grpc 1.45.0 → 1.46.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +36 -29
- data/include/grpc/impl/codegen/grpc_types.h +7 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +309 -0
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +122 -0
- data/src/core/ext/filters/{client_idle → channel_idle}/idle_filter_state.cc +1 -1
- data/src/core/ext/filters/{client_idle → channel_idle}/idle_filter_state.h +3 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +163 -96
- data/src/core/ext/filters/client_channel/client_channel.h +2 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +124 -581
- data/src/core/ext/filters/client_channel/health/health_check_client.h +24 -160
- data/src/core/ext/filters/client_channel/http_proxy.cc +88 -110
- data/src/core/ext/filters/client_channel/http_proxy.h +17 -0
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +182 -142
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +2 -6
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +1 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +87 -58
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +51 -48
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -7
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +229 -284
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +92 -257
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +51 -221
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +201 -0
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +106 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +102 -55
- data/src/core/ext/filters/client_channel/retry_filter.cc +18 -3
- data/src/core/ext/filters/client_channel/subchannel.cc +5 -5
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +544 -0
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +214 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +127 -367
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +24 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +78 -458
- data/src/core/ext/filters/http/client/http_client_filter.h +21 -4
- data/src/core/ext/filters/http/client_authority_filter.cc +17 -22
- data/src/core/ext/filters/http/client_authority_filter.h +6 -5
- data/src/core/ext/filters/http/http_filters_plugin.cc +9 -6
- data/src/core/ext/filters/http/server/http_server_filter.cc +2 -116
- data/src/core/ext/filters/server_config_selector/server_config_selector.cc +2 -8
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +2 -2
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +73 -201
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +5 -4
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +139 -28
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +4 -2
- data/src/core/ext/transport/chttp2/transport/parsing.cc +8 -0
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -13
- data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +27 -24
- data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +143 -63
- data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +37 -35
- data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +177 -77
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +115 -111
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +547 -207
- data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +26 -13
- data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +23 -9
- data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +18 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +13 -4
- data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +9 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +49 -46
- data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +217 -78
- data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +10 -2
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +12 -12
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +40 -8
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +20 -2
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +55 -55
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +289 -110
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +133 -125
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +656 -267
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +24 -18
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +96 -23
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +185 -173
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +860 -309
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +10 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +44 -24
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +165 -40
- data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +72 -63
- data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +433 -174
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +33 -31
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +154 -52
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +5 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +14 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +89 -89
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +460 -166
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +76 -33
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +379 -69
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +14 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +5 -25
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +10 -91
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +26 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +70 -68
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +369 -131
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +94 -65
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +447 -161
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +27 -11
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +104 -85
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +378 -113
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +3 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +30 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +43 -16
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +58 -24
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +14 -4
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +18 -18
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +100 -43
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +31 -30
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +171 -71
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +32 -32
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +196 -95
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +7 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +53 -46
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +284 -129
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +56 -50
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +337 -146
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +13 -11
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +49 -14
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +14 -4
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +20 -4
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +33 -32
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +205 -86
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +34 -34
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +175 -74
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +56 -52
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +370 -146
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +27 -23
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +173 -74
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +362 -341
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +2056 -845
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +11 -11
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +49 -16
- data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +56 -50
- data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +293 -111
- data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +6 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +10 -2
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +26 -10
- data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +27 -12
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +17 -16
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +83 -36
- data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +7 -2
- data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +46 -17
- data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +38 -12
- data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +30 -10
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +10 -6
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +15 -15
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +71 -28
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +25 -25
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +149 -65
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +8 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +30 -12
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +42 -15
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +173 -144
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +898 -323
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +51 -45
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +261 -116
