grpc 1.33.0.pre1 → 1.34.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +342 -134
- data/include/grpc/grpc.h +1 -2
- data/include/grpc/grpc_security.h +149 -172
- data/include/grpc/impl/codegen/grpc_types.h +9 -2
- data/include/grpc/impl/codegen/port_platform.h +22 -55
- data/src/core/ext/filters/client_channel/client_channel.cc +11 -34
- data/src/core/ext/filters/client_channel/config_selector.h +2 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +4 -1
- data/src/core/ext/filters/client_channel/health/health_check_client.h +2 -2
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +5 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +80 -71
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +47 -17
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +8 -5
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +16 -243
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +53 -17
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +809 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +20 -25
- data/src/core/ext/filters/client_channel/resolver.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver.h +4 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +20 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +66 -7
- data/src/core/ext/filters/client_channel/resolver_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +13 -25
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +1 -1
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +2 -2
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -1
- data/src/core/ext/filters/client_channel/server_address.h +0 -4
- data/src/core/ext/filters/client_channel/service_config.cc +3 -1
- data/src/core/ext/filters/client_channel/service_config.h +1 -1
- data/src/core/ext/filters/client_channel/subchannel.cc +18 -15
- data/src/core/ext/filters/client_channel/subchannel.h +2 -2
- data/src/core/ext/filters/client_channel/subchannel_interface.h +7 -15
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
- data/src/core/ext/filters/deadline/deadline_filter.cc +83 -77
- data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
- data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
- data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
- data/src/core/ext/filters/max_age/max_age_filter.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +17 -3
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +4 -24
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/internal.h +0 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +1 -2
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +254 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +558 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +266 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +125 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +110 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +190 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +185 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +97 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +915 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +280 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +511 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +48 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +166 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +105 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +249 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +152 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +82 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +307 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
- data/src/core/ext/xds/certificate_provider_factory.h +7 -5
- data/src/core/ext/xds/certificate_provider_store.cc +84 -0
- data/src/core/ext/xds/certificate_provider_store.h +65 -8
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +119 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +72 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +28 -140
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +6 -4
- data/src/core/ext/xds/xds_api.cc +241 -718
- data/src/core/ext/xds/xds_api.h +50 -9
- data/src/core/ext/xds/xds_bootstrap.cc +172 -25
- data/src/core/ext/xds/xds_bootstrap.h +23 -7
- data/src/core/ext/xds/xds_certificate_provider.cc +240 -0
- data/src/core/ext/xds/xds_certificate_provider.h +74 -0
- data/src/core/ext/xds/xds_client.cc +161 -128
- data/src/core/ext/xds/xds_client.h +12 -11
- data/src/core/ext/xds/xds_client_stats.cc +41 -4
- data/src/core/ext/xds/xds_client_stats.h +2 -2
- data/src/core/lib/channel/channel_args.cc +2 -1
- data/src/core/lib/channel/channel_trace.cc +4 -2
- data/src/core/lib/channel/channelz.h +2 -2
- data/src/core/lib/channel/handshaker.h +2 -2
- data/src/core/lib/compression/compression.cc +8 -4
- data/src/core/lib/compression/compression_internal.cc +10 -5
- data/src/core/lib/compression/compression_internal.h +2 -1
- data/src/core/lib/compression/stream_compression_identity.cc +1 -3
- data/src/core/lib/debug/stats_data.cc +1 -0
- data/src/core/lib/gpr/cpu_iphone.cc +10 -2
- data/src/core/lib/gpr/log_linux.cc +17 -3
- data/src/core/lib/gpr/log_posix.cc +13 -1
- data/src/core/lib/gpr/log_windows.cc +16 -4
- data/src/core/lib/gpr/murmur_hash.cc +1 -1
- data/src/core/lib/gpr/string.cc +1 -1
- data/src/core/lib/gpr/time_precise.cc +3 -2
