grpc 1.60.2 → 1.61.0.pre2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +208 -165
- data/include/grpc/event_engine/event_engine.h +59 -12
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +6 -0
- data/include/grpc/event_engine/internal/slice_cast.h +12 -0
- data/include/grpc/event_engine/memory_allocator.h +3 -1
- data/include/grpc/event_engine/slice.h +5 -0
- data/include/grpc/grpc_security.h +22 -1
- data/include/grpc/impl/call.h +29 -0
- data/include/grpc/impl/channel_arg_names.h +12 -1
- data/include/grpc/impl/slice_type.h +1 -1
- data/include/grpc/module.modulemap +1 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +54 -7
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +20 -6
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +10 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +18 -10
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +326 -0
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +143 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -2
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -6
- data/src/core/ext/filters/client_channel/client_channel_internal.h +2 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +54 -21
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.cc +12 -15
- data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.h +8 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +139 -92
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +9 -4
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +9 -4
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +10 -11
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +94 -93
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +5 -3
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +12 -15
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +38 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +25 -28
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +10 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +37 -35
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +504 -461
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +232 -122
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +642 -251
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +2 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -1
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +6 -8
- data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.cc +1031 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.h +277 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +128 -270
- data/src/core/ext/filters/client_channel/resolver/xds/{xds_resolver.h → xds_resolver_attributes.h} +5 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.cc +25 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.h +30 -0
- data/src/core/ext/filters/client_channel/retry_filter.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +35 -17
- data/src/core/ext/filters/deadline/deadline_filter.cc +12 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +17 -13
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +13 -4
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -32
- data/src/core/ext/filters/http/client/http_client_filter.h +10 -5
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/client_authority_filter.h +12 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +42 -20
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +55 -80
- data/src/core/ext/filters/http/message_compress/compression_filter.h +54 -12
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +325 -0
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.h +139 -0
- data/src/core/ext/filters/http/server/http_server_filter.cc +41 -41
- data/src/core/ext/filters/http/server/http_server_filter.h +11 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +56 -76
- data/src/core/ext/filters/message_size/message_size_filter.h +35 -23
- data/src/core/ext/filters/rbac/rbac_filter.cc +15 -11
- data/src/core/ext/filters/rbac/rbac_filter.h +11 -4
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +25 -13
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +47 -50
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +21 -4
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +11 -2
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +68 -145
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +21 -82
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -8
- data/src/core/ext/transport/chttp2/transport/frame.cc +506 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +214 -0
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +33 -79
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -7
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +27 -36
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +0 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +122 -32
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +142 -37
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -22
- data/src/core/ext/transport/chttp2/transport/parsing.cc +23 -37
- data/src/core/ext/transport/chttp2/transport/writing.cc +26 -58
- data/src/core/ext/transport/inproc/inproc_transport.cc +172 -13
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb.h +712 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.c +151 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.h +50 -0
- data/src/core/ext/xds/certificate_provider_store.cc +2 -1
- data/src/core/ext/xds/certificate_provider_store.h +0 -5
- data/src/core/ext/xds/xds_api.cc +31 -18
- data/src/core/ext/xds/xds_api.h +2 -2
