExtractJsonType(const Json& json, const std::string& field_name,
|
45
|
+
NumericType* output, ErrorVectorType* error_list) {
|
46
|
+
static_assert(std::is_integral<NumericType>::value, "Integral required");
|
47
|
+
if (json.type() != Json::Type::NUMBER) {
|
48
|
+
error_list->push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
49
|
+
absl::StrCat("field:", field_name, " error:type should be NUMBER")
|
50
|
+
.c_str()));
|
51
|
+
return false;
|
52
|
+
}
|
53
|
+
std::istringstream ss(json.string_value());
|
54
|
+
ss >> *output;
|
55
|
+
// The JSON parsing API should have dealt with parsing errors, but check
|
56
|
+
// anyway
|
57
|
+
if (GPR_UNLIKELY(ss.bad())) {
|
58
|
+
error_list->push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
59
|
+
absl::StrCat("field:", field_name, " error:failed to parse.").c_str()));
|
60
|
+
return false;
|
61
|
+
}
|
62
|
+
return true;
|
63
|
+
}
|
64
|
+
|
65
|
+
template <typename ErrorVectorType>
|
66
|
+
bool ExtractJsonType(const Json& json, const std::string& field_name,
|
67
|
+
bool* output, ErrorVectorType* error_list) {
|
68
|
+
switch (json.type()) {
|
69
|
+
case Json::Type::JSON_TRUE:
|
70
|
+
*output = true;
|
71
|
+
return true;
|
72
|
+
case Json::Type::JSON_FALSE:
|
73
|
+
*output = false;
|
74
|
+
return true;
|
75
|
+
default:
|
76
|
+
error_list->push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
77
|
+
absl::StrCat("field:", field_name, " error:type should be BOOLEAN")
|
78
|
+
.c_str()));
|
79
|
+
return false;
|
80
|
+
}
|
81
|
+
}
|
82
|
+
|
83
|
+
template <typename ErrorVectorType>
|
84
|
+
bool ExtractJsonType(const Json& json, const std::string& field_name,
|
85
|
+
std::string* output, ErrorVectorType* error_list) {
|
86
|
+
if (json.type() != Json::Type::STRING) {
|
87
|
+
*output = "";
|
88
|
+
error_list->push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
89
|
+
absl::StrCat("field:", field_name, " error:type should be STRING")
|
90
|
+
.c_str()));
|
91
|
+
return false;
|
92
|
+
}
|
93
|
+
*output = json.string_value();
|
94
|
+
return true;
|
95
|
+
}
|
96
|
+
|
97
|
+
template <typename ErrorVectorType>
|
98
|
+
bool ExtractJsonType(const Json& json, const std::string& field_name,
|
99
|
+
const Json::Array** output, ErrorVectorType* error_list) {
|
100
|
+
if (json.type() != Json::Type::ARRAY) {
|
101
|
+
*output = nullptr;
|
102
|
+
error_list->push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
103
|
+
absl::StrCat("field:", field_name, " error:type should be ARRAY")
|
104
|
+
.c_str()));
|
105
|
+
return false;
|
106
|
+
}
|
107
|
+
*output = &json.array_value();
|
108
|
+
return true;
|
109
|
+
}
|
110
|
+
|
111
|
+
template <typename ErrorVectorType>
|
112
|
+
bool ExtractJsonType(const Json& json, const std::string& field_name,
|
113
|
+
const Json::Object** output, ErrorVectorType* error_list) {
|
114
|
+
if (json.type() != Json::Type::OBJECT) {
|
115
|
+
*output = nullptr;
|
116
|
+
error_list->push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
117
|
+
absl::StrCat("field:", field_name, " error:type should be OBJECT")
|
118
|
+
.c_str()));
|
119
|
+
return false;
|
120
|
+
}
|
121
|
+
*output = &json.object_value();
|
122
|
+
return true;
|
123
|
+
}
|
124
|
+
|
125
|
+
template <typename ErrorVectorType>
|
126
|
+
bool ExtractJsonType(const Json& json, const std::string& field_name,
|
127
|
+
grpc_millis* output, ErrorVectorType* error_list) {
|
128
|
+
if (!ParseDurationFromJson(json, output)) {
|
129
|
+
*output = GRPC_MILLIS_INF_PAST;
|
130
|
+
error_list->push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
131
|
+
absl::StrCat("field:", field_name,
|
132
|
+
" error:type should be STRING of the form given by "
|
133
|
+
"google.proto.Duration.")