- data/src/core/lib/gpr/tls.h +4 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_stdcpp.h +48 -0
- data/src/core/lib/gpr/useful.h +5 -4
- data/src/core/lib/gprpp/dual_ref_counted.h +44 -49
- data/src/core/lib/gprpp/examine_stack.cc +43 -0
- data/src/core/lib/gprpp/examine_stack.h +46 -0
- data/src/core/lib/gprpp/fork.cc +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/orphanable.h +4 -8
- data/src/core/lib/gprpp/ref_counted.h +40 -46
- data/src/core/lib/gprpp/ref_counted_ptr.h +9 -11
- data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
- data/src/core/lib/gprpp/stat_posix.cc +49 -0
- data/src/core/lib/gprpp/stat_windows.cc +48 -0
- data/src/core/lib/gprpp/thd.h +2 -2
- data/src/core/lib/gprpp/thd_posix.cc +36 -36
- data/src/core/lib/http/parser.cc +46 -25
- data/src/core/lib/iomgr/error.cc +2 -1
- data/src/core/lib/iomgr/ev_epollex_linux.cc +8 -4
- data/src/core/lib/iomgr/exec_ctx.cc +1 -1
- data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
- data/src/core/lib/iomgr/executor/threadpool.h +3 -3
- data/src/core/lib/iomgr/parse_address.cc +84 -6
- data/src/core/lib/iomgr/parse_address.h +20 -0
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
- data/src/core/lib/iomgr/python_util.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
- data/src/core/lib/iomgr/tcp_posix.cc +3 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +27 -15
- data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
- data/src/core/lib/json/json.h +2 -2
- data/src/core/lib/json/json_reader.cc +8 -4
- data/src/core/lib/json/json_util.h +167 -0
- data/src/core/lib/json/json_writer.cc +2 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +3 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +5 -4
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +4 -0
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +6 -6
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +10 -9
- data/src/core/lib/security/context/security_context.h +3 -1
- data/src/core/lib/security/credentials/credentials.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +3 -3
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +208 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.h +73 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +311 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.h +118 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +136 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +49 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +211 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +59 -0
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +51 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +5 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +35 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +12 -8
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +78 -0
- data/src/core/lib/security/{certificate_provider.h → credentials/tls/grpc_tls_certificate_provider.h} +32 -18
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +77 -149
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +58 -187
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -12
- data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +88 -0
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +70 -0
- data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +4 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +293 -275
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +106 -61
- data/src/core/lib/security/transport/security_handshaker.cc +1 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
- data/src/core/lib/security/util/json_util.h +1 -0
- data/src/core/lib/slice/slice.cc +7 -4
- data/src/core/lib/slice/slice_buffer.cc +2 -1
- data/src/core/lib/slice/slice_intern.cc +2 -2
- data/src/core/lib/surface/call.cc +9 -8
- data/src/core/lib/surface/completion_queue.cc +7 -6
- data/src/core/lib/surface/server.cc +4 -2
- data/src/core/lib/surface/server.h +2 -2
- data/src/core/lib/surface/validate_metadata.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.h +2 -0
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -3
- data/src/core/lib/transport/connectivity_state.h +3 -3
- data/src/core/lib/transport/metadata.h +2 -2
- data/src/core/lib/transport/timeout_encoding.cc +4 -4
- data/src/core/lib/transport/transport.cc +5 -3
- data/src/core/lib/transport/transport.h +1 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +4 -3
- data/src/core/tsi/fake_transport_security.cc +1 -0
- data/src/core/tsi/local_transport_security.cc +5 -1
- data/src/core/tsi/local_transport_security.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session.h +3 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -1
- data/src/core/tsi/ssl_transport_security.cc +14 -7
- data/src/core/tsi/ssl_transport_security.h +3 -0
- data/src/core/tsi/transport_security.cc +4 -2
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +22 -14
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +36 -24
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
- data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
- data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
- data/third_party/abseil-cpp/absl/base/casts.h +9 -6
- data/third_party/abseil-cpp/absl/base/config.h +60 -17
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
- data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
- data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