- data/src/core/ext/xds/xds_bootstrap.h +3 -0
- data/src/core/ext/xds/xds_certificate_provider.cc +88 -287
- data/src/core/ext/xds/xds_certificate_provider.h +44 -111
- data/src/core/ext/xds/xds_client.cc +420 -414
- data/src/core/ext/xds/xds_client.h +31 -22
- data/src/core/ext/xds/xds_client_grpc.cc +3 -1
- data/src/core/ext/xds/xds_cluster.cc +104 -11
- data/src/core/ext/xds/xds_cluster.h +9 -1
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +9 -5
- data/src/core/ext/xds/xds_common_types.cc +14 -10
- data/src/core/ext/xds/xds_endpoint.cc +9 -4
- data/src/core/ext/xds/xds_endpoint.h +5 -1
- data/src/core/ext/xds/xds_health_status.cc +12 -2
- data/src/core/ext/xds/xds_health_status.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +5 -3
- data/src/core/ext/xds/xds_listener.cc +14 -8
- data/src/core/ext/xds/xds_resource_type_impl.h +6 -4
- data/src/core/ext/xds/xds_route_config.cc +34 -22
- data/src/core/ext/xds/xds_route_config.h +1 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +61 -57
- data/src/core/ext/xds/xds_transport.h +3 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +47 -50
- data/src/core/ext/xds/xds_transport_grpc.h +4 -0
- data/src/core/lib/channel/call_tracer.cc +12 -0
- data/src/core/lib/channel/call_tracer.h +17 -3
- data/src/core/lib/channel/channel_args.cc +24 -14
- data/src/core/lib/channel/channel_args.h +74 -13
- data/src/core/lib/channel/channel_stack.cc +27 -0
- data/src/core/lib/channel/channel_stack.h +10 -10
- data/src/core/lib/channel/connected_channel.cc +64 -18
- data/src/core/lib/channel/promise_based_filter.h +1041 -1
- data/src/core/lib/channel/server_call_tracer_filter.cc +43 -35
- data/src/core/lib/compression/compression_internal.cc +0 -3
- data/src/core/lib/event_engine/ares_resolver.cc +35 -14
- data/src/core/lib/event_engine/ares_resolver.h +9 -10
- data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +8 -1
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +132 -0
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +61 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +52 -36
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +4 -9
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +11 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +9 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +7 -0
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +17 -27
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +0 -3
- data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +55 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +114 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +51 -0
- data/src/core/lib/event_engine/windows/windows_engine.cc +7 -7
- data/src/core/lib/experiments/config.cc +13 -0
- data/src/core/lib/experiments/config.h +3 -0
- data/src/core/lib/experiments/experiments.cc +245 -366
- data/src/core/lib/experiments/experiments.h +50 -156
- data/src/core/lib/gprpp/debug_location.h +13 -0
- data/src/core/lib/gprpp/dual_ref_counted.h +36 -7
- data/src/core/lib/gprpp/orphanable.h +27 -0
- data/src/core/lib/gprpp/ref_counted.h +63 -22
- data/src/core/lib/gprpp/ref_counted_ptr.h +70 -27
- data/src/core/lib/gprpp/ref_counted_string.h +13 -0
- data/src/core/lib/gprpp/status_helper.cc +1 -2
- data/src/core/lib/iomgr/combiner.cc +15 -51
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +31 -0
- data/src/core/lib/iomgr/event_engine_shims/endpoint.h +16 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -3
- data/src/core/lib/load_balancing/lb_policy.h +1 -1
- data/src/core/lib/promise/activity.cc +17 -2
- data/src/core/lib/promise/activity.h +5 -4
- data/src/core/lib/promise/all_ok.h +80 -0
- data/src/core/lib/promise/detail/join_state.h +2077 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -0
- data/src/core/lib/promise/detail/promise_like.h +8 -1
- data/src/core/lib/promise/detail/seq_state.h +3458 -150
- data/src/core/lib/promise/detail/status.h +42 -5
- data/src/core/lib/promise/for_each.h +13 -1
- data/src/core/lib/promise/if.h +4 -0
- data/src/core/lib/promise/latch.h +6 -3
- data/src/core/lib/promise/party.cc +33 -31
- data/src/core/lib/promise/party.h +142 -6
- data/src/core/lib/promise/poll.h +39 -13
- data/src/core/lib/promise/promise.h +4 -0
- data/src/core/lib/promise/seq.h +107 -7
- data/src/core/lib/promise/status_flag.h +196 -0
- data/src/core/lib/promise/try_join.h +132 -0
- data/src/core/lib/promise/try_seq.h +132 -10
- data/src/core/lib/resolver/endpoint_addresses.cc +0 -1
- data/src/core/lib/resolver/endpoint_addresses.h +48 -0
- data/src/core/lib/resource_quota/arena.h +2 -2
- data/src/core/lib/resource_quota/memory_quota.cc +57 -8
- data/src/core/lib/resource_quota/memory_quota.h +6 -0
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -11
- data/src/core/lib/security/authorization/grpc_server_authz_filter.h +14 -5
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +28 -20
- data/src/core/lib/security/credentials/external/external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +12 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +22 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -5
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +21 -28
- data/src/core/lib/security/credentials/xds/xds_credentials.h +2 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +4 -3
- data/src/core/lib/security/transport/auth_filters.h +71 -4
- data/src/core/lib/security/transport/client_auth_filter.cc +2 -4
- data/src/core/lib/security/transport/legacy_server_auth_filter.cc +244 -0
