grpc 1.45.0 → 1.47.0

data/src/core/lib/security/credentials/ssl/ssl_credentials.cc

@@ -37,8 +37,7 @@
 
 grpc_ssl_credentials::grpc_ssl_credentials(
     const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
-    const grpc_ssl_verify_peer_options* verify_options)
-    : grpc_channel_credentials(GRPC_CHANNEL_CREDENTIALS_TYPE_SSL) {
+    const grpc_ssl_verify_peer_options* verify_options) {
   build_config(pem_root_certs, pem_key_cert_pair, verify_options);
 }
 
@@ -83,6 +82,11 @@ grpc_ssl_credentials::create_security_connector(
   return sc;
 }
 
+grpc_core::UniqueTypeName grpc_ssl_credentials::Type() {
+  static grpc_core::UniqueTypeName::Factory kFactory("Ssl");
+  return kFactory.Create();
+}
+
 void grpc_ssl_credentials::build_config(
     const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
     const grpc_ssl_verify_peer_options* verify_options) {
@@ -162,8 +166,7 @@ struct grpc_ssl_server_credentials_options {
 };
 
 grpc_ssl_server_credentials::grpc_ssl_server_credentials(
-    const grpc_ssl_server_credentials_options& options)
-    : grpc_server_credentials(GRPC_CHANNEL_CREDENTIALS_TYPE_SSL) {
+    const grpc_ssl_server_credentials_options& options) {
   if (options.certificate_config_fetcher != nullptr) {
     config_.client_certificate_request = options.client_certificate_request;
     certificate_config_fetcher_ = *options.certificate_config_fetcher;
@@ -186,6 +189,11 @@ grpc_ssl_server_credentials::create_security_connector(
   return grpc_ssl_server_security_connector_create(this->Ref());
 }
 
+grpc_core::UniqueTypeName grpc_ssl_server_credentials::Type() {
+  static grpc_core::UniqueTypeName::Factory kFactory("Ssl");
+  return kFactory.Create();
+}
+
 tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs(
     const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
     size_t num_key_cert_pairs) {

data/src/core/lib/security/credentials/ssl/ssl_credentials.h

@@ -37,6 +37,10 @@ class grpc_ssl_credentials : public grpc_channel_credentials {
       const char* target, const grpc_channel_args* args,
       grpc_channel_args** new_args) override;
 
+  static grpc_core::UniqueTypeName Type();
+
+  grpc_core::UniqueTypeName type() const override { return Type(); }
+
   // TODO(mattstev): Plumb to wrapped languages. Until then, setting the TLS
   // version should be done for testing purposes only.
   void set_min_tls_version(grpc_tls_version min_tls_version);
@@ -76,6 +80,10 @@ class grpc_ssl_server_credentials final : public grpc_server_credentials {
   grpc_core::RefCountedPtr<grpc_server_security_connector>
   create_security_connector(const grpc_channel_args* /* args */) override;
 
+  static grpc_core::UniqueTypeName Type();
+
+  grpc_core::UniqueTypeName type() const override { return Type(); }
+
   bool has_cert_config_fetcher() const {
     return certificate_config_fetcher_.cb != nullptr;
   }

data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc

@@ -85,6 +85,11 @@ StaticDataCertificateProvider::~StaticDataCertificateProvider() {
   distributor_->SetWatchStatusCallback(nullptr);
 }
 
+UniqueTypeName StaticDataCertificateProvider::type() const {
+  static UniqueTypeName::Factory kFactory("StaticData");
+  return kFactory.Create();
+}
+
 namespace {
 
 gpr_timespec TimeoutSecondsToDeadline(int64_t seconds) {
@@ -177,6 +182,11 @@ FileWatcherCertificateProvider::~FileWatcherCertificateProvider() {
   refresh_thread_.Join();
 }
 
