grpc 1.35.0 → 1.36.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +60 -57
- data/include/grpc/grpc_security.h +16 -11
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
- data/src/core/ext/filters/client_channel/resolver.cc +2 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
- data/src/core/ext/filters/client_channel/server_address.cc +6 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +738 -567
- data/src/core/ext/xds/xds_api.h +46 -84
- data/src/core/ext/xds/xds_bootstrap.cc +59 -40
- data/src/core/ext/xds/xds_bootstrap.h +12 -4
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +13 -11
- data/src/core/ext/xds/xds_client.h +3 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
- data/src/core/lib/channel/handshaker.cc +2 -5
- data/src/core/lib/channel/handshaker.h +1 -1
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +4 -4
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
- data/src/core/lib/security/transport/security_handshaker.cc +1 -3
- data/src/core/lib/slice/slice_intern.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/server.cc +3 -3
- data/src/core/lib/surface/server.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +725 -723
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- metadata +77 -65
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
|
@@ -537,7 +537,7 @@ static void fd_notify_on_error(grpc_fd* fd, grpc_closure* closure) {
|
|
|
537
537
|
|
|
538
538
|
static bool fd_has_pollset(grpc_fd* fd, grpc_pollset* pollset) {
|
|
539
539
|
const int epfd = pollset->active_pollable->epfd;
|
|
540
|
-
grpc_core::
|
|
540
|
+
grpc_core::MutexLockForGprMu lock(&fd->pollable_mu);
|
|
541
541
|
for (size_t i = 0; i < fd->pollset_fds.size(); ++i) {
|
|
542
542
|
if (fd->pollset_fds[i] == epfd) {
|
|
543
543
|
return true;
|
|
@@ -548,7 +548,7 @@ static bool fd_has_pollset(grpc_fd* fd, grpc_pollset* pollset) {
|
|
|
548
548
|
|
|
549
549
|
static void fd_add_pollset(grpc_fd* fd, grpc_pollset* pollset) {
|
|
550
550
|
const int epfd = pollset->active_pollable->epfd;
|
|
551
|
-
grpc_core::
|
|
551
|
+
grpc_core::MutexLockForGprMu lock(&fd->pollable_mu);
|
|
552
552
|
fd->pollset_fds.push_back(epfd);
|
|
553
553
|
}
|
|
554
554
|
|
|
@@ -684,7 +684,7 @@ static void pollset_maybe_finish_shutdown(grpc_pollset* pollset) {
|
|
|
684
684
|
static grpc_error* kick_one_worker(grpc_pollset_worker* specific_worker) {
|
|
685
685
|
GPR_TIMER_SCOPE("kick_one_worker", 0);
|
|
686
686
|
pollable* p = specific_worker->pollable_obj;
|
|
687
|
-
grpc_core::
|
|
687
|
+
grpc_core::MutexLockForGprMu lock(&p->mu);
|
|
688
688
|
GPR_ASSERT(specific_worker != nullptr);
|
|
689
689
|
if (specific_worker->kicked) {
|
|
690
690
|
if (GRPC_TRACE_FLAG_ENABLED(grpc_polling_trace)) {
|
|
@@ -1296,7 +1296,7 @@ static void pollset_add_fd(grpc_pollset* pollset, grpc_fd* fd) {
|
|
|
1296
1296
|
return;
|
|
1297
1297
|
}
|
|
1298
1298
|
|
|
1299
|
-
grpc_core::
|
|
1299
|
+
grpc_core::MutexLockForGprMu lock(&pollset->mu);
|
|
1300
1300
|
grpc_error* error = pollset_add_fd_locked(pollset, fd);
|
|
1301
1301
|
|
|
1302
1302
|
// If we are in PO_MULTI mode, we should update the pollsets of the FD.