- data/third_party/abseil-cpp/absl/base/macros.h +36 -109
- data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
- data/third_party/abseil-cpp/absl/base/options.h +31 -4
- data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
- data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +2 -1
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
- data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
- data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
- data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
- data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
- data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
- data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
- data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
- data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
- data/third_party/abseil-cpp/absl/status/status.cc +4 -6
- data/third_party/abseil-cpp/absl/status/status.h +502 -113
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
- data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
- data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
- data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
- data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
- data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
- data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
- data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
- data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
- data/third_party/abseil-cpp/absl/time/format.cc +43 -36
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
- data/third_party/abseil-cpp/absl/time/time.h +15 -16
- data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
- data/third_party/abseil-cpp/absl/types/optional.h +9 -9
- data/third_party/abseil-cpp/absl/types/span.h +49 -36
- data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
- data/third_party/boringssl-with-bazel/err_data.c +340 -336
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +46 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +8 -2
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +90 -63
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +60 -60
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +179 -47
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +14 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +7 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +55 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +31 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +435 -394
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +36 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +42 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +67 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +11 -14
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +216 -11
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +53 -11
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +133 -39
- data/third_party/upb/upb/def.c +2169 -0
- data/third_party/upb/upb/def.h +330 -0
- data/third_party/upb/upb/def.hpp +525 -0
- data/third_party/upb/upb/reflection.c +391 -0
- data/third_party/upb/upb/reflection.h +168 -0
- data/third_party/upb/upb/text_encode.c +398 -0
- data/third_party/upb/upb/text_encode.h +35 -0
- metadata +227 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds_drop.cc +0 -571
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
|
@@ -27,49 +27,7 @@
|
|
|
27
27
|
#include <grpc/support/log.h>
|
|
28
28
|
#include <grpc/support/string_util.h>
|
|
29
29
|
|
|
30
|
-
|
|
31
|
-
void grpc_tls_key_materials_config::set_key_materials(
|
|
32
|
-
const char* pem_root_certs,
|
|
33
|
-
const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
|
|
34
|
-
size_t num_key_cert_pairs) {
|
|
35
|
-
this->set_pem_root_certs(pem_root_certs);
|
|
36
|
-
grpc_tls_key_materials_config::PemKeyCertPairList cert_pair_list;
|
|
37
|
-
for (size_t i = 0; i < num_key_cert_pairs; i++) {
|
|
38
|
-
auto current_pair = static_cast<grpc_ssl_pem_key_cert_pair*>(
|
|
39
|
-
gpr_zalloc(sizeof(grpc_ssl_pem_key_cert_pair)));
|
|
40
|
-
current_pair->cert_chain = gpr_strdup(pem_key_cert_pairs[i]->cert_chain);
|
|
41
|
-
current_pair->private_key = gpr_strdup(pem_key_cert_pairs[i]->private_key);
|
|
42
|
-
cert_pair_list.emplace_back(grpc_core::PemKeyCertPair(current_pair));
|
|
43
|
-
}
|
|
44
|
-
pem_key_cert_pair_list_ = std::move(cert_pair_list);
|
|
45
|
-
}
|
|
46
|
-
|
|
47
|
-
void grpc_tls_key_materials_config::set_key_materials(
|
|
48
|
-
const char* pem_root_certs,
|
|
49
|
-
const PemKeyCertPairList& pem_key_cert_pair_list) {
|
|
50
|
-
this->set_pem_root_certs(pem_root_certs);
|
|
51
|
-
grpc_tls_key_materials_config::PemKeyCertPairList dup_list(
|
|
52
|
-
pem_key_cert_pair_list);
|
|
53
|
-
pem_key_cert_pair_list_ = std::move(dup_list);
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
/** -- gRPC TLS credential reload config API implementation. -- **/
|
|
57
|
-
grpc_tls_credential_reload_config::grpc_tls_credential_reload_config(
|
|
58
|
-
const void* config_user_data,
|
|
59
|
-
int (*schedule)(void* config_user_data,
|
|
60
|
-
grpc_tls_credential_reload_arg* arg),
|
|
61
|
-
void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
|
|
62
|
-
void (*destruct)(void* config_user_data))
|
|
63
|
-
: config_user_data_(const_cast<void*>(config_user_data)),
