grpc 1.60.2 → 1.61.0.pre2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +208 -165
- data/include/grpc/event_engine/event_engine.h +59 -12
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +6 -0
- data/include/grpc/event_engine/internal/slice_cast.h +12 -0
- data/include/grpc/event_engine/memory_allocator.h +3 -1
- data/include/grpc/event_engine/slice.h +5 -0
- data/include/grpc/grpc_security.h +22 -1
- data/include/grpc/impl/call.h +29 -0
- data/include/grpc/impl/channel_arg_names.h +12 -1
- data/include/grpc/impl/slice_type.h +1 -1
- data/include/grpc/module.modulemap +1 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +54 -7
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +20 -6
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +10 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +18 -10
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +326 -0
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +143 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -2
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -6
- data/src/core/ext/filters/client_channel/client_channel_internal.h +2 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +54 -21
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.cc +12 -15
- data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.h +8 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +139 -92
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +9 -4
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +9 -4
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +10 -11
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +94 -93
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +5 -3
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +12 -15
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +38 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +25 -28
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +10 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +37 -35
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +504 -461
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +232 -122
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +642 -251
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +2 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -1
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +6 -8
- data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.cc +1031 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.h +277 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +128 -270
- data/src/core/ext/filters/client_channel/resolver/xds/{xds_resolver.h → xds_resolver_attributes.h} +5 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.cc +25 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.h +30 -0
- data/src/core/ext/filters/client_channel/retry_filter.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +35 -17
- data/src/core/ext/filters/deadline/deadline_filter.cc +12 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +17 -13
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +13 -4
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -32
- data/src/core/ext/filters/http/client/http_client_filter.h +10 -5
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/client_authority_filter.h +12 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +42 -20
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +55 -80
- data/src/core/ext/filters/http/message_compress/compression_filter.h +54 -12
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +325 -0
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.h +139 -0
- data/src/core/ext/filters/http/server/http_server_filter.cc +41 -41
- data/src/core/ext/filters/http/server/http_server_filter.h +11 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +56 -76
- data/src/core/ext/filters/message_size/message_size_filter.h +35 -23
- data/src/core/ext/filters/rbac/rbac_filter.cc +15 -11
- data/src/core/ext/filters/rbac/rbac_filter.h +11 -4
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +25 -13
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +47 -50
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +21 -4
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +11 -2
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +68 -145
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +21 -82
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -8
- data/src/core/ext/transport/chttp2/transport/frame.cc +506 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +214 -0
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +33 -79
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -7
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +27 -36
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +0 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +122 -32
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +142 -37
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -22
- data/src/core/ext/transport/chttp2/transport/parsing.cc +23 -37
- data/src/core/ext/transport/chttp2/transport/writing.cc +26 -58
- data/src/core/ext/transport/inproc/inproc_transport.cc +172 -13
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb.h +712 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.c +151 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.h +50 -0
- data/src/core/ext/xds/certificate_provider_store.cc +2 -1
- data/src/core/ext/xds/certificate_provider_store.h +0 -5
- data/src/core/ext/xds/xds_api.cc +31 -18
- data/src/core/ext/xds/xds_api.h +2 -2