|
|
@@ -25,7 +25,6 @@
|
|
|
25
25
|
#include "src/core/lib/debug/trace.h"
|
|
26
26
|
#include "src/core/lib/iomgr/ev_posix.h"
|
|
27
27
|
#include "src/core/lib/iomgr/iomgr_internal.h"
|
|
28
|
-
#include "src/core/lib/iomgr/iomgr_posix.h"
|
|
29
28
|
#include "src/core/lib/iomgr/resolve_address.h"
|
|
30
29
|
#include "src/core/lib/iomgr/tcp_client.h"
|
|
31
30
|
#include "src/core/lib/iomgr/tcp_posix.h"
|
|
@@ -40,7 +40,6 @@
|
|
|
40
40
|
#include "src/core/lib/iomgr/ev_apple.h"
|
|
41
41
|
#include "src/core/lib/iomgr/ev_posix.h"
|
|
42
42
|
#include "src/core/lib/iomgr/iomgr_internal.h"
|
|
43
|
-
#include "src/core/lib/iomgr/iomgr_posix.h"
|
|
44
43
|
#include "src/core/lib/iomgr/resolve_address.h"
|
|
45
44
|
#include "src/core/lib/iomgr/tcp_client.h"
|
|
46
45
|
#include "src/core/lib/iomgr/tcp_posix.h"
|
|
@@ -183,7 +183,7 @@ std::string grpc_sockaddr_to_string(const grpc_resolved_address* resolved_addr,
|
|
|
183
183
|
if (ip != nullptr && grpc_inet_ntop(addr->sa_family, ip, ntop_buf,
|
|
184
184
|
sizeof(ntop_buf)) != nullptr) {
|
|
185
185
|
if (sin6_scope_id != 0) {
|
|
186
|
-
// Enclose sin6_scope_id with the format defined in RFC
|
|
186
|
+
// Enclose sin6_scope_id with the format defined in RFC 6874 section 2.
|
|
187
187
|
std::string host_with_scope =
|
|
188
188
|
absl::StrFormat("%s%%25%" PRIu32, ntop_buf, sin6_scope_id);
|
|
189
189
|
out = grpc_core::JoinHostPort(host_with_scope, port);
|
|
@@ -38,7 +38,7 @@
|
|
|
38
38
|
#include "src/core/lib/channel/channel_args.h"
|
|
39
39
|
#include "src/core/lib/gpr/string.h"
|
|
40
40
|
#include "src/core/lib/iomgr/ev_posix.h"
|
|
41
|
-
#include "src/core/lib/iomgr/
|
|
41
|
+
#include "src/core/lib/iomgr/iomgr_internal.h"
|
|
42
42
|
#include "src/core/lib/iomgr/sockaddr.h"
|
|
43
43
|
#include "src/core/lib/iomgr/sockaddr_utils.h"
|
|
44
44
|
#include "src/core/lib/iomgr/socket_mutator.h"
|
|
@@ -1241,11 +1241,11 @@ static void tcp_handle_error(void* arg /* grpc_tcp */, grpc_error* error) {
|
|
|
1241
1241
|
|
|
1242
1242
|
#else /* GRPC_LINUX_ERRQUEUE */
|
|
1243
1243
|
static TcpZerocopySendRecord* tcp_get_send_zerocopy_record(
|
|
1244
|
-
grpc_tcp* tcp
|
|
1244
|
+
grpc_tcp* /*tcp*/, grpc_slice_buffer* /*buf*/) {
|
|
1245
1245
|
return nullptr;
|
|
1246
1246
|
}
|
|
1247
1247
|
|
|
1248
|
-
static void ZerocopyDisableAndWaitForRemaining(grpc_tcp* tcp) {}
|
|
1248
|
+
static void ZerocopyDisableAndWaitForRemaining(grpc_tcp* /*tcp*/) {}
|
|
1249
1249
|
|
|
1250
1250
|
static bool tcp_write_with_timestamps(grpc_tcp* /*tcp*/, struct msghdr* /*msg*/,
|
|
1251
1251
|
size_t /*sending_length*/,
|
|
@@ -1391,8 +1391,8 @@ static bool do_tcp_flush_zerocopy(grpc_tcp* tcp, TcpZerocopySendRecord* record,
|
|
|
1391
1391
|
|
|
1392
1392
|
static void UnrefMaybePutZerocopySendRecord(grpc_tcp* tcp,
|
|
1393
1393
|
TcpZerocopySendRecord* record,
|
|
1394
|
-
uint32_t seq
|
|
1395
|
-
const char* /*
|
|
1394
|
+
uint32_t /*seq*/,
|
|
1395
|
+
const char* /*tag*/) {
|
|
1396
1396
|
if (record->Unref()) {
|
|
1397
1397
|
tcp->tcp_zerocopy_send_ctx.PutSendRecord(record);
|
|
1398
1398
|
}
|
|
@@ -0,0 +1,339 @@
|
|
|
1
|
+
// Copyright 2021 gRPC authors.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#include <grpc/support/port_platform.h>
|
|
16
|
+
|
|
17
|