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +70 -25
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +80 -55
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +410 -124
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +23 -9
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +44 -44
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +261 -122
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +47 -21
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +32 -32
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +175 -66
- data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +17 -6
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +38 -17
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +12 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +43 -18
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +20 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +24 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +14 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +40 -16
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +70 -25
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +37 -18
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +12 -12
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +81 -30
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +76 -30
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +20 -20
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +90 -30
- data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +28 -10
- data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +3 -0
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +13 -4
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +18 -0
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +9 -0
- data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +17 -4
- data/src/core/ext/upb-generated/google/api/annotations.upb.c +3 -3
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +17 -2
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +70 -66
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +410 -162
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +80 -74
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +440 -158
- data/src/core/ext/upb-generated/google/api/http.upb.c +17 -17
- data/src/core/ext/upb-generated/google/api/http.upb.h +116 -43
- data/src/core/ext/upb-generated/google/api/httpbody.upb.c +4 -4
- data/src/core/ext/upb-generated/google/api/httpbody.upb.h +19 -7
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +3 -3
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +6 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +163 -162
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +1157 -435
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +3 -3
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +10 -4
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +15 -15
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +108 -40
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +3 -3
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +10 -4
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +18 -18
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +4 -4
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +19 -7
- data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +15 -15
- data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +65 -22
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +12 -12
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +49 -12
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +69 -65
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +364 -149
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +8 -7
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +20 -4
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +31 -31
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +150 -58
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +11 -11
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +51 -18
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.c +175 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.h +764 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +22 -22
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +97 -10
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +23 -2
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +10 -2
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +27 -6
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +5 -5
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +20 -2
- data/src/core/ext/upb-generated/validate/validate.upb.c +261 -250
- data/src/core/ext/upb-generated/validate/validate.upb.h +1836 -663
- data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +22 -22
- data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +97 -10
- data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +6 -6
- data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +23 -2
- data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +3 -3
- data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +10 -2
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +18 -18
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +70 -10
- data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +20 -2
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +2 -2
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +3 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +8 -8
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +38 -12
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +27 -10
- data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +3 -3
- data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +10 -2
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +21 -8
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +10 -10
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +71 -30
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +16 -2
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +12 -12
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +69 -26
- data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +43 -39
- data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +255 -103
- data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +4 -4
- data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +19 -8
- data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +70 -25
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +3 -3
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +10 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +50 -46
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +195 -185
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +16 -12
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +129 -94
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +18 -33
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +0 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +163 -155
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +141 -138
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +26 -20
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +738 -730
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +271 -251
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +207 -193
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +99 -0
- data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +75 -0
- data/src/core/ext/xds/certificate_provider_store.cc +8 -0
- data/src/core/ext/xds/certificate_provider_store.h +9 -0
- data/src/core/ext/xds/xds_api.cc +20 -0
- data/src/core/ext/xds/xds_certificate_provider.cc +2 -0
- data/src/core/ext/xds/xds_certificate_provider.h +8 -0
- data/src/core/ext/xds/xds_client.cc +83 -93
- data/src/core/ext/xds/xds_client.h +11 -4
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +142 -0
- data/src/core/ext/xds/xds_cluster_specifier_plugin.h +79 -0
- data/src/core/ext/xds/xds_common_types.cc +9 -9
- data/src/core/ext/xds/xds_common_types.h +3 -3
- data/src/core/ext/xds/xds_endpoint.cc +12 -5
- data/src/core/ext/xds/xds_http_fault_filter.cc +1 -1
- data/src/core/ext/xds/xds_listener.cc +1 -1
- data/src/core/ext/xds/xds_route_config.cc +162 -25
- data/src/core/ext/xds/xds_route_config.h +13 -10
- data/src/core/ext/xds/xds_server_config_fetcher.cc +17 -22
- data/src/core/lib/avl/avl.h +68 -5
- data/src/core/lib/channel/call_tracer.h +4 -1
- data/src/core/lib/channel/channel_args.cc +138 -59
- data/src/core/lib/channel/channel_args.h +210 -9
- data/src/core/lib/channel/channel_args_preconditioning.cc +3 -9
- data/src/core/lib/channel/channel_args_preconditioning.h +1 -2
- data/src/core/lib/channel/channel_stack.h +2 -5
- data/src/core/lib/channel/channel_stack_builder.cc +0 -65
- data/src/core/lib/channel/channel_stack_builder.h +27 -6
- data/src/core/lib/channel/channel_stack_builder_impl.cc +102 -0
- data/src/core/lib/channel/channel_stack_builder_impl.h +48 -0
- data/src/core/lib/channel/connected_channel.h +1 -0
- data/src/core/lib/channel/promise_based_filter.cc +495 -162
- data/src/core/lib/channel/promise_based_filter.h +55 -41
- data/src/core/lib/compression/compression_internal.cc +1 -7
- data/src/core/lib/debug/stats_data.cc +2 -6
- data/src/core/lib/debug/stats_data.h +18 -21
- data/src/core/lib/gpr/tls.h +1 -0
- data/src/core/lib/gprpp/bitset.h +12 -0
- data/src/core/lib/gprpp/cpp_impl_of.h +4 -0
