grpc 1.42.0 → 1.43.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +85 -34
- data/include/grpc/event_engine/event_engine.h +37 -13
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +1 -31
- data/include/grpc/event_engine/memory_allocator.h +27 -11
- data/include/grpc/event_engine/memory_request.h +57 -0
- data/include/grpc/grpc_security.h +276 -145
- data/include/grpc/grpc_security_constants.h +1 -14
- data/include/grpc/impl/codegen/port_platform.h +7 -3
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -7
- data/src/core/ext/filters/client_channel/backend_metric.h +3 -2
- data/src/core/ext/filters/client_channel/client_channel.cc +81 -40
- data/src/core/ext/filters/client_channel/client_channel.h +5 -4
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -2
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +4 -4
- data/src/core/ext/filters/client_channel/health/health_check_client.h +1 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +12 -14
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +27 -80
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +82 -34
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +47 -91
- data/src/core/ext/filters/client_channel/lb_policy.h +75 -59
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +8 -12
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +6 -12
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +222 -294
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -7
- data/src/core/ext/filters/client_channel/resolver_registry.h +1 -2
- data/src/core/ext/filters/client_channel/subchannel.cc +4 -4
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +14 -30
- data/src/core/ext/filters/http/http_filters_plugin.cc +3 -5
- data/src/core/ext/filters/http/server/http_server_filter.cc +11 -28
- data/src/core/ext/filters/server_config_selector/server_config_selector.cc +67 -0
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +70 -0
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +265 -0
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.h +32 -0
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +4 -20
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +0 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +8 -5
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +11 -14
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +6 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +54 -79
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +2 -3
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +9 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +53 -62
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -2
- data/src/core/ext/transport/chttp2/transport/context_list.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/context_list.h +2 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +8 -8
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +83 -19
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +33 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +66 -92
- data/src/core/ext/transport/chttp2/transport/internal.h +8 -4
- data/src/core/ext/transport/inproc/inproc_transport.cc +16 -7
- data/src/core/ext/transport/inproc/inproc_transport.h +1 -1
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +197 -165
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +18 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +26 -2
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +107 -82
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +188 -160
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +35 -22
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +253 -218
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +16 -5
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +36 -25
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +56 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +16 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +162 -128
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +51 -36
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +15 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +25 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +114 -90
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +89 -71
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +17 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +117 -93
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +21 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +18 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +22 -11
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +17 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +41 -27
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +59 -43
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +58 -43
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +15 -4
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +73 -57
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +81 -64
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +25 -14
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +19 -7
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +63 -45
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +66 -47
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +93 -75
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +41 -28
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +503 -440
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +26 -13
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +21 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +35 -20
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +44 -31
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +22 -11
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +210 -181
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +7 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +64 -48
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +33 -20
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +81 -65
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +12 -1
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +12 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +75 -58
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +12 -1
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +12 -1
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +25 -13
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +12 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +12 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +61 -46
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +26 -12
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +22 -10
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +17 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +16 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +15 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +27 -14
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +25 -13
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +20 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +30 -17
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +38 -21
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +41 -26
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +7 -0
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +17 -5
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +22 -9
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +2 -0
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +15 -4
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +2 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.c +20 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +7 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +116 -93
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +2 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/eval.upb.c +102 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/eval.upb.h +306 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/explain.upb.c +56 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/explain.upb.h +135 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +122 -98
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +2 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/value.upb.c +115 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/value.upb.h +371 -0
- data/src/core/ext/upb-generated/google/api/http.upb.c +35 -22
- data/src/core/ext/upb-generated/google/api/http.upb.h +2 -0
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +14 -3
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +2 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +247 -210
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +2 -0
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +14 -3
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +2 -0
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +12 -1
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +2 -0
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +37 -23
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +2 -0
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +14 -3
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +2 -0
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +37 -18
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +2 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +17 -6
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +2 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +26 -14
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +2 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +105 -83
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +2 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +20 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +2 -0
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +16 -4
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +2 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +65 -47
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +34 -36
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +26 -13
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +2 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +67 -7
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +27 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +27 -3
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +19 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +27 -3
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +26 -2
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +7 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +320 -251
- data/src/core/ext/upb-generated/validate/validate.upb.h +20 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +54 -9
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +17 -0
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +13 -2