+UniqueTypeName FileWatcherCertificateProvider::type() const {
+  static UniqueTypeName::Factory kFactory("FileWatcher");
+  return kFactory.Create();
+}
+
 void FileWatcherCertificateProvider::ForceUpdate() {
   absl::optional<std::string> root_certificate;
   absl::optional<PemKeyCertPairList> pem_key_cert_pairs;

data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h

@@ -26,9 +26,11 @@
 
 #include <grpc/grpc_security.h>
 
+#include "src/core/lib/gpr/useful.h"
 #include "src/core/lib/gprpp/ref_counted.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/gprpp/thd.h"
+#include "src/core/lib/gprpp/unique_type_name.h"
 #include "src/core/lib/iomgr/load_file.h"
 #include "src/core/lib/iomgr/pollset_set.h"
 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
@@ -50,6 +52,33 @@ struct grpc_tls_certificate_provider
 
   virtual grpc_core::RefCountedPtr<grpc_tls_certificate_distributor>
   distributor() const = 0;
+
+  // Compares this grpc_tls_certificate_provider object with \a other.
+  // If this method returns 0, it means that gRPC can treat the two certificate
+  // providers as effectively the same. This method is used to compare
+  // `grpc_tls_certificate_provider` objects when they are present in
+  // channel_args. One important usage of this is when channel args are used in
+  // SubchannelKey, which leads to a useful property that allows subchannels to
+  // be reused when two different `grpc_tls_certificate_provider` objects are
+  // used but they compare as equal (assuming other channel args match).
+  int Compare(const grpc_tls_certificate_provider* other) const {
+    GPR_ASSERT(other != nullptr);
+    int r = type().Compare(other->type());
+    if (r != 0) return r;
+    return CompareImpl(other);
+  }
+
+  // The pointer value \a type is used to uniquely identify a creds
+  // implementation for down-casting purposes. Every provider implementation
+  // should use a unique string instance, which should be returned by all
+  // instances of that provider implementation.
+  virtual grpc_core::UniqueTypeName type() const = 0;
+
+ private:
+  // Implementation for `Compare` method intended to be overridden by
+  // subclasses. Only invoked if `type()` and `other->type()` point to the same
+  // string.
+  virtual int CompareImpl(const grpc_tls_certificate_provider* other) const = 0;
 };
 
 namespace grpc_core {
@@ -68,11 +97,20 @@ class StaticDataCertificateProvider final
     return distributor_;
   }
 
+  UniqueTypeName type() const override;
+
  private:
   struct WatcherInfo {
     bool root_being_watched = false;
     bool identity_being_watched = false;
   };
+
+  int CompareImpl(const grpc_tls_certificate_provider* other) const override {
+    // TODO(yashykt): Maybe do something better here.
+    return QsortCompare(static_cast<const grpc_tls_certificate_provider*>(this),
+                        other);
+  }
+
   RefCountedPtr<grpc_tls_certificate_distributor> distributor_;
   std::string root_certificate_;
   PemKeyCertPairList pem_key_cert_pairs_;
@@ -98,11 +136,20 @@ class FileWatcherCertificateProvider final
     return distributor_;
   }
 
+  UniqueTypeName type() const override;
+
  private:
   struct WatcherInfo {
     bool root_being_watched = false;
     bool identity_being_watched = false;
   };
+
+  int CompareImpl(const grpc_tls_certificate_provider* other) const override {
+    // TODO(yashykt): Maybe do something better here.
+    return QsortCompare(static_cast<const grpc_tls_certificate_provider*>(this),
+                        other);
+  }
+
   // Force an update from the file system regardless of the interval.
   void ForceUpdate();
   // Read the root certificates from files and update the distributor.

data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc

@@ -30,6 +30,10 @@
 
 namespace grpc_core {
 
+//
+// ExternalCertificateVerifier
+//
+
 bool ExternalCertificateVerifier::Verify(
     grpc_tls_custom_verification_check_request* request,
     std::function<void(absl::Status)> callback, absl::Status* sync_status) {
@@ -56,6 +60,11 @@ bool ExternalCertificateVerifier::Verify(
   return is_done;
 }
 