|
|
64
|
-
schedule_(schedule),
|
|
65
|
-
cancel_(cancel),
|
|
66
|
-
destruct_(destruct) {}
|
|
67
|
-
|
|
68
|
-
grpc_tls_credential_reload_config::~grpc_tls_credential_reload_config() {
|
|
69
|
-
if (destruct_ != nullptr) {
|
|
70
|
-
destruct_((void*)config_user_data_);
|
|
71
|
-
}
|
|
72
|
-
}
|
|
30
|
+
#include "src/core/lib/surface/api_trace.h"
|
|
73
31
|
|
|
74
32
|
/** -- gRPC TLS server authorization check API implementation. -- **/
|
|
75
33
|
grpc_tls_server_authorization_check_config::
|
|
@@ -92,138 +50,99 @@ grpc_tls_server_authorization_check_config::
|
|
|
92
50
|
}
|
|
93
51
|
}
|
|
94
52
|
|
|
53
|
+
int grpc_tls_server_authorization_check_config::Schedule(
|
|
54
|
+
grpc_tls_server_authorization_check_arg* arg) const {
|
|
55
|
+
if (schedule_ == nullptr) {
|
|
56
|
+
gpr_log(GPR_ERROR, "schedule API is nullptr");
|
|
57
|
+
if (arg != nullptr) {
|
|
58
|
+
arg->status = GRPC_STATUS_NOT_FOUND;
|
|
59
|
+
arg->error_details->set_error_details(
|
|
60
|
+
"schedule API in server authorization check config is nullptr");
|
|
61
|
+
}
|
|
62
|
+
return 1;
|
|
63
|
+
}
|
|
64
|
+
if (arg != nullptr && context_ != nullptr) {
|
|
65
|
+
arg->config = const_cast<grpc_tls_server_authorization_check_config*>(this);
|
|
66
|
+
}
|
|
67
|
+
return schedule_(config_user_data_, arg);
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
void grpc_tls_server_authorization_check_config::Cancel(
|
|
71
|
+
grpc_tls_server_authorization_check_arg* arg) const {
|
|
72
|
+
if (cancel_ == nullptr) {
|
|
73
|
+
gpr_log(GPR_ERROR, "cancel API is nullptr.");
|
|
74
|
+
if (arg != nullptr) {
|
|
75
|
+
arg->status = GRPC_STATUS_NOT_FOUND;
|
|
76
|
+
arg->error_details->set_error_details(
|
|
77
|
+
"schedule API in server authorization check config is nullptr");
|
|
78
|
+
}
|
|
79
|
+
return;
|
|
80
|
+
}
|
|
81
|
+
if (arg != nullptr) {
|
|
82
|
+
arg->config = const_cast<grpc_tls_server_authorization_check_config*>(this);
|
|
83
|
+
}
|
|
84
|
+
cancel_(config_user_data_, arg);
|
|
85
|
+
}
|
|
86
|
+
|
|
95
87
|
/** -- Wrapper APIs declared in grpc_security.h -- **/
|
|
88
|
+
|
|
96
89
|
grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
|
|
97
90
|
return new grpc_tls_credentials_options();
|
|
98
91
|
}
|
|
99
92
|
|
|
100
|
-
|
|
93
|
+
void grpc_tls_credentials_options_set_cert_request_type(
|
|
101
94
|
grpc_tls_credentials_options* options,
|
|
102
95
|
grpc_ssl_client_certificate_request_type type) {
|
|
103
|
-
|
|
104
|
-
gpr_log(GPR_ERROR,
|
|
105
|
-
"Invalid nullptr arguments to "
|
|
106
|
-
"grpc_tls_credentials_options_set_cert_request_type()");
|
|
107
|
-
return 0;
|
|
108
|
-
}
|
|
96
|
+
GPR_ASSERT(options != nullptr);
|
|
109
97
|
options->set_cert_request_type(type);
|
|
110
|
-
return 1;
|
|
111
98
|
}
|
|
112
99
|
|
|
113
|
-
|
|
100
|
+
void grpc_tls_credentials_options_set_server_verification_option(
|
|
114
101
|
grpc_tls_credentials_options* options,
|
|
115
102
|
grpc_tls_server_verification_option server_verification_option) {
|
|
116
|
-
|
|
117
|
-
gpr_log(GPR_ERROR,
|
|
118
|
-
"Invalid nullptr arguments to "
|
|
119
|
-
"grpc_tls_credentials_options_set_server_verification_option()");
|
|
120
|
-
return 0;
|
|
121
|
-
}
|
|
122
|
-
if (server_verification_option != GRPC_TLS_SERVER_VERIFICATION &&
|
|
123
|
-
options->server_authorization_check_config() == nullptr) {
|
|
124
|
-
gpr_log(GPR_ERROR,
|
|
125
|
-
"server_authorization_check_config needs to be specified when"
|
|
126
|
-
"server_verification_option is not GRPC_TLS_SERVER_VERIFICATION");
|
|
127
|
-
return 0;
|
|
128
|
-
}
|
|
103
|
+
GPR_ASSERT(options != nullptr);
|
|
129
104
|
options->set_server_verification_option(server_verification_option);
|
|
130
|
-
return 1;
|
|
131
|
-
}
|
|
132
|
-
|
|
133
|
-
int grpc_tls_credentials_options_set_key_materials_config(
|
|
134
|
-
grpc_tls_credentials_options* options,
|
|
135
|
-
grpc_tls_key_materials_config* config) {
|
|
136
|
-
if (options == nullptr || config == nullptr) {
|
|
137
|
-
gpr_log(GPR_ERROR,
|
|
138
|
-
"Invalid nullptr arguments to "
|
|
139
|
-
"grpc_tls_credentials_options_set_key_materials_config()");
|
|
140
|
-
return 0;
|
|
141
|
-
}
|
|
142
|
-
options->set_key_materials_config(config->Ref());
|
|
143
|
-
return 1;
|
|
144
105
|
}
|
|
145
106
|
|
|
146
|
-
|
|
107
|
+
void grpc_tls_credentials_options_set_certificate_provider(
|
|
147
108
|
grpc_tls_credentials_options* options,
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
return 0;
|
|
154
|
-
}
|
|
155
|
-
options->set_credential_reload_config(config->Ref());
|
|
156
|
-
return 1;
|
|
109
|
+
grpc_tls_certificate_provider* provider) {
|
|
110
|
+
GPR_ASSERT(options != nullptr);
|
|
111
|
+
GPR_ASSERT(provider != nullptr);
|
|
112
|
+
options->set_certificate_provider(
|
|
113
|
+
provider->Ref(DEBUG_LOCATION, "set_certificate_provider"));
|
|
157
114
|
}
|
|
158
115
|
|
|
159
|
-
|
|
160
|
-
grpc_tls_credentials_options* options
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
gpr_log(
|
|
164
|
-
GPR_ERROR,
|
|
165
|
-
"Invalid nullptr arguments to "
|
|
166
|
-
"grpc_tls_credentials_options_set_server_authorization_check_config()");
|
|
167
|
-
return 0;
|
|
168
|
-
}
|
|
169
|
-
options->set_server_authorization_check_config(config->Ref());
|
|
170
|
-
return 1;
|
|
116
|
+
void grpc_tls_credentials_options_watch_root_certs(
