grpc 1.43.1 → 1.44.0.pre2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (382) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +84 -64
  3. data/include/grpc/grpc_security.h +10 -0
  4. data/include/grpc/impl/codegen/compression_types.h +0 -2
  5. data/include/grpc/impl/codegen/grpc_types.h +6 -0
  6. data/src/core/ext/filters/client_channel/backend_metric.h +1 -1
  7. data/src/core/ext/filters/client_channel/client_channel.cc +62 -68
  8. data/src/core/ext/filters/client_channel/client_channel.h +8 -8
  9. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
  10. data/src/core/ext/filters/client_channel/config_selector.h +4 -4
  11. data/src/core/ext/filters/client_channel/dynamic_filters.h +1 -1
  12. data/src/core/ext/filters/client_channel/health/health_check_client.cc +16 -14
  13. data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
  14. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
  15. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +4 -3
  16. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +6 -5
  17. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +3 -7
  18. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +31 -32
  19. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +0 -7
  20. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +1 -1
  21. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -1
  22. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
  23. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +43 -29
  24. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +6 -2
  25. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +120 -68
  26. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +60 -48
  27. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +62 -61
  28. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +16 -11
  29. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -5
  30. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +19 -15
  31. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -1
  32. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +14 -12
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +3 -2
  34. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +50 -105
  35. data/src/core/ext/filters/client_channel/lb_policy.cc +15 -14
  36. data/src/core/ext/filters/client_channel/lb_policy.h +19 -3
  37. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +3 -3
  38. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +207 -81
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +22 -12
  40. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +19 -15
  41. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +23 -38
  42. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +118 -207
  43. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +25 -32
  44. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  45. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +82 -73
  46. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +10 -10
  47. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +2 -1
  48. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +2 -5
  49. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
  50. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +157 -67
  51. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +1 -1
  52. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +2 -2
  53. data/src/core/ext/filters/client_channel/retry_filter.cc +37 -64
  54. data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -1
  55. data/src/core/ext/filters/client_channel/retry_service_config.h +1 -1
  56. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +1 -1
  57. data/src/core/ext/filters/client_channel/subchannel.cc +12 -16
  58. data/src/core/ext/filters/client_channel/subchannel.h +2 -3
  59. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +37 -48
  60. data/src/core/ext/filters/fault_injection/service_config_parser.cc +6 -8
  61. data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
  62. data/src/core/ext/filters/http/client/http_client_filter.cc +51 -122
  63. data/src/core/ext/filters/http/client_authority_filter.cc +8 -24
  64. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +42 -140
  65. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +5 -25
  66. data/src/core/ext/filters/http/server/http_server_filter.cc +50 -135
  67. data/src/core/ext/filters/message_size/message_size_filter.cc +1 -1
  68. data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
  69. data/src/core/ext/filters/rbac/rbac_filter.cc +157 -0
  70. data/src/core/ext/filters/rbac/rbac_filter.h +74 -0
  71. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +605 -0
  72. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +70 -0
  73. data/src/core/ext/filters/server_config_selector/server_config_selector.h +3 -2
  74. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +11 -6
  75. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +1 -1
  76. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +1 -1
  77. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +89 -29
  78. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +0 -1
  79. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +45 -186
  80. data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -1
  81. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +341 -279
  82. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +69 -159
  83. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +1 -1
  84. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +2 -0
  85. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +19 -32
  86. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +0 -1
  87. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +94 -1
  88. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +2 -24
  89. data/src/core/ext/transport/chttp2/transport/internal.h +0 -33
  90. data/src/core/ext/transport/chttp2/transport/parsing.cc +0 -6
  91. data/src/core/ext/transport/chttp2/transport/writing.cc +47 -116
  92. data/src/core/ext/transport/inproc/inproc_plugin.cc +0 -4
  93. data/src/core/ext/transport/inproc/inproc_transport.cc +11 -63
  94. data/src/core/ext/transport/inproc/inproc_transport.h +0 -3
  95. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +61 -0