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +2 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +24 -12
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +2 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +19 -7
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +2 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +18 -7
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +2 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +27 -15
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +2 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +18 -7
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +2 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +28 -15
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +2 -0
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +16 -5
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +2 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +2 -49
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +2 -2
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +2 -35
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +2 -41
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +2 -55
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +2 -19
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +2 -53
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +2 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +2 -33
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +2 -21
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +2 -33
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +2 -13
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +2 -17
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +2 -15
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +2 -17
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +2 -19
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +2 -21
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +2 -23
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +2 -111
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +2 -15
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +2 -43
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +2 -2
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +2 -17
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +2 -17
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +2 -19
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +2 -15
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +2 -13
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +2 -19
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +2 -15
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +2 -2
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +2 -2
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +2 -59
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +2 -13
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +2 -23
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +2 -11
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +2 -2
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +2 -51
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +2 -13
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +2 -9
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +2 -7
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +2 -7
- data/src/core/ext/xds/certificate_provider_registry.cc +1 -1
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/xds_api.cc +409 -304
- data/src/core/ext/xds/xds_api.h +3 -1
- data/src/core/ext/xds/xds_bootstrap.cc +6 -3
- data/src/core/ext/xds/xds_certificate_provider.h +1 -2
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +3 -4
- data/src/core/ext/xds/xds_client.cc +395 -291
- data/src/core/ext/xds/xds_client.h +47 -38
- data/src/core/ext/xds/xds_routing.cc +247 -0
- data/src/core/ext/xds/xds_routing.h +98 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +975 -261
- data/src/core/lib/avl/avl.h +389 -88
- data/src/core/lib/backoff/backoff.cc +2 -2
- data/src/core/lib/channel/channel_args.cc +17 -17
- data/src/core/lib/channel/channel_args.h +11 -10
- data/src/core/lib/channel/channel_args_preconditioning.cc +47 -0
- data/src/core/lib/channel/channel_args_preconditioning.h +62 -0
- data/src/core/lib/channel/channel_stack_builder.cc +0 -2
- data/src/core/lib/channel/channel_trace.cc +6 -6
- data/src/core/lib/channel/channelz.cc +1 -1
- data/src/core/lib/compression/compression_args.cc +7 -5
- data/src/core/lib/compression/compression_args.h +6 -4
- data/src/core/lib/config/core_configuration.cc +3 -1
- data/src/core/lib/config/core_configuration.h +11 -0
- data/src/core/lib/debug/trace.h +2 -2
- data/src/core/lib/event_engine/{endpoint_config.cc → channel_args_endpoint_config.cc} +2 -1
- data/src/core/lib/event_engine/{endpoint_config_internal.h → channel_args_endpoint_config.h} +3 -3
- data/src/core/lib/event_engine/event_engine.cc +0 -13
- data/src/core/lib/event_engine/event_engine_factory.cc +49 -0
- data/src/core/lib/event_engine/event_engine_factory.h +33 -0
- data/src/core/lib/event_engine/memory_allocator.cc +70 -0
- data/src/core/lib/gpr/tls.h +6 -0
- data/src/core/lib/gprpp/cpp_impl_of.h +45 -0
- data/src/core/lib/gprpp/global_config_env.cc +7 -7
- data/src/core/lib/gprpp/global_config_env.h +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +2 -3
- data/src/core/lib/gprpp/orphanable.h +1 -1
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -4
- data/src/core/lib/gprpp/status_helper.h +1 -1
- data/src/core/lib/gprpp/table.h +13 -1
- data/src/core/lib/http/httpcli.cc +30 -26
- data/src/core/lib/http/httpcli.h +14 -12
- data/src/core/lib/iomgr/buffer_list.cc +9 -9
- data/src/core/lib/iomgr/buffer_list.h +13 -13
- data/src/core/lib/iomgr/call_combiner.cc +2 -3
- data/src/core/lib/iomgr/endpoint.h +0 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +7 -24
- data/src/core/lib/iomgr/endpoint_cfstream.h +4 -4
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +9 -11
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +5 -14
- data/src/core/lib/iomgr/event_engine/endpoint.cc +2 -3
- data/src/core/lib/iomgr/event_engine/iomgr.cc +5 -25
- data/src/core/lib/iomgr/event_engine/resolver.cc +3 -2
- data/src/core/lib/iomgr/event_engine/tcp.cc +7 -5
- data/src/core/lib/iomgr/event_engine/timer.cc +4 -3
- data/src/core/lib/iomgr/exec_ctx.h +11 -11
- data/src/core/lib/iomgr/executor.cc +12 -15
- data/src/core/lib/iomgr/executor.h +1 -1
- data/src/core/lib/iomgr/tcp_client.cc +2 -4
- data/src/core/lib/iomgr/tcp_client.h +1 -3
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +1 -9
- data/src/core/lib/iomgr/tcp_client_custom.cc +4 -10
- data/src/core/lib/iomgr/tcp_client_posix.cc +7 -23
- data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +1 -10
- data/src/core/lib/iomgr/tcp_custom.cc +9 -36
- data/src/core/lib/iomgr/tcp_custom.h +0 -1
- data/src/core/lib/iomgr/tcp_posix.cc +28 -33
- data/src/core/lib/iomgr/tcp_posix.h +1 -3
- data/src/core/lib/iomgr/tcp_server.cc +4 -6
- data/src/core/lib/iomgr/tcp_server.h +6 -8
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -15
- data/src/core/lib/iomgr/tcp_server_posix.cc +18 -22
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +19 -18
- data/src/core/lib/iomgr/tcp_server_windows.cc +5 -12
- data/src/core/lib/iomgr/tcp_windows.cc +2 -7
- data/src/core/lib/iomgr/tcp_windows.h +1 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +1 -1
- data/src/core/lib/iomgr/unix_sockets_posix.h +1 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +1 -1
- data/src/core/lib/iomgr/work_serializer.cc +115 -44
- data/src/core/lib/iomgr/work_serializer.h +16 -4
- data/src/core/lib/json/json_reader.cc +83 -35
- data/src/core/lib/json/json_util.cc +1 -1
- data/src/core/lib/promise/activity.cc +115 -0
- data/src/core/lib/promise/activity.h +499 -0
- data/src/core/lib/promise/context.h +86 -0
- data/src/core/lib/promise/detail/basic_seq.h +407 -0
- data/src/core/lib/promise/detail/promise_factory.h +189 -0
- data/src/core/lib/promise/detail/promise_like.h +85 -0
- data/src/core/lib/promise/detail/status.h +44 -0
- data/src/core/lib/promise/detail/switch.h +1455 -0
- data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +48 -0
- data/src/core/lib/promise/loop.h +108 -0
- data/src/core/lib/promise/map.h +88 -0
- data/src/core/lib/promise/poll.h +60 -0
- data/src/core/lib/promise/race.h +84 -0
- data/src/core/lib/promise/seq.h +71 -0
- data/src/core/lib/resource_quota/api.cc +108 -0
- data/src/core/lib/resource_quota/api.h +41 -0
- data/src/core/lib/resource_quota/memory_quota.cc +454 -0
- data/src/core/lib/resource_quota/memory_quota.h +421 -0
- data/src/core/lib/resource_quota/resource_quota.cc +33 -0
- data/src/core/lib/resource_quota/resource_quota.h +58 -0
- data/src/core/lib/resource_quota/thread_quota.cc +43 -0
- data/src/core/lib/resource_quota/thread_quota.h +57 -0
- data/src/core/lib/resource_quota/trace.cc +19 -0
- data/src/core/lib/resource_quota/trace.h +24 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +13 -19
- data/src/core/lib/security/authorization/evaluate_args.h +2 -1
- data/src/core/lib/security/authorization/sdk_server_authz_filter.cc +3 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +11 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +9 -10
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +3 -4
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +4 -6
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +4 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +18 -22
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +11 -12
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +7 -8
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +201 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +106 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +11 -90
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +19 -82
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +21 -10
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +28 -33
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.h +2 -2
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +3 -4
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -1
- data/src/core/lib/security/security_connector/ssl_utils.cc +10 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +344 -195
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +64 -41
- data/src/core/lib/security/transport/security_handshaker.cc +2 -2
- data/src/core/lib/slice/percent_encoding.cc +30 -86
- data/src/core/lib/slice/percent_encoding.h +5 -11
- data/src/core/lib/slice/slice.cc +7 -7
- data/src/core/lib/slice/slice.h +341 -0
- data/src/core/lib/slice/slice_buffer.cc +4 -0
- data/src/core/lib/slice/slice_intern.cc +1 -1
- data/src/core/lib/slice/slice_refcount.h +5 -1
- data/src/core/lib/slice/slice_refcount_base.h +19 -11