- data/src/core/ext/xds/xds_bootstrap.h +3 -0
- data/src/core/ext/xds/xds_certificate_provider.cc +88 -287
- data/src/core/ext/xds/xds_certificate_provider.h +44 -111
- data/src/core/ext/xds/xds_client.cc +420 -414
- data/src/core/ext/xds/xds_client.h +31 -22
- data/src/core/ext/xds/xds_client_grpc.cc +3 -1
- data/src/core/ext/xds/xds_cluster.cc +104 -11
- data/src/core/ext/xds/xds_cluster.h +9 -1
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +9 -5
- data/src/core/ext/xds/xds_common_types.cc +14 -10
- data/src/core/ext/xds/xds_endpoint.cc +9 -4
- data/src/core/ext/xds/xds_endpoint.h +5 -1
- data/src/core/ext/xds/xds_health_status.cc +12 -2
- data/src/core/ext/xds/xds_health_status.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +5 -3
- data/src/core/ext/xds/xds_listener.cc +14 -8
- data/src/core/ext/xds/xds_resource_type_impl.h +6 -4
- data/src/core/ext/xds/xds_route_config.cc +34 -22
- data/src/core/ext/xds/xds_route_config.h +1 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +61 -57
- data/src/core/ext/xds/xds_transport.h +3 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +47 -50
- data/src/core/ext/xds/xds_transport_grpc.h +4 -0
- data/src/core/lib/channel/call_tracer.cc +12 -0
- data/src/core/lib/channel/call_tracer.h +17 -3
- data/src/core/lib/channel/channel_args.cc +24 -14
- data/src/core/lib/channel/channel_args.h +74 -13
- data/src/core/lib/channel/channel_stack.cc +27 -0
- data/src/core/lib/channel/channel_stack.h +10 -10
- data/src/core/lib/channel/connected_channel.cc +64 -18
- data/src/core/lib/channel/promise_based_filter.h +1041 -1
- data/src/core/lib/channel/server_call_tracer_filter.cc +43 -35
- data/src/core/lib/compression/compression_internal.cc +0 -3
- data/src/core/lib/event_engine/ares_resolver.cc +35 -14
- data/src/core/lib/event_engine/ares_resolver.h +9 -10
- data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +8 -1
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +132 -0
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +61 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +52 -36
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +4 -9
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +11 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +9 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +7 -0
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +17 -27
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +0 -3
- data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +55 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +114 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +51 -0
- data/src/core/lib/event_engine/windows/windows_engine.cc +7 -7
- data/src/core/lib/experiments/config.cc +13 -0
- data/src/core/lib/experiments/config.h +3 -0
- data/src/core/lib/experiments/experiments.cc +245 -366
- data/src/core/lib/experiments/experiments.h +50 -156
- data/src/core/lib/gprpp/debug_location.h +13 -0
- data/src/core/lib/gprpp/dual_ref_counted.h +36 -7
- data/src/core/lib/gprpp/orphanable.h +27 -0
- data/src/core/lib/gprpp/ref_counted.h +63 -22
- data/src/core/lib/gprpp/ref_counted_ptr.h +70 -27
- data/src/core/lib/gprpp/ref_counted_string.h +13 -0
- data/src/core/lib/gprpp/status_helper.cc +1 -2
- data/src/core/lib/iomgr/combiner.cc +15 -51
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +31 -0
- data/src/core/lib/iomgr/event_engine_shims/endpoint.h +16 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -3
- data/src/core/lib/load_balancing/lb_policy.h +1 -1
- data/src/core/lib/promise/activity.cc +17 -2
- data/src/core/lib/promise/activity.h +5 -4
- data/src/core/lib/promise/all_ok.h +80 -0
- data/src/core/lib/promise/detail/join_state.h +2077 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -0
- data/src/core/lib/promise/detail/promise_like.h +8 -1
- data/src/core/lib/promise/detail/seq_state.h +3458 -150
- data/src/core/lib/promise/detail/status.h +42 -5
- data/src/core/lib/promise/for_each.h +13 -1
- data/src/core/lib/promise/if.h +4 -0
- data/src/core/lib/promise/latch.h +6 -3
- data/src/core/lib/promise/party.cc +33 -31
- data/src/core/lib/promise/party.h +142 -6
- data/src/core/lib/promise/poll.h +39 -13
- data/src/core/lib/promise/promise.h +4 -0
- data/src/core/lib/promise/seq.h +107 -7
- data/src/core/lib/promise/status_flag.h +196 -0
- data/src/core/lib/promise/try_join.h +132 -0
- data/src/core/lib/promise/try_seq.h +132 -10
- data/src/core/lib/resolver/endpoint_addresses.cc +0 -1
- data/src/core/lib/resolver/endpoint_addresses.h +48 -0
- data/src/core/lib/resource_quota/arena.h +2 -2
- data/src/core/lib/resource_quota/memory_quota.cc +57 -8
- data/src/core/lib/resource_quota/memory_quota.h +6 -0
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -11
- data/src/core/lib/security/authorization/grpc_server_authz_filter.h +14 -5
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +28 -20
- data/src/core/lib/security/credentials/external/external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +12 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +22 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -5
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +21 -28
- data/src/core/lib/security/credentials/xds/xds_credentials.h +2 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +4 -3
- data/src/core/lib/security/transport/auth_filters.h +71 -4
- data/src/core/lib/security/transport/client_auth_filter.cc +2 -4
- data/src/core/lib/security/transport/legacy_server_auth_filter.cc +244 -0