  96. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +146 -0
  97. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +188 -0
  98. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +70 -0
  99. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +56 -0
  100. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +40 -0
  101. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +154 -0
  102. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +95 -0
  103. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c +58 -0
  104. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h +55 -0
  105. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c +44 -0
  106. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h +40 -0
  107. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +153 -0
  108. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +100 -0
  109. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c +75 -0
  110. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h +55 -0
  111. data/src/core/ext/xds/upb_utils.h +65 -0
  112. data/src/core/ext/xds/xds_api.cc +81 -3458
  113. data/src/core/ext/xds/xds_api.h +56 -611
  114. data/src/core/ext/xds/xds_bootstrap.cc +189 -125
  115. data/src/core/ext/xds/xds_bootstrap.h +20 -15
  116. data/src/core/ext/xds/xds_certificate_provider.h +1 -0
  117. data/src/core/ext/xds/xds_channel_creds.cc +108 -0
  118. data/src/core/ext/xds/xds_channel_creds.h +50 -0
  119. data/src/core/ext/xds/xds_client.cc +584 -994
  120. data/src/core/ext/xds/xds_client.h +78 -135
  121. data/src/core/ext/xds/xds_cluster.cc +451 -0
  122. data/src/core/ext/xds/xds_cluster.h +111 -0
  123. data/src/core/ext/xds/xds_common_types.cc +388 -0
  124. data/src/core/ext/xds/xds_common_types.h +110 -0
  125. data/src/core/ext/xds/xds_endpoint.cc +364 -0
  126. data/src/core/ext/xds/xds_endpoint.h +135 -0
  127. data/src/core/ext/xds/xds_http_filters.cc +5 -0
  128. data/src/core/ext/xds/xds_http_rbac_filter.cc +563 -0
  129. data/src/core/ext/xds/xds_http_rbac_filter.h +54 -0
  130. data/src/core/ext/xds/xds_listener.cc +1036 -0
  131. data/src/core/ext/xds/xds_listener.h +220 -0
  132. data/src/core/ext/{transport/chttp2/transport/hpack_utils.h → xds/xds_resource_type.cc} +12 -9
  133. data/src/core/ext/xds/xds_resource_type.h +98 -0
  134. data/src/core/ext/xds/xds_resource_type_impl.h +87 -0
  135. data/src/core/ext/xds/xds_route_config.cc +993 -0
  136. data/src/core/ext/xds/xds_route_config.h +215 -0
  137. data/src/core/ext/xds/xds_routing.cc +11 -8
  138. data/src/core/ext/xds/xds_routing.h +8 -5
  139. data/src/core/ext/xds/xds_server_config_fetcher.cc +159 -99
  140. data/src/core/lib/address_utils/parse_address.cc +20 -0
  141. data/src/core/lib/address_utils/parse_address.h +5 -0
  142. data/src/core/lib/address_utils/sockaddr_utils.cc +33 -36
  143. data/src/core/lib/address_utils/sockaddr_utils.h +1 -16
  144. data/src/core/lib/backoff/backoff.cc +4 -30
  145. data/src/core/lib/backoff/backoff.h +3 -3
  146. data/src/core/lib/channel/channel_args.cc +0 -1
  147. data/src/core/lib/channel/channel_stack.cc +8 -0
  148. data/src/core/lib/channel/channel_stack.h +1 -1
  149. data/src/core/lib/channel/channel_stack_builder.cc +5 -9
  150. data/src/core/lib/channel/channel_stack_builder.h +4 -7
  151. data/src/core/lib/channel/channelz.cc +1 -0
  152. data/src/core/lib/compression/compression.cc +19 -111
  153. data/src/core/lib/compression/compression_internal.cc +142 -202
  154. data/src/core/lib/compression/compression_internal.h +64 -69
  155. data/src/core/lib/compression/message_compress.cc +11 -11
  156. data/src/core/lib/compression/message_compress.h +2 -2
  157. data/src/core/lib/gpr/useful.h +4 -0
  158. data/src/core/lib/gprpp/bitset.h +7 -0
  159. data/src/core/lib/gprpp/chunked_vector.h +45 -3
  160. data/src/core/lib/gprpp/status_helper.cc +20 -28
  161. data/src/core/lib/gprpp/status_helper.h +6 -19
  162. data/src/core/lib/gprpp/table.h +11 -0
  163. data/src/core/lib/http/httpcli.cc +37 -46
  164. data/src/core/lib/http/httpcli.h +3 -15
  165. data/src/core/lib/iomgr/call_combiner.cc +15 -4
  166. data/src/core/lib/iomgr/closure.h +29 -9
  167. data/src/core/lib/iomgr/combiner.cc +25 -3
  168. data/src/core/lib/iomgr/error.cc +2 -0
  169. data/src/core/lib/iomgr/error.h +3 -0
  170. data/src/core/lib/iomgr/event_engine/iomgr.cc +3 -2
  171. data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +6 -0
  172. data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +2 -0
  173. data/src/core/lib/iomgr/event_engine/resolver.cc +66 -48
  174. data/src/core/lib/iomgr/event_engine/resolver.h +56 -0
  175. data/src/core/lib/iomgr/exec_ctx.cc +22 -9
  176. data/src/core/lib/iomgr/executor.cc +10 -1
  177. data/src/core/lib/iomgr/fork_posix.cc +3 -2
  178. data/src/core/lib/iomgr/iomgr_custom.cc +4 -1
  179. data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
  180. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -2
  181. data/src/core/lib/iomgr/iomgr_windows.cc +2 -2
  182. data/src/core/lib/iomgr/port.h +2 -2
  183. data/src/core/lib/iomgr/resolve_address.cc +5 -24
  184. data/src/core/lib/iomgr/resolve_address.h +47 -44
  185. data/src/core/lib/iomgr/resolve_address_custom.cc +131 -109
  186. data/src/core/lib/iomgr/resolve_address_custom.h +101 -19
  187. data/src/core/lib/iomgr/resolve_address_impl.h +59 -0
  188. data/src/core/lib/iomgr/resolve_address_posix.cc +82 -66
  189. data/src/core/lib/iomgr/resolve_address_posix.h +47 -0
  190. data/src/core/lib/iomgr/resolve_address_windows.cc +93 -74
  191. data/src/core/lib/iomgr/resolve_address_windows.h +47 -0
  192. data/src/core/lib/iomgr/resolved_address.h +39 -0
  193. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +1 -0
  194. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +1 -0
  195. data/src/core/lib/iomgr/unix_sockets_posix.cc +22 -34
  196. data/src/core/lib/iomgr/unix_sockets_posix.h +4 -7
  197. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +6 -15
  198. data/src/core/lib/matchers/matchers.cc +1 -1
  199. data/src/core/lib/promise/activity.h +49 -20
  200. data/src/core/lib/promise/detail/status.h +5 -0
  201. data/src/core/{ext/filters/client_channel → lib/resolver}/resolver.cc +17 -25