- data/src/core/lib/security/transport/server_auth_filter.cc +70 -90
- data/src/core/lib/slice/slice_buffer.h +3 -0
- data/src/core/lib/surface/builtins.cc +1 -1
- data/src/core/lib/surface/call.cc +683 -196
- data/src/core/lib/surface/call.h +26 -13
- data/src/core/lib/surface/call_trace.cc +42 -1
- data/src/core/lib/surface/channel.cc +0 -1
- data/src/core/lib/surface/channel.h +0 -6
- data/src/core/lib/surface/channel_init.h +26 -0
- data/src/core/lib/surface/init.cc +14 -8
- data/src/core/lib/surface/server.cc +256 -237
- data/src/core/lib/surface/server.h +26 -54
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/surface/wait_for_cq_end_op.h +94 -0
- data/src/core/lib/transport/call_final_info.cc +38 -0
- data/src/core/lib/transport/call_final_info.h +54 -0
- data/src/core/lib/transport/connectivity_state.cc +3 -2
- data/src/core/lib/transport/connectivity_state.h +4 -0
- data/src/core/lib/transport/metadata_batch.h +4 -4
- data/src/core/lib/transport/transport.cc +70 -19
- data/src/core/lib/transport/transport.h +395 -25
- data/src/core/plugin_registry/grpc_plugin_registry.cc +3 -0
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +0 -3
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +65 -43
- data/src/ruby/ext/grpc/rb_channel_args.c +3 -1
- data/src/ruby/ext/grpc/rb_grpc.c +0 -1
- data/src/ruby/ext/grpc/rb_grpc.h +0 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/upb/upb/reflection/def_pool.h +2 -2
- data/third_party/zlib/adler32.c +5 -27
- data/third_party/zlib/compress.c +5 -16
- data/third_party/zlib/crc32.c +86 -162
- data/third_party/zlib/deflate.c +233 -336
- data/third_party/zlib/deflate.h +8 -8
- data/third_party/zlib/gzguts.h +11 -12
- data/third_party/zlib/infback.c +7 -23
- data/third_party/zlib/inffast.c +1 -4
- data/third_party/zlib/inffast.h +1 -1
- data/third_party/zlib/inflate.c +30 -99
- data/third_party/zlib/inftrees.c +6 -11
- data/third_party/zlib/inftrees.h +3 -3
- data/third_party/zlib/trees.c +224 -302
- data/third_party/zlib/uncompr.c +4 -12
- data/third_party/zlib/zconf.h +6 -2
- data/third_party/zlib/zlib.h +191 -188
- data/third_party/zlib/zutil.c +16 -44
- data/third_party/zlib/zutil.h +10 -10
- metadata +35 -13
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +0 -1173
- data/src/core/lib/event_engine/memory_allocator.cc +0 -74
- data/src/core/lib/transport/pid_controller.cc +0 -51
- data/src/core/lib/transport/pid_controller.h +0 -116
- data/third_party/upb/upb/collections/array.h +0 -17
- data/third_party/upb/upb/collections/map.h +0 -17
- data/third_party/upb/upb/upb.hpp +0 -18
|
@@ -74,10 +74,8 @@ bool XdsVerifySubjectAlternativeNames(
|
|
|
74
74
|
//
|
|
75
75
|
|
|
76
76
|
XdsCertificateVerifier::XdsCertificateVerifier(
|
|
77
|
-
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider
|
|
78
|
-
std::
|
|
79
|
-
: xds_certificate_provider_(std::move(xds_certificate_provider)),
|
|
80
|
-
cluster_name_(std::move(cluster_name)) {}
|
|
77
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider)
|
|
78
|
+
: xds_certificate_provider_(std::move(xds_certificate_provider)) {}
|
|
81
79
|
|
|
82
80
|
bool XdsCertificateVerifier::Verify(
|
|
83
81
|
grpc_tls_custom_verification_check_request* request,
|
|
@@ -86,15 +84,15 @@ bool XdsCertificateVerifier::Verify(
|
|
|
86
84
|
if (!XdsVerifySubjectAlternativeNames(
|
|
87
85
|
request->peer_info.san_names.uri_names,
|
|
88
86
|
request->peer_info.san_names.uri_names_size,
|
|
89
|
-
xds_certificate_provider_->
|
|
87
|
+
xds_certificate_provider_->san_matchers()) &&
|
|
90
88
|
!XdsVerifySubjectAlternativeNames(
|
|
91
89
|
request->peer_info.san_names.ip_names,
|
|
92
90
|
request->peer_info.san_names.ip_names_size,
|
|
93
|
-
xds_certificate_provider_->
|
|
91
|
+
xds_certificate_provider_->san_matchers()) &&
|
|
94
92
|
!XdsVerifySubjectAlternativeNames(
|
|
95
93
|
request->peer_info.san_names.dns_names,
|
|
96
94
|
request->peer_info.san_names.dns_names_size,
|
|
97
|
-
xds_certificate_provider_->
|
|
95
|
+
xds_certificate_provider_->san_matchers())) {
|
|
98
96
|
*sync_status = absl::Status(
|
|
99
97
|
absl::StatusCode::kUnauthenticated,
|
|
100
98
|
"SANs from certificate did not match SANs from xDS control plane");
|
|
@@ -108,9 +106,12 @@ void XdsCertificateVerifier::Cancel(
|
|
|
108
106
|
int XdsCertificateVerifier::CompareImpl(
|
|
109
107
|
const grpc_tls_certificate_verifier* other) const {
|
|
110
108
|
auto* o = static_cast<const XdsCertificateVerifier*>(other);
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
109
|
+
if (xds_certificate_provider_ == nullptr ||
|
|
110
|
+
o->xds_certificate_provider_ == nullptr) {
|
|
111
|
+
return QsortCompare(xds_certificate_provider_,
|
|
112
|
+
o->xds_certificate_provider_);
|
|
113
|
+
}
|
|
114
|
+
return xds_certificate_provider_->Compare(o->xds_certificate_provider_.get());
|
|
114
115
|
}
|
|
115
116
|
|
|
116
117
|
UniqueTypeName XdsCertificateVerifier::type() const {
|
|
@@ -140,12 +141,9 @@ XdsCredentials::create_security_connector(
|
|
|
140
141
|
RefCountedPtr<grpc_channel_security_connector> security_connector;
|
|
141
142
|
auto xds_certificate_provider = args->GetObjectRef<XdsCertificateProvider>();
|
|
142
143
|
if (xds_certificate_provider != nullptr) {
|
|
143
|
-
|
|
144
|
-
args->GetString(GRPC_ARG_XDS_CLUSTER_NAME).value());
|
|
145
|
-
const bool watch_root =
|
|
146
|
-
xds_certificate_provider->ProvidesRootCerts(cluster_name);
|
|
144
|
+
const bool watch_root = xds_certificate_provider->ProvidesRootCerts();