- data/src/core/lib/security/transport/server_auth_filter.cc +70 -90
- data/src/core/lib/slice/slice_buffer.h +3 -0
- data/src/core/lib/surface/builtins.cc +1 -1
- data/src/core/lib/surface/call.cc +683 -196
- data/src/core/lib/surface/call.h +26 -13
- data/src/core/lib/surface/call_trace.cc +42 -1
- data/src/core/lib/surface/channel.cc +0 -1
- data/src/core/lib/surface/channel.h +0 -6
- data/src/core/lib/surface/channel_init.h +26 -0
- data/src/core/lib/surface/init.cc +14 -8
- data/src/core/lib/surface/server.cc +256 -237
- data/src/core/lib/surface/server.h +26 -54
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/surface/wait_for_cq_end_op.h +94 -0
- data/src/core/lib/transport/call_final_info.cc +38 -0
- data/src/core/lib/transport/call_final_info.h +54 -0
- data/src/core/lib/transport/connectivity_state.cc +3 -2
- data/src/core/lib/transport/connectivity_state.h +4 -0
- data/src/core/lib/transport/metadata_batch.h +4 -4
- data/src/core/lib/transport/transport.cc +70 -19
- data/src/core/lib/transport/transport.h +395 -25
- data/src/core/plugin_registry/grpc_plugin_registry.cc +3 -0
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +0 -3
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +65 -43
- data/src/ruby/ext/grpc/rb_channel_args.c +3 -1
- data/src/ruby/ext/grpc/rb_grpc.c +0 -1
- data/src/ruby/ext/grpc/rb_grpc.h +0 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/upb/upb/reflection/def_pool.h +2 -2
- data/third_party/zlib/adler32.c +5 -27
- data/third_party/zlib/compress.c +5 -16
- data/third_party/zlib/crc32.c +86 -162
- data/third_party/zlib/deflate.c +233 -336
- data/third_party/zlib/deflate.h +8 -8
- data/third_party/zlib/gzguts.h +11 -12
- data/third_party/zlib/infback.c +7 -23
- data/third_party/zlib/inffast.c +1 -4
- data/third_party/zlib/inffast.h +1 -1
- data/third_party/zlib/inflate.c +30 -99
- data/third_party/zlib/inftrees.c +6 -11
- data/third_party/zlib/inftrees.h +3 -3
- data/third_party/zlib/trees.c +224 -302
- data/third_party/zlib/uncompr.c +4 -12
- data/third_party/zlib/zconf.h +6 -2
- data/third_party/zlib/zlib.h +191 -188
- data/third_party/zlib/zutil.c +16 -44
- data/third_party/zlib/zutil.h +10 -10
- metadata +35 -13
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +0 -1173
- data/src/core/lib/event_engine/memory_allocator.cc +0 -74
- data/src/core/lib/transport/pid_controller.cc +0 -51
- data/src/core/lib/transport/pid_controller.h +0 -116
- data/third_party/upb/upb/collections/array.h +0 -17
- data/third_party/upb/upb/collections/map.h +0 -17
- data/third_party/upb/upb/upb.hpp +0 -18
|
@@ -74,10 +74,8 @@ bool XdsVerifySubjectAlternativeNames(
|
|
|
74
74
|
//
|
|
75
75
|
|
|
76
76
|
XdsCertificateVerifier::XdsCertificateVerifier(
|
|
77
|
-
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider
|
|
78
|
-
std::
|
|
79
|
-
: xds_certificate_provider_(std::move(xds_certificate_provider)),
|
|
80
|
-
cluster_name_(std::move(cluster_name)) {}
|
|
77
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider)
|
|
78
|
+
: xds_certificate_provider_(std::move(xds_certificate_provider)) {}
|
|
81
79
|
|
|
82
80
|
bool XdsCertificateVerifier::Verify(
|
|
83
81
|
grpc_tls_custom_verification_check_request* request,
|
|
@@ -86,15 +84,15 @@ bool XdsCertificateVerifier::Verify(
|
|
|
86
84
|
if (!XdsVerifySubjectAlternativeNames(
|
|
87
85
|
request->peer_info.san_names.uri_names,
|
|
88
86
|
request->peer_info.san_names.uri_names_size,
|
|
89
|
-
xds_certificate_provider_->
|
|
87
|
+
xds_certificate_provider_->san_matchers()) &&
|
|
90
88
|
!XdsVerifySubjectAlternativeNames(
|
|
91
89
|
request->peer_info.san_names.ip_names,
|
|
92
90
|
request->peer_info.san_names.ip_names_size,
|
|
93
|
-
xds_certificate_provider_->
|
|
91
|
+
xds_certificate_provider_->san_matchers()) &&
|
|
94
92
|
!XdsVerifySubjectAlternativeNames(
|
|
95
93
|
request->peer_info.san_names.dns_names,
|
|
96
94
|
request->peer_info.san_names.dns_names_size,
|
|
97
|
-
xds_certificate_provider_->
|
|
95
|
+
xds_certificate_provider_->san_matchers())) {
|
|
98
96
|
*sync_status = absl::Status(
|
|
99
97
|
absl::StatusCode::kUnauthenticated,
|
|
100
98
|
"SANs from certificate did not match SANs from xDS control plane");
|
|
@@ -108,9 +106,12 @@ void XdsCertificateVerifier::Cancel(
|
|
|
108
106
|
int XdsCertificateVerifier::CompareImpl(
|
|
109
107
|
const grpc_tls_certificate_verifier* other) const {
|
|
110
108
|
auto* o = static_cast<const XdsCertificateVerifier*>(other);
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
109
|
+
if (xds_certificate_provider_ == nullptr ||
|
|
110
|
+
o->xds_certificate_provider_ == nullptr) {
|
|
111
|
+
return QsortCompare(xds_certificate_provider_,
|
|
112
|
+
o->xds_certificate_provider_);
|
|
113
|
+
}
|
|
114
|
+
return xds_certificate_provider_->Compare(o->xds_certificate_provider_.get());
|
|
114
115
|
}
|
|
115
116
|
|
|
116
117
|
UniqueTypeName XdsCertificateVerifier::type() const {
|
|
@@ -140,12 +141,9 @@ XdsCredentials::create_security_connector(
|
|
|
140
141
|
RefCountedPtr<grpc_channel_security_connector> security_connector;
|
|
141
142
|
auto xds_certificate_provider = args->GetObjectRef<XdsCertificateProvider>();
|
|
142
143
|
if (xds_certificate_provider != nullptr) {
|
|
143
|
-
|
|
144
|
-
args->GetString(GRPC_ARG_XDS_CLUSTER_NAME).value());
|
|
145
|
-
const bool watch_root =
|
|
146
|
-
xds_certificate_provider->ProvidesRootCerts(cluster_name);
|
|
144
|
+
const bool watch_root = xds_certificate_provider->ProvidesRootCerts();