  202. data/src/core/{ext/filters/client_channel → lib/resolver}/resolver.h +43 -44
  203. data/src/core/{ext/filters/client_channel → lib/resolver}/resolver_factory.h +10 -5
  204. data/src/core/{ext/filters/client_channel → lib/resolver}/resolver_registry.cc +3 -2
  205. data/src/core/{ext/filters/client_channel → lib/resolver}/resolver_registry.h +4 -5
  206. data/src/core/{ext/filters/client_channel → lib/resolver}/server_address.cc +1 -1
  207. data/src/core/{ext/filters/client_channel → lib/resolver}/server_address.h +4 -4
  208. data/src/core/lib/resource_quota/api.h +0 -1
  209. data/src/core/lib/{gprpp → resource_quota}/arena.cc +16 -13
  210. data/src/core/lib/{gprpp → resource_quota}/arena.h +24 -13
  211. data/src/core/lib/security/authorization/evaluate_args.cc +30 -15
  212. data/src/core/lib/security/authorization/evaluate_args.h +1 -0
  213. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +60 -0
  214. data/src/core/lib/security/authorization/grpc_authorization_engine.h +62 -0
  215. data/src/core/lib/security/authorization/matchers.cc +227 -0
  216. data/src/core/lib/security/authorization/matchers.h +211 -0
  217. data/src/core/lib/security/authorization/rbac_policy.cc +442 -0
  218. data/src/core/lib/security/authorization/rbac_policy.h +170 -0
  219. data/src/core/lib/security/context/security_context.cc +4 -2
  220. data/src/core/lib/security/context/security_context.h +1 -1
  221. data/src/core/lib/security/credentials/composite/composite_credentials.cc +5 -5
  222. data/src/core/lib/security/credentials/composite/composite_credentials.h +4 -3
  223. data/src/core/lib/security/credentials/credentials.h +10 -20
  224. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +6 -9
  225. data/src/core/lib/security/credentials/external/external_account_credentials.cc +7 -9
  226. data/src/core/lib/security/credentials/external/external_account_credentials.h +2 -7
  227. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +2 -3
  228. data/src/core/lib/security/credentials/fake/fake_credentials.cc +5 -4
  229. data/src/core/lib/security/credentials/fake/fake_credentials.h +8 -7
  230. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +2 -5
  231. data/src/core/lib/security/credentials/iam/iam_credentials.cc +16 -19
  232. data/src/core/lib/security/credentials/iam/iam_credentials.h +6 -5
  233. data/src/core/lib/security/credentials/jwt/json_token.cc +4 -6
  234. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +16 -28
  235. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +8 -8
  236. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +6 -13
  237. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +44 -57
  238. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +13 -15
  239. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -7
  240. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +5 -4
  241. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +1 -10
  242. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +6 -0
  243. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +7 -0
  244. data/src/core/lib/security/credentials/xds/xds_credentials.h +1 -1
  245. data/src/core/lib/security/security_connector/security_connector.cc +0 -4
  246. data/src/core/lib/security/security_connector/security_connector.h +5 -1
  247. data/src/core/lib/security/security_connector/ssl_utils.cc +14 -24
  248. data/src/core/lib/security/security_connector/ssl_utils.h +5 -14
  249. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +2 -3
  250. data/src/core/lib/security/transport/auth_filters.h +7 -0
  251. data/src/core/lib/security/transport/client_auth_filter.cc +53 -33
  252. data/src/core/lib/security/transport/server_auth_filter.cc +40 -35
  253. data/src/core/{ext → lib}/service_config/service_config.cc +2 -2
  254. data/src/core/{ext → lib}/service_config/service_config.h +4 -4
  255. data/src/core/{ext → lib}/service_config/service_config_call_data.h +5 -5
  256. data/src/core/{ext → lib}/service_config/service_config_parser.cc +1 -1
  257. data/src/core/{ext → lib}/service_config/service_config_parser.h +3 -3
  258. data/src/core/lib/slice/slice.cc +3 -1
  259. data/src/core/lib/slice/slice.h +43 -13
  260. data/src/core/lib/slice/slice_intern.cc +3 -101
  261. data/src/core/lib/slice/slice_internal.h +1 -2
  262. data/src/core/lib/slice/slice_refcount.h +4 -13
  263. data/src/core/lib/slice/slice_refcount_base.h +0 -16
  264. data/src/core/lib/surface/call.cc +140 -382
  265. data/src/core/lib/surface/call.h +4 -4
  266. data/src/core/lib/surface/channel.cc +42 -44
  267. data/src/core/lib/surface/channel.h +4 -4
  268. data/src/core/lib/surface/init.cc +0 -2
  269. data/src/core/lib/surface/lame_client.cc +0 -1
  270. data/src/core/lib/surface/server.cc +12 -29
  271. data/src/core/lib/surface/server.h +2 -2
  272. data/src/core/lib/surface/version.cc +2 -2
  273. data/src/core/lib/transport/error_utils.h +14 -0
  274. data/src/core/lib/transport/metadata_batch.h +799 -717
  275. data/src/core/lib/transport/parsed_metadata.cc +2 -0
  276. data/src/core/lib/transport/parsed_metadata.h +95 -92
  277. data/src/core/lib/transport/timeout_encoding.cc +200 -66
  278. data/src/core/lib/transport/timeout_encoding.h +40 -10
  279. data/src/core/lib/transport/transport.h +1 -1
  280. data/src/core/lib/transport/transport_op_string.cc +6 -39
  281. data/src/core/lib/uri/uri_parser.cc +223 -53
  282. data/src/core/lib/uri/uri_parser.h +36 -23
  283. data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -3
  284. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
  285. data/src/core/tsi/ssl/session_cache/ssl_session.h +2 -4
  286. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +3 -5
  287. data/src/core/tsi/ssl_transport_security.cc +53 -13
  288. data/src/core/tsi/ssl_transport_security.h +18 -6
  289. data/src/ruby/ext/grpc/extconf.rb +10 -3
  290. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
  291. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +3 -0
  292. data/src/ruby/lib/grpc/version.rb +1 -1
  293. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -1
  294. data/third_party/abseil-cpp/absl/base/internal/fast_type_id.h +48 -0
  295. data/third_party/abseil-cpp/absl/random/bernoulli_distribution.h +200 -0