+
#include "src/core/lib/security/authorization/matchers.h"
|
|
18
|
+
|
|
19
|
+
#include "absl/memory/memory.h"
|
|
20
|
+
#include "absl/strings/str_cat.h"
|
|
21
|
+
#include "absl/strings/str_format.h"
|
|
22
|
+
#include "absl/strings/str_join.h"
|
|
23
|
+
#include "absl/strings/str_split.h"
|
|
24
|
+
|
|
25
|
+
namespace grpc_core {
|
|
26
|
+
|
|
27
|
+
//
|
|
28
|
+
// StringMatcher
|
|
29
|
+
//
|
|
30
|
+
|
|
31
|
+
absl::StatusOr<StringMatcher> StringMatcher::Create(Type type,
|
|
32
|
+
const std::string& matcher,
|
|
33
|
+
bool case_sensitive) {
|
|
34
|
+
if (type == Type::SAFE_REGEX) {
|
|
35
|
+
RE2::Options options;
|
|
36
|
+
options.set_case_sensitive(case_sensitive);
|
|
37
|
+
auto regex_matcher = absl::make_unique<RE2>(matcher, options);
|
|
38
|
+
if (!regex_matcher->ok()) {
|
|
39
|
+
return absl::InvalidArgumentError(
|
|
40
|
+
"Invalid regex string specified in matcher.");
|
|
41
|
+
}
|
|
42
|
+
return StringMatcher(std::move(regex_matcher), case_sensitive);
|
|
43
|
+
} else {
|
|
44
|
+
return StringMatcher(type, matcher, case_sensitive);
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
StringMatcher::StringMatcher(Type type, const std::string& matcher,
|
|
49
|
+
bool case_sensitive)
|
|
50
|
+
: type_(type), string_matcher_(matcher), case_sensitive_(case_sensitive) {}
|
|
51
|
+
|
|
52
|
+
StringMatcher::StringMatcher(std::unique_ptr<RE2> regex_matcher,
|
|
53
|
+
bool case_sensitive)
|
|
54
|
+
: type_(Type::SAFE_REGEX),
|
|
55
|
+
regex_matcher_(std::move(regex_matcher)),
|
|
56
|
+
case_sensitive_(case_sensitive) {}
|
|
57
|
+
|
|
58
|
+
StringMatcher::StringMatcher(const StringMatcher& other)
|
|
59
|
+
: type_(other.type_), case_sensitive_(other.case_sensitive_) {
|
|
60
|
+
if (type_ == Type::SAFE_REGEX) {
|
|
61
|
+
RE2::Options options;
|
|
62
|
+
options.set_case_sensitive(other.case_sensitive_);
|
|
63
|
+
regex_matcher_ =
|
|
64
|
+
absl::make_unique<RE2>(other.regex_matcher_->pattern(), options);
|
|
65
|
+
} else {
|
|
66
|
+
string_matcher_ = other.string_matcher_;
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
StringMatcher& StringMatcher::operator=(const StringMatcher& other) {
|
|
71
|
+
type_ = other.type_;
|
|
72
|
+
if (type_ == Type::SAFE_REGEX) {
|
|
73
|
+
RE2::Options options;
|
|
74
|
+
options.set_case_sensitive(other.case_sensitive_);
|
|
75
|
+
regex_matcher_ =
|
|
76
|
+
absl::make_unique<RE2>(other.regex_matcher_->pattern(), options);
|
|
77
|
+
} else {
|
|
78
|
+
string_matcher_ = other.string_matcher_;
|
|
79
|
+
}
|
|
80
|
+
case_sensitive_ = other.case_sensitive_;
|
|
81
|
+
return *this;
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
StringMatcher::StringMatcher(StringMatcher&& other) noexcept
|
|
85
|
+
: type_(other.type_), case_sensitive_(other.case_sensitive_) {
|
|
86
|
+
if (type_ == Type::SAFE_REGEX) {
|
|
87
|
+
regex_matcher_ = std::move(other.regex_matcher_);
|
|
88
|
+
} else {
|
|
89
|
+
string_matcher_ = std::move(other.string_matcher_);
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
StringMatcher& StringMatcher::operator=(StringMatcher&& other) noexcept {
|
|
94
|
+
type_ = other.type_;
|
|
95
|
+
if (type_ == Type::SAFE_REGEX) {
|
|
96
|
+
regex_matcher_ = std::move(other.regex_matcher_);
|
|
97
|
+
} else {