- data/src/core/lib/slice/static_slice.cc +331 -483
- data/src/core/lib/slice/static_slice.h +101 -132
- data/src/core/lib/surface/builtins.cc +1 -1
- data/src/core/lib/surface/call.cc +85 -59
- data/src/core/lib/surface/channel.cc +4 -29
- data/src/core/lib/surface/channel.h +2 -12
- data/src/core/lib/surface/completion_queue.cc +2 -2
- data/src/core/lib/surface/init.cc +0 -1
- data/src/core/lib/surface/lame_client.cc +24 -17
- data/src/core/lib/surface/server.cc +22 -22
- data/src/core/lib/surface/server.h +8 -9
- data/src/core/lib/surface/validate_metadata.cc +2 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/byte_stream.cc +4 -0
- data/src/core/lib/transport/metadata.h +4 -4
- data/src/core/lib/transport/metadata_batch.cc +5 -0
- data/src/core/lib/transport/metadata_batch.h +174 -99
- data/src/core/lib/transport/parsed_metadata.cc +35 -0
- data/src/core/lib/transport/parsed_metadata.h +180 -61
- data/src/core/lib/transport/pid_controller.cc +4 -4
- data/src/core/lib/transport/static_metadata.cc +529 -614
- data/src/core/lib/transport/static_metadata.h +0 -18
- data/src/core/lib/transport/transport.cc +4 -26
- data/src/core/lib/transport/transport.h +0 -1
- data/src/core/lib/transport/transport_op_string.cc +1 -1
- data/src/core/lib/uri/uri_parser.cc +19 -19
- data/src/core/lib/uri/uri_parser.h +2 -0
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/local_transport_security.cc +15 -15
- data/src/core/tsi/ssl_transport_security.cc +30 -1
- data/src/core/tsi/ssl_transport_security.h +1 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -10
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +9 -15
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/container.h +101 -91
- data/third_party/abseil-cpp/absl/base/attributes.h +64 -31
- data/third_party/abseil-cpp/absl/base/config.h +67 -37
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +1 -26
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +3 -1
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +2 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +69 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +4 -4
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +16 -0
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +4 -4
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +0 -5
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +105 -97
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +17 -15
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +18 -102
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +37 -78
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +388 -423
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +3 -2
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -8
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +251 -120
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +11 -1
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +12 -11
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +6 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +12 -5
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_emscripten-inl.inc +110 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_riscv-inl.inc +234 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +25 -7
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +8 -2
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +21 -3
- data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +2 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +2 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +14 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_emscripten.inc +72 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +4 -1
- data/third_party/abseil-cpp/absl/hash/hash.h +22 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +15 -16
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +88 -37
- data/third_party/abseil-cpp/absl/hash/internal/{wyhash.cc → low_level_hash.cc} +23 -11
- data/third_party/abseil-cpp/absl/hash/internal/{wyhash.h → low_level_hash.h} +14 -12
- data/third_party/abseil-cpp/absl/memory/memory.h +1 -1
- data/third_party/abseil-cpp/absl/meta/type_traits.h +32 -2
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -10
- data/third_party/abseil-cpp/absl/numeric/int128.h +146 -73
- data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +19 -25
- data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +73 -70
- data/third_party/abseil-cpp/absl/{base → profiling}/internal/exponential_biased.cc +4 -4
- data/third_party/abseil-cpp/absl/{base → profiling}/internal/exponential_biased.h +6 -6
- data/third_party/abseil-cpp/absl/profiling/internal/sample_recorder.h +230 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +5 -5
- data/third_party/abseil-cpp/absl/status/status.cc +9 -17
- data/third_party/abseil-cpp/absl/status/status.h +19 -15
- data/third_party/abseil-cpp/absl/status/statusor.cc +34 -2
- data/third_party/abseil-cpp/absl/status/statusor.h +31 -21
- data/third_party/abseil-cpp/absl/strings/charconv.cc +3 -3
- data/third_party/abseil-cpp/absl/strings/charconv.h +3 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +453 -359
- data/third_party/abseil-cpp/absl/strings/cord.h +197 -70
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +6 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +140 -63
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.cc +1128 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h +939 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.cc +185 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.h +265 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_reader.cc +68 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_reader.h +211 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_consume.cc +129 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_consume.h +50 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +7 -7
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +55 -181
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +42 -24
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +4 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.cc +96 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.h +85 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.cc +139 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.h +131 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +445 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_info.h +298 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_statistics.h +87 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_update_scope.h +71 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_update_tracker.h +121 -0
- data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +48 -2
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +8 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +3 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +62 -73
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +24 -16
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +35 -35
- data/third_party/abseil-cpp/absl/strings/numbers.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/numbers.h +34 -0
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_format.h +1 -2
- data/third_party/abseil-cpp/absl/strings/string_view.cc +16 -21
- data/third_party/abseil-cpp/absl/strings/string_view.h +120 -39
- data/third_party/abseil-cpp/absl/strings/substitute.cc +2 -1
- data/third_party/abseil-cpp/absl/strings/substitute.h +99 -74
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +25 -15
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +5 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -1
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +3 -3
- data/third_party/abseil-cpp/absl/time/civil_time.cc +1 -3
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +93 -20
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +2 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +83 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +49 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -3
- data/third_party/abseil-cpp/absl/time/time.h +67 -36
- data/third_party/abseil-cpp/absl/types/bad_optional_access.h +1 -1
- data/third_party/abseil-cpp/absl/types/bad_variant_access.h +2 -2
- data/third_party/abseil-cpp/absl/types/span.h +3 -3
- data/third_party/boringssl-with-bazel/err_data.c +681 -677
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +19 -11
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +41 -30
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +59 -47
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +24 -28
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +48 -272
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +8 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +59 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +2 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +8 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +216 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +21 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +971 -253
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +0 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +17 -41
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +12 -27
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +8 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +29 -55
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +3 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +7 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +24 -28
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +6 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +12 -43
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +4 -0
- data/third_party/upb/upb/decode.c +309 -178
- data/third_party/upb/upb/decode_fast.c +1 -1
- data/third_party/upb/upb/decode_internal.h +1 -0
- data/third_party/upb/upb/def.c +330 -85
- data/third_party/upb/upb/def.h +45 -14
- data/third_party/upb/upb/def.hpp +17 -4
- data/third_party/upb/upb/encode.c +100 -40
- data/third_party/upb/upb/msg.c +22 -9
- data/third_party/upb/upb/msg_internal.h +90 -8
- data/third_party/upb/upb/reflection.c +98 -58
- data/third_party/upb/upb/reflection.h +6 -2
- data/third_party/upb/upb/text_encode.c +3 -3
- data/third_party/upb/upb/upb.c +8 -0
- metadata +116 -56
- data/src/core/lib/avl/avl.cc +0 -306
- data/src/core/lib/gprpp/match.h +0 -73
- data/src/core/lib/gprpp/overload.h +0 -59
- data/src/core/lib/iomgr/event_engine/iomgr.h +0 -42
- data/src/core/lib/iomgr/resource_quota.cc +0 -1106
- data/src/core/lib/iomgr/resource_quota.h +0 -226
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +0 -93
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +0 -217
@@ -0,0 +1,201 @@
|
|
1
|
+
//
|
2
|
+
// Copyright 2021 gRPC authors.