|
|
147
145
|
const bool watch_identity =
|
|
148
|
-
xds_certificate_provider->ProvidesIdentityCerts(
|
|
146
|
+
xds_certificate_provider->ProvidesIdentityCerts();
|
|
149
147
|
if (watch_root || watch_identity) {
|
|
150
148
|
auto tls_credentials_options =
|
|
151
149
|
MakeRefCounted<grpc_tls_credentials_options>();
|
|
@@ -153,16 +151,14 @@ XdsCredentials::create_security_connector(
|
|
|
153
151
|
xds_certificate_provider);
|
|
154
152
|
if (watch_root) {
|
|
155
153
|
tls_credentials_options->set_watch_root_cert(true);
|
|
156
|
-
tls_credentials_options->set_root_cert_name(cluster_name);
|
|
157
154
|
}
|
|
158
155
|
if (watch_identity) {
|
|
159
156
|
tls_credentials_options->set_watch_identity_pair(true);
|
|
160
|
-
tls_credentials_options->set_identity_cert_name(cluster_name);
|
|
161
157
|
}
|
|
162
158
|
tls_credentials_options->set_verify_server_cert(true);
|
|
163
159
|
tls_credentials_options->set_certificate_verifier(
|
|
164
|
-
MakeRefCounted<XdsCertificateVerifier>(
|
|
165
|
-
|
|
160
|
+
MakeRefCounted<XdsCertificateVerifier>(
|
|
161
|
+
std::move(xds_certificate_provider)));
|
|
166
162
|
tls_credentials_options->set_check_call_host(false);
|
|
167
163
|
auto tls_credentials =
|
|
168
164
|
MakeRefCounted<TlsCredentials>(std::move(tls_credentials_options));
|
|
@@ -189,20 +185,17 @@ XdsServerCredentials::create_security_connector(const ChannelArgs& args) {
|
|
|
189
185
|
auto xds_certificate_provider = args.GetObjectRef<XdsCertificateProvider>();
|
|
190
186
|
// Identity certs are a must for TLS.
|
|
191
187
|
if (xds_certificate_provider != nullptr &&
|
|
192
|
-
xds_certificate_provider->ProvidesIdentityCerts(
|
|
188
|
+
xds_certificate_provider->ProvidesIdentityCerts()) {
|
|
193
189
|
auto tls_credentials_options =
|
|
194
190
|
MakeRefCounted<grpc_tls_credentials_options>();
|
|
195
191
|
tls_credentials_options->set_watch_identity_pair(true);
|
|
196
192
|
tls_credentials_options->set_certificate_provider(xds_certificate_provider);
|
|
197
|
-
if (xds_certificate_provider->ProvidesRootCerts(
|
|
193
|
+
if (xds_certificate_provider->ProvidesRootCerts()) {
|
|
198
194
|
tls_credentials_options->set_watch_root_cert(true);
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
tls_credentials_options->set_cert_request_type(
|
|
204
|
-
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
|
|
205
|
-
}
|
|
195
|
+
tls_credentials_options->set_cert_request_type(
|
|
196
|
+
xds_certificate_provider->require_client_certificate()
|
|
197
|
+
? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
|
|
198
|
+
: GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
|
|
206
199
|
} else {
|
|
207
200
|
// Do not request client certificate if there is no way to verify.
|
|
208
201
|
tls_credentials_options->set_cert_request_type(
|
|
@@ -46,9 +46,8 @@ namespace grpc_core {
|
|
|
46
46
|
|
|
47
47
|
class XdsCertificateVerifier : public grpc_tls_certificate_verifier {
|
|
48
48
|
public:
|
|
49
|
-
XdsCertificateVerifier(
|
|
50
|
-
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider
|
|
51
|
-
std::string cluster_name);
|
|
49
|
+
explicit XdsCertificateVerifier(
|
|
50
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider);
|
|
52
51
|
|
|
53
52
|
bool Verify(grpc_tls_custom_verification_check_request* request,
|
|
54
53
|
std::function<void(absl::Status)>,
|
|
@@ -61,7 +60,6 @@ class XdsCertificateVerifier : public grpc_tls_certificate_verifier {
|
|
|
61
60
|
int CompareImpl(const grpc_tls_certificate_verifier* other) const override;
|
|
62
61
|
|
|
63
62
|
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider_;
|
|
64
|
-
std::string cluster_name_;
|
|
65
63
|
};
|
|
66
64
|
|
|
67
65
|
class XdsCredentials final : public grpc_channel_credentials {
|
|
@@ -379,7 +379,8 @@ void TlsChannelSecurityConnector::check_peer(
|
|
|
379
379
|
grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE);
|
|
380
380
|
GPR_ASSERT(options_->certificate_verifier() != nullptr);
|
|
381
381
|
auto* pending_request = new ChannelPendingVerifierRequest(
|
|
382
|
-
|
|
382
|
+
RefAsSubclass<TlsChannelSecurityConnector>(), on_peer_checked, peer,
|
|
383
|
+
target_name);
|
|
383
384
|
{
|
|
384
385
|
MutexLock lock(&verifier_request_map_mu_);
|
|
385
386
|
pending_verifier_requests_.emplace(on_peer_checked, pending_request);
|
|
@@ -653,8 +654,8 @@ void TlsServerSecurityConnector::check_peer(
|
|
|
653
654
|
*auth_context =
|
|
654
655
|
grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE);
|
|
655
656
|
if (options_->certificate_verifier() != nullptr) {
|
|
656
|
-
auto* pending_request =
|
|
657
|
-
|
|
657
|
+
auto* pending_request = new ServerPendingVerifierRequest(
|
|
658
|
+
RefAsSubclass<TlsServerSecurityConnector>(), on_peer_checked, peer);
|
|
658
659
|
{
|
|
659
660
|
MutexLock lock(&verifier_request_map_mu_);
|
|
660
661
|
pending_verifier_requests_.emplace(on_peer_checked, pending_request);
|
|
@@ -62,23 +62,90 @@ class ClientAuthFilter final : public ChannelFilter {
|
|
|
62
62
|
grpc_call_credentials::GetRequestMetadataArgs args_;
|
|
63
63
|
};
|
|
64
64
|
|
|
65
|
-
class
|
|
65
|
+
class LegacyServerAuthFilter final : public ChannelFilter {
|
|
66
66
|
public:
|
|
67
67
|
static const grpc_channel_filter kFilter;
|
|
68
68
|
|
|
69
|
-
static absl::StatusOr<
|
|
70
|
-
|
|
69
|
+
static absl::StatusOr<LegacyServerAuthFilter> Create(const ChannelArgs& args,
|
|
70
|
+
ChannelFilter::Args);
|
|
71
71
|
|
|
72
72
|
// Construct a promise for one call.