|
|
117
|
+
grpc_tls_credentials_options* options) {
|
|
118
|
+
GPR_ASSERT(options != nullptr);
|
|
119
|
+
options->set_watch_root_cert(true);
|
|
171
120
|
}
|
|
172
121
|
|
|
173
|
-
|
|
174
|
-
|
|
122
|
+
void grpc_tls_credentials_options_set_root_cert_name(
|
|
123
|
+
grpc_tls_credentials_options* options, const char* root_cert_name) {
|
|
124
|
+
GPR_ASSERT(options != nullptr);
|
|
125
|
+
options->set_root_cert_name(root_cert_name);
|
|
175
126
|
}
|
|
176
127
|
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
gpr_log(GPR_ERROR,
|
|
182
|
-
"Invalid arguments to "
|
|
183
|
-
"grpc_tls_key_materials_config_set_key_materials()");
|
|
184
|
-
return 0;
|
|
185
|
-
}
|
|
186
|
-
config->set_key_materials(root_certs, key_cert_pairs, num);
|
|
187
|
-
return 1;
|
|
188
|
-
}
|
|
189
|
-
|
|
190
|
-
int grpc_tls_key_materials_config_set_version(
|
|
191
|
-
grpc_tls_key_materials_config* config, int version) {
|
|
192
|
-
if (config == nullptr) {
|
|
193
|
-
gpr_log(GPR_ERROR,
|
|
194
|
-
"Invalid arguments to "
|
|
195
|
-
"grpc_tls_key_materials_config_set_version()");
|
|
196
|
-
return 0;
|
|
197
|
-
}
|
|
198
|
-
config->set_version(version);
|
|
199
|
-
return 1;
|
|
128
|
+
void grpc_tls_credentials_options_watch_identity_key_cert_pairs(
|
|
129
|
+
grpc_tls_credentials_options* options) {
|
|
130
|
+
GPR_ASSERT(options != nullptr);
|
|
131
|
+
options->set_watch_identity_pair(true);
|
|
200
132
|
}
|
|
201
133
|
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
"Invalid arguments to "
|
|
207
|
-
"grpc_tls_key_materials_config_get_version()");
|
|
208
|
-
return -1;
|
|
209
|
-
}
|
|
210
|
-
return config->version();
|
|
134
|
+
void grpc_tls_credentials_options_set_identity_cert_name(
|
|
135
|
+
grpc_tls_credentials_options* options, const char* identity_cert_name) {
|
|
136
|
+
GPR_ASSERT(options != nullptr);
|
|
137
|
+
options->set_identity_cert_name(identity_cert_name);
|
|
211
138
|
}
|
|
212
139
|
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
if (schedule == nullptr) {
|
|
220
|
-
gpr_log(
|
|
221
|
-
GPR_ERROR,
|
|
222
|
-
"Schedule API is nullptr in creating TLS credential reload config.");
|
|
223
|
-
return nullptr;
|
|
224
|
-
}
|
|
225
|
-
return new grpc_tls_credential_reload_config(config_user_data, schedule,
|
|
226
|
-
cancel, destruct);
|
|
140
|
+
void grpc_tls_credentials_options_set_server_authorization_check_config(
|
|
141
|
+
grpc_tls_credentials_options* options,
|
|
142
|
+
grpc_tls_server_authorization_check_config* config) {
|
|
143
|
+
GPR_ASSERT(options != nullptr);
|
|
144
|
+
GPR_ASSERT(config != nullptr);
|
|
145
|
+
options->set_server_authorization_check_config(config->Ref());
|
|
227
146
|
}
|
|
228
147
|
|
|
229
148
|
grpc_tls_server_authorization_check_config*
|
|
@@ -243,3 +162,12 @@ grpc_tls_server_authorization_check_config_create(
|
|
|
243
162
|
return new grpc_tls_server_authorization_check_config(
|
|
244
163
|
config_user_data, schedule, cancel, destruct);
|
|
245
164
|
}
|
|
165
|
+
|
|
166
|
+
void grpc_tls_server_authorization_check_config_release(
|
|
167
|
+
grpc_tls_server_authorization_check_config* config) {
|
|
168
|
+
GRPC_API_TRACE(
|
|
169
|
+
"grpc_tls_server_authorization_check_config_release(config=%p)", 1,
|
|
170
|
+
(config));
|
|
171
|
+
grpc_core::ExecCtx exec_ctx;
|
|
172
|
+
if (config != nullptr) config->Unref();
|
|
173
|
+
}
|
|
@@ -26,6 +26,8 @@
|
|
|
26
26
|
#include "absl/container/inlined_vector.h"
|
|
27
27
|
|
|
28
28
|
#include "src/core/lib/gprpp/ref_counted.h"
|
|
29
|
+
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
|
|
30
|
+
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
|
|
29
31
|
#include "src/core/lib/security/security_connector/ssl_utils.h"
|
|
30
32
|
|
|
31
33
|
struct grpc_tls_error_details
|
|
@@ -41,126 +43,6 @@ struct grpc_tls_error_details
|
|
|
41
43
|
std::string error_details_;
|
|
42
44
|
};
|
|
43
45
|
|
|
44
|
-
/** TLS key materials config. **/
|
|
45
|
-
struct grpc_tls_key_materials_config
|
|
46
|
-
: public grpc_core::RefCounted<grpc_tls_key_materials_config> {
|
|
47
|
-
public:
|
|
48
|
-
typedef absl::InlinedVector<grpc_core::PemKeyCertPair, 1> PemKeyCertPairList;
|
|
49
|
-
|
|
50
|
-
/** Getters for member fields. **/
|
|
51
|
-
const char* pem_root_certs() const { return pem_root_certs_.get(); }
|
|
52
|
-
const PemKeyCertPairList& pem_key_cert_pair_list() const {
|
|
53
|
-
return pem_key_cert_pair_list_;
|
|
54
|
-
}
|
|
55
|
-
int version() const { return version_; }
|
|
56
|
-
|
|
57
|
-
/** Setters for member fields. **/
|
|
58
|
-
// TODO(ZhenLian): Remove this function
|
|
59
|
-
void set_pem_root_certs(grpc_core::UniquePtr<char> pem_root_certs) {
|
|
60
|
-
pem_root_certs_ = std::move(pem_root_certs);
|
|
61
|
-
}
|
|
62
|
-
// The ownerships of |pem_root_certs| remain with the caller.
|
|
63
|
-
void set_pem_root_certs(const char* pem_root_certs) {
|
|
64
|
-
// make a copy of pem_root_certs.
|
|
65
|
-
grpc_core::UniquePtr<char> pem_root_ptr(gpr_strdup(pem_root_certs));
|
|
66
|
-
pem_root_certs_ = std::move(pem_root_ptr);
|
|
67
|
-
}
|
|
68
|
-
void add_pem_key_cert_pair(grpc_core::PemKeyCertPair pem_key_cert_pair) {
|
|
69
|
-
pem_key_cert_pair_list_.push_back(pem_key_cert_pair);
|
|
70
|
-
}
|
|
71
|
-
// The ownerships of |pem_root_certs| and |pem_key_cert_pairs| remain with the
|
|
72
|
-
// caller.