|
3
|
+
//
|
4
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
// you may not use this file except in compliance with the License.
|
6
|
+
// You may obtain a copy of the License at
|
7
|
+
//
|
8
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
//
|
10
|
+
// Unless required by applicable law or agreed to in writing, software
|
11
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
// See the License for the specific language governing permissions and
|
14
|
+
// limitations under the License.
|
15
|
+
//
|
16
|
+
|
17
|
+
#include <grpc/support/port_platform.h>
|
18
|
+
|
19
|
+
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h"
|
20
|
+
|
21
|
+
#include <grpc/support/alloc.h>
|
22
|
+
#include <grpc/support/log.h>
|
23
|
+
#include <grpc/support/string_util.h>
|
24
|
+
|
25
|
+
#include "src/core/lib/gprpp/host_port.h"
|
26
|
+
#include "src/core/lib/gprpp/stat.h"
|
27
|
+
#include "src/core/lib/security/credentials/tls/tls_utils.h"
|
28
|
+
#include "src/core/lib/slice/slice_internal.h"
|
29
|
+
#include "src/core/lib/surface/api_trace.h"
|
30
|
+
|
31
|
+
namespace grpc_core {
|
32
|
+
|
33
|
+
bool ExternalCertificateVerifier::Verify(
|
34
|
+
grpc_tls_custom_verification_check_request* request,
|
35
|
+
std::function<void(absl::Status)> callback, absl::Status* sync_status) {
|
36
|
+
{
|
37
|
+
MutexLock lock(&mu_);
|
38
|
+
request_map_.emplace(request, std::move(callback));
|
39
|
+
}
|
40
|
+
// Invoke the caller-specified verification logic embedded in
|
41
|
+
// external_verifier_.
|
42
|
+
grpc_status_code status_code = GRPC_STATUS_OK;
|
43
|
+
char* error_details = nullptr;
|
44
|
+
bool is_done = external_verifier_->verify(external_verifier_->user_data,
|
45
|
+
request, &OnVerifyDone, this,
|
46
|
+
&status_code, &error_details);
|
47
|
+
if (is_done) {
|
48
|
+
if (status_code != GRPC_STATUS_OK) {
|
49
|
+
*sync_status = absl::Status(static_cast<absl::StatusCode>(status_code),
|
50
|
+
error_details);
|
51
|
+
}
|
52
|
+
MutexLock lock(&mu_);
|
53
|
+
request_map_.erase(request);
|
54
|
+
}
|
55
|
+
gpr_free(error_details);
|
56
|
+
return is_done;
|
57
|
+
}
|
58
|
+
|
59
|
+
void ExternalCertificateVerifier::OnVerifyDone(
|
60
|
+
grpc_tls_custom_verification_check_request* request, void* callback_arg,
|
61
|
+
grpc_status_code status, const char* error_details) {
|
62
|
+
ExecCtx exec_ctx;
|
63
|
+
auto* self = static_cast<ExternalCertificateVerifier*>(callback_arg);
|
64
|
+
std::function<void(absl::Status)> callback;
|
65
|
+
{
|
66
|
+
MutexLock lock(&self->mu_);
|
67
|
+
auto it = self->request_map_.find(request);
|
68
|
+
if (it != self->request_map_.end()) {
|
69
|
+
callback = std::move(it->second);
|
70
|
+
self->request_map_.erase(it);
|
71
|
+
}
|
72
|
+
}
|
73
|
+
if (callback != nullptr) {
|
74
|
+
absl::Status return_status = absl::OkStatus();
|
75
|
+
if (status != GRPC_STATUS_OK) {
|
76
|
+
return_status =
|
77
|
+
absl::Status(static_cast<absl::StatusCode>(status), error_details);
|
78
|
+
}
|
79
|
+
callback(return_status);
|
80
|
+
}
|
81
|
+
}
|
82
|
+
|
83
|
+
bool HostNameCertificateVerifier::Verify(
|
84
|
+
grpc_tls_custom_verification_check_request* request,
|
85
|
+
std::function<void(absl::Status)>, absl::Status* sync_status) {
|
86
|
+
GPR_ASSERT(request != nullptr);
|
87
|
+
// Extract the target name, and remove its port.
|
88
|
+
const char* target_name = request->target_name;
|
89
|
+
if (target_name == nullptr) {
|
90
|
+
*sync_status = absl::Status(absl::StatusCode::kUnauthenticated,
|
91
|
+
"Target name is not specified.");
|
92
|
+
return true; // synchronous check
|
93
|
+
}
|
94
|
+
absl::string_view target_host;
|
95
|
+
absl::string_view ignored_port;
|
96
|
+
SplitHostPort(target_name, &target_host, &ignored_port);
|
97
|
+
if (target_host.empty()) {
|
98
|
+
*sync_status = absl::Status(absl::StatusCode::kUnauthenticated,
|
99
|
+
"Failed to split hostname and port.");
|
100
|
+
return true; // synchronous check
|
101
|
+
}
|
102
|
+
// IPv6 zone-id should not be included in comparisons.
|
103
|
+
const size_t zone_id = target_host.find('%');
|
104
|
+
if (zone_id != absl::string_view::npos) {
|
105
|
+
target_host.remove_suffix(target_host.size() - zone_id);
|
106
|
+
}
|
107
|
+
// Perform the hostname check.
|
108
|
+
// First check the DNS field. We allow prefix or suffix wildcard matching.
|
109
|
+
char** dns_names = request->peer_info.san_names.dns_names;
|
110
|
+
size_t dns_names_size = request->peer_info.san_names.dns_names_size;
|
111
|
+
if (dns_names != nullptr && dns_names_size > 0) {
|
112
|
+
for (size_t i = 0; i < dns_names_size; ++i) {
|
113
|
+
const char* dns_name = dns_names[i];
|
114
|
+
// We are using the target name sent from the client as a matcher to match
|
115
|
+
// against identity name on the peer cert.
|
116
|
+
if (VerifySubjectAlternativeName(dns_name, std::string(target_host))) {
|
117
|
+
return true; // synchronous check
|
118
|
+
}
|
119
|
+
}
|
120
|
+
}
|
121
|
+
// Then check the IP address. We only allow exact matching.