|
|
73
73
|
ArenaPromise<ServerMetadataHandle> MakeCallPromise(
|
|
74
74
|
CallArgs call_args, NextPromiseFactory next_promise_factory) override;
|
|
75
75
|
|
|
76
|
+
private:
|
|
77
|
+
LegacyServerAuthFilter(
|
|
78
|
+
RefCountedPtr<grpc_server_credentials> server_credentials,
|
|
79
|
+
RefCountedPtr<grpc_auth_context> auth_context);
|
|
80
|
+
|
|
81
|
+
class RunApplicationCode;
|
|
82
|
+
|
|
83
|
+
ArenaPromise<absl::StatusOr<CallArgs>> GetCallCredsMetadata(
|
|
84
|
+
CallArgs call_args);
|
|
85
|
+
|
|
86
|
+
RefCountedPtr<grpc_server_credentials> server_credentials_;
|
|
87
|
+
RefCountedPtr<grpc_auth_context> auth_context_;
|
|
88
|
+
};
|
|
89
|
+
|
|
90
|
+
class ServerAuthFilter final : public ImplementChannelFilter<ServerAuthFilter> {
|
|
76
91
|
private:
|
|
77
92
|
ServerAuthFilter(RefCountedPtr<grpc_server_credentials> server_credentials,
|
|
78
93
|
RefCountedPtr<grpc_auth_context> auth_context);
|
|
79
94
|
|
|
80
|
-
class RunApplicationCode
|
|
95
|
+
class RunApplicationCode {
|
|
96
|
+
public:
|
|
97
|
+
RunApplicationCode(ServerAuthFilter* filter, ClientMetadata& metadata);
|
|
98
|
+
|
|
99
|
+
RunApplicationCode(const RunApplicationCode&) = delete;
|
|
100
|
+
RunApplicationCode& operator=(const RunApplicationCode&) = delete;
|
|
101
|
+
RunApplicationCode(RunApplicationCode&& other) noexcept
|
|
102
|
+
: state_(std::exchange(other.state_, nullptr)) {}
|
|
103
|
+
RunApplicationCode& operator=(RunApplicationCode&& other) noexcept {
|
|
104
|
+
state_ = std::exchange(other.state_, nullptr);
|
|
105
|
+
return *this;
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
Poll<absl::Status> operator()();
|
|
109
|
+
|
|
110
|
+
private:
|
|
111
|
+
// Called from application code.