- data/src/core/lib/gprpp/match.h +73 -0
- data/src/core/lib/gprpp/overload.h +59 -0
- data/src/core/lib/gprpp/ref_counted.h +2 -0
- data/src/core/lib/gprpp/single_set_ptr.h +87 -0
- data/src/core/lib/gprpp/status_helper.cc +18 -2
- data/src/core/lib/gprpp/time.cc +12 -0
- data/src/core/lib/gprpp/time.h +1 -1
- data/src/core/lib/http/format_request.cc +1 -2
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.cc +80 -9
- data/src/core/lib/http/parser.h +14 -1
- data/src/core/lib/iomgr/ev_posix.cc +6 -7
- data/src/core/lib/iomgr/fork_posix.cc +1 -1
- data/src/core/lib/iomgr/port.h +0 -2
- data/src/core/lib/iomgr/tcp_client_posix.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +93 -35
- data/src/core/lib/iomgr/tcp_server_posix.cc +26 -17
- data/src/core/lib/json/json_util.h +3 -3
- data/src/core/lib/promise/call_push_pull.h +144 -0
- data/src/core/lib/promise/detail/status.h +2 -1
- data/src/core/lib/promise/intra_activity_waiter.h +49 -0
- data/src/core/lib/promise/latch.h +104 -0
- data/src/core/lib/resource_quota/api.cc +5 -30
- data/src/core/lib/resource_quota/api.h +1 -1
- data/src/core/lib/resource_quota/resource_quota.h +8 -0
- data/src/core/lib/security/authorization/authorization_policy_provider.h +7 -0
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +9 -12
- data/src/core/lib/security/authorization/grpc_server_authz_filter.h +5 -6
- data/src/core/lib/security/context/security_context.h +8 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +6 -5
- data/src/core/lib/security/credentials/alts/alts_credentials.h +4 -0
- data/src/core/lib/security/credentials/call_creds_util.cc +3 -3
- data/src/core/lib/security/credentials/call_creds_util.h +2 -2
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +15 -10
- data/src/core/lib/security/credentials/composite/composite_credentials.h +9 -8
- data/src/core/lib/security/credentials/credentials.h +16 -33
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +8 -12
- data/src/core/lib/security/credentials/fake/fake_credentials.h +8 -5
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +3 -3
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +5 -4
- data/src/core/lib/security/credentials/iam/iam_credentials.h +6 -2
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +22 -29
- data/src/core/lib/security/credentials/insecure/insecure_credentials.h +57 -0
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +6 -2
- data/src/core/lib/security/credentials/local/local_credentials.cc +6 -6
- data/src/core/lib/security/credentials/local/local_credentials.h +4 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +17 -9
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +14 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +8 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +8 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +6 -4
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +8 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +49 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +8 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +42 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +66 -95
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +9 -6
- data/src/core/lib/security/credentials/tls/tls_credentials.h +5 -5
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +48 -50
- data/src/core/lib/security/credentials/xds/xds_credentials.h +31 -5
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/security_connector.h +9 -0
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +4 -2
- data/src/core/lib/security/transport/auth_filters.h +7 -7
- data/src/core/lib/security/transport/client_auth_filter.cc +28 -20
- data/src/core/lib/security/transport/secure_endpoint.cc +198 -129
- data/src/core/lib/security/transport/secure_endpoint.h +1 -1
- data/src/core/lib/security/transport/security_handshaker.cc +6 -4
- data/src/core/lib/surface/call.cc +1023 -903
- data/src/core/lib/surface/call.h +0 -14
- data/src/core/lib/surface/channel.cc +4 -3
- data/src/core/lib/surface/channel_init.cc +2 -3
- data/src/core/lib/surface/channel_init.h +2 -6
- data/src/core/lib/surface/init.cc +1 -1
- data/src/core/lib/surface/server.cc +3 -14
- data/src/core/lib/surface/server.h +1 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.cc +2 -0
- data/src/core/lib/transport/metadata_batch.h +12 -8
- data/src/core/lib/transport/transport.h +20 -5
- data/src/core/lib/transport/transport_impl.h +4 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +2 -2
- data/src/core/tsi/ssl_transport_security.cc +75 -38
- data/src/core/tsi/ssl_transport_security.h +8 -2
- data/src/core/tsi/transport_security_interface.h +2 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/lib/grpc/generic/active_call.rb +7 -1
- data/src/ruby/lib/grpc/grpc.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +1 -0
- data/src/ruby/pb/test/client.rb +769 -0
- data/src/ruby/pb/test/server.rb +252 -0
- data/src/ruby/pb/test/xds_client.rb +415 -0
- data/third_party/upb/third_party/utf8_range/utf8_range.h +1 -1
- data/third_party/upb/upb/decode.c +32 -16
- data/third_party/upb/upb/def.c +118 -55
- data/third_party/upb/upb/def.h +12 -3
- data/third_party/upb/upb/encode.c +14 -8
- data/third_party/upb/upb/json_encode.c +776 -0
- data/third_party/upb/upb/json_encode.h +62 -0
- data/third_party/upb/upb/msg.c +5 -7
- data/third_party/upb/upb/msg.h +1 -2
- data/third_party/upb/upb/msg_internal.h +49 -36
- data/third_party/upb/upb/port_def.inc +8 -0
- data/third_party/upb/upb/port_undef.inc +1 -0
- data/third_party/upb/upb/table.c +10 -6
- data/third_party/upb/upb/table_internal.h +2 -0
- data/third_party/upb/upb/upb.h +41 -11
- data/third_party/zlib/crc32.c +966 -292
- data/third_party/zlib/crc32.h +9441 -436
- data/third_party/zlib/deflate.c +78 -30
- data/third_party/zlib/deflate.h +12 -15
- data/third_party/zlib/gzguts.h +3 -2
- data/third_party/zlib/gzlib.c +5 -3
- data/third_party/zlib/gzread.c +5 -7
- data/third_party/zlib/gzwrite.c +25 -13
- data/third_party/zlib/infback.c +2 -1
- data/third_party/zlib/inffast.c +14 -14
- data/third_party/zlib/inflate.c +39 -8
- data/third_party/zlib/inflate.h +3 -2
- data/third_party/zlib/inftrees.c +3 -3
- data/third_party/zlib/trees.c +27 -48
- data/third_party/zlib/zlib.h +123 -100
- data/third_party/zlib/zutil.c +2 -2
- data/third_party/zlib/zutil.h +12 -9
- metadata +66 -45
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +0 -201
- data/src/core/ext/filters/max_age/max_age_filter.cc +0 -566
- data/src/core/ext/filters/max_age/max_age_filter.h +0 -26
- data/src/core/lib/iomgr/ev_epollex_linux.cc +0 -1657
- data/src/core/lib/iomgr/ev_epollex_linux.h +0 -30
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +0 -119
- data/src/core/lib/iomgr/is_epollexclusive_available.h +0 -36
- data/src/core/lib/iomgr/sys_epoll_wrapper.h +0 -30
@@ -30,6 +30,10 @@
|
|
30
30
|
|
31
31
|
namespace grpc_core {
|
32
32
|
|
33
|
+
//
|
34
|
+
// ExternalCertificateVerifier
|
35
|
+
//
|
36
|
+
|
33
37
|
bool ExternalCertificateVerifier::Verify(
|
34
38
|
grpc_tls_custom_verification_check_request* request,
|
35
39
|
std::function<void(absl::Status)> callback, absl::Status* sync_status) {
|
@@ -80,6 +84,10 @@ void ExternalCertificateVerifier::OnVerifyDone(
|
|
80
84
|
}
|
81
85
|
}
|
82
86
|
|
87
|
+
//
|
88
|
+
// HostNameCertificateVerifier
|
89
|
+
//
|
90
|
+
|
83
91
|
bool HostNameCertificateVerifier::Verify(
|
84
92
|
grpc_tls_custom_verification_check_request* request,
|
85
93
|
std::function<void(absl::Status)>, absl::Status* sync_status) {
|
@@ -25,6 +25,7 @@
|
|
25
25
|
|
26
26
|
#include <grpc/grpc_security.h>
|
27
27
|
|
28
|
+
#include "src/core/lib/gpr/useful.h"
|
28
29
|
#include "src/core/lib/gprpp/ref_counted.h"
|
29
30
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
30
31
|
#include "src/core/lib/gprpp/thd.h"
|
@@ -37,8 +38,6 @@
|
|
37
38
|
struct grpc_tls_certificate_verifier
|
38
39
|
: public grpc_core::RefCounted<grpc_tls_certificate_verifier> {
|
39
40
|
public:
|
40
|
-
grpc_tls_certificate_verifier() = default;
|
41
|
-
|
42
41
|
~grpc_tls_certificate_verifier() override = default;
|
43
42
|
// Verifies the specific request. It can be processed in sync or async mode.
|
44
43
|
// If the caller want it to be processed asynchronously, return false
|
@@ -52,6 +51,28 @@ struct grpc_tls_certificate_verifier
|
|
52
51
|
// Operations that will be performed when a request is cancelled.
|
53
52
|
// This is only needed when in async mode.
|
54
53
|
virtual void Cancel(grpc_tls_custom_verification_check_request* request) = 0;
|
54
|
+
|
55
|
+
// Compares this grpc_tls_certificate_verifier object with \a other.
|
56
|
+
// If this method returns 0, it means that gRPC can treat the two certificate
|
57
|
+
// verifiers as effectively the same.
|
58
|
+
int Compare(const grpc_tls_certificate_verifier* other) const {
|
59
|
+
GPR_ASSERT(other != nullptr);
|
60
|
+
int r = grpc_core::QsortCompare(type(), other->type());
|
61
|
+
if (r != 0) return r;
|
62
|
+
return CompareImpl(other);
|
63
|
+
}
|
64
|
+
|
65
|
+
// The pointer value \a type is used to uniquely identify a verifier
|
66
|
+
// implementation for down-casting purposes. Every verifier implementation
|
67
|
+
// should use a unique string instance, which should be returned by all
|
68
|
+
// instances of that verifier implementation.