|
122
|
+
char** ip_names = request->peer_info.san_names.ip_names;
|
123
|
+
size_t ip_names_size = request->peer_info.san_names.ip_names_size;
|
124
|
+
if (ip_names != nullptr && ip_names_size > 0) {
|
125
|
+
for (size_t i = 0; i < ip_names_size; ++i) {
|
126
|
+
const char* ip_name = ip_names[i];
|
127
|
+
if (target_host == ip_name) {
|
128
|
+
return true; // synchronous check
|
129
|
+
}
|
130
|
+
}
|
131
|
+
}
|
132
|
+
// If there's no SAN, try the CN.
|
133
|
+
if (dns_names_size == 0) {
|
134
|
+
const char* common_name = request->peer_info.common_name;
|
135
|
+
// We are using the target name sent from the client as a matcher to match
|
136
|
+
// against identity name on the peer cert.
|
137
|
+
if (VerifySubjectAlternativeName(common_name, std::string(target_host))) {
|
138
|
+
return true; // synchronous check
|
139
|
+
}
|
140
|
+
}
|
141
|
+
*sync_status = absl::Status(absl::StatusCode::kUnauthenticated,
|
142
|
+
"Hostname Verification Check failed.");
|
143
|
+
return true; // synchronous check
|
144
|
+
}
|
145
|
+
|
146
|
+
} // namespace grpc_core
|
147
|
+
|
148
|
+
//
|
149
|
+
// Wrapper APIs declared in grpc_security.h
|
150
|
+
//
|
151
|
+
|
152
|
+
int grpc_tls_certificate_verifier_verify(
|
153
|
+
grpc_tls_certificate_verifier* verifier,
|
154
|
+
grpc_tls_custom_verification_check_request* request,
|
155
|
+
grpc_tls_on_custom_verification_check_done_cb callback, void* callback_arg,
|
156
|
+
grpc_status_code* sync_status, char** sync_error_details) {
|
157
|
+
grpc_core::ExecCtx exec_ctx;
|
158
|
+
std::function<void(absl::Status)> async_cb =
|
159
|
+
[callback, request, callback_arg](absl::Status async_status) {
|
160
|
+
callback(request, callback_arg,
|
161
|
+
static_cast<grpc_status_code>(async_status.code()),
|
162
|
+
std::string(async_status.message()).c_str());
|
163
|
+
};
|
164
|
+
absl::Status sync_status_cpp;
|
165
|
+
bool is_done = verifier->Verify(request, async_cb, &sync_status_cpp);
|
166
|
+
if (is_done) {
|
167
|
+
if (!sync_status_cpp.ok()) {
|
168
|
+
*sync_status = static_cast<grpc_status_code>(sync_status_cpp.code());
|
169
|
+
*sync_error_details =
|
170
|
+
gpr_strdup(std::string(sync_status_cpp.message()).c_str());
|
171
|
+
}
|
172
|
+
}
|
173
|
+
return is_done;
|
174
|
+
}
|
175
|
+
|
176
|
+
void grpc_tls_certificate_verifier_cancel(
|
177
|
+
grpc_tls_certificate_verifier* verifier,
|
178
|
+
grpc_tls_custom_verification_check_request* request) {
|
179
|
+
grpc_core::ExecCtx exec_ctx;
|
180
|
+
verifier->Cancel(request);
|
181
|
+
}
|
182
|
+
|
183
|
+
grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_external_create(
|
184
|
+
grpc_tls_certificate_verifier_external* external_verifier) {
|
185
|
+
grpc_core::ExecCtx exec_ctx;
|
186
|
+
return new grpc_core::ExternalCertificateVerifier(external_verifier);
|
187
|
+
}
|
188
|
+
|
189
|
+
grpc_tls_certificate_verifier*
|
190
|
+
grpc_tls_certificate_verifier_host_name_create() {
|
191
|
+
grpc_core::ExecCtx exec_ctx;
|
192
|
+
return new grpc_core::HostNameCertificateVerifier();
|
193
|
+
}
|
194
|
+
|
195
|
+
void grpc_tls_certificate_verifier_release(
|
196
|
+
grpc_tls_certificate_verifier* verifier) {
|
197
|
+
GRPC_API_TRACE("grpc_tls_certificate_verifier_release(verifier=%p)", 1,
|
198
|
+
(verifier));
|
199
|
+
grpc_core::ExecCtx exec_ctx;
|
200
|
+
if (verifier != nullptr) verifier->Unref();
|
201
|
+
}
|
@@ -0,0 +1,106 @@
|
|
1
|
+
//
|
2
|
+
// Copyright 2021 gRPC authors.
|
3
|
+
//
|
4
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
// you may not use this file except in compliance with the License.
|
6
|
+
// You may obtain a copy of the License at
|
7
|
+
//
|
8
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
//
|
10
|
+
// Unless required by applicable law or agreed to in writing, software
|
11
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
// See the License for the specific language governing permissions and
|
14
|
+
// limitations under the License.
|
15
|
+
//
|
16
|
+
|
17
|
+
#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CERTIFICATE_VERIFIER_H
|
18
|
+
#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CERTIFICATE_VERIFIER_H
|
19
|
+
|
20
|
+
#include <grpc/support/port_platform.h>
|
21
|
+
|
22
|
+
#include <string.h>
|
23
|
+
|
24
|
+
#include "absl/status/status.h"
|
25
|
+
|
26
|
+
#include <grpc/grpc_security.h>
|
27
|
+
|
28
|
+
#include "src/core/lib/gprpp/ref_counted.h"
|
29
|
+
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
30
|
+
#include "src/core/lib/gprpp/thd.h"
|
31
|
+
#include "src/core/lib/iomgr/load_file.h"
|
32
|
+
#include "src/core/lib/iomgr/pollset_set.h"
|
33
|
+
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
|
34
|
+
#include "src/core/lib/security/security_connector/ssl_utils.h"
|
35
|
+
|
36
|
+
// An abstraction of the verifier that all verifier subclasses should extend.
|
37
|
+
struct grpc_tls_certificate_verifier
|
38
|
+
: public grpc_core::RefCounted<grpc_tls_certificate_verifier> {
|
39
|
+
public:
|
40
|
+
grpc_tls_certificate_verifier() = default;
|
41
|
+
|
42
|
+
~grpc_tls_certificate_verifier() override = default;
|
43
|
+
// Verifies the specific request. It can be processed in sync or async mode.
|
44
|
+
// If the caller want it to be processed asynchronously, return false
|
45
|
+
// immediately, and at the end of the async operation, invoke the callback
|
46
|
+
// with the verification results stored in absl::Status. Otherwise, populate
|
47
|
+
// the verification results in |sync_status| and return true. The caller is
|
48
|
+
// expected to populate verification results by setting request.