|
|
73
|
-
void set_key_materials(const char* pem_root_certs,
|
|
74
|
-
const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
|
|
75
|
-
size_t num_key_cert_pairs);
|
|
76
|
-
// The ownerships of |pem_root_certs| and |pem_key_cert_pair_list| remain with
|
|
77
|
-
// the caller.
|
|
78
|
-
void set_key_materials(const char* pem_root_certs,
|
|
79
|
-
const PemKeyCertPairList& pem_key_cert_pair_list);
|
|
80
|
-
void set_version(int version) { version_ = version; }
|
|
81
|
-
|
|
82
|
-
private:
|
|
83
|
-
int version_ = 0;
|
|
84
|
-
PemKeyCertPairList pem_key_cert_pair_list_;
|
|
85
|
-
grpc_core::UniquePtr<char> pem_root_certs_;
|
|
86
|
-
};
|
|
87
|
-
|
|
88
|
-
/** TLS credential reload config. **/
|
|
89
|
-
struct grpc_tls_credential_reload_config
|
|
90
|
-
: public grpc_core::RefCounted<grpc_tls_credential_reload_config> {
|
|
91
|
-
public:
|
|
92
|
-
grpc_tls_credential_reload_config(
|
|
93
|
-
const void* config_user_data,
|
|
94
|
-
int (*schedule)(void* config_user_data,
|
|
95
|
-
grpc_tls_credential_reload_arg* arg),
|
|
96
|
-
void (*cancel)(void* config_user_data,
|
|
97
|
-
grpc_tls_credential_reload_arg* arg),
|
|
98
|
-
void (*destruct)(void* config_user_data));
|
|
99
|
-
~grpc_tls_credential_reload_config();
|
|
100
|
-
|
|
101
|
-
void* context() const { return context_; }
|
|
102
|
-
void set_context(void* context) { context_ = context; }
|
|
103
|
-
|
|
104
|
-
int Schedule(grpc_tls_credential_reload_arg* arg) const {
|
|
105
|
-
if (schedule_ == nullptr) {
|
|
106
|
-
gpr_log(GPR_ERROR, "schedule API is nullptr");
|
|
107
|
-
if (arg != nullptr) {
|
|
108
|
-
arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
|
|
109
|
-
arg->error_details->set_error_details(
|
|
110
|
-
"schedule API in credential reload config is nullptr");
|
|
111
|
-
}
|
|
112
|
-
return 1;
|
|
113
|
-
}
|
|
114
|
-
if (arg != nullptr) {
|
|
115
|
-
arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
|
|
116
|
-
}
|
|
117
|
-
return schedule_(config_user_data_, arg);
|
|
118
|
-
}
|
|
119
|
-
void Cancel(grpc_tls_credential_reload_arg* arg) const {
|
|
120
|
-
if (cancel_ == nullptr) {
|
|
121
|
-
gpr_log(GPR_ERROR, "cancel API is nullptr.");
|
|
122
|
-
if (arg != nullptr) {
|
|
123
|
-
arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
|
|
124
|
-
arg->error_details->set_error_details(
|
|
125
|
-
"cancel API in credential reload config is nullptr");
|
|
126
|
-
}
|
|
127
|
-
return;
|
|
128
|
-
}
|
|
129
|
-
if (arg != nullptr) {
|
|
130
|
-
arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
|
|
131
|
-
}
|
|
132
|
-
cancel_(config_user_data_, arg);
|
|
133
|
-
}
|
|
134
|
-
|
|
135
|
-
private:
|
|
136
|
-
/** This is a pointer to the wrapped language implementation of
|
|
137
|
-
* grpc_tls_credential_reload_config. It is necessary to implement the C
|
|
138
|
-
* schedule and cancel functions, given the schedule or cancel function in a
|
|
139
|
-
* wrapped language. **/
|
|
140
|
-
void* context_ = nullptr;
|
|
141
|
-
/** config-specific, read-only user data that works for all channels created
|
|
142
|
-
with a credential using the config. */
|
|
143
|
-
void* config_user_data_;
|
|
144
|
-
/** callback function for invoking credential reload API. The implementation
|
|
145
|
-
of this method has to be non-blocking, but can be performed synchronously
|
|
146
|
-
or asynchronously.
|
|
147
|
-
If processing occurs synchronously, it populates \a arg->key_materials, \a
|
|
148
|
-
arg->status, and \a arg->error_details and returns zero.
|
|
149
|
-
If processing occurs asynchronously, it returns a non-zero value.
|
|
150
|
-
Application then invokes \a arg->cb when processing is completed. Note that
|
|
151
|
-
\a arg->cb cannot be invoked before \a schedule returns.