|
69
|
+
virtual const char* type() const = 0;
|
70
|
+
|
71
|
+
private:
|
72
|
+
// Implementation for `Compare` method intended to be overridden by
|
73
|
+
// subclasses. Only invoked if `type()` and `other->type()` point to the same
|
74
|
+
// string.
|
75
|
+
virtual int CompareImpl(const grpc_tls_certificate_verifier* other) const = 0;
|
55
76
|
};
|
56
77
|
|
57
78
|
namespace grpc_core {
|
@@ -78,12 +99,20 @@ class ExternalCertificateVerifier : public grpc_tls_certificate_verifier {
|
|
78
99
|
external_verifier_->cancel(external_verifier_->user_data, request);
|
79
100
|
}
|
80
101
|
|
102
|
+
const char* type() const override { return "External"; }
|
103
|
+
|
81
104
|
private:
|
82
|
-
|
105
|
+
int CompareImpl(const grpc_tls_certificate_verifier* other) const override {
|
106
|
+
const auto* o = static_cast<const ExternalCertificateVerifier*>(other);
|
107
|
+
return QsortCompare(external_verifier_, o->external_verifier_);
|
108
|
+
}
|
83
109
|
|
84
110
|
static void OnVerifyDone(grpc_tls_custom_verification_check_request* request,
|
85
111
|
void* callback_arg, grpc_status_code status,
|
86
112
|
const char* error_details);
|
113
|
+
|
114
|
+
grpc_tls_certificate_verifier_external* external_verifier_;
|
115
|
+
|
87
116
|
// Guards members below.
|
88
117
|
Mutex mu_;
|
89
118
|
// stores each check request and its corresponding callback function.
|
@@ -99,6 +128,16 @@ class HostNameCertificateVerifier : public grpc_tls_certificate_verifier {
|
|
99
128
|
std::function<void(absl::Status)> callback,
|
100
129
|
absl::Status* sync_status) override;
|
101
130
|
void Cancel(grpc_tls_custom_verification_check_request*) override {}
|
131
|
+
|
132
|
+
const char* type() const override { return "Hostname"; }
|
133
|
+
|
134
|
+
private:
|
135
|
+
int CompareImpl(
|
136
|
+
const grpc_tls_certificate_verifier* /* other */) const override {
|
137
|
+
// No differentiating factor between different HostNameCertificateVerifier
|
138
|
+
// objects.
|
139
|
+
return 0;
|
140
|
+
}
|
102
141
|
};
|
103
142
|
|
104
143
|
} // namespace grpc_core
|
@@ -1,20 +1,22 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
1
|
+
//
|
2
|
+
//
|
3
|
+
// Copyright 2018 gRPC authors.
|
4
|
+
//
|
5
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
// you may not use this file except in compliance with the License.
|
7
|
+
// You may obtain a copy of the License at
|
8
|
+
//
|
9
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
//
|
11
|
+
// Unless required by applicable law or agreed to in writing, software
|
12
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
// See the License for the specific language governing permissions and
|
15
|
+
// limitations under the License.
|
16
|
+
//
|
17
|
+
//
|
18
|
+
|
19
|
+
// Generated by tools/codegen/core/gen_grpc_tls_credentials_options.py
|
18
20
|
|
19
21
|
#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
|
20
22
|
#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
|
@@ -38,103 +40,72 @@ struct grpc_tls_credentials_options
|
|
38
40
|
: public grpc_core::RefCounted<grpc_tls_credentials_options> {
|
39
41
|
public:
|
40
42
|
~grpc_tls_credentials_options() override = default;
|
43
|
+
|
41
44
|
// Getters for member fields.
|
42
|
-
grpc_ssl_client_certificate_request_type cert_request_type() const {
|
43
|
-
return cert_request_type_;
|
44
|
-
}
|
45
|
+
grpc_ssl_client_certificate_request_type cert_request_type() const { return cert_request_type_; }
|
45
46
|
bool verify_server_cert() const { return verify_server_cert_; }
|
46
47
|
grpc_tls_version min_tls_version() const { return min_tls_version_; }
|
47
48
|
grpc_tls_version max_tls_version() const { return max_tls_version_; }
|
48
|
-
// Returns the verifier set in the options.
|
49
49
|
grpc_tls_certificate_verifier* certificate_verifier() {
|
50
|
-
return
|
50
|
+
return certificate_verifier_.get();
|
51
51
|
}
|
52
52
|
bool check_call_host() const { return check_call_host_; }
|
53
|
-
// Returns the distributor from
|
53
|
+
// Returns the distributor from certificate_provider_ if it is set, nullptr otherwise.
|
54
54
|
grpc_tls_certificate_distributor* certificate_distributor() {
|
55
|
-
if (
|
55
|
+
if (certificate_provider_ != nullptr) { return certificate_provider_->distributor().get(); }
|
56
56
|
return nullptr;
|
57
57
|
}
|
58
|
-
bool watch_root_cert() { return watch_root_cert_; }
|
59
|
-
const std::string& root_cert_name() { return root_cert_name_; }
|
60
|
-
bool watch_identity_pair() { return watch_identity_pair_; }
|
61
|
-
const std::string& identity_cert_name() { return identity_cert_name_; }
|
62
|
-
|
63
|
-
const std::string&
|
64
|
-
return tls_session_key_log_file_path_;
|
65
|
-
}
|
66
|
-
const std::string& crl_directory() { return crl_directory_; }
|
58
|
+
bool watch_root_cert() const { return watch_root_cert_; }
|
59
|
+
const std::string& root_cert_name() const { return root_cert_name_; }
|
60
|
+
bool watch_identity_pair() const { return watch_identity_pair_; }
|
61
|
+
const std::string& identity_cert_name() const { return identity_cert_name_; }
|
62
|
+
const std::string& tls_session_key_log_file_path() const { return tls_session_key_log_file_path_; }
|
63
|
+
const std::string& crl_directory() const { return crl_directory_; }
|
67
64
|
|
68
65
|
// Setters for member fields.
|
69
|
-
void set_cert_request_type(
|
70
|
-
|
71
|
-
|
72
|
-
}
|
73
|
-
void
|
74
|
-
|
75
|
-
}
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
void
|
80
|
-
|
81
|
-
}
|
82
|
-
// Sets the
|
83
|
-
void
|
84
|
-
|
85
|
-
|
86
|
-
}
|
87
|
-
// Sets the verifier in the options.