|
134
|
+
.c_str()));
|
135
|
+
return false;
|
136
|
+
}
|
137
|
+
return true;
|
138
|
+
}
|
139
|
+
|
140
|
+
template <typename T, typename ErrorVectorType>
|
141
|
+
bool ParseJsonObjectField(const Json::Object& object,
|
142
|
+
const std::string& field_name, T* output,
|
143
|
+
ErrorVectorType* error_list, bool optional = false) {
|
144
|
+
auto it = object.find(field_name);
|
145
|
+
if (it == object.end()) {
|
146
|
+
if (!optional) {
|
147
|
+
error_list->push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
148
|
+
absl::StrCat("field:", field_name, " error:does not exist.")
|
149
|
+
.c_str()));
|
150
|
+
}
|
151
|
+
return false;
|
152
|
+
}
|
153
|
+
auto& child_object_json = it->second;
|
154
|
+
return ExtractJsonType(child_object_json, field_name, output, error_list);
|
155
|
+
}
|
156
|
+
|
157
|
+
} // namespace
|
158
|
+
|
159
|
+
//
|
160
|
+
// GoogleMeshCaCertificateProviderFactory::Config
|
161
|
+
//
|
162
|
+
|
163
|
+
const char* GoogleMeshCaCertificateProviderFactory::Config::name() const {
|
164
|
+
return kMeshCaPlugin;
|
165
|
+
}
|
166
|
+
|
167
|
+
std::vector<grpc_error*>
|
168
|
+
GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectStsService(
|
169
|
+
const Json::Object& sts_service) {
|
170
|
+
std::vector<grpc_error*> error_list_sts_service;
|
171
|
+
if (!ParseJsonObjectField(sts_service, "token_exchange_service_uri",
|
172
|
+
&sts_config_.token_exchange_service_uri,
|
173
|
+
&error_list_sts_service, true)) {
|
174
|
+
sts_config_.token_exchange_service_uri =
|
175
|
+
"securetoken.googleapis.com"; // default
|
176
|
+
}
|
177
|
+
ParseJsonObjectField(sts_service, "resource", &sts_config_.resource,
|
178
|
+
&error_list_sts_service, true);
|
179
|
+
ParseJsonObjectField(sts_service, "audience", &sts_config_.audience,
|
180
|
+
&error_list_sts_service, true);
|
181
|
+
if (!ParseJsonObjectField(sts_service, "scope", &sts_config_.scope,
|
182
|
+
&error_list_sts_service, true)) {
|
183
|
+
sts_config_.scope =
|
184
|
+
"https://www.googleapis.com/auth/cloud-platform"; // default
|
185
|
+
}
|
186
|
+
ParseJsonObjectField(sts_service, "requested_token_type",
|
187
|
+
&sts_config_.requested_token_type,
|
188
|
+
&error_list_sts_service, true);
|
189
|
+
ParseJsonObjectField(sts_service, "subject_token_path",
|
190
|
+
&sts_config_.subject_token_path,
|
191
|
+
&error_list_sts_service);
|
192
|
+
ParseJsonObjectField(sts_service, "subject_token_type",
|
193
|
+
&sts_config_.subject_token_type,
|
194
|
+
&error_list_sts_service);
|
195
|
+
ParseJsonObjectField(sts_service, "actor_token_path",
|
196
|
+
&sts_config_.actor_token_path, &error_list_sts_service,
|
197
|
+
true);
|
198
|
+
ParseJsonObjectField(sts_service, "actor_token_type",
|
199
|
+
&sts_config_.actor_token_type, &error_list_sts_service,
|
200
|
+
true);
|
201
|
+
return error_list_sts_service;
|
202
|
+
}
|
203
|
+
|
204
|
+
std::vector<grpc_error*>
|
205
|
+
GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectCallCredentials(
|
206
|
+
const Json::Object& call_credentials) {
|
207
|
+
std::vector<grpc_error*> error_list_call_credentials;
|
208
|
+
const Json::Object* sts_service = nullptr;
|
209
|
+
if (ParseJsonObjectField(call_credentials, "sts_service", &sts_service,
|
210
|
+
&error_list_call_credentials)) {
|
211
|
+
std::vector<grpc_error*> error_list_sts_service =
|
212
|
+
ParseJsonObjectStsService(*sts_service);
|
213
|
+
if (!error_list_sts_service.empty()) {
|
214
|
+
error_list_call_credentials.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
|
215
|
+
"field:sts_service", &error_list_sts_service));