+UniqueTypeName ExternalCertificateVerifier::type() const {
+  static UniqueTypeName::Factory kFactory("External");
+  return kFactory.Create();
+}
+
 void ExternalCertificateVerifier::OnVerifyDone(
     grpc_tls_custom_verification_check_request* request, void* callback_arg,
     grpc_status_code status, const char* error_details) {
@@ -80,6 +89,19 @@ void ExternalCertificateVerifier::OnVerifyDone(
   }
 }
 
+//
+// NoOpCertificateVerifier
+//
+
+UniqueTypeName NoOpCertificateVerifier::type() const {
+  static UniqueTypeName::Factory kFactory("NoOp");
+  return kFactory.Create();
+}
+
+//
+// HostNameCertificateVerifier
+//
+
 bool HostNameCertificateVerifier::Verify(
     grpc_tls_custom_verification_check_request* request,
     std::function<void(absl::Status)>, absl::Status* sync_status) {
@@ -134,7 +156,8 @@ bool HostNameCertificateVerifier::Verify(
     const char* common_name = request->peer_info.common_name;
     // We are using the target name sent from the client as a matcher to match
     // against identity name on the peer cert.
-    if (VerifySubjectAlternativeName(common_name, std::string(target_host))) {
+    if (common_name != nullptr &&
+        VerifySubjectAlternativeName(common_name, std::string(target_host))) {
       return true;  // synchronous check
     }
   }
@@ -143,6 +166,11 @@ bool HostNameCertificateVerifier::Verify(
   return true;  // synchronous check
 }
 
+UniqueTypeName HostNameCertificateVerifier::type() const {
+  static UniqueTypeName::Factory kFactory("Hostname");
+  return kFactory.Create();
+}
+
 }  // namespace grpc_core
 
 //
@@ -186,6 +214,11 @@ grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_external_create(
   return new grpc_core::ExternalCertificateVerifier(external_verifier);
 }
 
+grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_no_op_create() {
+  grpc_core::ExecCtx exec_ctx;
+  return new grpc_core::NoOpCertificateVerifier();
+}
+
 grpc_tls_certificate_verifier*
 grpc_tls_certificate_verifier_host_name_create() {
   grpc_core::ExecCtx exec_ctx;

data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h

@@ -25,9 +25,11 @@
 
 #include <grpc/grpc_security.h>
 
+#include "src/core/lib/gpr/useful.h"
 #include "src/core/lib/gprpp/ref_counted.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/gprpp/thd.h"
+#include "src/core/lib/gprpp/unique_type_name.h"
 #include "src/core/lib/iomgr/load_file.h"
 #include "src/core/lib/iomgr/pollset_set.h"
 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
@@ -37,8 +39,6 @@
 struct grpc_tls_certificate_verifier
     : public grpc_core::RefCounted<grpc_tls_certificate_verifier> {
  public:
-  grpc_tls_certificate_verifier() = default;
-
   ~grpc_tls_certificate_verifier() override = default;
   // Verifies the specific request. It can be processed in sync or async mode.
   // If the caller want it to be processed asynchronously, return false
@@ -52,6 +52,28 @@ struct grpc_tls_certificate_verifier
   // Operations that will be performed when a request is cancelled.
   // This is only needed when in async mode.
   virtual void Cancel(grpc_tls_custom_verification_check_request* request) = 0;
+
+  // Compares this grpc_tls_certificate_verifier object with \a other.
+  // If this method returns 0, it means that gRPC can treat the two certificate
+  // verifiers as effectively the same.
+  int Compare(const grpc_tls_certificate_verifier* other) const {
+    GPR_ASSERT(other != nullptr);
+    int r = type().Compare(other->type());
+    if (r != 0) return r;
+    return CompareImpl(other);
+  }
+
+  // The pointer value \a type is used to uniquely identify a verifier
+  // implementation for down-casting purposes. Every verifier implementation
+  // should use a unique string instance, which should be returned by all
+  // instances of that verifier implementation.
+  virtual grpc_core::UniqueTypeName type() const = 0;
+
+ private:
+  // Implementation for `Compare` method intended to be overridden by
+  // subclasses. Only invoked if `type()` and `other->type()` point to the same
+  // string.
+  virtual int CompareImpl(const grpc_tls_certificate_verifier* other) const = 0;
 };
 
 namespace grpc_core {
@@ -78,12 +100,20 @@ class ExternalCertificateVerifier : public grpc_tls_certificate_verifier {
     external_verifier_->cancel(external_verifier_->user_data, request);
   }
 