|
|
98
|
+
string_matcher_ = std::move(other.string_matcher_);
|
|
99
|
+
}
|
|
100
|
+
case_sensitive_ = other.case_sensitive_;
|
|
101
|
+
return *this;
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
bool StringMatcher::operator==(const StringMatcher& other) const {
|
|
105
|
+
if (type_ != other.type_ || case_sensitive_ != other.case_sensitive_) {
|
|
106
|
+
return false;
|
|
107
|
+
}
|
|
108
|
+
if (type_ == Type::SAFE_REGEX) {
|
|
109
|
+
return regex_matcher_->pattern() == other.regex_matcher_->pattern();
|
|
110
|
+
} else {
|
|
111
|
+
return string_matcher_ == other.string_matcher_;
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
bool StringMatcher::Match(absl::string_view value) const {
|
|
116
|
+
switch (type_) {
|
|
117
|
+
case Type::EXACT:
|
|
118
|
+
return case_sensitive_ ? value == string_matcher_
|
|
119
|
+
: absl::EqualsIgnoreCase(value, string_matcher_);
|
|
120
|
+
case StringMatcher::Type::PREFIX:
|
|
121
|
+
return case_sensitive_
|
|
122
|
+
? absl::StartsWith(value, string_matcher_)
|
|
123
|
+
: absl::StartsWithIgnoreCase(value, string_matcher_);
|
|
124
|
+
case StringMatcher::Type::SUFFIX:
|
|
125
|
+
return case_sensitive_ ? absl::EndsWith(value, string_matcher_)
|
|
126
|
+
: absl::EndsWithIgnoreCase(value, string_matcher_);
|
|
127
|
+
case StringMatcher::Type::CONTAINS:
|
|
128
|
+
return case_sensitive_
|
|
129
|
+
? absl::StrContains(value, string_matcher_)
|
|
130
|
+
: absl::StrContains(absl::AsciiStrToLower(value),
|
|
131
|
+
absl::AsciiStrToLower(string_matcher_));
|
|
132
|
+
case StringMatcher::Type::SAFE_REGEX:
|
|
133
|
+
return RE2::FullMatch(std::string(value), *regex_matcher_);
|
|
134
|
+
default:
|
|
135
|
+
return false;
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
std::string StringMatcher::ToString() const {
|
|
140
|
+
switch (type_) {
|
|
141
|
+
case Type::EXACT:
|
|
142
|
+
return absl::StrFormat("StringMatcher{exact=%s%s}", string_matcher_,
|
|
143
|
+
case_sensitive_ ? "" : ", case_sensitive=false");
|
|
144
|
+
case Type::PREFIX:
|
|
145
|
+
return absl::StrFormat("StringMatcher{prefix=%s%s}", string_matcher_,
|
|
146
|
+
case_sensitive_ ? "" : ", case_sensitive=false");
|
|
147
|
+
case Type::SUFFIX:
|
|
148
|
+
return absl::StrFormat("StringMatcher{suffix=%s%s}", string_matcher_,
|
|
149
|
+
case_sensitive_ ? "" : ", case_sensitive=false");
|
|
150
|
+
case Type::CONTAINS:
|
|
151
|
+
return absl::StrFormat("StringMatcher{contains=%s%s}", string_matcher_,
|
|
152
|
+
case_sensitive_ ? "" : ", case_sensitive=false");
|
|
153
|
+
case Type::SAFE_REGEX:
|
|
154
|
+
return absl::StrFormat("StringMatcher{safe_regex=%s%s}",
|
|
155
|
+
regex_matcher_->pattern(),
|
|
156
|
+
case_sensitive_ ? "" : ", case_sensitive=false");
|
|
157
|
+
default:
|
|
158
|
+
return "";
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
//
|
|
163
|
+
// HeaderMatcher
|
|
164
|
+
//
|
|
165
|
+
|
|
166
|
+
absl::StatusOr<HeaderMatcher> HeaderMatcher::Create(
|
|
167
|
+
const std::string& name, Type type, const std::string& matcher,
|
|
168
|
+
int64_t range_start, int64_t range_end, bool present_match,
|
|
169
|
+
bool invert_match) {
|
|
170
|
+
if (static_cast<int>(type) < 5) {
|
|
171
|
+
// Only for EXACT, PREFIX, SUFFIX, SAFE_REGEX and CONTAINS.