|
216
|
+
}
|
217
|
+
}
|
218
|
+
return error_list_call_credentials;
|
219
|
+
}
|
220
|
+
|
221
|
+
std::vector<grpc_error*>
|
222
|
+
GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectGoogleGrpc(
|
223
|
+
const Json::Object& google_grpc) {
|
224
|
+
std::vector<grpc_error*> error_list_google_grpc;
|
225
|
+
if (!ParseJsonObjectField(google_grpc, "target_uri", &endpoint_,
|
226
|
+
&error_list_google_grpc, true)) {
|
227
|
+
endpoint_ = "meshca.googleapis.com"; // Default target
|
228
|
+
}
|
229
|
+
const Json::Array* call_credentials_array = nullptr;
|
230
|
+
if (ParseJsonObjectField(google_grpc, "call_credentials",
|
231
|
+
&call_credentials_array, &error_list_google_grpc)) {
|
232
|
+
if (call_credentials_array->size() != 1) {
|
233
|
+
error_list_google_grpc.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
234
|
+
"field:call_credentials error:Need exactly one entry."));
|
235
|
+
} else {
|
236
|
+
const Json::Object* call_credentials = nullptr;
|
237
|
+
if (ExtractJsonType((*call_credentials_array)[0], "call_credentials[0]",
|
238
|
+
&call_credentials, &error_list_google_grpc)) {
|
239
|
+
std::vector<grpc_error*> error_list_call_credentials =
|
240
|
+
ParseJsonObjectCallCredentials(*call_credentials);
|
241
|
+
if (!error_list_call_credentials.empty()) {
|
242
|
+
error_list_google_grpc.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
|
243
|
+
"field:call_credentials", &error_list_call_credentials));
|
244
|
+
}
|
245
|
+
}
|
246
|
+
}
|
247
|
+
}
|
248
|
+
|
249
|
+
return error_list_google_grpc;
|
250
|
+
}
|
251
|
+
|
252
|
+
std::vector<grpc_error*>
|
253
|
+
GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectGrpcServices(
|
254
|
+
const Json::Object& grpc_service) {
|
255
|
+
std::vector<grpc_error*> error_list_grpc_services;
|
256
|
+
const Json::Object* google_grpc = nullptr;
|
257
|
+
if (ParseJsonObjectField(grpc_service, "google_grpc", &google_grpc,
|
258
|
+
&error_list_grpc_services)) {
|
259
|
+
std::vector<grpc_error*> error_list_google_grpc =
|
260
|
+
ParseJsonObjectGoogleGrpc(*google_grpc);
|
261
|
+
if (!error_list_google_grpc.empty()) {
|
262
|
+
error_list_grpc_services.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
|
263
|
+
"field:google_grpc", &error_list_google_grpc));
|
264
|
+
}
|
265
|
+
}
|
266
|
+
if (!ParseJsonObjectField(grpc_service, "timeout", &timeout_,
|
267
|
+
&error_list_grpc_services, true)) {
|
268
|
+
timeout_ = 10 * 1000; // 10sec default
|
269
|
+
}
|
270
|
+
return error_list_grpc_services;
|
271
|
+
}
|
272
|
+
|
273
|
+
std::vector<grpc_error*>
|
274
|
+
GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectServer(
|
275
|
+
const Json::Object& server) {
|
276
|
+
std::vector<grpc_error*> error_list_server;
|
277
|
+
std::string api_type;
|
278
|
+
if (ParseJsonObjectField(server, "api_type", &api_type, &error_list_server,
|
279
|
+
true)) {
|
280
|
+
if (api_type != "GRPC") {
|
281
|
+
error_list_server.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
282
|
+
"field:api_type error:Only GRPC is supported"));
|
283
|
+
}
|
284
|
+
}
|
285
|
+
const Json::Array* grpc_services = nullptr;
|
286
|
+
if (ParseJsonObjectField(server, "grpc_services", &grpc_services,
|
287
|
+
&error_list_server)) {
|
288
|
+
if (grpc_services->size() != 1) {
|
289
|
+
error_list_server.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
290
|
+
"field:grpc_services error:Need exactly one entry"));
|
291
|
+
} else {
|
292
|
+
const Json::Object* grpc_service = nullptr;
|
293
|
+