|
49
|
+
virtual bool Verify(grpc_tls_custom_verification_check_request* request,
|
50
|
+
std::function<void(absl::Status)> callback,
|
51
|
+
absl::Status* sync_status) = 0;
|
52
|
+
// Operations that will be performed when a request is cancelled.
|
53
|
+
// This is only needed when in async mode.
|
54
|
+
virtual void Cancel(grpc_tls_custom_verification_check_request* request) = 0;
|
55
|
+
};
|
56
|
+
|
57
|
+
namespace grpc_core {
|
58
|
+
|
59
|
+
// A verifier that will transform grpc_tls_certificate_verifier_external to a
|
60
|
+
// verifier that extends grpc_tls_certificate_verifier.
|
61
|
+
class ExternalCertificateVerifier : public grpc_tls_certificate_verifier {
|
62
|
+
public:
|
63
|
+
explicit ExternalCertificateVerifier(
|
64
|
+
grpc_tls_certificate_verifier_external* external_verifier)
|
65
|
+
: external_verifier_(external_verifier) {}
|
66
|
+
|
67
|
+
~ExternalCertificateVerifier() override {
|
68
|
+
if (external_verifier_->destruct != nullptr) {
|
69
|
+
external_verifier_->destruct(external_verifier_->user_data);
|
70
|
+
}
|
71
|
+
}
|
72
|
+
|
73
|
+
bool Verify(grpc_tls_custom_verification_check_request* request,
|
74
|
+
std::function<void(absl::Status)> callback,
|
75
|
+
absl::Status* sync_status) override;
|
76
|
+
|
77
|
+
void Cancel(grpc_tls_custom_verification_check_request* request) override {
|
78
|
+
external_verifier_->cancel(external_verifier_->user_data, request);
|
79
|
+
}
|
80
|
+
|
81
|
+
private:
|
82
|
+
grpc_tls_certificate_verifier_external* external_verifier_;
|
83
|
+
|
84
|
+
static void OnVerifyDone(grpc_tls_custom_verification_check_request* request,
|
85
|
+
void* callback_arg, grpc_status_code status,
|
86
|
+
const char* error_details);
|
87
|
+
// Guards members below.
|
88
|
+
Mutex mu_;
|
89
|
+
// stores each check request and its corresponding callback function.
|
90
|
+
std::map<grpc_tls_custom_verification_check_request*,
|
91
|
+
std::function<void(absl::Status)>>
|
92
|
+
request_map_ ABSL_GUARDED_BY(mu_);
|
93
|
+
};
|
94
|
+
|
95
|
+
// An internal verifier that will perform hostname verification check.
|
96
|
+
class HostNameCertificateVerifier : public grpc_tls_certificate_verifier {
|
97
|
+
public:
|
98
|
+
bool Verify(grpc_tls_custom_verification_check_request* request,
|
99
|
+
std::function<void(absl::Status)> callback,
|
100
|
+
absl::Status* sync_status) override;
|
101
|
+
void Cancel(grpc_tls_custom_verification_check_request*) override {}
|
102
|
+
};
|
103
|
+
|
104
|
+
} // namespace grpc_core
|
105
|
+
|
106
|
+
#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CERTIFICATE_VERIFIER_H
|
@@ -29,61 +29,6 @@
|
|
29
29
|
|
30
30
|
#include "src/core/lib/surface/api_trace.h"
|
31
31
|
|
32
|
-
/** -- gRPC TLS server authorization check API implementation. -- **/
|
33
|
-
grpc_tls_server_authorization_check_config::
|
34
|
-
grpc_tls_server_authorization_check_config(
|
35
|
-
const void* config_user_data,
|
36
|
-
int (*schedule)(void* config_user_data,
|
37
|
-
grpc_tls_server_authorization_check_arg* arg),
|
38
|
-
void (*cancel)(void* config_user_data,
|
39
|
-
grpc_tls_server_authorization_check_arg* arg),
|
40
|
-
void (*destruct)(void* config_user_data))
|
41
|
-
: config_user_data_(const_cast<void*>(config_user_data)),
|
42
|
-
schedule_(schedule),
|
43
|
-
cancel_(cancel),
|
44
|
-
destruct_(destruct) {}
|
45
|
-
|
46
|
-
grpc_tls_server_authorization_check_config::
|
47
|
-
~grpc_tls_server_authorization_check_config() {
|
48
|
-
if (destruct_ != nullptr) {
|
49
|
-
destruct_(config_user_data_);
|
50
|
-
}
|
51
|
-
}
|
52
|
-
|
53
|
-
int grpc_tls_server_authorization_check_config::Schedule(
|
54
|
-
grpc_tls_server_authorization_check_arg* arg) const {
|
55
|
-
if (schedule_ == nullptr) {
|
56
|
-
gpr_log(GPR_ERROR, "schedule API is nullptr");
|
57
|
-
if (arg != nullptr) {
|
58
|
-
arg->status = GRPC_STATUS_NOT_FOUND;
|
59
|
-
arg->error_details->set_error_details(
|
60
|
-
"schedule API in server authorization check config is nullptr");
|
61
|
-
}
|
62
|
-
return 1;
|
63
|
-
}
|
64
|
-
if (arg != nullptr && context_ != nullptr) {
|
65
|
-
arg->config = const_cast<grpc_tls_server_authorization_check_config*>(this);
|
66
|
-
}
|
67
|
-
return schedule_(config_user_data_, arg);
|
68
|
-
}
|
69
|
-
|
70
|
-
void grpc_tls_server_authorization_check_config::Cancel(
|
71
|
-
grpc_tls_server_authorization_check_arg* arg) const {
|
72
|
-
if (cancel_ == nullptr) {
|
73
|
-
gpr_log(GPR_ERROR, "cancel API is nullptr.");
|
74
|
-
if (arg != nullptr) {
|
75
|
-
arg->status = GRPC_STATUS_NOT_FOUND;
|
76
|
-
arg->error_details->set_error_details(
|
77
|
-
"schedule API in server authorization check config is nullptr");
|
78
|
-
}
|
79
|
-
return;
|
80
|
-
}
|
81
|
-
if (arg != nullptr) {
|
82
|
-
arg->config = const_cast<grpc_tls_server_authorization_check_config*>(this);
|
83
|
-
}
|
84
|
-
cancel_(config_user_data_, arg);
|
85
|
-
}
|
86
|
-
|
87
32
|
/** -- Wrapper APIs declared in grpc_security.h -- **/
|
88
33
|
|
89
34
|
grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
|
@@ -98,11 +43,10 @@ void grpc_tls_credentials_options_set_cert_request_type(
|
|
98
43
|
options->set_cert_request_type(type);
|
99
44
|
}
|
100
45
|
|
101
|
-
void
|
102
|
-
grpc_tls_credentials_options* options,
|
103
|
-
grpc_tls_server_verification_option server_verification_option) {
|
46
|
+
void grpc_tls_credentials_options_set_verify_server_cert(
|
47
|
+
grpc_tls_credentials_options* options, int verify_server_cert) {
|
104
48
|
GPR_ASSERT(options != nullptr);