|
|
172
|
+
absl::StatusOr<StringMatcher> string_matcher =
|
|
173
|
+
StringMatcher::Create(static_cast<StringMatcher::Type>(type), matcher,
|
|
174
|
+
/*case_sensitive=*/true);
|
|
175
|
+
if (!string_matcher.ok()) {
|
|
176
|
+
return string_matcher.status();
|
|
177
|
+
}
|
|
178
|
+
return HeaderMatcher(name, type, std::move(string_matcher.value()),
|
|
179
|
+
invert_match);
|
|
180
|
+
} else if (type == Type::RANGE) {
|
|
181
|
+
if (range_start > range_end) {
|
|
182
|
+
return absl::InvalidArgumentError(
|
|
183
|
+
"Invalid range specifier specified: end cannot be smaller than "
|
|
184
|
+
"start.");
|
|
185
|
+
}
|
|
186
|
+
return HeaderMatcher(name, range_start, range_end, invert_match);
|
|
187
|
+
} else {
|
|
188
|
+
return HeaderMatcher(name, present_match, invert_match);
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
HeaderMatcher::HeaderMatcher(const std::string& name, Type type,
|
|
193
|
+
StringMatcher string_matcher, bool invert_match)
|
|
194
|
+
: name_(name),
|
|
195
|
+
type_(type),
|
|
196
|
+
matcher_(std::move(string_matcher)),
|
|
197
|
+
invert_match_(invert_match) {}
|
|
198
|
+
|
|
199
|
+
HeaderMatcher::HeaderMatcher(const std::string& name, int64_t range_start,
|
|
200
|
+
int64_t range_end, bool invert_match)
|
|
201
|
+
: name_(name),
|
|
202
|
+
type_(Type::RANGE),
|
|
203
|
+
range_start_(range_start),
|
|
204
|
+
range_end_(range_end),
|
|
205
|
+
invert_match_(invert_match) {}
|
|
206
|
+
|
|
207
|
+
HeaderMatcher::HeaderMatcher(const std::string& name, bool present_match,
|
|
208
|
+
bool invert_match)
|
|
209
|
+
: name_(name),
|
|
210
|
+
type_(Type::PRESENT),
|
|
211
|
+
present_match_(present_match),
|
|
212
|
+
invert_match_(invert_match) {}
|
|
213
|
+
|
|
214
|
+
HeaderMatcher::HeaderMatcher(const HeaderMatcher& other)
|
|
215
|
+
: name_(other.name_),
|
|
216
|
+
type_(other.type_),
|
|
217
|
+
invert_match_(other.invert_match_) {
|
|
218
|
+
switch (type_) {
|
|
219
|
+
case Type::RANGE:
|
|
220
|
+
range_start_ = other.range_start_;
|
|
221
|
+
range_end_ = other.range_end_;
|
|
222
|
+
break;
|
|
223
|
+
case Type::PRESENT:
|
|
224
|
+
present_match_ = other.present_match_;
|
|
225
|
+
break;
|
|
226
|
+
default:
|
|
227
|
+
matcher_ = other.matcher_;
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
HeaderMatcher& HeaderMatcher::operator=(const HeaderMatcher& other) {
|
|
232
|
+
name_ = other.name_;
|
|
233
|
+
type_ = other.type_;
|
|
234
|
+
invert_match_ = other.invert_match_;
|
|
235
|
+
switch (type_) {
|
|
236
|
+
case Type::RANGE:
|
|
237
|
+
range_start_ = other.range_start_;
|
|
238
|
+
range_end_ = other.range_end_;
|
|
239
|
+
break;
|
|
240
|
+
case Type::PRESENT:
|
|
241
|
+
present_match_ = other.present_match_;
|
|
242
|
+
break;
|
|
243
|
+
default:
|
|
244
|
+
matcher_ = other.matcher_;
|
|
245
|
+
}
|
|
246
|
+
return *this;
|
|
247
|
+
}
|
|
248
|
+
|
|
249
|
+
HeaderMatcher::HeaderMatcher(HeaderMatcher&& other) noexcept
|
|
250
|
+
: name_(std::move(other.name_)),
|
|
251
|
+
type_(other.type_),
|
|
252
|
+
invert_match_(other.invert_match_) {
|
|
253
|
+
switch (type_) {
|
|
254
|
+
case Type::RANGE:
|
|
255
|
+
range_start_ = other.range_start_;