if (ExtractJsonType((*grpc_services)[0], "grpc_services[0]",
|
294
|
+
&grpc_service, &error_list_server)) {
|
295
|
+
std::vector<grpc_error*> error_list_grpc_services =
|
296
|
+
ParseJsonObjectGrpcServices(*grpc_service);
|
297
|
+
if (!error_list_grpc_services.empty()) {
|
298
|
+
error_list_server.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
|
299
|
+
"field:grpc_services", &error_list_grpc_services));
|
300
|
+
}
|
301
|
+
}
|
302
|
+
}
|
303
|
+
}
|
304
|
+
return error_list_server;
|
305
|
+
}
|
306
|
+
|
307
|
+
std::unique_ptr<GoogleMeshCaCertificateProviderFactory::Config>
|
308
|
+
GoogleMeshCaCertificateProviderFactory::Config::Parse(const Json& config_json,
|
309
|
+
grpc_error** error) {
|
310
|
+
auto config =
|
311
|
+
absl::make_unique<GoogleMeshCaCertificateProviderFactory::Config>();
|
312
|
+
if (config_json.type() != Json::Type::OBJECT) {
|
313
|
+
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
314
|
+
"error:config type should be OBJECT.");
|
315
|
+
return nullptr;
|
316
|
+
}
|
317
|
+
std::vector<grpc_error*> error_list;
|
318
|
+
const Json::Object* server = nullptr;
|
319
|
+
if (ParseJsonObjectField(config_json.object_value(), "server", &server,
|
320
|
+
&error_list)) {
|
321
|
+
std::vector<grpc_error*> error_list_server =
|
322
|
+
config->ParseJsonObjectServer(*server);
|
323
|
+
if (!error_list_server.empty()) {
|
324
|
+
error_list.push_back(
|
325
|
+
GRPC_ERROR_CREATE_FROM_VECTOR("field:server", &error_list_server));
|
326
|
+
}
|
327
|
+
}
|
328
|
+
if (!ParseJsonObjectField(config_json.object_value(), "certificate_lifetime",
|
329
|
+
&config->certificate_lifetime_, &error_list,
|
330
|
+
true)) {
|
331
|
+
config->certificate_lifetime_ = 24 * 60 * 60 * 1000; // 24hrs default
|
332
|
+
}
|
333
|
+
if (!ParseJsonObjectField(config_json.object_value(), "renewal_grace_period",
|
334
|
+
&config->renewal_grace_period_, &error_list,
|
335
|
+
true)) {
|
336
|
+
config->renewal_grace_period_ = 12 * 60 * 60 * 1000; // 12hrs default
|
337
|
+
}
|
338
|
+
std::string key_type;
|
339
|
+
if (ParseJsonObjectField(config_json.object_value(), "key_type", &key_type,
|
340
|
+
&error_list, true)) {
|
341
|
+
if (key_type != "RSA") {
|
342
|
+
error_list.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
343
|
+
"field:key_type error:Only RSA is supported."));
|
344
|
+
}
|
345
|
+
}
|
346
|
+
if (!ParseJsonObjectField(config_json.object_value(), "key_size",
|
347
|
+
&config->key_size_, &error_list, true)) {
|
348
|
+
config->key_size_ = 2048; // default 2048 bit key size
|
349
|
+
}
|
350
|
+
if (!ParseJsonObjectField(config_json.object_value(), "location",
|
351
|
+
&config->location_, &error_list, true)) {
|
352
|
+
// GCE/GKE Metadata server needs to be contacted to get the value.
|
353
|
+
}
|
354
|
+
if (!error_list.empty()) {
|
355
|
+
*error = GRPC_ERROR_CREATE_FROM_VECTOR(
|
356
|
+
"Error parsing google Mesh CA config", &error_list);
|
357
|
+
return nullptr;
|
358
|
+
}
|
359
|
+
return config;
|
360
|
+
}
|
361
|
+
|
362
|
+
//
|
363
|
+
// GoogleMeshCaCertificateProviderFactory
|
364
|
+
//
|
365
|
+
|
366
|
+
const char* GoogleMeshCaCertificateProviderFactory::name() const {
|
367
|
+
return kMeshCaPlugin;
|
368
|
+
}
|
369
|
+
|
370
|
+
std::unique_ptr<CertificateProviderFactory::Config>
|
371
|
+
GoogleMeshCaCertificateProviderFactory::CreateCertificateProviderConfig(
|
372
|
+
const Json& config_json, grpc_error** error) {
|
373
|
+
return GoogleMeshCaCertificateProviderFactory::Config::Parse(config_json,
|
374
|
+
error);
|
375
|
+
}
|
376
|
+
|
377
|
+
} // namespace grpc_core
|