|
105
|
-
options->
|
49
|
+
options->set_verify_server_cert(verify_server_cert);
|
106
50
|
}
|
107
51
|
|
108
52
|
void grpc_tls_credentials_options_set_certificate_provider(
|
@@ -139,39 +83,16 @@ void grpc_tls_credentials_options_set_identity_cert_name(
|
|
139
83
|
options->set_identity_cert_name(identity_cert_name);
|
140
84
|
}
|
141
85
|
|
142
|
-
void
|
86
|
+
void grpc_tls_credentials_options_set_certificate_verifier(
|
143
87
|
grpc_tls_credentials_options* options,
|
144
|
-
|
88
|
+
grpc_tls_certificate_verifier* verifier) {
|
145
89
|
GPR_ASSERT(options != nullptr);
|
146
|
-
GPR_ASSERT(
|
147
|
-
|
148
|
-
options->set_server_authorization_check_config(config->Ref());
|
149
|
-
}
|
150
|
-
|
151
|
-
grpc_tls_server_authorization_check_config*
|
152
|
-
grpc_tls_server_authorization_check_config_create(
|
153
|
-
const void* config_user_data,
|
154
|
-
int (*schedule)(void* config_user_data,
|
155
|
-
grpc_tls_server_authorization_check_arg* arg),
|
156
|
-
void (*cancel)(void* config_user_data,
|
157
|
-
grpc_tls_server_authorization_check_arg* arg),
|
158
|
-
void (*destruct)(void* config_user_data)) {
|
159
|
-
if (schedule == nullptr) {
|
160
|
-
gpr_log(GPR_ERROR,
|
161
|
-
"Schedule API is nullptr in creating TLS server authorization "
|
162
|
-
"check config.");
|
163
|
-
return nullptr;
|
164
|
-
}
|
165
|
-
grpc_core::ExecCtx exec_ctx;
|
166
|
-
return new grpc_tls_server_authorization_check_config(
|
167
|
-
config_user_data, schedule, cancel, destruct);
|
90
|
+
GPR_ASSERT(verifier != nullptr);
|
91
|
+
options->set_certificate_verifier(verifier->Ref());
|
168
92
|
}
|
169
93
|
|
170
|
-
void
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
(config));
|
175
|
-
grpc_core::ExecCtx exec_ctx;
|
176
|
-
if (config != nullptr) config->Unref();
|
94
|
+
void grpc_tls_credentials_options_set_check_call_host(
|
95
|
+
grpc_tls_credentials_options* options, int check_call_host) {
|
96
|
+
GPR_ASSERT(options != nullptr);
|
97
|
+
options->set_check_call_host(check_call_host);
|
177
98
|
}
|
@@ -28,73 +28,9 @@
|
|
28
28
|
#include "src/core/lib/gprpp/ref_counted.h"
|
29
29
|
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
|
30
30
|
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
|
31
|
+
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h"
|
31
32
|
#include "src/core/lib/security/security_connector/ssl_utils.h"
|
32
33
|
|
33
|
-
struct grpc_tls_error_details
|
34
|
-
: public grpc_core::RefCounted<grpc_tls_error_details> {
|
35
|
-
public:
|
36
|
-
grpc_tls_error_details() : error_details_("") {}
|
37
|
-
void set_error_details(const char* err_details) {
|
38
|
-
error_details_ = err_details;
|
39
|
-
}
|
40
|
-
const std::string& error_details() { return error_details_; }
|
41
|
-
|
42
|
-
private:
|
43
|
-
std::string error_details_;
|
44
|
-
};
|
45
|
-
|
46
|
-
/** TLS server authorization check config. **/
|
47
|
-
struct grpc_tls_server_authorization_check_config
|
48
|
-
: public grpc_core::RefCounted<grpc_tls_server_authorization_check_config> {
|
49
|
-
public:
|
50
|
-
grpc_tls_server_authorization_check_config(
|
51
|
-
const void* config_user_data,
|
52
|
-
int (*schedule)(void* config_user_data,
|
53
|
-
grpc_tls_server_authorization_check_arg* arg),
|
54
|
-
void (*cancel)(void* config_user_data,
|
55
|
-
grpc_tls_server_authorization_check_arg* arg),
|
56
|
-
void (*destruct)(void* config_user_data));
|
57
|
-
~grpc_tls_server_authorization_check_config() override;
|
58
|
-
|
59
|
-
void* context() const { return context_; }
|
60
|
-
|
61
|
-
void set_context(void* context) { context_ = context; }
|
62
|
-
|
63
|
-
int Schedule(grpc_tls_server_authorization_check_arg* arg) const;
|
64
|
-
|
65
|
-
void Cancel(grpc_tls_server_authorization_check_arg* arg) const;
|
66
|
-
|
67
|
-
private:
|
68
|
-
/** This is a pointer to the wrapped language implementation of
|
69
|
-
* grpc_tls_server_authorization_check_config. It is necessary to implement
|
70
|
-
* the C schedule and cancel functions, given the schedule or cancel function
|
71
|
-
* in a wrapped language. **/
|
72
|
-
void* context_ = nullptr;
|
73
|
-
/** config-specific, read-only user data that works for all channels created
|
74
|
-
with a Credential using the config. */
|
75
|
-
void* config_user_data_;
|
76
|
-
|
77
|
-
/** callback function for invoking server authorization check. The
|
78
|
-
implementation of this method has to be non-blocking, but can be performed
|
79
|
-
synchronously or asynchronously.
|
80
|
-
If processing occurs synchronously, it populates \a arg->result, \a
|
81
|
-
arg->status, and \a arg->error_details, and returns zero.
|
82
|
-
If processing occurs asynchronously, it returns a non-zero value.
|
83
|
-
Application then invokes \a arg->cb when processing is completed. Note that
|
84
|
-
\a arg->cb cannot be invoked before \a schedule() returns.
|
85
|
-
*/
|
86
|
-
int (*schedule_)(void* config_user_data,
|
87
|
-
grpc_tls_server_authorization_check_arg* arg);
|
88
|
-
|
89
|
-
/** callback function for canceling a server authorization check request. */
|
90
|
-
void (*cancel_)(void* config_user_data,
|
91
|
-
grpc_tls_server_authorization_check_arg* arg);
|
92
|
-
|
93
|
-
/** callback function for cleaning up any data associated with server
|
94
|
-
authorization check config. */
|
95
|
-
void (*destruct_)(void* config_user_data);
|
96
|
-
};
|
97
|
-
|
98
34
|
// Contains configurable options specified by callers to configure their certain
|
99
35
|
// security features supported in TLS.