|
|
147
145
|
const bool watch_identity =
|
|
148
|
-
xds_certificate_provider->ProvidesIdentityCerts(
|
|
146
|
+
xds_certificate_provider->ProvidesIdentityCerts();
|
|
149
147
|
if (watch_root || watch_identity) {
|
|
150
148
|
auto tls_credentials_options =
|
|
151
149
|
MakeRefCounted<grpc_tls_credentials_options>();
|
|
@@ -153,16 +151,14 @@ XdsCredentials::create_security_connector(
|
|
|
153
151
|
xds_certificate_provider);
|
|
154
152
|
if (watch_root) {
|
|
155
153
|
tls_credentials_options->set_watch_root_cert(true);
|
|
156
|
-
tls_credentials_options->set_root_cert_name(cluster_name);
|
|
157
154
|
}
|
|
158
155
|
if (watch_identity) {
|
|
159
156
|
tls_credentials_options->set_watch_identity_pair(true);
|
|
160
|
-
tls_credentials_options->set_identity_cert_name(cluster_name);
|
|
161
157
|
}
|
|
162
158
|
tls_credentials_options->set_verify_server_cert(true);
|
|
163
159
|
tls_credentials_options->set_certificate_verifier(
|
|
164
|
-
MakeRefCounted<XdsCertificateVerifier>(
|
|
165
|
-
|
|
160
|
+
MakeRefCounted<XdsCertificateVerifier>(
|
|
161
|
+
std::move(xds_certificate_provider)));
|
|
166
162
|
tls_credentials_options->set_check_call_host(false);
|
|
167
163
|
auto tls_credentials =
|
|
168
164
|
MakeRefCounted<TlsCredentials>(std::move(tls_credentials_options));
|
|
@@ -189,20 +185,17 @@ XdsServerCredentials::create_security_connector(const ChannelArgs& args) {
|
|
|
189
185
|
auto xds_certificate_provider = args.GetObjectRef<XdsCertificateProvider>();
|
|
190
186
|
// Identity certs are a must for TLS.
|
|
191
187
|
if (xds_certificate_provider != nullptr &&
|
|
192
|
-
xds_certificate_provider->ProvidesIdentityCerts(
|
|
188
|
+
xds_certificate_provider->ProvidesIdentityCerts()) {
|
|
193
189
|
auto tls_credentials_options =
|
|
194
190
|
MakeRefCounted<grpc_tls_credentials_options>();
|
|
195
191
|
tls_credentials_options->set_watch_identity_pair(true);
|
|
196
192
|
tls_credentials_options->set_certificate_provider(xds_certificate_provider);
|
|
197
|
-
if (xds_certificate_provider->ProvidesRootCerts(
|
|
193
|
+
if (xds_certificate_provider->ProvidesRootCerts()) {
|
|
198
194
|
tls_credentials_options->set_watch_root_cert(true);
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
tls_credentials_options->set_cert_request_type(
|
|
204
|
-
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
|
|
205
|
-
}
|
|
195
|
+
tls_credentials_options->set_cert_request_type(
|
|
196
|
+
xds_certificate_provider->require_client_certificate()
|
|
197
|
+
? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
|
|
198
|
+
: GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
|
|
206
199
|
} else {
|
|
207
200
|
// Do not request client certificate if there is no way to verify.
|
|
208
201
|
tls_credentials_options->set_cert_request_type(
|
|
@@ -46,9 +46,8 @@ namespace grpc_core {
|
|
|
46
46
|
|
|
47
47
|
class XdsCertificateVerifier : public grpc_tls_certificate_verifier {
|
|
48
48
|
public:
|
|
49
|
-
XdsCertificateVerifier(
|
|
50
|
-
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider
|
|
51
|
-
std::string cluster_name);
|
|
49
|
+
explicit XdsCertificateVerifier(
|
|
50
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider);
|
|
52
51
|
|
|
53
52
|
bool Verify(grpc_tls_custom_verification_check_request* request,
|
|
54
53
|
std::function<void(absl::Status)>,
|
|
@@ -61,7 +60,6 @@ class XdsCertificateVerifier : public grpc_tls_certificate_verifier {
|
|
|
61
60
|
int CompareImpl(const grpc_tls_certificate_verifier* other) const override;
|
|
62
61
|
|
|
63
62
|
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider_;
|
|
64
|
-
std::string cluster_name_;
|
|
65
63
|
};
|
|
66
64
|
|
|
67
65
|
class XdsCredentials final : public grpc_channel_credentials {
|
|
@@ -379,7 +379,8 @@ void TlsChannelSecurityConnector::check_peer(
|
|
|
379
379
|
grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE);
|
|
380
380
|
GPR_ASSERT(options_->certificate_verifier() != nullptr);
|
|
381
381
|
auto* pending_request = new ChannelPendingVerifierRequest(
|
|
382
|
-
|
|
382
|
+
RefAsSubclass<TlsChannelSecurityConnector>(), on_peer_checked, peer,
|
|
383
|
+
target_name);
|
|
383
384
|
{
|
|
384
385
|
MutexLock lock(&verifier_request_map_mu_);
|
|
385
386
|
pending_verifier_requests_.emplace(on_peer_checked, pending_request);
|
|
@@ -653,8 +654,8 @@ void TlsServerSecurityConnector::check_peer(
|
|
|
653
654
|
*auth_context =
|
|
654
655
|
grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE);
|
|
655
656
|
if (options_->certificate_verifier() != nullptr) {
|
|
656
|
-
auto* pending_request =
|
|
657
|
-
|
|
657
|
+
auto* pending_request = new ServerPendingVerifierRequest(
|
|
658
|
+
RefAsSubclass<TlsServerSecurityConnector>(), on_peer_checked, peer);
|
|
658
659
|
{
|
|
659
660
|
MutexLock lock(&verifier_request_map_mu_);
|
|
660
661
|
pending_verifier_requests_.emplace(on_peer_checked, pending_request);
|
|
@@ -62,23 +62,90 @@ class ClientAuthFilter final : public ChannelFilter {
|
|
|
62
62
|
grpc_call_credentials::GetRequestMetadataArgs args_;
|
|
63
63
|
};
|
|
64
64
|
|
|
65
|
-
class
|
|
65
|
+
class LegacyServerAuthFilter final : public ChannelFilter {
|
|
66
66
|
public:
|
|
67
67
|
static const grpc_channel_filter kFilter;
|
|
68
68
|
|
|
69
|
-
static absl::StatusOr<
|
|
70
|
-
|
|
69
|
+
static absl::StatusOr<LegacyServerAuthFilter> Create(const ChannelArgs& args,
|
|
70
|
+
ChannelFilter::Args);
|
|
71
71
|
|
|
72
72
|
// Construct a promise for one call.