+  UniqueTypeName type() const override;
+
  private:
-  grpc_tls_certificate_verifier_external* external_verifier_;
+  int CompareImpl(const grpc_tls_certificate_verifier* other) const override {
+    const auto* o = static_cast<const ExternalCertificateVerifier*>(other);
+    return QsortCompare(external_verifier_, o->external_verifier_);
+  }
 
   static void OnVerifyDone(grpc_tls_custom_verification_check_request* request,
                            void* callback_arg, grpc_status_code status,
                            const char* error_details);
+
+  grpc_tls_certificate_verifier_external* external_verifier_;
+
   // Guards members below.
   Mutex mu_;
   // stores each check request and its corresponding callback function.
@@ -92,6 +122,29 @@ class ExternalCertificateVerifier : public grpc_tls_certificate_verifier {
       request_map_ ABSL_GUARDED_BY(mu_);
 };
 
+// An internal verifier that won't perform any post-handshake checks.
+// Note: using this solely without any other authentication mechanisms on the
+// peer identity will leave your applications to the MITM(Man-In-The-Middle)
+// attacks. Users should avoid doing so in production environments.
+class NoOpCertificateVerifier : public grpc_tls_certificate_verifier {
+ public:
+  bool Verify(grpc_tls_custom_verification_check_request*,
+              std::function<void(absl::Status)>, absl::Status*) override {
+    return true;  // synchronous check
+  };
+  void Cancel(grpc_tls_custom_verification_check_request*) override {}
+
+  UniqueTypeName type() const override;
+
+ private:
+  int CompareImpl(
+      const grpc_tls_certificate_verifier* /* other */) const override {
+    // No differentiating factor between different NoOpCertificateVerifier
+    // objects.
+    return 0;
+  }
+};
+
 // An internal verifier that will perform hostname verification check.
 class HostNameCertificateVerifier : public grpc_tls_certificate_verifier {
  public:
@@ -99,6 +152,16 @@ class HostNameCertificateVerifier : public grpc_tls_certificate_verifier {
               std::function<void(absl::Status)> callback,
               absl::Status* sync_status) override;
   void Cancel(grpc_tls_custom_verification_check_request*) override {}
+
+  UniqueTypeName type() const override;
+
+ private:
+  int CompareImpl(
+      const grpc_tls_certificate_verifier* /* other */) const override {
+    // No differentiating factor between different HostNameCertificateVerifier
+    // objects.
+    return 0;
+  }
 };
 
 }  // namespace grpc_core

data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h

@@ -1,20 +1,22 @@
-/*
- *
- * Copyright 2018 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
+//
+//
+// Copyright 2018 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+
+// Generated by tools/codegen/core/gen_grpc_tls_credentials_options.py
 