  296. data/third_party/abseil-cpp/absl/random/beta_distribution.h +427 -0
  297. data/third_party/abseil-cpp/absl/random/discrete_distribution.cc +98 -0
  298. data/third_party/abseil-cpp/absl/random/discrete_distribution.h +247 -0
  299. data/third_party/abseil-cpp/absl/random/distributions.h +452 -0
  300. data/third_party/abseil-cpp/absl/random/exponential_distribution.h +165 -0
  301. data/third_party/abseil-cpp/absl/random/gaussian_distribution.cc +104 -0
  302. data/third_party/abseil-cpp/absl/random/gaussian_distribution.h +275 -0
  303. data/third_party/abseil-cpp/absl/random/internal/distribution_caller.h +92 -0
  304. data/third_party/abseil-cpp/absl/random/internal/fast_uniform_bits.h +268 -0
  305. data/third_party/abseil-cpp/absl/random/internal/fastmath.h +57 -0
  306. data/third_party/abseil-cpp/absl/random/internal/generate_real.h +144 -0
  307. data/third_party/abseil-cpp/absl/random/internal/iostream_state_saver.h +245 -0
  308. data/third_party/abseil-cpp/absl/random/internal/nonsecure_base.h +150 -0
  309. data/third_party/abseil-cpp/absl/random/internal/pcg_engine.h +308 -0
  310. data/third_party/abseil-cpp/absl/random/internal/platform.h +171 -0
  311. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.cc +253 -0
  312. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.h +131 -0
  313. data/third_party/abseil-cpp/absl/random/internal/randen.cc +91 -0
  314. data/third_party/abseil-cpp/absl/random/internal/randen.h +102 -0
  315. data/third_party/abseil-cpp/absl/random/internal/randen_detect.cc +221 -0
  316. data/third_party/abseil-cpp/absl/random/internal/randen_detect.h +33 -0
  317. data/third_party/abseil-cpp/absl/random/internal/randen_engine.h +239 -0
  318. data/third_party/abseil-cpp/absl/random/internal/randen_hwaes.cc +526 -0
  319. data/third_party/abseil-cpp/absl/random/internal/randen_hwaes.h +50 -0
  320. data/third_party/abseil-cpp/absl/random/internal/randen_round_keys.cc +462 -0
  321. data/third_party/abseil-cpp/absl/random/internal/randen_slow.cc +471 -0
  322. data/third_party/abseil-cpp/absl/random/internal/randen_slow.h +40 -0
  323. data/third_party/abseil-cpp/absl/random/internal/randen_traits.h +88 -0
  324. data/third_party/abseil-cpp/absl/random/internal/salted_seed_seq.h +167 -0
  325. data/third_party/abseil-cpp/absl/random/internal/seed_material.cc +267 -0
  326. data/third_party/abseil-cpp/absl/random/internal/seed_material.h +104 -0
  327. data/third_party/abseil-cpp/absl/random/internal/traits.h +101 -0
  328. data/third_party/abseil-cpp/absl/random/internal/uniform_helper.h +244 -0
  329. data/third_party/abseil-cpp/absl/random/internal/wide_multiply.h +111 -0
  330. data/third_party/abseil-cpp/absl/random/log_uniform_int_distribution.h +257 -0
  331. data/third_party/abseil-cpp/absl/random/poisson_distribution.h +258 -0
  332. data/third_party/abseil-cpp/absl/random/random.h +189 -0
  333. data/third_party/abseil-cpp/absl/random/seed_gen_exception.cc +46 -0
  334. data/third_party/abseil-cpp/absl/random/seed_gen_exception.h +55 -0
  335. data/third_party/abseil-cpp/absl/random/seed_sequences.cc +29 -0
  336. data/third_party/abseil-cpp/absl/random/seed_sequences.h +110 -0
  337. data/third_party/abseil-cpp/absl/random/uniform_int_distribution.h +275 -0
  338. data/third_party/abseil-cpp/absl/random/uniform_real_distribution.h +202 -0
  339. data/third_party/abseil-cpp/absl/random/zipf_distribution.h +271 -0
  340. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -0
  341. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +13 -0
  342. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +21 -0
  343. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +12 -0
  344. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +1 -2
  345. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +2 -2
  346. data/third_party/boringssl-with-bazel/src/crypto/mem.c +1 -1
  347. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +29 -0
  348. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +0 -1
  349. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +1 -1
  350. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +1 -1
  351. data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +8 -0
  352. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +13 -1
  353. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +10 -0
  354. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +1 -1
  355. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +9 -4
  356. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +6 -1
  357. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +23 -2
  358. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +4 -0
  359. data/third_party/xxhash/xxhash.h +607 -352
  360. metadata +149 -77
  361. data/src/core/ext/transport/chttp2/transport/hpack_encoder_index.h +0 -107
  362. data/src/core/ext/transport/chttp2/transport/hpack_utils.cc +0 -46
  363. data/src/core/ext/transport/chttp2/transport/popularity_count.h +0 -60
  364. data/src/core/lib/compression/algorithm_metadata.h +0 -62
  365. data/src/core/lib/compression/compression_args.cc +0 -140
  366. data/src/core/lib/compression/compression_args.h +0 -58
  367. data/src/core/lib/compression/stream_compression.cc +0 -81
  368. data/src/core/lib/compression/stream_compression.h +0 -117
  369. data/src/core/lib/compression/stream_compression_gzip.cc +0 -231
  370. data/src/core/lib/compression/stream_compression_gzip.h +0 -28
  371. data/src/core/lib/compression/stream_compression_identity.cc +0 -91
  372. data/src/core/lib/compression/stream_compression_identity.h +0 -29
  373. data/src/core/lib/security/credentials/credentials_metadata.cc +0 -61
  374. data/src/core/lib/slice/static_slice.cc +0 -377
  375. data/src/core/lib/slice/static_slice.h +0 -300
  376. data/src/core/lib/transport/metadata.cc +0 -714
  377. data/src/core/lib/transport/metadata.h +0 -449
  378. data/src/core/lib/transport/metadata_batch.cc +0 -99
  379. data/src/core/lib/transport/static_metadata.cc +0 -1032
  380. data/src/core/lib/transport/static_metadata.h +0 -322
  381. data/src/core/lib/transport/status_metadata.cc +0 -63
  382. data/src/core/lib/transport/status_metadata.h +0 -48
@@ -0,0 +1,388 @@
1
+ //
2
+ // Copyright 2018 gRPC authors.