|
100
36
|
// TODO(ZhenLian): consider making this not ref-counted.
|
@@ -107,15 +43,14 @@ struct grpc_tls_credentials_options
|
|
107
43
|
grpc_ssl_client_certificate_request_type cert_request_type() const {
|
108
44
|
return cert_request_type_;
|
109
45
|
}
|
110
|
-
|
111
|
-
return server_verification_option_;
|
112
|
-
}
|
46
|
+
bool verify_server_cert() const { return verify_server_cert_; }
|
113
47
|
grpc_tls_version min_tls_version() const { return min_tls_version_; }
|
114
48
|
grpc_tls_version max_tls_version() const { return max_tls_version_; }
|
115
|
-
|
116
|
-
|
117
|
-
return
|
49
|
+
// Returns the verifier set in the options.
|
50
|
+
grpc_tls_certificate_verifier* certificate_verifier() {
|
51
|
+
return verifier_.get();
|
118
52
|
}
|
53
|
+
bool check_call_host() const { return check_call_host_; }
|
119
54
|
// Returns the distributor from provider_ if it is set, nullptr otherwise.
|
120
55
|
grpc_tls_certificate_distributor* certificate_distributor() {
|
121
56
|
if (provider_ != nullptr) return provider_->distributor().get();
|
@@ -131,9 +66,8 @@ struct grpc_tls_credentials_options
|
|
131
66
|
const grpc_ssl_client_certificate_request_type type) {
|
132
67
|
cert_request_type_ = type;
|
133
68
|
}
|
134
|
-
void
|
135
|
-
|
136
|
-
server_verification_option_ = server_verification_option;
|
69
|
+
void set_verify_server_cert(bool verify_server_cert) {
|
70
|
+
verify_server_cert_ = verify_server_cert;
|
137
71
|
}
|
138
72
|
void set_min_tls_version(grpc_tls_version min_tls_version) {
|
139
73
|
min_tls_version_ = min_tls_version;
|
@@ -141,10 +75,14 @@ struct grpc_tls_credentials_options
|
|
141
75
|
void set_max_tls_version(grpc_tls_version max_tls_version) {
|
142
76
|
max_tls_version_ = max_tls_version;
|
143
77
|
}
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
78
|
+
// Sets the verifier in the options.
|
79
|
+
void set_certificate_verifier(
|
80
|
+
grpc_core::RefCountedPtr<grpc_tls_certificate_verifier> verifier) {
|
81
|
+
verifier_ = std::move(verifier);
|
82
|
+
}
|
83
|
+
// Sets the verifier in the options.
|
84
|
+
void set_check_call_host(bool check_call_host) {
|
85
|
+
check_call_host_ = check_call_host;
|
148
86
|
}
|
149
87
|
// Sets the provider in the options.
|
150
88
|
void set_certificate_provider(
|
@@ -177,12 +115,11 @@ struct grpc_tls_credentials_options
|
|
177
115
|
private:
|
178
116
|
grpc_ssl_client_certificate_request_type cert_request_type_ =
|
179
117
|
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
|
180
|
-
|
181
|
-
GRPC_TLS_SERVER_VERIFICATION;
|
118
|
+
bool verify_server_cert_ = true;
|
182
119
|
grpc_tls_version min_tls_version_ = grpc_tls_version::TLS1_2;
|
183
120
|
grpc_tls_version max_tls_version_ = grpc_tls_version::TLS1_3;
|
184
|
-
grpc_core::RefCountedPtr<
|
185
|
-
|
121
|
+
grpc_core::RefCountedPtr<grpc_tls_certificate_verifier> verifier_;
|
122
|
+
bool check_call_host_ = true;
|
186
123
|
grpc_core::RefCountedPtr<grpc_tls_certificate_provider> provider_;
|
187
124
|
bool watch_root_cert_ = false;
|
188
125
|
std::string root_cert_name_;
|
@@ -28,29 +28,40 @@
|
|
28
28
|
#include <grpc/support/string_util.h>
|
29
29
|
|
30
30
|
#include "src/core/lib/channel/channel_args.h"
|
31
|
+
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h"
|
31
32
|
#include "src/core/lib/security/security_connector/tls/tls_security_connector.h"
|
32
33
|
|
33
34
|
#define GRPC_CREDENTIALS_TYPE_TLS "Tls"
|
34
35
|
|
35
36
|
namespace {
|
36
37
|
|
37
|
-
bool CredentialOptionSanityCheck(
|
38
|
+
bool CredentialOptionSanityCheck(grpc_tls_credentials_options* options,
|
38
39
|
bool is_client) {
|
39
40
|
if (options == nullptr) {
|
40
41
|
gpr_log(GPR_ERROR, "TLS credentials options is nullptr.");
|
41
42
|
return false;
|
42
43
|
}
|
43
|
-
//
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
44
|
+
// In the following conditions, there won't be any issues, but it might
|
45
|
+
// indicate callers are doing something wrong with the API.
|
46
|
+
if (is_client && options->cert_request_type() !=
|
47
|
+
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE) {
|
48
|
+
gpr_log(GPR_ERROR,
|
49
|
+
"Client's credentials options should not set cert_request_type.");
|
48
50
|
}
|
49
|
-
if (options->
|
50
|
-
options->server_authorization_check_config() == nullptr) {
|
51
|
+
if (!is_client && !options->verify_server_cert()) {
|
51
52
|
gpr_log(GPR_ERROR,
|
52
|
-
"
|
53
|
-
|
53
|
+
"Server's credentials options should not set verify_server_cert.");
|
54
|
+
}
|
55
|
+
// In the following conditions, there could be severe security issues.
|
56
|
+
if (is_client && options->certificate_verifier() == nullptr) {
|
57
|
+
// If no verifier is specified on the client side, use the hostname verifier
|
58
|
+
// as default. Users who want to bypass all the verifier check should
|
59
|
+
// implement an external verifier instead.
|
60
|
+
gpr_log(GPR_INFO,
|
61
|
+
"No verifier specified on the client side. Using default hostname "
|
62
|
+
"verifier");
|
63
|
+
options->set_certificate_verifier(
|
64
|
+
grpc_core::MakeRefCounted<grpc_core::HostNameCertificateVerifier>());
|
54
65
|
}
|
55
66
|
return true;
|
56
67
|
}
|