|
88
|
-
void set_check_call_host(bool check_call_host) {
|
89
|
-
check_call_host_ = check_call_host;
|
90
|
-
}
|
91
|
-
// Sets the provider in the options.
|
92
|
-
void set_certificate_provider(
|
93
|
-
grpc_core::RefCountedPtr<grpc_tls_certificate_provider> provider) {
|
94
|
-
provider_ = std::move(provider);
|
95
|
-
}
|
96
|
-
// If need to watch the updates of root certificates with name
|
97
|
-
// |root_cert_name|. The default value is false. If used in tls_credentials,
|
98
|
-
// it should always be set to true unless the root certificates are not
|
99
|
-
// needed.
|
100
|
-
void set_watch_root_cert(bool watch) { watch_root_cert_ = watch; }
|
101
|
-
// Sets the name of root certificates being watched, if |set_watch_root_cert|
|
102
|
-
// is called. If not set, an empty string will be used as the name.
|
103
|
-
void set_root_cert_name(std::string root_cert_name) {
|
104
|
-
root_cert_name_ = std::move(root_cert_name);
|
105
|
-
}
|
106
|
-
// If need to watch the updates of identity certificates with name
|
107
|
-
// |identity_cert_name|.
|
108
|
-
// The default value is false.
|
109
|
-
// If used in tls_credentials, it should always be set to true
|
110
|
-
// unless the identity key-cert pairs are not needed.
|
111
|
-
void set_watch_identity_pair(bool watch) { watch_identity_pair_ = watch; }
|
112
|
-
// Sets the name of identity key-cert pairs being watched, if
|
113
|
-
// |set_watch_identity_pair| is called. If not set, an empty string will
|
114
|
-
// be used as the name.
|
115
|
-
void set_identity_cert_name(std::string identity_cert_name) {
|
116
|
-
identity_cert_name_ = std::move(identity_cert_name);
|
117
|
-
}
|
118
|
-
// Sets the tls session key log file path.
|
119
|
-
void set_tls_session_key_log_file_path(
|
120
|
-
std::string tls_session_key_log_file_path) {
|
121
|
-
tls_session_key_log_file_path_ = std::move(tls_session_key_log_file_path);
|
122
|
-
}
|
66
|
+
void set_cert_request_type(grpc_ssl_client_certificate_request_type cert_request_type) { cert_request_type_ = cert_request_type; }
|
67
|
+
void set_verify_server_cert(bool verify_server_cert) { verify_server_cert_ = verify_server_cert; }
|
68
|
+
void set_min_tls_version(grpc_tls_version min_tls_version) { min_tls_version_ = min_tls_version; }
|
69
|
+
void set_max_tls_version(grpc_tls_version max_tls_version) { max_tls_version_ = max_tls_version; }
|
70
|
+
void set_certificate_verifier(grpc_core::RefCountedPtr<grpc_tls_certificate_verifier> certificate_verifier) { certificate_verifier_ = std::move(certificate_verifier); }
|
71
|
+
void set_check_call_host(bool check_call_host) { check_call_host_ = check_call_host; }
|
72
|
+
void set_certificate_provider(grpc_core::RefCountedPtr<grpc_tls_certificate_provider> certificate_provider) { certificate_provider_ = std::move(certificate_provider); }
|
73
|
+
// If need to watch the updates of root certificates with name |root_cert_name|. The default value is false. If used in tls_credentials, it should always be set to true unless the root certificates are not needed.
|
74
|
+
void set_watch_root_cert(bool watch_root_cert) { watch_root_cert_ = watch_root_cert; }
|
75
|
+
// Sets the name of root certificates being watched, if |set_watch_root_cert| is called. If not set, an empty string will be used as the name.
|
76
|
+
void set_root_cert_name(std::string root_cert_name) { root_cert_name_ = std::move(root_cert_name); }
|
77
|
+
// If need to watch the updates of identity certificates with name |identity_cert_name|. The default value is false. If used in tls_credentials, it should always be set to true unless the identity key-cert pairs are not needed.
|
78
|
+
void set_watch_identity_pair(bool watch_identity_pair) { watch_identity_pair_ = watch_identity_pair; }
|
79
|
+
// Sets the name of identity key-cert pairs being watched, if |set_watch_identity_pair| is called. If not set, an empty string will be used as the name.
|
80
|
+
void set_identity_cert_name(std::string identity_cert_name) { identity_cert_name_ = std::move(identity_cert_name); }
|
81
|
+
void set_tls_session_key_log_file_path(std::string tls_session_key_log_file_path) { tls_session_key_log_file_path_ = std::move(tls_session_key_log_file_path); }
|
82
|
+
// gRPC will enforce CRLs on all handshakes from all hashed CRL files inside of the crl_directory. If not set, an empty string will be used, which will not enable CRL checking. Only supported for OpenSSL version > 1.1.