3
+ //
4
+ // Licensed under the Apache License, Version 2.0 (the "License");
5
+ // you may not use this file except in compliance with the License.
6
+ // You may obtain a copy of the License at
7
+ //
8
+ // http://www.apache.org/licenses/LICENSE-2.0
9
+ //
10
+ // Unless required by applicable law or agreed to in writing, software
11
+ // distributed under the License is distributed on an "AS IS" BASIS,
12
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ // See the License for the specific language governing permissions and
14
+ // limitations under the License.
15
+ //
16
+
17
+ #include <grpc/support/port_platform.h>
18
+
19
+ #include "src/core/ext/xds/xds_common_types.h"
20
+
21
+ #include "absl/container/inlined_vector.h"
22
+ #include "absl/status/statusor.h"
23
+ #include "absl/strings/str_cat.h"
24
+ #include "absl/strings/str_format.h"
25
+ #include "absl/strings/str_join.h"
26
+ #include "envoy/extensions/transport_sockets/tls/v3/common.upb.h"
27
+ #include "envoy/extensions/transport_sockets/tls/v3/tls.upb.h"
28
+ #include "envoy/type/matcher/v3/regex.upb.h"
29
+ #include "envoy/type/matcher/v3/string.upb.h"
30
+ #include "google/protobuf/any.upb.h"
31
+ #include "google/protobuf/wrappers.upb.h"
32
+ #include "xds/type/v3/typed_struct.upb.h"
33
+
34
+ namespace grpc_core {
35
+
36
+ //
37
+ // CommonTlsContext::CertificateValidationContext
38
+ //
39
+
40
+ std::string CommonTlsContext::CertificateValidationContext::ToString() const {
41
+ std::vector<std::string> contents;
42
+ for (const auto& match : match_subject_alt_names) {
43
+ contents.push_back(match.ToString());
44
+ }
45
+ return absl::StrFormat("{match_subject_alt_names=[%s]}",
46
+ absl::StrJoin(contents, ", "));
47
+ }
48
+
49
+ bool CommonTlsContext::CertificateValidationContext::Empty() const {
50
+ return match_subject_alt_names.empty();
51
+ }
52
+
53
+ //
54
+ // CommonTlsContext::CertificateProviderPluginInstance
55
+ //
56
+
57
+ std::string CommonTlsContext::CertificateProviderPluginInstance::ToString()
58
+ const {
59
+ absl::InlinedVector<std::string, 2> contents;
60
+ if (!instance_name.empty()) {
61
+ contents.push_back(absl::StrFormat("instance_name=%s", instance_name));
62
+ }
63
+ if (!certificate_name.empty()) {
64
+ contents.push_back(
65
+ absl::StrFormat("certificate_name=%s", certificate_name));
66
+ }
67
+ return absl::StrCat("{", absl::StrJoin(contents, ", "), "}");
68
+ }
69
+
70
+ bool CommonTlsContext::CertificateProviderPluginInstance::Empty() const {
71
+ return instance_name.empty() && certificate_name.empty();
72
+ }
73
+
74
+ //
75
+ // CommonTlsContext
76
+ //
77
+
78
+ std::string CommonTlsContext::ToString() const {
79
+ absl::InlinedVector<std::string, 2> contents;
80
+ if (!tls_certificate_provider_instance.Empty()) {
81
+ contents.push_back(
82
+ absl::StrFormat("tls_certificate_provider_instance=%s",
83
+ tls_certificate_provider_instance.ToString()));
84
+ }
85
+ if (!certificate_validation_context.Empty()) {
86
+ contents.push_back(
87
+ absl::StrFormat("certificate_validation_context=%s",
88
+ certificate_validation_context.ToString()));
89
+ }
90
+ return absl::StrCat("{", absl::StrJoin(contents, ", "), "}");
91
+ }
92
+
93
+ bool CommonTlsContext::Empty() const {
94
+ return tls_certificate_provider_instance.Empty() &&
95
+ certificate_validation_context.Empty();
96
+ }
97
+
98
+ namespace {
99
+
100
+ // CertificateProviderInstance is deprecated but we are still supporting it for
101
+ // backward compatibility reasons. Note that we still parse the data into the
102
+ // same CertificateProviderPluginInstance struct since the fields are the same.
103
+ // TODO(yashykt): Remove this once we stop supporting the old way of fetching
104
+ // certificate provider instances.