|
|
256
|
+
range_end_ = other.range_end_;
|
|
257
|
+
break;
|
|
258
|
+
case Type::PRESENT:
|
|
259
|
+
present_match_ = other.present_match_;
|
|
260
|
+
break;
|
|
261
|
+
default:
|
|
262
|
+
matcher_ = std::move(other.matcher_);
|
|
263
|
+
}
|
|
264
|
+
}
|
|
265
|
+
|
|
266
|
+
HeaderMatcher& HeaderMatcher::operator=(HeaderMatcher&& other) noexcept {
|
|
267
|
+
name_ = std::move(other.name_);
|
|
268
|
+
type_ = other.type_;
|
|
269
|
+
invert_match_ = other.invert_match_;
|
|
270
|
+
switch (type_) {
|
|
271
|
+
case Type::RANGE:
|
|
272
|
+
range_start_ = other.range_start_;
|
|
273
|
+
range_end_ = other.range_end_;
|
|
274
|
+
break;
|
|
275
|
+
case Type::PRESENT:
|
|
276
|
+
present_match_ = other.present_match_;
|
|
277
|
+
break;
|
|
278
|
+
default:
|
|
279
|
+
matcher_ = std::move(other.matcher_);
|
|
280
|
+
}
|
|
281
|
+
return *this;
|
|
282
|
+
}
|
|
283
|
+
|
|
284
|
+
bool HeaderMatcher::operator==(const HeaderMatcher& other) const {
|
|
285
|
+
if (name_ != other.name_) return false;
|
|
286
|
+
if (type_ != other.type_) return false;
|
|
287
|
+
if (invert_match_ != other.invert_match_) return false;
|
|
288
|
+
switch (type_) {
|
|
289
|
+
case Type::RANGE:
|
|
290
|
+
return range_start_ == other.range_start_ &&
|
|
291
|
+
range_end_ == other.range_end_;
|
|
292
|
+
case Type::PRESENT:
|
|
293
|
+
return present_match_ == other.present_match_;
|
|
294
|
+
default:
|
|
295
|
+
return matcher_ == other.matcher_;
|
|
296
|
+
}
|
|
297
|
+
}
|
|
298
|
+
|
|
299
|
+
bool HeaderMatcher::Match(
|
|
300
|
+
const absl::optional<absl::string_view>& value) const {
|
|
301
|
+
bool match;
|
|
302
|
+
if (type_ == Type::PRESENT) {
|
|
303
|
+
match = value.has_value() == present_match_;
|
|
304
|
+
} else if (!value.has_value()) {
|
|
305
|
+
// All other types fail to match if field is not present.
|
|
306
|
+
match = false;
|
|
307
|
+
} else if (type_ == Type::RANGE) {
|
|
308
|
+
int64_t int_value;
|
|
309
|
+
match = absl::SimpleAtoi(value.value(), &int_value) &&
|
|
310
|
+
int_value >= range_start_ && int_value < range_end_;
|
|
311
|
+
} else {
|
|
312
|
+
match = matcher_.Match(value.value());
|
|
313
|
+
}
|
|
314
|
+
return match != invert_match_;
|
|
315
|
+
}
|
|
316
|
+
|
|
317
|
+
std::string HeaderMatcher::ToString() const {
|
|
318
|
+
switch (type_) {
|
|
319
|
+
case Type::RANGE:
|
|
320
|
+
return absl::StrFormat("HeaderMatcher{%s %srange=[%d, %d]}", name_,
|
|
321
|
+
invert_match_ ? "not " : "", range_start_,
|
|
322
|
+
range_end_);
|
|
323
|
+
case Type::PRESENT:
|
|
324
|
+
return absl::StrFormat("HeaderMatcher{%s %spresent=%s}", name_,
|
|
325
|
+
invert_match_ ? "not " : "",
|
|
326
|
+
present_match_ ? "true" : "false");
|
|
327
|
+
case Type::EXACT:
|
|
328
|
+
case Type::PREFIX:
|
|
329
|
+
case Type::SUFFIX:
|
|
330
|
+
case Type::SAFE_REGEX:
|
|
331
|
+
case Type::CONTAINS:
|
|
332
|
+
return absl::StrFormat("HeaderMatcher{%s %s%s}", name_,
|
|
333
|
+
invert_match_ ? "not " : "", matcher_.ToString());
|
|
334
|
+
default:
|
|
335
|
+
return "";
|
|
336
|
+
}
|
|
337
|
+
}
|
|
338
|
+
|
|
339
|
+
} // namespace grpc_core
|
|
@@ -0,0 +1,158 @@
|
|
|
1
|
+