|
|
73
73
|
ArenaPromise<ServerMetadataHandle> MakeCallPromise(
|
|
74
74
|
CallArgs call_args, NextPromiseFactory next_promise_factory) override;
|
|
75
75
|
|
|
76
|
+
private:
|
|
77
|
+
LegacyServerAuthFilter(
|
|
78
|
+
RefCountedPtr<grpc_server_credentials> server_credentials,
|
|
79
|
+
RefCountedPtr<grpc_auth_context> auth_context);
|
|
80
|
+
|
|
81
|
+
class RunApplicationCode;
|
|
82
|
+
|
|
83
|
+
ArenaPromise<absl::StatusOr<CallArgs>> GetCallCredsMetadata(
|
|
84
|
+
CallArgs call_args);
|
|
85
|
+
|
|
86
|
+
RefCountedPtr<grpc_server_credentials> server_credentials_;
|
|
87
|
+
RefCountedPtr<grpc_auth_context> auth_context_;
|
|
88
|
+
};
|
|
89
|
+
|
|
90
|
+
class ServerAuthFilter final : public ImplementChannelFilter<ServerAuthFilter> {
|
|
76
91
|
private:
|
|
77
92
|
ServerAuthFilter(RefCountedPtr<grpc_server_credentials> server_credentials,
|
|
78
93
|
RefCountedPtr<grpc_auth_context> auth_context);
|
|
79
94
|
|
|
80
|
-
class RunApplicationCode
|
|
95
|
+
class RunApplicationCode {
|
|
96
|
+
public:
|
|
97
|
+
RunApplicationCode(ServerAuthFilter* filter, ClientMetadata& metadata);
|
|
98
|
+
|
|
99
|
+
RunApplicationCode(const RunApplicationCode&) = delete;
|
|
100
|
+
RunApplicationCode& operator=(const RunApplicationCode&) = delete;
|
|
101
|
+
RunApplicationCode(RunApplicationCode&& other) noexcept
|
|
102
|
+
: state_(std::exchange(other.state_, nullptr)) {}
|
|
103
|
+
RunApplicationCode& operator=(RunApplicationCode&& other) noexcept {
|
|
104
|
+
state_ = std::exchange(other.state_, nullptr);
|
|
105
|
+
return *this;
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
Poll<absl::Status> operator()();
|
|
109
|
+
|
|
110
|
+
private:
|
|
111
|
+
// Called from application code.