105
+ grpc_error_handle CertificateProviderInstanceParse(
106
+ const XdsEncodingContext& context,
107
+ const envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance*
108
+ certificate_provider_instance_proto,
109
+ CommonTlsContext::CertificateProviderPluginInstance*
110
+ certificate_provider_plugin_instance) {
111
+ *certificate_provider_plugin_instance = {
112
+ UpbStringToStdString(
113
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance_instance_name(
114
+ certificate_provider_instance_proto)),
115
+ UpbStringToStdString(
116
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance_certificate_name(
117
+ certificate_provider_instance_proto))};
118
+ if (context.certificate_provider_definition_map->find(
119
+ certificate_provider_plugin_instance->instance_name) ==
120
+ context.certificate_provider_definition_map->end()) {
121
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
122
+ absl::StrCat("Unrecognized certificate provider instance name: ",
123
+ certificate_provider_plugin_instance->instance_name));
124
+ }
125
+ return GRPC_ERROR_NONE;
126
+ }
127
+
128
+ grpc_error_handle CertificateProviderPluginInstanceParse(
129
+ const XdsEncodingContext& context,
130
+ const envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance*
131
+ certificate_provider_plugin_instance_proto,
132
+ CommonTlsContext::CertificateProviderPluginInstance*
133
+ certificate_provider_plugin_instance) {
134
+ *certificate_provider_plugin_instance = {
135
+ UpbStringToStdString(
136
+ envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance_instance_name(
137
+ certificate_provider_plugin_instance_proto)),
138
+ UpbStringToStdString(
139
+ envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance_certificate_name(
140
+ certificate_provider_plugin_instance_proto))};
141
+ if (context.certificate_provider_definition_map->find(
142
+ certificate_provider_plugin_instance->instance_name) ==
143
+ context.certificate_provider_definition_map->end()) {
144
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
145
+ absl::StrCat("Unrecognized certificate provider instance name: ",
146
+ certificate_provider_plugin_instance->instance_name));
147
+ }
148
+ return GRPC_ERROR_NONE;
149
+ }
150
+
151
+ grpc_error_handle CertificateValidationContextParse(
152
+ const XdsEncodingContext& context,
153
+ const envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext*
154
+ certificate_validation_context_proto,
155
+ CommonTlsContext::CertificateValidationContext*
156
+ certificate_validation_context) {
157
+ std::vector<grpc_error_handle> errors;
158
+ size_t len = 0;
159
+ auto* subject_alt_names_matchers =
160
+ envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_match_subject_alt_names(
161
+ certificate_validation_context_proto, &len);
162
+ for (size_t i = 0; i < len; ++i) {
163
+ StringMatcher::Type type;
164
+ std::string matcher;
165
+ if (envoy_type_matcher_v3_StringMatcher_has_exact(
166
+ subject_alt_names_matchers[i])) {
167
+ type = StringMatcher::Type::kExact;
168
+ matcher = UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_exact(
169
+ subject_alt_names_matchers[i]));
170
+ } else if (envoy_type_matcher_v3_StringMatcher_has_prefix(
171
+ subject_alt_names_matchers[i])) {
172
+ type = StringMatcher::Type::kPrefix;
173
+ matcher = UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_prefix(
174
+ subject_alt_names_matchers[i]));
175
+ } else if (envoy_type_matcher_v3_StringMatcher_has_suffix(
176
+ subject_alt_names_matchers[i])) {
177
+ type = StringMatcher::Type::kSuffix;
178
+ matcher = UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_suffix(
179
+ subject_alt_names_matchers[i]));
180
+ } else if (envoy_type_matcher_v3_StringMatcher_has_contains(
181
+ subject_alt_names_matchers[i])) {
182
+ type = StringMatcher::Type::kContains;
183
+ matcher =
184
+ UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_contains(
185
+ subject_alt_names_matchers[i]));
186
+ } else if (envoy_type_matcher_v3_StringMatcher_has_safe_regex(
187
+ subject_alt_names_matchers[i])) {
188
+ type = StringMatcher::Type::kSafeRegex;
189
+ auto* regex_matcher = envoy_type_matcher_v3_StringMatcher_safe_regex(
190
+ subject_alt_names_matchers[i]);
191
+ matcher = UpbStringToStdString(
192
+ envoy_type_matcher_v3_RegexMatcher_regex(regex_matcher));
193
+ } else {
194
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
195
+ "Invalid StringMatcher specified"));
196
+ continue;
197
+ }
198
+ bool ignore_case = envoy_type_matcher_v3_StringMatcher_ignore_case(
199
+ subject_alt_names_matchers[i]);
200
+ absl::StatusOr<StringMatcher> string_matcher =
201
+ StringMatcher::Create(type, matcher,
202
+ /*case_sensitive=*/!ignore_case);
203
+ if (!string_matcher.ok()) {
204
+ errors.push_back(GRPC_ERROR_CREATE_FROM_CPP_STRING(
205
+ absl::StrCat("string matcher: ", string_matcher.status().message())));
206
+ continue;
207
+ }
208
+ if (type == StringMatcher::Type::kSafeRegex && ignore_case) {
209
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
210
+ "StringMatcher: ignore_case has no effect for SAFE_REGEX."));
211
+ continue;
212
+ }
213
+ certificate_validation_context->match_subject_alt_names.push_back(
214
+ std::move(string_matcher.value()));
215
+ }
216
+ auto* ca_certificate_provider_instance =
217
+ envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_ca_certificate_provider_instance(
218
+ certificate_validation_context_proto);
219
+ if (ca_certificate_provider_instance != nullptr) {
220
+ grpc_error_handle error = CertificateProviderPluginInstanceParse(
221
+ context, ca_certificate_provider_instance,
222
+ &certificate_validation_context->ca_certificate_provider_instance);