// Copyright 2021 gRPC authors.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MATCHERS_H
|
|
16
|
+
#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MATCHERS_H
|
|
17
|
+
|
|
18
|
+
#include <grpc/support/port_platform.h>
|
|
19
|
+
|
|
20
|
+
#include <memory>
|
|
21
|
+
#include <string>
|
|
22
|
+
|
|
23
|
+
#include "absl/status/statusor.h"
|
|
24
|
+
#include "absl/strings/string_view.h"
|
|
25
|
+
#include "absl/types/optional.h"
|
|
26
|
+
|
|
27
|
+
#include "re2/re2.h"
|
|
28
|
+
|
|
29
|
+
namespace grpc_core {
|
|
30
|
+
|
|
31
|
+
class StringMatcher {
|
|
32
|
+
public:
|
|
33
|
+
enum class Type {
|
|
34
|
+
EXACT, // value stored in string_matcher_ field
|
|
35
|
+
PREFIX, // value stored in string_matcher_ field
|
|
36
|
+
SUFFIX, // value stored in string_matcher_ field
|
|
37
|
+
SAFE_REGEX, // pattern stored in regex_matcher_ field
|
|
38
|
+
CONTAINS, // value stored in string_matcher_ field
|
|
39
|
+
};
|
|
40
|
+
|
|
41
|
+
// Creates StringMatcher instance. Returns error status on failure.
|
|
42
|
+
static absl::StatusOr<StringMatcher> Create(Type type,
|
|
43
|
+
const std::string& matcher,
|
|
44
|
+
bool case_sensitive = true);
|
|
45
|
+
|
|
46
|
+
StringMatcher() = default;
|
|
47
|
+
StringMatcher(const StringMatcher& other);
|
|
48
|
+
StringMatcher& operator=(const StringMatcher& other);
|
|
49
|
+
StringMatcher(StringMatcher&& other) noexcept;
|
|
50
|
+
StringMatcher& operator=(StringMatcher&& other) noexcept;
|
|
51
|
+
bool operator==(const StringMatcher& other) const;
|
|
52
|
+
|
|
53
|
+
bool Match(absl::string_view value) const;
|
|
54
|
+
|
|
55
|
+
std::string ToString() const;
|
|
56
|
+
|
|
57
|
+
Type type() const { return type_; }
|
|
58
|
+
|
|
59
|
+
// Valid for EXACT, PREFIX, SUFFIX and CONTAINS
|
|
60
|
+
const std::string& string_matcher() const { return string_matcher_; }
|
|
61
|
+
|
|
62
|
+
// Valid for SAFE_REGEX
|
|
63
|
+
RE2* regex_matcher() const { return regex_matcher_.get(); }
|
|
64
|
+
|
|
65
|
+
bool case_sensitive() const { return case_sensitive_; }
|
|
66
|
+
|
|
67
|
+
private:
|
|
68
|
+
StringMatcher(Type type, const std::string& matcher, bool case_sensitive);
|
|
69
|
+
StringMatcher(std::unique_ptr<RE2> regex_matcher, bool case_sensitive);
|
|
70
|
+
|
|
71
|
+
Type type_ = Type::EXACT;
|
|
72
|
+
std::string string_matcher_;
|
|
73
|
+
std::unique_ptr<RE2> regex_matcher_;
|
|
74
|
+
bool case_sensitive_ = true;
|
|
75
|
+
};
|
|
76
|
+
|
|
77
|
+
class HeaderMatcher {
|
|
78
|
+
public:
|
|
79
|
+
enum class Type {
|
|
80
|
+
EXACT, // value stored in StringMatcher field
|
|
81
|
+
PREFIX, // value stored in StringMatcher field
|
|
82
|
+
SUFFIX, // value stored in StringMatcher field
|
|
83
|
+
SAFE_REGEX, // value stored in StringMatcher field
|
|
84
|
+
CONTAINS, // value stored in StringMatcher field
|
|
85
|
+
RANGE, // uses range_start and range_end fields
|
|
86
|
+
PRESENT, // uses present_match field
|
|
87
|
+
};
|
|
88
|
+
|
|
89
|
+
// Make sure that the first five HeaderMatcher::Type enum values match up to
|
|
90
|
+
// the corresponding StringMatcher::Type enum values, so that it's safe to
|
|
91
|
+
// convert by casting when delegating to StringMatcher.