|
|
112
|
+
static void OnMdProcessingDone(void* user_data,
|
|
113
|
+
const grpc_metadata* consumed_md,
|
|
114
|
+
size_t num_consumed_md,
|
|
115
|
+
const grpc_metadata* response_md,
|
|
116
|
+
size_t num_response_md,
|
|
117
|
+
grpc_status_code status,
|
|
118
|
+
const char* error_details);
|
|
119
|
+
|
|
120
|
+
struct State;
|
|
121
|
+
State* state_;
|
|
122
|
+
};
|
|
123
|
+
|
|
124
|
+
public:
|
|
125
|
+
static const grpc_channel_filter kFilter;
|
|
81
126
|
|
|
127
|
+
static absl::StatusOr<ServerAuthFilter> Create(const ChannelArgs& args,
|
|
128
|
+
ChannelFilter::Args);
|
|
129
|
+
|
|
130
|
+
class Call {
|
|
131
|
+
public:
|
|
132
|
+
explicit Call(ServerAuthFilter* filter);
|
|
133
|
+
auto OnClientInitialMetadata(ClientMetadata& md, ServerAuthFilter* filter) {
|
|
134
|
+
return If(
|
|
135
|
+
filter->server_credentials_ == nullptr ||
|
|
136
|
+
filter->server_credentials_->auth_metadata_processor().process ==
|
|
137
|
+
nullptr,
|
|
138
|
+
ImmediateOkStatus(),
|
|
139
|
+
[filter, md = &md]() { return RunApplicationCode(filter, *md); });
|
|
140
|
+
}
|
|
141
|
+
static const NoInterceptor OnServerInitialMetadata;
|
|
142
|
+
static const NoInterceptor OnClientToServerMessage;
|
|
143
|
+
static const NoInterceptor OnServerToClientMessage;
|
|
144
|
+
static const NoInterceptor OnServerTrailingMetadata;
|
|
145
|
+
static const NoInterceptor OnFinalize;
|
|
146
|
+
};
|
|
147
|
+
|
|
148
|
+
private:
|
|
82
149
|
ArenaPromise<absl::StatusOr<CallArgs>> GetCallCredsMetadata(
|
|
83
150
|
CallArgs call_args);
|
|
84
151
|
|
|
@@ -216,10 +216,8 @@ absl::StatusOr<ClientAuthFilter> ClientAuthFilter::Create(
|
|
|
216
216
|
return absl::InvalidArgumentError(
|
|
217
217
|
"Auth context missing from client auth filter args");
|
|
218
218
|
}
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
static_cast<grpc_channel_security_connector*>(sc)->Ref(),
|
|
222
|
-
auth_context->Ref());
|
|
219
|
+
return ClientAuthFilter(sc->RefAsSubclass<grpc_channel_security_connector>(),
|
|
220
|
+
auth_context->Ref());
|
|
223
221
|
}
|
|
224
222
|
|
|
225
223
|
const grpc_channel_filter ClientAuthFilter::kFilter =
|
|
@@ -0,0 +1,244 @@
|
|
|
1
|
+
//
|
|
2
|
+
//
|
|
3
|
+
// Copyright 2015 gRPC authors.
|
|
4
|
+
//
|
|
5
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
// you may not use this file except in compliance with the License.
|
|
7
|
+
// You may obtain a copy of the License at
|
|
8
|
+
//
|
|
9
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
//
|
|
11
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
// See the License for the specific language governing permissions and
|
|
15
|
+
// limitations under the License.
|
|
16
|
+
//
|
|
17
|
+
//
|
|
18
|
+
|
|
19
|
+
#include <grpc/support/port_platform.h>
|
|
20
|
+
|
|
21
|
+
#include <algorithm>
|
|
22
|
+
#include <atomic>
|
|
23
|
+
#include <cstddef>
|
|
24
|
+
#include <functional>
|
|
25
|
+
#include <memory>
|
|
26
|
+
#include <utility>
|
|
27
|
+
|
|
28
|
+
#include "absl/status/status.h"
|
|
29
|
+
#include "absl/status/statusor.h"
|
|
30
|
+
|
|
31
|
+
#include <grpc/grpc.h>
|
|
32
|
+
#include <grpc/grpc_security.h>
|
|
33
|
+
#include <grpc/status.h>
|
|
34
|
+
#include <grpc/support/alloc.h>
|
|
35
|
+
#include <grpc/support/log.h>
|
|
36
|
+
|
|
37
|
+
#include "src/core/lib/channel/channel_args.h"
|
|
38
|
+
#include "src/core/lib/channel/channel_fwd.h"
|
|
39
|
+
#include "src/core/lib/channel/channel_stack.h"
|
|
40
|
+
#include "src/core/lib/channel/context.h"
|
|
41
|
+
#include "src/core/lib/channel/promise_based_filter.h"
|
|
42
|
+
#include "src/core/lib/debug/trace.h"
|
|
43
|
+
#include "src/core/lib/gprpp/debug_location.h"
|
|
44
|
+
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
45
|
+
#include "src/core/lib/gprpp/status_helper.h"
|
|
46
|
+
#include "src/core/lib/iomgr/error.h"
|
|
47
|
+
#include "src/core/lib/iomgr/exec_ctx.h"
|
|
48
|
+
#include "src/core/lib/promise/activity.h"
|
|
49
|
+
#include "src/core/lib/promise/arena_promise.h"
|
|
50
|
+
#include "src/core/lib/promise/context.h"
|
|
51
|
+
#include "src/core/lib/promise/poll.h"
|
|
52
|
+
#include "src/core/lib/promise/try_seq.h"
|
|
53
|
+
#include "src/core/lib/resource_quota/arena.h"
|
|
54
|
+
#include "src/core/lib/security/context/security_context.h"
|
|
55
|
+
#include "src/core/lib/security/credentials/credentials.h"
|
|
56
|
+
#include "src/core/lib/security/transport/auth_filters.h" // IWYU pragma: keep
|
|
57
|
+
#include "src/core/lib/slice/slice.h"
|
|
58
|
+
#include "src/core/lib/slice/slice_internal.h"