223
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
224
+ }
225
+ if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_verify_certificate_spki(
226
+ certificate_validation_context_proto, nullptr) != nullptr) {
227
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
228
+ "CertificateValidationContext: verify_certificate_spki "
229
+ "unsupported"));
230
+ }
231
+ if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_verify_certificate_hash(
232
+ certificate_validation_context_proto, nullptr) != nullptr) {
233
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
234
+ "CertificateValidationContext: verify_certificate_hash "
235
+ "unsupported"));
236
+ }
237
+ auto* require_signed_certificate_timestamp =
238
+ envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_require_signed_certificate_timestamp(
239
+ certificate_validation_context_proto);
240
+ if (require_signed_certificate_timestamp != nullptr &&
241
+ google_protobuf_BoolValue_value(require_signed_certificate_timestamp)) {
242
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
243
+ "CertificateValidationContext: "
244
+ "require_signed_certificate_timestamp unsupported"));
245
+ }
246
+ if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_has_crl(
247
+ certificate_validation_context_proto)) {
248
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
249
+ "CertificateValidationContext: crl unsupported"));
250
+ }
251
+ if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_has_custom_validator_config(
252
+ certificate_validation_context_proto)) {
253
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
254
+ "CertificateValidationContext: custom_validator_config "
255
+ "unsupported"));
256
+ }
257
+ return GRPC_ERROR_CREATE_FROM_VECTOR(
258
+ "Error parsing CertificateValidationContext", &errors);
259
+ }
260
+
261
+ } // namespace
262
+
263
+ grpc_error_handle CommonTlsContext::Parse(
264
+ const XdsEncodingContext& context,
265
+ const envoy_extensions_transport_sockets_tls_v3_CommonTlsContext*
266
+ common_tls_context_proto,
267
+ CommonTlsContext* common_tls_context) {
268
+ std::vector<grpc_error_handle> errors;
269
+ // The validation context is derived from the oneof in
270
+ // 'validation_context_type'. 'validation_context_sds_secret_config' is not
271
+ // supported.
272
+ auto* combined_validation_context =
273
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_combined_validation_context(
274
+ common_tls_context_proto);
275
+ if (combined_validation_context != nullptr) {
276
+ auto* default_validation_context =
277
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CombinedCertificateValidationContext_default_validation_context(
278
+ combined_validation_context);
279
+ if (default_validation_context != nullptr) {
280
+ grpc_error_handle error = CertificateValidationContextParse(
281
+ context, default_validation_context,
282
+ &common_tls_context->certificate_validation_context);
283
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
284
+ }
285
+ // If after parsing default_validation_context,
286
+ // common_tls_context->certificate_validation_context.ca_certificate_provider_instance
287
+ // is empty, fall back onto
288
+ // 'validation_context_certificate_provider_instance' inside
289
+ // 'combined_validation_context'. Note that this way of fetching root
290
+ // certificates is deprecated and will be removed in the future.
291
+ // TODO(yashykt): Remove this once it's no longer needed.
292
+ auto* validation_context_certificate_provider_instance =
293
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CombinedCertificateValidationContext_validation_context_certificate_provider_instance(
294
+ combined_validation_context);
295
+ if (common_tls_context->certificate_validation_context
296
+ .ca_certificate_provider_instance.Empty() &&
297
+ validation_context_certificate_provider_instance != nullptr) {
298
+ grpc_error_handle error = CertificateProviderInstanceParse(
299
+ context, validation_context_certificate_provider_instance,
300
+ &common_tls_context->certificate_validation_context
301
+ .ca_certificate_provider_instance);
302
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
303
+ }
304
+ } else {
305
+ auto* validation_context =
306
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_validation_context(
307
+ common_tls_context_proto);
308
+ if (validation_context != nullptr) {
309
+ grpc_error_handle error = CertificateValidationContextParse(
310
+ context, validation_context,
311
+ &common_tls_context->certificate_validation_context);
312
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
313
+ } else if (
314
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_validation_context_sds_secret_config(
315
+ common_tls_context_proto)) {
316
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
317
+ "validation_context_sds_secret_config unsupported"));
318
+ }
319
+ }
320
+ auto* tls_certificate_provider_instance =
321
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_tls_certificate_provider_instance(
322
+ common_tls_context_proto);
323
+ if (tls_certificate_provider_instance != nullptr) {
324
+ grpc_error_handle error = CertificateProviderPluginInstanceParse(
325
+ context, tls_certificate_provider_instance,
326
+ &common_tls_context->tls_certificate_provider_instance);
327
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
328
+ } else {
329
+ // Fall back onto 'tls_certificate_certificate_provider_instance'. Note that
330
+ // this way of fetching identity certificates is deprecated and will be
331
+ // removed in the future.
332
+ // TODO(yashykt): Remove this once it's no longer needed.