|
83
|
+
void set_crl_directory(std::string crl_directory) { crl_directory_ = std::move(crl_directory); }
|
123
84
|
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
85
|
+
bool operator==(const grpc_tls_credentials_options& other) const {
|
86
|
+
return cert_request_type_ == other.cert_request_type_ &&
|
87
|
+
verify_server_cert_ == other.verify_server_cert_ &&
|
88
|
+
min_tls_version_ == other.min_tls_version_ &&
|
89
|
+
max_tls_version_ == other.max_tls_version_ &&
|
90
|
+
(certificate_verifier_ == other.certificate_verifier_ || (certificate_verifier_ != nullptr && other.certificate_verifier_ != nullptr && certificate_verifier_->Compare(other.certificate_verifier_.get()) == 0)) &&
|
91
|
+
check_call_host_ == other.check_call_host_ &&
|
92
|
+
(certificate_provider_ == other.certificate_provider_ || (certificate_provider_ != nullptr && other.certificate_provider_ != nullptr && certificate_provider_->Compare(other.certificate_provider_.get()) == 0)) &&
|
93
|
+
watch_root_cert_ == other.watch_root_cert_ &&
|
94
|
+
root_cert_name_ == other.root_cert_name_ &&
|
95
|
+
watch_identity_pair_ == other.watch_identity_pair_ &&
|
96
|
+
identity_cert_name_ == other.identity_cert_name_ &&
|
97
|
+
tls_session_key_log_file_path_ == other.tls_session_key_log_file_path_ &&
|
98
|
+
crl_directory_ == other.crl_directory_;
|
99
|
+
}
|
128
100
|
|
129
101
|
private:
|
130
|
-
grpc_ssl_client_certificate_request_type cert_request_type_ =
|
131
|
-
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
|
102
|
+
grpc_ssl_client_certificate_request_type cert_request_type_ = GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
|
132
103
|
bool verify_server_cert_ = true;
|
133
104
|
grpc_tls_version min_tls_version_ = grpc_tls_version::TLS1_2;
|
134
105
|
grpc_tls_version max_tls_version_ = grpc_tls_version::TLS1_3;
|
135
|
-
grpc_core::RefCountedPtr<grpc_tls_certificate_verifier>
|
106
|
+
grpc_core::RefCountedPtr<grpc_tls_certificate_verifier> certificate_verifier_;
|
136
107
|
bool check_call_host_ = true;
|
137
|
-
grpc_core::RefCountedPtr<grpc_tls_certificate_provider>
|
108
|
+
grpc_core::RefCountedPtr<grpc_tls_certificate_provider> certificate_provider_;
|
138
109
|
bool watch_root_cert_ = false;
|
139
110
|
std::string root_cert_name_;
|
140
111
|
bool watch_identity_pair_ = false;
|
@@ -31,8 +31,6 @@
|
|
31
31
|
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h"
|
32
32
|
#include "src/core/lib/security/security_connector/tls/tls_security_connector.h"
|
33
33
|
|
34
|
-
#define GRPC_CREDENTIALS_TYPE_TLS "Tls"
|
35
|
-
|
36
34
|
namespace {
|
37
35
|
|
38
36
|
bool CredentialOptionSanityCheck(grpc_tls_credentials_options* options,
|
@@ -70,8 +68,7 @@ bool CredentialOptionSanityCheck(grpc_tls_credentials_options* options,
|
|
70
68
|
|
71
69
|
TlsCredentials::TlsCredentials(
|
72
70
|
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
|
73
|
-
:
|
74
|
-
options_(std::move(options)) {}
|
71
|
+
: options_(std::move(options)) {}
|
75
72
|
|
76
73
|
TlsCredentials::~TlsCredentials() {}
|
77
74
|
|
@@ -109,10 +106,16 @@ TlsCredentials::create_security_connector(
|
|
109
106
|
return sc;
|
110
107
|
}
|
111
108
|
|
109
|
+
int TlsCredentials::cmp_impl(const grpc_channel_credentials* other) const {
|
110
|
+
const TlsCredentials* o = static_cast<const TlsCredentials*>(other);
|
111
|
+
if (*options_ == *o->options_) return 0;
|
112
|
+
return grpc_core::QsortCompare(
|
113
|
+
static_cast<const grpc_channel_credentials*>(this), other);
|
114
|
+
}
|
115
|
+
|
112
116
|
TlsServerCredentials::TlsServerCredentials(
|
113
117
|
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
|
114
|
-
:
|
115
|
-
options_(std::move(options)) {}
|
118
|
+
: options_(std::move(options)) {}
|
116
119
|
|
117
120
|
TlsServerCredentials::~TlsServerCredentials() {}
|
118
121
|
|
@@ -38,14 +38,12 @@ class TlsCredentials final : public grpc_channel_credentials {
|
|
38
38
|
const char* target_name, const grpc_channel_args* args,
|
39
39
|
grpc_channel_args** new_args) override;
|
40
40
|
|
41
|
+
const char* type() const override { return "Tls"; }
|
42
|
+
|
41
43
|
grpc_tls_credentials_options* options() const { return options_.get(); }
|
42
44
|
|
43
45
|
private:
|
44
|
-
int cmp_impl(const grpc_channel_credentials* other) const override
|
45
|
-
// TODO(yashykt): Check if we can do something better here
|
46
|
-
return grpc_core::QsortCompare(
|
47
|
-
static_cast<const grpc_channel_credentials*>(this), other);
|
48
|
-
}
|
46
|
+
int cmp_impl(const grpc_channel_credentials* other) const override;
|
49
47
|
|
50
48
|
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options_;
|
51
49
|
};
|
@@ -59,6 +57,8 @@ class TlsServerCredentials final : public grpc_server_credentials {
|
|
59
57
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
60
58
|
create_security_connector(const grpc_channel_args* /* args */) override;
|
61
59
|
|
60
|
+
const char* type() const override { return "Tls"; }
|
61
|
+
|
62
62
|
grpc_tls_credentials_options* options() const { return options_.get(); }
|
63
63
|
|
64
64
|
private:
|
@@ -29,8 +29,6 @@
|
|
29
29
|
|
30
30
|
namespace grpc_core {
|
31
31
|
|
32
|
-
const char kCredentialsTypeXds[] = "Xds";
|
33
|
-
|
34
32
|
namespace {
|
35
33
|
|
36
34
|
bool XdsVerifySubjectAlternativeNames(
|
@@ -61,44 +59,53 @@ bool XdsVerifySubjectAlternativeNames(
|
|
61
59
|
return false;
|
62
60
|
}
|
63
61
|
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
62
|
+
} // namespace
|
63
|
+
|
64
|
+
//
|
65
|
+