 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
@@ -38,103 +40,72 @@ struct grpc_tls_credentials_options
     : public grpc_core::RefCounted<grpc_tls_credentials_options> {
  public:
   ~grpc_tls_credentials_options() override = default;
+
   // Getters for member fields.
-  grpc_ssl_client_certificate_request_type cert_request_type() const {
-    return cert_request_type_;
-  }
+  grpc_ssl_client_certificate_request_type cert_request_type() const { return cert_request_type_; }
   bool verify_server_cert() const { return verify_server_cert_; }
   grpc_tls_version min_tls_version() const { return min_tls_version_; }
   grpc_tls_version max_tls_version() const { return max_tls_version_; }
-  // Returns the verifier set in the options.
   grpc_tls_certificate_verifier* certificate_verifier() {
-    return verifier_.get();
+    return certificate_verifier_.get();
   }
   bool check_call_host() const { return check_call_host_; }
-  // Returns the distributor from provider_ if it is set, nullptr otherwise.
+  // Returns the distributor from certificate_provider_ if it is set, nullptr otherwise.
   grpc_tls_certificate_distributor* certificate_distributor() {
-    if (provider_ != nullptr) return provider_->distributor().get();
+    if (certificate_provider_ != nullptr) { return certificate_provider_->distributor().get(); }
     return nullptr;
   }
-  bool watch_root_cert() { return watch_root_cert_; }
-  const std::string& root_cert_name() { return root_cert_name_; }
-  bool watch_identity_pair() { return watch_identity_pair_; }
-  const std::string& identity_cert_name() { return identity_cert_name_; }
-  // Returns the previously set tls session key log file path.
-  const std::string& tls_session_key_log_file_path() {
-    return tls_session_key_log_file_path_;
-  }
-  const std::string& crl_directory() { return crl_directory_; }
+  bool watch_root_cert() const { return watch_root_cert_; }
+  const std::string& root_cert_name() const { return root_cert_name_; }
+  bool watch_identity_pair() const { return watch_identity_pair_; }
+  const std::string& identity_cert_name() const { return identity_cert_name_; }
+  const std::string& tls_session_key_log_file_path() const { return tls_session_key_log_file_path_; }
+  const std::string& crl_directory() const { return crl_directory_; }
 
   // Setters for member fields.
-  void set_cert_request_type(
-      const grpc_ssl_client_certificate_request_type type) {
-    cert_request_type_ = type;
-  }
-  void set_verify_server_cert(bool verify_server_cert) {
-    verify_server_cert_ = verify_server_cert;
-  }
-  void set_min_tls_version(grpc_tls_version min_tls_version) {
-    min_tls_version_ = min_tls_version;
-  }
-  void set_max_tls_version(grpc_tls_version max_tls_version) {
-    max_tls_version_ = max_tls_version;
-  }
-  // Sets the verifier in the options.
-  void set_certificate_verifier(
-      grpc_core::RefCountedPtr<grpc_tls_certificate_verifier> verifier) {
-    verifier_ = std::move(verifier);
-  }
-  // Sets the verifier in the options.
-  void set_check_call_host(bool check_call_host) {
-    check_call_host_ = check_call_host;
-  }
-  // Sets the provider in the options.
-  void set_certificate_provider(
-      grpc_core::RefCountedPtr<grpc_tls_certificate_provider> provider) {
-    provider_ = std::move(provider);
-  }
-  // If need to watch the updates of root certificates with name
-  // |root_cert_name|. The default value is false. If used in tls_credentials,
-  // it should always be set to true unless the root certificates are not
-  // needed.
-  void set_watch_root_cert(bool watch) { watch_root_cert_ = watch; }
-  // Sets the name of root certificates being watched, if |set_watch_root_cert|
-  // is called. If not set, an empty string will be used as the name.
-  void set_root_cert_name(std::string root_cert_name) {
-    root_cert_name_ = std::move(root_cert_name);
-  }
-  // If need to watch the updates of identity certificates with name
-  // |identity_cert_name|.
-  // The default value is false.
-  // If used in tls_credentials, it should always be set to true
-  // unless the identity key-cert pairs are not needed.
-  void set_watch_identity_pair(bool watch) { watch_identity_pair_ = watch; }
-  // Sets the name of identity key-cert pairs being watched, if
-  // |set_watch_identity_pair| is called. If not set, an empty string will
-  // be used as the name.
-  void set_identity_cert_name(std::string identity_cert_name) {
-    identity_cert_name_ = std::move(identity_cert_name);
-  }
-  // Sets the tls session key log file path.
-  void set_tls_session_key_log_file_path(
-      std::string tls_session_key_log_file_path) {
-    tls_session_key_log_file_path_ = std::move(tls_session_key_log_file_path);
-  }
+  void set_cert_request_type(grpc_ssl_client_certificate_request_type cert_request_type) { cert_request_type_ = cert_request_type; }
+  void set_verify_server_cert(bool verify_server_cert) { verify_server_cert_ = verify_server_cert; }
+  void set_min_tls_version(grpc_tls_version min_tls_version) { min_tls_version_ = min_tls_version; }
+  void set_max_tls_version(grpc_tls_version max_tls_version) { max_tls_version_ = max_tls_version; }
+  void set_certificate_verifier(grpc_core::RefCountedPtr<grpc_tls_certificate_verifier> certificate_verifier) { certificate_verifier_ = std::move(certificate_verifier); }
+  void set_check_call_host(bool check_call_host) { check_call_host_ = check_call_host; }
+  void set_certificate_provider(grpc_core::RefCountedPtr<grpc_tls_certificate_provider> certificate_provider) { certificate_provider_ = std::move(certificate_provider); }
+  // If need to watch the updates of root certificates with name |root_cert_name|. The default value is false. If used in tls_credentials, it should always be set to true unless the root certificates are not needed.
+  void set_watch_root_cert(bool watch_root_cert) { watch_root_cert_ = watch_root_cert; }
+  // Sets the name of root certificates being watched, if |set_watch_root_cert| is called. If not set, an empty string will be used as the name.
+  void set_root_cert_name(std::string root_cert_name) { root_cert_name_ = std::move(root_cert_name); }
+  // If need to watch the updates of identity certificates with name |identity_cert_name|. The default value is false. If used in tls_credentials, it should always be set to true unless the identity key-cert pairs are not needed.
+  void set_watch_identity_pair(bool watch_identity_pair) { watch_identity_pair_ = watch_identity_pair; }
+  // Sets the name of identity key-cert pairs being watched, if |set_watch_identity_pair| is called. If not set, an empty string will be used as the name.
+  void set_identity_cert_name(std::string identity_cert_name) { identity_cert_name_ = std::move(identity_cert_name); }
+  void set_tls_session_key_log_file_path(std::string tls_session_key_log_file_path) { tls_session_key_log_file_path_ = std::move(tls_session_key_log_file_path); }
+  //  gRPC will enforce CRLs on all handshakes from all hashed CRL files inside of the crl_directory. If not set, an empty string will be used, which will not enable CRL checking. Only supported for OpenSSL version > 1.1.
+  void set_crl_directory(std::string crl_directory) { crl_directory_ = std::move(crl_directory); }
 