|
|
152
|
-
*/
|
|
153
|
-
int (*schedule_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
|
|
154
|
-
/** callback function for cancelling a credential reload request scheduled via
|
|
155
|
-
an asynchronous \a schedule. \a arg is used to pinpoint an exact reloading
|
|
156
|
-
request to be cancelled, and the operation may not have any effect if the
|
|
157
|
-
request has already been processed. */
|
|
158
|
-
void (*cancel_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
|
|
159
|
-
/** callback function for cleaning up any data associated with credential
|
|
160
|
-
reload config. */
|
|
161
|
-
void (*destruct_)(void* config_user_data);
|
|
162
|
-
};
|
|
163
|
-
|
|
164
46
|
/** TLS server authorization check config. **/
|
|
165
47
|
struct grpc_tls_server_authorization_check_config
|
|
166
48
|
: public grpc_core::RefCounted<grpc_tls_server_authorization_check_config> {
|
|
@@ -172,43 +54,15 @@ struct grpc_tls_server_authorization_check_config
|
|
|
172
54
|
void (*cancel)(void* config_user_data,
|
|
173
55
|
grpc_tls_server_authorization_check_arg* arg),
|
|
174
56
|
void (*destruct)(void* config_user_data));
|
|
175
|
-
~grpc_tls_server_authorization_check_config();
|
|
57
|
+
~grpc_tls_server_authorization_check_config() override;
|
|
176
58
|
|
|
177
59
|
void* context() const { return context_; }
|
|
60
|
+
|
|
178
61
|
void set_context(void* context) { context_ = context; }
|
|
179
62
|
|
|
180
|
-
int Schedule(grpc_tls_server_authorization_check_arg* arg) const
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
if (arg != nullptr) {
|
|
184
|
-
arg->status = GRPC_STATUS_NOT_FOUND;
|
|
185
|
-
arg->error_details->set_error_details(
|
|
186
|
-
"schedule API in server authorization check config is nullptr");
|
|
187
|
-
}
|
|
188
|
-
return 1;
|
|
189
|
-
}
|
|
190
|
-
if (arg != nullptr && context_ != nullptr) {
|
|
191
|
-
arg->config =
|
|
192
|
-
const_cast<grpc_tls_server_authorization_check_config*>(this);
|
|
193
|
-
}
|
|
194
|
-
return schedule_(config_user_data_, arg);
|
|
195
|
-
}
|
|
196
|
-
void Cancel(grpc_tls_server_authorization_check_arg* arg) const {
|
|
197
|
-
if (cancel_ == nullptr) {
|
|
198
|
-
gpr_log(GPR_ERROR, "cancel API is nullptr.");
|
|
199
|
-
if (arg != nullptr) {
|
|
200
|
-
arg->status = GRPC_STATUS_NOT_FOUND;
|
|
201
|
-
arg->error_details->set_error_details(
|
|
202
|
-
"schedule API in server authorization check config is nullptr");
|
|
203
|
-
}
|
|
204
|
-
return;
|
|
205
|
-
}
|
|
206
|
-
if (arg != nullptr) {
|
|
207
|
-
arg->config =
|
|
208
|
-
const_cast<grpc_tls_server_authorization_check_config*>(this);
|
|
209
|
-
}
|
|
210
|
-
cancel_(config_user_data_, arg);
|
|
211
|
-
}
|
|
63
|
+
int Schedule(grpc_tls_server_authorization_check_arg* arg) const;
|
|
64
|
+
|
|
65
|
+
void Cancel(grpc_tls_server_authorization_check_arg* arg) const;
|
|
212
66
|
|
|
213
67
|
private:
|
|
214
68
|
/** This is a pointer to the wrapped language implementation of
|
|
@@ -241,23 +95,15 @@ struct grpc_tls_server_authorization_check_config
|
|
|
241
95
|
void (*destruct_)(void* config_user_data);
|
|
242
96
|
};
|
|
243
97
|
|
|
244
|
-
|
|
98
|
+
// Contains configurable options specified by callers to configure their certain
|
|
99
|
+
// security features supported in TLS.
|
|
100
|
+
// TODO(ZhenLian): consider making this not ref-counted.
|
|
245
101
|
struct grpc_tls_credentials_options
|
|
246
102
|
: public grpc_core::RefCounted<grpc_tls_credentials_options> {
|
|
247
103
|
public:
|
|
248
|
-
~grpc_tls_credentials_options()
|
|
249
|
-
if (key_materials_config_.get() != nullptr) {
|
|
250
|
-
key_materials_config_.get()->Unref();
|
|
251
|
-
}
|
|
252
|
-
if (credential_reload_config_.get() != nullptr) {
|
|
253
|
-
credential_reload_config_.get()->Unref();
|
|
254
|
-
}
|
|
255
|
-
if (server_authorization_check_config_.get() != nullptr) {
|
|
256
|
-
server_authorization_check_config_.get()->Unref();
|
|
257
|
-
}
|
|
258
|
-
}
|
|
104
|
+
~grpc_tls_credentials_options() override = default;
|
|
259
105
|
|
|
260
|
-
|
|
106
|
+
// Getters for member fields.
|
|
261
107
|
grpc_ssl_client_certificate_request_type cert_request_type() const {
|
|
262
108
|
return cert_request_type_;
|
|
263
109
|
}
|
|
@@ -266,18 +112,21 @@ struct grpc_tls_credentials_options
|
|
|
266
112
|
}
|
|
267
113
|
grpc_tls_version min_tls_version() const { return min_tls_version_; }
|
|
268
114
|
grpc_tls_version max_tls_version() const { return max_tls_version_; }
|
|
269
|
-
grpc_tls_key_materials_config* key_materials_config() const {
|
|
270
|
-
return key_materials_config_.get();
|
|
271
|
-
}
|
|
272
|
-
grpc_tls_credential_reload_config* credential_reload_config() const {
|
|
273
|
-
return credential_reload_config_.get();
|
|
274
|
-
}
|
|
275
115
|
grpc_tls_server_authorization_check_config*
|
|
276
116
|
server_authorization_check_config() const {
|
|
277
117
|
return server_authorization_check_config_.get();
|
|
278
118
|
}
|
|
119
|
+
// Returns the distributor from provider_ if it is set, nullptr otherwise.