// XdsCertificateVerifier
|
66
|
+
//
|
67
|
+
|
68
|
+
XdsCertificateVerifier::XdsCertificateVerifier(
|
69
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider,
|
70
|
+
std::string cluster_name)
|
71
|
+
: xds_certificate_provider_(std::move(xds_certificate_provider)),
|
72
|
+
cluster_name_(std::move(cluster_name)) {}
|
73
|
+
|
74
|
+
bool XdsCertificateVerifier::Verify(
|
75
|
+
grpc_tls_custom_verification_check_request* request,
|
76
|
+
std::function<void(absl::Status)>, absl::Status* sync_status) {
|
77
|
+
GPR_ASSERT(request != nullptr);
|
78
|
+
if (!XdsVerifySubjectAlternativeNames(
|
79
|
+
request->peer_info.san_names.uri_names,
|
80
|
+
request->peer_info.san_names.uri_names_size,
|
81
|
+
xds_certificate_provider_->GetSanMatchers(cluster_name_)) &&
|
82
|
+
!XdsVerifySubjectAlternativeNames(
|
83
|
+
request->peer_info.san_names.ip_names,
|
84
|
+
request->peer_info.san_names.ip_names_size,
|
85
|
+
xds_certificate_provider_->GetSanMatchers(cluster_name_)) &&
|
86
|
+
!XdsVerifySubjectAlternativeNames(
|
87
|
+
request->peer_info.san_names.dns_names,
|
88
|
+
request->peer_info.san_names.dns_names_size,
|
89
|
+
xds_certificate_provider_->GetSanMatchers(cluster_name_))) {
|
90
|
+
*sync_status = absl::Status(
|
91
|
+
absl::StatusCode::kUnauthenticated,
|
92
|
+
"SANs from certificate did not match SANs from xDS control plane");
|
93
93
|
}
|
94
|
-
|
94
|
+
return true; /* synchronous check */
|
95
|
+
}
|
95
96
|
|
96
|
-
|
97
|
-
|
98
|
-
std::string cluster_name_;
|
99
|
-
};
|
97
|
+
void XdsCertificateVerifier::Cancel(
|
98
|
+
grpc_tls_custom_verification_check_request*) {}
|
100
99
|
|
101
|
-
|
100
|
+
int XdsCertificateVerifier::CompareImpl(
|
101
|
+
const grpc_tls_certificate_verifier* other) const {
|
102
|
+
auto* o = static_cast<const XdsCertificateVerifier*>(other);
|
103
|
+
int r = QsortCompare(xds_certificate_provider_, o->xds_certificate_provider_);
|
104
|
+
if (r != 0) return r;
|
105
|
+
return cluster_name_.compare(o->cluster_name_);
|
106
|
+
}
|
107
|
+
|
108
|
+
const char* XdsCertificateVerifier::type() const { return "Xds"; }
|
102
109
|
|
103
110
|
bool TestOnlyXdsVerifySubjectAlternativeNames(
|
104
111
|
const char* const* subject_alternative_names,
|
@@ -164,19 +171,6 @@ XdsCredentials::create_security_connector(
|
|
164
171
|
MakeRefCounted<XdsCertificateVerifier>(xds_certificate_provider,
|
165
172
|
std::move(cluster_name)));
|
166
173
|
tls_credentials_options->set_check_call_host(false);
|
167
|
-
// TODO(yashkt): Creating a new TlsCreds object each time we create a
|
168
|
-
// security connector means that the security connector's cmp() method
|
169
|
-
// returns unequal for each instance, which means that every time an LB
|
170
|
-
// policy updates, all the subchannels will be recreated. This is
|
171
|
-
// going to lead to a lot of connection churn. Instead, we should
|
172
|
-
// either (a) change the TLS security connector's cmp() method to be
|
173
|
-
// smarter somehow, so that it compares unequal only when the
|
174
|
-
// tls_credentials_options have changed, or (b) cache the TlsCreds
|
175
|
-
// objects in the XdsCredentials object so that we can reuse the
|
176
|
-
// same one when creating new security connectors, swapping out the
|
177
|
-
// TlsCreds object only when the tls_credentials_options change.
|
178
|
-
// Option (a) would probably be better, although it may require some
|
179
|
-
// structural changes to the security connector API.
|
180
174
|
auto tls_credentials =
|
181
175
|
MakeRefCounted<TlsCredentials>(std::move(tls_credentials_options));
|
182
176
|
return tls_credentials->create_security_connector(
|
@@ -188,6 +182,8 @@ XdsCredentials::create_security_connector(
|
|
188
182
|
std::move(call_creds), target_name, temp_args.args, new_args);
|
189
183
|
}
|
190
184
|
|
185
|
+
const char* XdsCredentials::Type() { return "Xds"; }
|
186
|
+
|
191
187
|
//
|
192
188
|
// XdsServerCredentials
|
193
189
|
//
|
@@ -224,6 +220,8 @@ XdsServerCredentials::create_security_connector(const grpc_channel_args* args) {
|
|
224
220
|
return fallback_credentials_->create_security_connector(args);
|
225
221
|
}
|
226
222
|
|
223
|
+
const char* XdsServerCredentials::Type() { return "Xds"; }
|
224
|
+
|
227
225
|
} // namespace grpc_core
|
228
226
|
|
229
227
|
grpc_channel_credentials* grpc_xds_credentials_create(
|
@@ -23,24 +23,47 @@
|
|
23
23
|
|
24
24
|
#include <grpc/grpc_security.h>
|
25
25
|
|
26
|
+
#include "src/core/ext/xds/xds_certificate_provider.h"
|
26
27
|
#include "src/core/lib/matchers/matchers.h"
|
27
28
|
#include "src/core/lib/security/credentials/credentials.h"
|
29
|
+
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h"
|
28
30
|
|
29
31
|
namespace grpc_core {
|
30
32
|
|
31
|
-
|
33
|
+
class XdsCertificateVerifier : public grpc_tls_certificate_verifier {
|
34
|
+
public:
|
35
|
+
XdsCertificateVerifier(
|
36
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider,
|
37
|
+
std::string cluster_name);
|
38
|
+
|
39
|
+
bool Verify(grpc_tls_custom_verification_check_request* request,
|
40
|
+
std::function<void(absl::Status)>,
|
41
|
+
absl::Status* sync_status) override;
|
42
|
+
void Cancel(grpc_tls_custom_verification_check_request*) override;
|
43
|
+
|
44
|
+
const char* type() const override;
|
45
|
+
|
46
|
+
private:
|
47
|
+
int CompareImpl(const grpc_tls_certificate_verifier* other) const override;
|
48
|
+
|
49
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider_;
|
50
|
+
std::string cluster_name_;
|
51
|
+
};
|
32
52
|
|
33
53
|
class XdsCredentials final : public grpc_channel_credentials {
|
34
54
|
public:
|
35
55
|
explicit XdsCredentials(
|
36
56
|
RefCountedPtr<grpc_channel_credentials> fallback_credentials)
|
37
|
-
:
|
38
|
-
fallback_credentials_(std::move(fallback_credentials)) {}
|
57
|
+
: fallback_credentials_(std::move(fallback_credentials)) {}
|
39
58
|
|
40
59
|
RefCountedPtr<grpc_channel_security_connector> create_security_connector(
|
41
60
|
RefCountedPtr<grpc_call_credentials> call_creds, const char* target_name,
|
42
61
|
const grpc_channel_args* args, grpc_channel_args** new_args) override;
|
43
62
|
|
63
|
+
static const char* Type();
|
64
|
+
|
65
|
+
const char* type() const override { return Type(); }
|
66
|
+
|
44
67
|
private:
|
45
68
|
int cmp_impl(const grpc_channel_credentials* other) const override {
|
46
69
|
auto* o = static_cast<const XdsCredentials*>(other);
|
@@ -54,12 +77,15 @@ class XdsServerCredentials final : public grpc_server_credentials {
|
|
54
77
|
public:
|
55
78
|
explicit XdsServerCredentials(
|
56
79
|
RefCountedPtr<grpc_server_credentials> fallback_credentials)
|
57
|
-
:
|
58
|
-
fallback_credentials_(std::move(fallback_credentials)) {}
|
80
|
+
: fallback_credentials_(std::move(fallback_credentials)) {}
|
59
81
|
|
60
82
|
RefCountedPtr<grpc_server_security_connector> create_security_connector(
|
61
83
|
const grpc_channel_args* /* args */) override;
|
62
84
|
|
85
|
+
static const char* Type();
|
86
|
+
|
87
|
+
const char* type() const override { return Type(); }
|
88
|
+
|
63
89
|
private:
|
64
90
|
RefCountedPtr<grpc_server_credentials> fallback_credentials_;
|
65
91
|
};
|
@@ -152,7 +152,7 @@ class grpc_local_channel_security_connector final
|
|
152
152
|
grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,
|
153
153
|
grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds,
|
154
154
|
const char* target_name)
|
155
|
-
: grpc_channel_security_connector(
|
155
|
+
: grpc_channel_security_connector({}, std::move(channel_creds),
|
156
156
|
std::move(request_metadata_creds)),
|
157
157
|
target_name_(gpr_strdup(target_name)) {}
|
158
158
|
|
@@ -210,7 +210,7 @@ class grpc_local_server_security_connector final
|
|
210
210
|
public:
|
211
211
|
explicit grpc_local_server_security_connector(
|
212
212
|
grpc_core::RefCountedPtr<grpc_server_credentials> server_creds)
|
213
|
-
: grpc_server_security_connector(
|
213
|
+
: grpc_server_security_connector({}, std::move(server_creds)) {}
|
214
214
|
~grpc_local_server_security_connector() override = default;
|
215
215
|
|
216
216
|
void add_handshakers(
|
@@ -60,6 +60,10 @@ class grpc_security_connector
|
|
60
60
|
url_scheme_(url_scheme) {}
|
61
61
|
~grpc_security_connector() override = default;
|
62
62
|
|
63
|
+
static absl::string_view ChannelArgName() {
|
64
|
+
return GRPC_ARG_SECURITY_CONNECTOR;
|
65
|
+
}
|
66
|
+
|
63
67
|
// Checks the peer. Callee takes ownership of the peer object.
|
64
68
|
// When done, sets *auth_context and invokes on_peer_checked.
|
65
69
|
virtual void check_peer(
|
@@ -75,6 +79,11 @@ class grpc_security_connector
|
|
75
79
|
/* Compares two security connectors. */
|
76
80
|
virtual int cmp(const grpc_security_connector* other) const = 0;
|
77
81
|
|
82
|
+
static int ChannelArgsCompare(const grpc_security_connector* a,
|
83
|
+
const grpc_security_connector* b) {
|
84
|
+
return a->cmp(b);
|
85
|
+
}
|
86
|
+
|
78
87
|
absl::string_view url_scheme() const { return url_scheme_; }
|
79
88
|
|
80
89
|
private:
|
@@ -129,7 +129,8 @@ class grpc_ssl_channel_security_connector final
|
|
129
129
|
client_handshaker_factory_,
|
130
130
|
overridden_target_name_.empty() ? target_name_.c_str()
|
131
131
|
: overridden_target_name_.c_str(),
|
132
|
-
|
132
|
+
/*network_bio_buf_size=*/0,
|
133
|
+
/*ssl_bio_buf_size=*/0, &tsi_hs);
|
133
134
|
if (result != TSI_OK) {
|
134
135
|
gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.",
|
135
136
|
tsi_result_to_string(result));
|
@@ -272,7 +273,8 @@ class grpc_ssl_server_security_connector
|
|
272
273
|
try_fetch_ssl_server_credentials();
|
273
274
|
tsi_handshaker* tsi_hs = nullptr;
|
274
275
|
tsi_result result = tsi_ssl_server_handshaker_factory_create_handshaker(
|
275
|
-
server_handshaker_factory_,
|
276
|
+
server_handshaker_factory_, /*network_bio_buf_size=*/0,
|
277
|
+
/*ssl_bio_buf_size=*/0, &tsi_hs);
|
276
278
|
if (result != TSI_OK) {
|
277
279
|
gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.",
|
278
280
|
tsi_result_to_string(result));
|
@@ -332,7 +332,8 @@ void TlsChannelSecurityConnector::add_handshakers(
|
|
332
332
|
client_handshaker_factory_,
|
333
333
|
overridden_target_name_.empty() ? target_name_.c_str()
|
334
334
|
: overridden_target_name_.c_str(),
|
335
|
-
|
335
|
+
/*network_bio_buf_size=*/0,
|
336
|
+
/*ssl_bio_buf_size=*/0, &tsi_hs);
|
336
337
|
if (result != TSI_OK) {
|
337
338
|
gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.",
|
338
339
|
tsi_result_to_string(result));
|
@@ -618,7 +619,8 @@ void TlsServerSecurityConnector::add_handshakers(
|
|
618
619
|
if (server_handshaker_factory_ != nullptr) {
|
619
620
|
// Instantiate TSI handshaker.
|
620
621
|
tsi_result result = tsi_ssl_server_handshaker_factory_create_handshaker(
|
621
|
-
server_handshaker_factory_,
|
622
|
+
server_handshaker_factory_, /*network_bio_buf_size=*/0,
|
623
|
+
/*ssl_bio_buf_size=*/0, &tsi_hs);
|
622
624
|
if (result != TSI_OK) {
|
623
625
|
gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.",
|
624
626
|
tsi_result_to_string(result));
|