|
|
59
|
+
#include "src/core/lib/surface/call_trace.h"
|
|
60
|
+
#include "src/core/lib/transport/metadata_batch.h"
|
|
61
|
+
#include "src/core/lib/transport/transport.h"
|
|
62
|
+
|
|
63
|
+
namespace grpc_core {
|
|
64
|
+
|
|
65
|
+
const grpc_channel_filter LegacyServerAuthFilter::kFilter =
|
|
66
|
+
MakePromiseBasedFilter<LegacyServerAuthFilter, FilterEndpoint::kServer>(
|
|
67
|
+
"server-auth");
|
|
68
|
+
|
|
69
|
+
namespace {
|
|
70
|
+
|
|
71
|
+
class ArrayEncoder {
|
|
72
|
+
public:
|
|
73
|
+
explicit ArrayEncoder(grpc_metadata_array* result) : result_(result) {}
|
|
74
|
+
|
|
75
|
+
void Encode(const Slice& key, const Slice& value) {
|
|
76
|
+
Append(key.Ref(), value.Ref());
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
template <typename Which>
|
|
80
|
+
void Encode(Which, const typename Which::ValueType& value) {
|
|
81
|
+
Append(Slice(StaticSlice::FromStaticString(Which::key())),
|
|
82
|
+
Slice(Which::Encode(value)));
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
void Encode(HttpMethodMetadata,
|
|
86
|
+
const typename HttpMethodMetadata::ValueType&) {}
|
|
87
|
+
|
|
88
|
+
private:
|
|
89
|
+
void Append(Slice key, Slice value) {
|
|
90
|
+
if (result_->count == result_->capacity) {
|
|
91
|
+
result_->capacity =
|
|
92
|
+
std::max(result_->capacity + 8, result_->capacity * 2);
|
|
93
|
+
result_->metadata = static_cast<grpc_metadata*>(gpr_realloc(
|
|
94
|
+
result_->metadata, result_->capacity * sizeof(grpc_metadata)));
|
|
95
|
+
}
|
|
96
|
+
auto* usr_md = &result_->metadata[result_->count++];
|
|
97
|
+
usr_md->key = key.TakeCSlice();
|
|
98
|
+
usr_md->value = value.TakeCSlice();
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
grpc_metadata_array* result_;
|
|
102
|
+
};
|
|
103
|
+
|
|
104
|
+
// TODO(ctiller): seek out all users of this functionality and change API so
|
|
105
|
+
// that this unilateral format conversion IS NOT REQUIRED.
|
|
106
|
+
grpc_metadata_array MetadataBatchToMetadataArray(
|
|
107
|
+
const grpc_metadata_batch* batch) {
|
|
108
|
+
grpc_metadata_array result;
|
|
109
|
+
grpc_metadata_array_init(&result);
|
|
110
|
+
ArrayEncoder encoder(&result);
|
|
111
|
+
batch->Encode(&encoder);
|
|
112
|
+
return result;
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
} // namespace
|
|
116
|
+
|
|
117
|
+
class LegacyServerAuthFilter::RunApplicationCode {
|
|
118
|
+
public:
|
|
119
|
+
// TODO(ctiller): Allocate state_ into a pool on the arena to reuse this
|
|
120
|
+
// memory later
|
|
121
|
+
RunApplicationCode(LegacyServerAuthFilter* filter, CallArgs call_args)
|
|
122
|
+
: state_(GetContext<Arena>()->ManagedNew<State>(std::move(call_args))) {
|
|
123
|
+
if (grpc_call_trace.enabled()) {
|
|
124
|
+
gpr_log(GPR_ERROR,
|
|
125
|
+
"%s[server-auth]: Delegate to application: filter=%p this=%p "
|
|
126
|
+
"auth_ctx=%p",
|
|
127
|
+
Activity::current()->DebugTag().c_str(), filter, this,
|
|
128
|
+
filter->auth_context_.get());
|
|
129
|
+
}
|
|
130
|
+
filter->server_credentials_->auth_metadata_processor().process(
|
|
131
|
+
filter->server_credentials_->auth_metadata_processor().state,
|
|
132
|
+
filter->auth_context_.get(), state_->md.metadata, state_->md.count,
|
|
133
|
+
OnMdProcessingDone, state_);
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
RunApplicationCode(const RunApplicationCode&) = delete;
|
|
137
|
+
RunApplicationCode& operator=(const RunApplicationCode&) = delete;
|
|
138
|
+
RunApplicationCode(RunApplicationCode&& other) noexcept
|
|
139
|
+
: state_(std::exchange(other.state_, nullptr)) {}
|
|
140
|
+
RunApplicationCode& operator=(RunApplicationCode&& other) noexcept {
|
|
141
|
+
state_ = std::exchange(other.state_, nullptr);
|
|
142
|
+
return *this;
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
Poll<absl::StatusOr<CallArgs>> operator()() {
|
|
146
|
+
if (state_->done.load(std::memory_order_acquire)) {
|
|
147
|
+
return Poll<absl::StatusOr<CallArgs>>(std::move(state_->call_args));
|
|
148
|
+
}
|
|
149
|
+
return Pending{};
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
private:
|
|
153
|
+
struct State {
|
|
154
|
+
explicit State(CallArgs call_args) : call_args(std::move(call_args)) {}
|
|
155
|
+
Waker waker{Activity::current()->MakeOwningWaker()};
|
|
156
|
+
absl::StatusOr<CallArgs> call_args;
|
|
157
|
+
grpc_metadata_array md =
|
|
158
|
+
MetadataBatchToMetadataArray(call_args->client_initial_metadata.get());
|
|
159
|
+
std::atomic<bool> done{false};
|
|
160
|
+
};
|
|
161
|
+
|
|
162
|
+
// Called from application code.