|
|
120
|
+
grpc_tls_certificate_distributor* certificate_distributor() {
|
|
121
|
+
if (provider_ != nullptr) return provider_->distributor().get();
|
|
122
|
+
return nullptr;
|
|
123
|
+
}
|
|
124
|
+
bool watch_root_cert() { return watch_root_cert_; }
|
|
125
|
+
const std::string& root_cert_name() { return root_cert_name_; }
|
|
126
|
+
bool watch_identity_pair() { return watch_identity_pair_; }
|
|
127
|
+
const std::string& identity_cert_name() { return identity_cert_name_; }
|
|
279
128
|
|
|
280
|
-
|
|
129
|
+
// Setters for member fields.
|
|
281
130
|
void set_cert_request_type(
|
|
282
131
|
const grpc_ssl_client_certificate_request_type type) {
|
|
283
132
|
cert_request_type_ = type;
|
|
@@ -292,32 +141,54 @@ struct grpc_tls_credentials_options
|
|
|
292
141
|
void set_max_tls_version(grpc_tls_version max_tls_version) {
|
|
293
142
|
max_tls_version_ = max_tls_version;
|
|
294
143
|
}
|
|
295
|
-
void set_key_materials_config(
|
|
296
|
-
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> config) {
|
|
297
|
-
key_materials_config_ = std::move(config);
|
|
298
|
-
}
|
|
299
|
-
void set_credential_reload_config(
|
|
300
|
-
grpc_core::RefCountedPtr<grpc_tls_credential_reload_config> config) {
|
|
301
|
-
credential_reload_config_ = std::move(config);
|
|
302
|
-
}
|
|
303
144
|
void set_server_authorization_check_config(
|
|
304
145
|
grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
|
|
305
146
|
config) {
|
|
306
147
|
server_authorization_check_config_ = std::move(config);
|
|
307
148
|
}
|
|
149
|
+
// Sets the provider in the options.
|
|
150
|
+
// This should only be used by C-core API for Tls*Creds case.
|
|
151
|
+
void set_certificate_provider(
|
|
152
|
+
grpc_core::RefCountedPtr<grpc_tls_certificate_provider> provider) {
|
|
153
|
+
provider_ = std::move(provider);
|
|
154
|
+
}
|
|
155
|
+
// If need to watch the updates of root certificates with name
|
|
156
|
+
// |root_cert_name|. The default value is false. If used in tls_credentials,
|
|
157
|
+
// it should always be set to true unless the root certificates are not
|
|
158
|
+
// needed.
|
|
159
|
+
void set_watch_root_cert(bool watch) { watch_root_cert_ = watch; }
|
|
160
|
+
// Sets the name of root certificates being watched, if |set_watch_root_cert|
|
|
161
|
+
// is called. If not set, an empty string will be used as the name.
|
|
162
|
+
void set_root_cert_name(std::string root_cert_name) {
|
|
163
|
+
root_cert_name_ = std::move(root_cert_name);
|
|
164
|
+
}
|
|
165
|
+
// If need to watch the updates of identity certificates with name
|
|
166
|
+
// |identity_cert_name|.
|
|
167
|
+
// The default value is false.
|
|
168
|
+
// If used in tls_credentials, it should always be set to true
|
|
169
|
+
// unless the identity key-cert pairs are not needed.
|
|
170
|
+
void set_watch_identity_pair(bool watch) { watch_identity_pair_ = watch; }
|
|
171
|
+
// Sets the name of identity key-cert pairs being watched, if
|
|
172
|
+
// |set_watch_identity_pair| is called. If not set, an empty string will
|
|
173
|
+
// be used as the name.
|
|
174
|
+
void set_identity_cert_name(std::string identity_cert_name) {
|
|
175
|
+
identity_cert_name_ = std::move(identity_cert_name);
|
|
176
|
+
}
|
|
308
177
|
|
|
309
178
|
private:
|
|
310
|
-
grpc_ssl_client_certificate_request_type cert_request_type_
|
|
179
|
+
grpc_ssl_client_certificate_request_type cert_request_type_ =
|
|
180
|
+
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
|
|
311
181
|
grpc_tls_server_verification_option server_verification_option_ =
|
|
312
182
|
GRPC_TLS_SERVER_VERIFICATION;
|
|
313
183
|
grpc_tls_version min_tls_version_ = grpc_tls_version::TLS1_2;
|
|
314
184
|
grpc_tls_version max_tls_version_ = grpc_tls_version::TLS1_3;
|
|
315
|
-
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> key_materials_config_;
|
|
316
|
-
grpc_core::RefCountedPtr<grpc_tls_credential_reload_config>
|
|
317
|
-
credential_reload_config_;
|
|
318
185
|
grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
|
|
319
186
|
server_authorization_check_config_;
|
|
187
|
+
grpc_core::RefCountedPtr<grpc_tls_certificate_provider> provider_;
|
|
188
|
+
bool watch_root_cert_ = false;
|
|
189
|
+
std::string root_cert_name_;
|
|
190
|
+
bool watch_identity_pair_ = false;
|
|
191
|
+
std::string identity_cert_name_;
|
|
320
192
|
};
|
|
321
193
|
|
|
322
|
-
#endif
|
|
323
|
-
*/
|
|
194
|
+
#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
|