|
|
112
|
+
static void OnMdProcessingDone(void* user_data,
|
|
113
|
+
const grpc_metadata* consumed_md,
|
|
114
|
+
size_t num_consumed_md,
|
|
115
|
+
const grpc_metadata* response_md,
|
|
116
|
+
size_t num_response_md,
|
|
117
|
+
grpc_status_code status,
|
|
118
|
+
const char* error_details);
|
|
119
|
+
|
|
120
|
+
struct State;
|
|
121
|
+
State* state_;
|
|
122
|
+
};
|
|
123
|
+
|
|
124
|
+
public:
|
|
125
|
+
static const grpc_channel_filter kFilter;
|
|
81
126
|
|
|
127
|
+
static absl::StatusOr<ServerAuthFilter> Create(const ChannelArgs& args,
|
|
128
|
+
ChannelFilter::Args);
|
|
129
|
+
|
|
130
|
+
class Call {
|
|
131
|
+
public:
|
|
132
|
+
explicit Call(ServerAuthFilter* filter);
|
|
133
|
+
auto OnClientInitialMetadata(ClientMetadata& md, ServerAuthFilter* filter) {
|
|
134
|
+
return If(
|
|
135
|
+
filter->server_credentials_ == nullptr ||
|
|
136
|
+
filter->server_credentials_->auth_metadata_processor().process ==
|
|
137
|
+
nullptr,
|
|
138
|
+
ImmediateOkStatus(),
|
|
139
|
+
[filter, md = &md]() { return RunApplicationCode(filter, *md); });
|
|
140
|
+
}
|
|
141
|
+
static const NoInterceptor OnServerInitialMetadata;
|
|
142
|
+
static const NoInterceptor OnClientToServerMessage;
|
|
143
|
+
static const NoInterceptor OnServerToClientMessage;
|
|
144
|
+
static const NoInterceptor OnServerTrailingMetadata;
|
|
145
|
+
static const NoInterceptor OnFinalize;
|
|
146
|
+
};
|
|
147
|
+
|
|
148
|
+
private:
|
|
82
149
|
ArenaPromise<absl::StatusOr<CallArgs>> GetCallCredsMetadata(
|
|
83
150
|
CallArgs call_args);
|
|
84
151
|
|
|
@@ -216,10 +216,8 @@ absl::StatusOr<ClientAuthFilter> ClientAuthFilter::Create(
|
|
|
216
216
|
return absl::InvalidArgumentError(
|
|
217
217
|
"Auth context missing from client auth filter args");
|
|
218
218
|
}
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
static_cast<grpc_channel_security_connector*>(sc)->Ref(),
|
|
222
|
-
auth_context->Ref());
|
|
219
|
+
return ClientAuthFilter(sc->RefAsSubclass<grpc_channel_security_connector>(),
|
|
220
|
+
auth_context->Ref());
|
|
223
221
|
}
|
|
224
222
|
|
|
225
223
|
const grpc_channel_filter ClientAuthFilter::kFilter =
|
|
@@ -0,0 +1,244 @@
|
|
|
1
|
+
//
|
|
2
|
+
//
|
|
3
|
+
// Copyright 2015 gRPC authors.
|
|
4
|
+
//
|
|
5
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
// you may not use this file except in compliance with the License.
|
|
7
|
+
// You may obtain a copy of the License at
|
|
8
|
+
//
|
|
9
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
//
|
|
11
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
// See the License for the specific language governing permissions and
|
|
15
|
+
// limitations under the License.
|
|
16
|
+
//
|
|
17
|
+
//
|
|
18
|
+
|
|
19
|
+
#include <grpc/support/port_platform.h>
|
|
20
|
+
|
|
21
|
+
#include <algorithm>
|
|
22
|
+
#include <atomic>
|
|
23
|
+
#include <cstddef>
|
|
24
|
+
#include <functional>
|
|
25
|
+
#include <memory>
|
|
26
|
+
#include <utility>
|
|
27
|
+
|
|
28
|
+
#include "absl/status/status.h"
|
|
29
|
+
#include "absl/status/statusor.h"
|
|
30
|
+
|
|
31
|
+
#include <grpc/grpc.h>
|
|
32
|
+
#include <grpc/grpc_security.h>
|
|
33
|
+
#include <grpc/status.h>
|
|
34
|
+
#include <grpc/support/alloc.h>
|
|
35
|
+
#include <grpc/support/log.h>
|
|
36
|
+
|
|
37
|
+
#include "src/core/lib/channel/channel_args.h"
|
|
38
|
+
#include "src/core/lib/channel/channel_fwd.h"
|
|
39
|
+
#include "src/core/lib/channel/channel_stack.h"
|
|
40
|
+
#include "src/core/lib/channel/context.h"
|
|
41
|
+
#include "src/core/lib/channel/promise_based_filter.h"
|
|
42
|
+
#include "src/core/lib/debug/trace.h"
|
|
43
|
+
#include "src/core/lib/gprpp/debug_location.h"
|
|
44
|
+
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
45
|
+
#include "src/core/lib/gprpp/status_helper.h"
|
|
46
|
+
#include "src/core/lib/iomgr/error.h"
|
|
47
|
+
#include "src/core/lib/iomgr/exec_ctx.h"
|
|
48
|
+
#include "src/core/lib/promise/activity.h"
|
|
49
|
+
#include "src/core/lib/promise/arena_promise.h"
|
|
50
|
+
#include "src/core/lib/promise/context.h"
|
|
51
|
+
#include "src/core/lib/promise/poll.h"
|
|
52
|
+
#include "src/core/lib/promise/try_seq.h"
|
|
53
|
+
#include "src/core/lib/resource_quota/arena.h"
|
|
54
|
+
#include "src/core/lib/security/context/security_context.h"
|
|
55
|
+
#include "src/core/lib/security/credentials/credentials.h"
|
|
56
|
+
#include "src/core/lib/security/transport/auth_filters.h" // IWYU pragma: keep
|
|
57
|
+
#include "src/core/lib/slice/slice.h"
|
|
58
|
+
#include "src/core/lib/slice/slice_internal.h"
|
|
59
|
+
#include "src/core/lib/surface/call_trace.h"
|
|
60
|
+
#include "src/core/lib/transport/metadata_batch.h"
|
|
61
|
+
#include "src/core/lib/transport/transport.h"
|
|
62
|
+
|
|
63
|
+
namespace grpc_core {
|
|
64
|
+
|
|
65
|
+
const grpc_channel_filter LegacyServerAuthFilter::kFilter =
|
|
66
|
+
MakePromiseBasedFilter<LegacyServerAuthFilter, FilterEndpoint::kServer>(
|
|
67
|
+
"server-auth");
|
|
68
|
+
|
|
69
|
+
namespace {
|
|
70
|
+
|
|
71
|
+
class ArrayEncoder {
|
|
72
|
+
public:
|
|
73
|
+
explicit ArrayEncoder(grpc_metadata_array* result) : result_(result) {}
|
|
74
|
+
|
|
75
|
+
void Encode(const Slice& key, const Slice& value) {
|
|
76
|
+
Append(key.Ref(), value.Ref());
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
template <typename Which>
|
|
80
|
+
void Encode(Which, const typename Which::ValueType& value) {
|
|
81
|
+
Append(Slice(StaticSlice::FromStaticString(Which::key())),
|
|
82
|
+
Slice(Which::Encode(value)));
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
void Encode(HttpMethodMetadata,
|
|
86
|
+
const typename HttpMethodMetadata::ValueType&) {}
|
|
87
|
+
|
|
88
|
+
private:
|
|
89
|
+
void Append(Slice key, Slice value) {
|
|
90
|
+
if (result_->count == result_->capacity) {
|
|
91
|
+
result_->capacity =
|
|
92
|
+
std::max(result_->capacity + 8, result_->capacity * 2);
|
|
93
|
+
result_->metadata = static_cast<grpc_metadata*>(gpr_realloc(
|
|
94
|
+
result_->metadata, result_->capacity * sizeof(grpc_metadata)));
|
|
95
|
+
}
|
|
96
|
+
auto* usr_md = &result_->metadata[result_->count++];
|
|
97
|
+
usr_md->key = key.TakeCSlice();
|
|
98
|
+
usr_md->value = value.TakeCSlice();
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
grpc_metadata_array* result_;
|
|
102
|
+
};
|
|
103
|
+
|
|
104
|
+
// TODO(ctiller): seek out all users of this functionality and change API so
|
|
105
|
+
// that this unilateral format conversion IS NOT REQUIRED.
|
|
106
|
+
grpc_metadata_array MetadataBatchToMetadataArray(
|
|
107
|
+
const grpc_metadata_batch* batch) {
|
|
108
|
+
grpc_metadata_array result;
|
|
109
|
+
grpc_metadata_array_init(&result);
|
|
110
|
+
ArrayEncoder encoder(&result);
|
|
111
|
+
batch->Encode(&encoder);
|
|
112
|
+
return result;
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
} // namespace
|
|
116
|
+
|
|
117
|
+
class LegacyServerAuthFilter::RunApplicationCode {
|
|
118
|
+
public:
|
|
119
|
+
// TODO(ctiller): Allocate state_ into a pool on the arena to reuse this
|
|
120
|
+
// memory later
|
|
121
|
+
RunApplicationCode(LegacyServerAuthFilter* filter, CallArgs call_args)
|
|
122
|
+
: state_(GetContext<Arena>()->ManagedNew<State>(std::move(call_args))) {
|
|
123
|
+
if (grpc_call_trace.enabled()) {
|
|
124
|
+
gpr_log(GPR_ERROR,
|
|
125
|
+
"%s[server-auth]: Delegate to application: filter=%p this=%p "
|
|
126
|
+
"auth_ctx=%p",
|
|
127
|
+
Activity::current()->DebugTag().c_str(), filter, this,
|
|
128
|
+
filter->auth_context_.get());
|
|
129
|
+
}
|
|
130
|
+
filter->server_credentials_->auth_metadata_processor().process(
|
|
131
|
+
filter->server_credentials_->auth_metadata_processor().state,
|
|
132
|
+
filter->auth_context_.get(), state_->md.metadata, state_->md.count,
|
|
133
|
+
OnMdProcessingDone, state_);
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
RunApplicationCode(const RunApplicationCode&) = delete;
|
|
137
|
+
RunApplicationCode& operator=(const RunApplicationCode&) = delete;
|
|
138
|
+
RunApplicationCode(RunApplicationCode&& other) noexcept
|
|
139
|
+
: state_(std::exchange(other.state_, nullptr)) {}
|
|
140
|
+
RunApplicationCode& operator=(RunApplicationCode&& other) noexcept {
|
|
141
|
+
state_ = std::exchange(other.state_, nullptr);
|
|
142
|
+
return *this;
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
Poll<absl::StatusOr<CallArgs>> operator()() {
|
|
146
|
+
if (state_->done.load(std::memory_order_acquire)) {
|
|
147
|
+
return Poll<absl::StatusOr<CallArgs>>(std::move(state_->call_args));
|
|
148
|
+
}
|
|
149
|
+
return Pending{};
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
private:
|
|
153
|
+
struct State {
|
|
154
|
+
explicit State(CallArgs call_args) : call_args(std::move(call_args)) {}
|
|
155
|
+
Waker waker{Activity::current()->MakeOwningWaker()};
|
|
156
|
+
absl::StatusOr<CallArgs> call_args;
|
|
157
|
+
grpc_metadata_array md =
|
|
158
|
+
MetadataBatchToMetadataArray(call_args->client_initial_metadata.get());
|
|
159
|
+
std::atomic<bool> done{false};
|
|
160
|
+
};
|
|
161
|
+
|
|
162
|
+
// Called from application code.
|
|
163
|
+
static void OnMdProcessingDone(
|
|
164
|
+
void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
|
|
165
|
+
const grpc_metadata* response_md, size_t num_response_md,
|
|
166
|
+
grpc_status_code status, const char* error_details) {
|
|
167
|
+
ApplicationCallbackExecCtx callback_exec_ctx;
|
|
168
|
+
ExecCtx exec_ctx;
|
|
169
|
+
|
|
170
|
+
auto* state = static_cast<State*>(user_data);
|
|
171
|
+
|
|
172
|
+
// TODO(ZhenLian): Implement support for response_md.
|
|
173
|
+
if (response_md != nullptr && num_response_md > 0) {
|
|
174
|
+
gpr_log(GPR_ERROR,
|
|
175
|
+
"response_md in auth metadata processing not supported for now. "
|
|
176
|
+
"Ignoring...");
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
if (status == GRPC_STATUS_OK) {
|
|
180
|
+
ClientMetadataHandle& md = state->call_args->client_initial_metadata;
|
|
181
|
+
for (size_t i = 0; i < num_consumed_md; i++) {
|
|
182
|
+
md->Remove(StringViewFromSlice(consumed_md[i].key));
|
|
183
|
+
}
|
|
184
|
+
} else {
|
|
185
|
+
if (error_details == nullptr) {
|
|
186
|
+
error_details = "Authentication metadata processing failed.";
|
|
187
|
+
}
|
|
188
|
+
state->call_args = grpc_error_set_int(
|
|
189
|
+
absl::Status(static_cast<absl::StatusCode>(status), error_details),
|
|
190
|
+
StatusIntProperty::kRpcStatus, status);
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
// Clean up.
|
|
194
|
+
for (size_t i = 0; i < state->md.count; i++) {
|
|
195
|
+
CSliceUnref(state->md.metadata[i].key);
|
|
196
|
+
CSliceUnref(state->md.metadata[i].value);
|
|
197
|
+
}
|
|
198
|
+
grpc_metadata_array_destroy(&state->md);
|
|
199
|
+
|
|
200
|
+
auto waker = std::move(state->waker);
|
|
201
|
+
state->done.store(true, std::memory_order_release);
|
|
202
|
+
waker.Wakeup();
|
|
203
|
+
}
|
|
204
|
+
|
|
205
|
+
State* state_;
|
|
206
|
+
};
|
|
207
|
+
|
|
208
|
+
ArenaPromise<ServerMetadataHandle> LegacyServerAuthFilter::MakeCallPromise(
|
|
209
|
+
CallArgs call_args, NextPromiseFactory next_promise_factory) {
|
|
210
|
+
// Create server security context. Set its auth context from channel
|
|
211
|
+
// data and save it in the call context.
|
|
212
|
+
grpc_server_security_context* server_ctx =
|
|
213
|
+
grpc_server_security_context_create(GetContext<Arena>());
|
|
214
|
+
server_ctx->auth_context =
|
|
215
|
+
auth_context_->Ref(DEBUG_LOCATION, "server_auth_filter");
|
|
216
|
+
grpc_call_context_element& context =
|
|
217
|
+
GetContext<grpc_call_context_element>()[GRPC_CONTEXT_SECURITY];
|
|
218
|
+
if (context.value != nullptr) context.destroy(context.value);
|
|
219
|
+
context.value = server_ctx;
|
|
220
|
+
context.destroy = grpc_server_security_context_destroy;
|
|
221
|
+
|
|
222
|
+
if (server_credentials_ == nullptr ||
|
|
223
|
+
server_credentials_->auth_metadata_processor().process == nullptr) {
|
|
224
|
+
return next_promise_factory(std::move(call_args));
|
|
225
|
+
}
|
|
226
|
+
|
|
227
|
+
return TrySeq(RunApplicationCode(this, std::move(call_args)),
|
|
228
|
+
std::move(next_promise_factory));
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
LegacyServerAuthFilter::LegacyServerAuthFilter(
|
|
232
|
+
RefCountedPtr<grpc_server_credentials> server_credentials,
|
|
233
|
+
RefCountedPtr<grpc_auth_context> auth_context)
|
|
234
|
+
: server_credentials_(server_credentials), auth_context_(auth_context) {}
|
|
235
|
+
|
|
236
|
+
absl::StatusOr<LegacyServerAuthFilter> LegacyServerAuthFilter::Create(
|
|
237
|
+
const ChannelArgs& args, ChannelFilter::Args) {
|
|
238
|
+
auto auth_context = args.GetObjectRef<grpc_auth_context>();
|
|
239
|
+
GPR_ASSERT(auth_context != nullptr);
|
|
240
|
+
auto creds = args.GetObjectRef<grpc_server_credentials>();
|
|
241
|
+
return LegacyServerAuthFilter(std::move(creds), std::move(auth_context));
|
|
242
|
+
}
|
|
243
|
+
|
|
244
|
+
} // namespace grpc_core
|