|
|
92
|
+
static_assert(static_cast<StringMatcher::Type>(Type::EXACT) ==
|
|
93
|
+
StringMatcher::Type::EXACT,
|
|
94
|
+
"");
|
|
95
|
+
static_assert(static_cast<StringMatcher::Type>(Type::PREFIX) ==
|
|
96
|
+
StringMatcher::Type::PREFIX,
|
|
97
|
+
"");
|
|
98
|
+
static_assert(static_cast<StringMatcher::Type>(Type::SUFFIX) ==
|
|
99
|
+
StringMatcher::Type::SUFFIX,
|
|
100
|
+
"");
|
|
101
|
+
static_assert(static_cast<StringMatcher::Type>(Type::SAFE_REGEX) ==
|
|
102
|
+
StringMatcher::Type::SAFE_REGEX,
|
|
103
|
+
"");
|
|
104
|
+
static_assert(static_cast<StringMatcher::Type>(Type::CONTAINS) ==
|
|
105
|
+
StringMatcher::Type::CONTAINS,
|
|
106
|
+
"");
|
|
107
|
+
|
|
108
|
+
// Creates HeaderMatcher instance. Returns error status on failure.
|
|
109
|
+
static absl::StatusOr<HeaderMatcher> Create(
|
|
110
|
+
const std::string& name, Type type, const std::string& matcher,
|
|
111
|
+
int64_t range_start = 0, int64_t range_end = 0,
|
|
112
|
+
bool present_match = false, bool invert_match = false);
|
|
113
|
+
|
|
114
|
+
HeaderMatcher() = default;
|
|
115
|
+
HeaderMatcher(const HeaderMatcher& other);
|
|
116
|
+
HeaderMatcher& operator=(const HeaderMatcher& other);
|
|
117
|
+
HeaderMatcher(HeaderMatcher&& other) noexcept;
|
|
118
|
+
HeaderMatcher& operator=(HeaderMatcher&& other) noexcept;
|
|
119
|
+
bool operator==(const HeaderMatcher& other) const;
|
|
120
|
+
|
|
121
|
+
const std::string& name() const { return name_; }
|
|
122
|
+
|
|
123
|
+
Type type() const { return type_; }
|
|
124
|
+
|
|
125
|
+
// Valid for EXACT, PREFIX, SUFFIX and CONTAINS
|
|
126
|
+
const std::string& string_matcher() const {
|
|
127
|
+
return matcher_.string_matcher();
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
// Valid for SAFE_REGEX
|
|
131
|
+
RE2* regex_matcher() const { return matcher_.regex_matcher(); }
|
|
132
|
+
|
|
133
|
+
bool Match(const absl::optional<absl::string_view>& value) const;
|
|
134
|
+
|
|
135
|
+
std::string ToString() const;
|
|
136
|
+
|
|
137
|
+
private:
|
|
138
|
+
// For StringMatcher.
|
|
139
|
+
HeaderMatcher(const std::string& name, Type type, StringMatcher matcher,
|
|
140
|
+
bool invert_match);
|
|
141
|
+
// For RangeMatcher.
|
|
142
|
+
HeaderMatcher(const std::string& name, int64_t range_start, int64_t range_end,
|
|
143
|
+
bool invert_match);
|
|
144
|
+
// For PresentMatcher.
|
|
145
|
+
HeaderMatcher(const std::string& name, bool present_match, bool invert_match);
|
|
146
|
+
|
|
147
|
+
std::string name_;
|
|
148
|
+
Type type_ = Type::EXACT;
|
|
149
|
+
StringMatcher matcher_;
|
|
150
|
+
int64_t range_start_;
|
|
151
|
+
int64_t range_end_;
|
|
152
|
+
bool present_match_;
|
|
153
|
+
bool invert_match_ = false;
|
|
154
|
+
};
|
|
155
|
+
|
|
156
|
+
} // namespace grpc_core
|
|
157
|
+
|
|
158
|
+
#endif /* GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MATCHERS_H */
|