-  // gRPC will enforce CRLs on all handshakes from all hashed CRL files inside
-  // of the crl_directory. If not set, an empty string will be used, which will
-  // not enable CRL checking. Only supported for OpenSSL version > 1.1.
-  void set_crl_directory(std::string path) { crl_directory_ = std::move(path); }
+  bool operator==(const grpc_tls_credentials_options& other) const {
+    return cert_request_type_ == other.cert_request_type_ &&
+      verify_server_cert_ == other.verify_server_cert_ &&
+      min_tls_version_ == other.min_tls_version_ &&
+      max_tls_version_ == other.max_tls_version_ &&
+      (certificate_verifier_ == other.certificate_verifier_ || (certificate_verifier_ != nullptr && other.certificate_verifier_ != nullptr && certificate_verifier_->Compare(other.certificate_verifier_.get()) == 0)) &&
+      check_call_host_ == other.check_call_host_ &&
+      (certificate_provider_ == other.certificate_provider_ || (certificate_provider_ != nullptr && other.certificate_provider_ != nullptr && certificate_provider_->Compare(other.certificate_provider_.get()) == 0)) &&
+      watch_root_cert_ == other.watch_root_cert_ &&
+      root_cert_name_ == other.root_cert_name_ &&
+      watch_identity_pair_ == other.watch_identity_pair_ &&
+      identity_cert_name_ == other.identity_cert_name_ &&
+      tls_session_key_log_file_path_ == other.tls_session_key_log_file_path_ &&
+      crl_directory_ == other.crl_directory_;
+  }
 