333
+ auto* tls_certificate_certificate_provider_instance =
334
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_tls_certificate_certificate_provider_instance(
335
+ common_tls_context_proto);
336
+ if (tls_certificate_certificate_provider_instance != nullptr) {
337
+ grpc_error_handle error = CertificateProviderInstanceParse(
338
+ context, tls_certificate_certificate_provider_instance,
339
+ &common_tls_context->tls_certificate_provider_instance);
340
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
341
+ } else {
342
+ if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_tls_certificates(
343
+ common_tls_context_proto)) {
344
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
345
+ "tls_certificates unsupported"));
346
+ }
347
+ if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_tls_certificate_sds_secret_configs(
348
+ common_tls_context_proto)) {
349
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
350
+ "tls_certificate_sds_secret_configs unsupported"));
351
+ }
352
+ }
353
+ }
354
+ if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_tls_params(
355
+ common_tls_context_proto)) {
356
+ errors.push_back(
357
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("tls_params unsupported"));
358
+ }
359
+ if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_custom_handshaker(
360
+ common_tls_context_proto)) {
361
+ errors.push_back(
362
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("custom_handshaker unsupported"));
363
+ }
364
+ return GRPC_ERROR_CREATE_FROM_VECTOR("Error parsing CommonTlsContext",
365
+ &errors);
366
+ }
367
+
368
+ grpc_error_handle ExtractHttpFilterTypeName(const XdsEncodingContext& context,
369
+ const google_protobuf_Any* any,
370
+ absl::string_view* filter_type) {
371
+ *filter_type = UpbStringToAbsl(google_protobuf_Any_type_url(any));
372
+ if (*filter_type == "type.googleapis.com/xds.type.v3.TypedStruct" ||
373
+ *filter_type == "type.googleapis.com/udpa.type.v1.TypedStruct") {
374
+ upb_strview any_value = google_protobuf_Any_value(any);
375
+ const auto* typed_struct = xds_type_v3_TypedStruct_parse(
376
+ any_value.data, any_value.size, context.arena);
377
+ if (typed_struct == nullptr) {
378
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
379
+ "could not parse TypedStruct from filter config");
380
+ }
381
+ *filter_type =
382
+ UpbStringToAbsl(xds_type_v3_TypedStruct_type_url(typed_struct));
383
+ }
384
+ *filter_type = absl::StripPrefix(*filter_type, "type.googleapis.com/");
385
+ return GRPC_ERROR_NONE;
386
+ }
387
+
388
+ } // namespace grpc_core
@@ -0,0 +1,110 @@
1
+ //
2
+ // Copyright 2018 gRPC authors.
3
+ //
4
+ // Licensed under the Apache License, Version 2.0 (the "License");
5
+ // you may not use this file except in compliance with the License.
6
+ // You may obtain a copy of the License at
7
+ //
8
+ // http://www.apache.org/licenses/LICENSE-2.0
9
+ //
10
+ // Unless required by applicable law or agreed to in writing, software
11
+ // distributed under the License is distributed on an "AS IS" BASIS,
12
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ // See the License for the specific language governing permissions and
14
+ // limitations under the License.
15
+ //
16
+
17
+ #ifndef GRPC_CORE_EXT_XDS_XDS_COMMON_TYPES_H
18
+ #define GRPC_CORE_EXT_XDS_XDS_COMMON_TYPES_H
19
+
20
+ #include <grpc/support/port_platform.h>
21
+
22
+ #include <string>
23
+ #include <vector>
24
+
25
+ #include "absl/strings/str_format.h"
26
+ #include "envoy/extensions/transport_sockets/tls/v3/tls.upb.h"
27
+ #include "google/protobuf/any.upb.h"
28
+ #include "google/protobuf/duration.upb.h"
29
+
30
+ #include "src/core/ext/xds/upb_utils.h"
31
+ #include "src/core/lib/matchers/matchers.h"
32
+
33
+ namespace grpc_core {
34
+
35
+ struct Duration {
36
+ int64_t seconds = 0;
37
+ int32_t nanos = 0;
38
+
39
+ Duration() = default;
40
+
41
+ bool operator==(const Duration& other) const {
42
+ return seconds == other.seconds && nanos == other.nanos;
43
+ }
44
+ std::string ToString() const {
45
+ return absl::StrFormat("Duration seconds: %ld, nanos %d", seconds, nanos);
46
+ }
47
+
48
+ static Duration Parse(const google_protobuf_Duration* proto_duration) {
49
+ Duration duration;
50
+ duration.seconds = google_protobuf_Duration_seconds(proto_duration);
51
+ duration.nanos = google_protobuf_Duration_nanos(proto_duration);
52
+ return duration;
53
+ }
54
+ };
55
+
56
+ struct CommonTlsContext {
57
+ struct CertificateProviderPluginInstance {
58
+ std::string instance_name;
59
+ std::string certificate_name;
60
+
61
+ bool operator==(const CertificateProviderPluginInstance& other) const {
62
+ return instance_name == other.instance_name &&
63
+ certificate_name == other.certificate_name;
64
+ }
65
+
66
+ std::string ToString() const;
67
+ bool Empty() const;
68
+ };
69
+
70
+ struct CertificateValidationContext {
71
+ CertificateProviderPluginInstance ca_certificate_provider_instance;
72
+ std::vector<StringMatcher> match_subject_alt_names;
73
+
74
+ bool operator==(const CertificateValidationContext& other) const {
75
+ return ca_certificate_provider_instance ==
76
+ other.ca_certificate_provider_instance &&
77
+ match_subject_alt_names == other.match_subject_alt_names;
78
+ }
79
+
80
+ std::string ToString() const;
81
+ bool Empty() const;
82
+ };
83
+
84
+ CertificateValidationContext certificate_validation_context;
85
+ CertificateProviderPluginInstance tls_certificate_provider_instance;
86
+
87
+ bool operator==(const CommonTlsContext& other) const {
88
+ return certificate_validation_context ==
89
+ other.certificate_validation_context &&
90
+ tls_certificate_provider_instance ==
91
+ other.tls_certificate_provider_instance;
92
+ }
93
+
94
+ std::string ToString() const;
95
+ bool Empty() const;
96
+
97
+ static grpc_error_handle Parse(
98
+ const XdsEncodingContext& context,
99
+ const envoy_extensions_transport_sockets_tls_v3_CommonTlsContext*
100
+ common_tls_context_proto,
101
+ CommonTlsContext* common_tls_context);
102
+ };
103
+
104
+ grpc_error_handle ExtractHttpFilterTypeName(const XdsEncodingContext& context,
105
+ const google_protobuf_Any* any,
106
+ absl::string_view* filter_type);
107
+
108
+ } // namespace grpc_core
109
+
110
+ #endif // GRPC_CORE_EXT_XDS_XDS_COMMON_TYPES_H