|
|
163
|
+
static void OnMdProcessingDone(
|
|
164
|
+
void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
|
|
165
|
+
const grpc_metadata* response_md, size_t num_response_md,
|
|
166
|
+
grpc_status_code status, const char* error_details) {
|
|
167
|
+
ApplicationCallbackExecCtx callback_exec_ctx;
|
|
168
|
+
ExecCtx exec_ctx;
|
|
169
|
+
|
|
170
|
+
auto* state = static_cast<State*>(user_data);
|
|
171
|
+
|
|
172
|
+
// TODO(ZhenLian): Implement support for response_md.
|
|
173
|
+
if (response_md != nullptr && num_response_md > 0) {
|
|
174
|
+
gpr_log(GPR_ERROR,
|
|
175
|
+
"response_md in auth metadata processing not supported for now. "
|
|
176
|
+
"Ignoring...");
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
if (status == GRPC_STATUS_OK) {
|
|
180
|
+
ClientMetadataHandle& md = state->call_args->client_initial_metadata;
|
|
181
|
+
for (size_t i = 0; i < num_consumed_md; i++) {
|
|
182
|
+
md->Remove(StringViewFromSlice(consumed_md[i].key));
|
|
183
|
+
}
|
|
184
|
+
} else {
|
|
185
|
+
if (error_details == nullptr) {
|
|
186
|
+
error_details = "Authentication metadata processing failed.";
|
|
187
|
+
}
|
|
188
|
+
state->call_args = grpc_error_set_int(
|
|
189
|
+
absl::Status(static_cast<absl::StatusCode>(status), error_details),
|
|
190
|
+
StatusIntProperty::kRpcStatus, status);
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
// Clean up.
|
|
194
|
+
for (size_t i = 0; i < state->md.count; i++) {
|
|
195
|
+
CSliceUnref(state->md.metadata[i].key);
|
|
196
|
+
CSliceUnref(state->md.metadata[i].value);
|
|
197
|
+
}
|
|
198
|
+
grpc_metadata_array_destroy(&state->md);
|
|
199
|
+
|
|
200
|
+
auto waker = std::move(state->waker);
|
|
201
|
+
state->done.store(true, std::memory_order_release);
|
|
202
|
+
waker.Wakeup();
|
|
203
|
+
}
|
|
204
|
+
|
|
205
|
+
State* state_;
|
|
206
|
+
};
|
|
207
|
+
|
|
208
|
+
ArenaPromise<ServerMetadataHandle> LegacyServerAuthFilter::MakeCallPromise(
|
|
209
|
+
CallArgs call_args, NextPromiseFactory next_promise_factory) {
|
|
210
|
+
// Create server security context. Set its auth context from channel
|
|
211
|
+
// data and save it in the call context.
|
|
212
|
+
grpc_server_security_context* server_ctx =
|
|
213
|
+
grpc_server_security_context_create(GetContext<Arena>());
|
|
214
|
+
server_ctx->auth_context =
|
|
215
|
+
auth_context_->Ref(DEBUG_LOCATION, "server_auth_filter");
|
|
216
|
+
grpc_call_context_element& context =
|
|
217
|
+
GetContext<grpc_call_context_element>()[GRPC_CONTEXT_SECURITY];
|
|
218
|
+
if (context.value != nullptr) context.destroy(context.value);
|
|
219
|
+
context.value = server_ctx;
|
|
220
|
+
context.destroy = grpc_server_security_context_destroy;
|
|
221
|
+
|
|
222
|
+
if (server_credentials_ == nullptr ||
|
|
223
|
+
server_credentials_->auth_metadata_processor().process == nullptr) {
|
|
224
|
+
return next_promise_factory(std::move(call_args));
|
|
225
|
+
}
|
|
226
|
+
|
|
227
|
+
return TrySeq(RunApplicationCode(this, std::move(call_args)),
|
|
228
|
+
std::move(next_promise_factory));
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
LegacyServerAuthFilter::LegacyServerAuthFilter(
|
|
232
|
+
RefCountedPtr<grpc_server_credentials> server_credentials,
|
|
233
|
+
RefCountedPtr<grpc_auth_context> auth_context)
|
|
234
|
+
: server_credentials_(server_credentials), auth_context_(auth_context) {}
|
|
235
|
+
|
|
236
|
+
absl::StatusOr<LegacyServerAuthFilter> LegacyServerAuthFilter::Create(
|
|
237
|
+
const ChannelArgs& args, ChannelFilter::Args) {
|
|
238
|
+
auto auth_context = args.GetObjectRef<grpc_auth_context>();
|
|
239
|
+
GPR_ASSERT(auth_context != nullptr);
|
|
240
|
+
auto creds = args.GetObjectRef<grpc_server_credentials>();
|
|
241
|
+
return LegacyServerAuthFilter(std::move(creds), std::move(auth_context));
|
|
242
|
+
}
|
|
243
|
+
|
|
244
|
+
} // namespace grpc_core
|