  private:
-  grpc_ssl_client_certificate_request_type cert_request_type_ =
-      GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
+  grpc_ssl_client_certificate_request_type cert_request_type_ = GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
   bool verify_server_cert_ = true;
   grpc_tls_version min_tls_version_ = grpc_tls_version::TLS1_2;
   grpc_tls_version max_tls_version_ = grpc_tls_version::TLS1_3;
-  grpc_core::RefCountedPtr<grpc_tls_certificate_verifier> verifier_;
+  grpc_core::RefCountedPtr<grpc_tls_certificate_verifier> certificate_verifier_;
   bool check_call_host_ = true;
-  grpc_core::RefCountedPtr<grpc_tls_certificate_provider> provider_;
+  grpc_core::RefCountedPtr<grpc_tls_certificate_provider> certificate_provider_;
   bool watch_root_cert_ = false;
   std::string root_cert_name_;
   bool watch_identity_pair_ = false;

data/src/core/lib/security/credentials/tls/tls_credentials.cc

@@ -31,8 +31,6 @@
 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h"
 #include "src/core/lib/security/security_connector/tls/tls_security_connector.h"
 
-#define GRPC_CREDENTIALS_TYPE_TLS "Tls"
-
 namespace {
 
 bool CredentialOptionSanityCheck(grpc_tls_credentials_options* options,
@@ -70,8 +68,7 @@ bool CredentialOptionSanityCheck(grpc_tls_credentials_options* options,
 
 TlsCredentials::TlsCredentials(
     grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
-    : grpc_channel_credentials(GRPC_CREDENTIALS_TYPE_TLS),
-      options_(std::move(options)) {}
+    : options_(std::move(options)) {}
 
 TlsCredentials::~TlsCredentials() {}
 
@@ -109,10 +106,21 @@ TlsCredentials::create_security_connector(
   return sc;
 }
 
+grpc_core::UniqueTypeName TlsCredentials::type() const {
+  static grpc_core::UniqueTypeName::Factory kFactory("Tls");
+  return kFactory.Create();
+}
+
+int TlsCredentials::cmp_impl(const grpc_channel_credentials* other) const {
+  const TlsCredentials* o = static_cast<const TlsCredentials*>(other);
+  if (*options_ == *o->options_) return 0;
+  return grpc_core::QsortCompare(
+      static_cast<const grpc_channel_credentials*>(this), other);
+}
+
 TlsServerCredentials::TlsServerCredentials(
     grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
-    : grpc_server_credentials(GRPC_CREDENTIALS_TYPE_TLS),
-      options_(std::move(options)) {}
+    : options_(std::move(options)) {}
 
 TlsServerCredentials::~TlsServerCredentials() {}
 
@@ -123,6 +131,11 @@ TlsServerCredentials::create_security_connector(
       CreateTlsServerSecurityConnector(this->Ref(), options_);
 }
 
+grpc_core::UniqueTypeName TlsServerCredentials::type() const {
+  static grpc_core::UniqueTypeName::Factory kFactory("Tls");
+  return kFactory.Create();
+}
+
 /** -- Wrapper APIs declared in grpc_security.h -- **/
 
 grpc_channel_credentials* grpc_tls_credentials_create(

data/src/core/lib/security/credentials/tls/tls_credentials.h

@@ -38,14 +38,12 @@ class TlsCredentials final : public grpc_channel_credentials {
       const char* target_name, const grpc_channel_args* args,
       grpc_channel_args** new_args) override;
 
+  grpc_core::UniqueTypeName type() const override;
+
   grpc_tls_credentials_options* options() const { return options_.get(); }
 
  private:
-  int cmp_impl(const grpc_channel_credentials* other) const override {
-    // TODO(yashykt): Check if we can do something better here
-    return grpc_core::QsortCompare(
-        static_cast<const grpc_channel_credentials*>(this), other);
-  }
+  int cmp_impl(const grpc_channel_credentials* other) const override;
 
   grpc_core::RefCountedPtr<grpc_tls_credentials_options> options_;
 };
@@ -59,6 +57,8 @@ class TlsServerCredentials final : public grpc_server_credentials {
   grpc_core::RefCountedPtr<grpc_server_security_connector>
   create_security_connector(const grpc_channel_args* /* args */) override;
 
+  grpc_core::UniqueTypeName type() const override;
+
   grpc_tls_credentials_options* options() const { return options_.get(); }
 
  private: