grpc 1.73.0 → 1.75.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +116 -53
- data/include/grpc/create_channel_from_endpoint.h +54 -0
- data/include/grpc/credentials.h +18 -6
- data/include/grpc/event_engine/event_engine.h +74 -17
- data/include/grpc/grpc_posix.h +20 -1
- data/include/grpc/impl/channel_arg_names.h +2 -4
- data/include/grpc/module.modulemap +1 -0
- data/include/grpc/support/json.h +24 -0
- data/src/core/call/client_call.cc +4 -4
- data/src/core/call/filter_fusion.h +1230 -0
- data/src/core/call/interception_chain.h +7 -11
- data/src/core/call/metadata.cc +22 -0
- data/src/core/call/metadata.h +24 -2
- data/src/core/channelz/channel_trace.cc +213 -115
- data/src/core/channelz/channel_trace.h +380 -86
- data/src/core/channelz/channelz.cc +274 -192
- data/src/core/channelz/channelz.h +224 -72
- data/src/core/channelz/channelz_registry.cc +2 -163
- data/src/core/channelz/channelz_registry.h +37 -6
- data/src/core/channelz/property_list.cc +353 -0
- data/src/core/channelz/property_list.h +204 -0
- data/src/core/channelz/v2tov1/convert.cc +683 -0
- data/src/core/channelz/v2tov1/convert.h +58 -0
- data/src/core/channelz/v2tov1/legacy_api.cc +425 -0
- data/src/core/channelz/v2tov1/legacy_api.h +32 -0
- data/src/core/channelz/v2tov1/property_list.cc +118 -0
- data/src/core/channelz/v2tov1/property_list.h +52 -0
- data/src/core/channelz/ztrace_collector.h +3 -2
- data/src/core/client_channel/backup_poller.cc +17 -2
- data/src/core/client_channel/client_channel.cc +17 -28
- data/src/core/client_channel/client_channel_filter.cc +24 -33
- data/src/core/client_channel/client_channel_filter.h +2 -2
- data/src/core/client_channel/client_channel_internal.h +2 -1
- data/src/core/client_channel/config_selector.h +8 -2
- data/src/core/client_channel/dynamic_filters.cc +5 -6
- data/src/core/client_channel/dynamic_filters.h +1 -1
- data/src/core/client_channel/global_subchannel_pool.cc +4 -1
- data/src/core/client_channel/load_balanced_call_destination.cc +6 -5
- data/src/core/client_channel/retry_filter.cc +21 -27
- data/src/core/client_channel/retry_filter.h +10 -7
- data/src/core/client_channel/retry_filter_legacy_call_data.cc +5 -5
- data/src/core/client_channel/retry_filter_legacy_call_data.h +1 -1
- data/src/core/client_channel/retry_interceptor.cc +30 -44
- data/src/core/client_channel/retry_interceptor.h +18 -17
- data/src/core/client_channel/retry_throttle.cc +46 -61
- data/src/core/client_channel/retry_throttle.h +17 -39
- data/src/core/client_channel/subchannel.cc +57 -25
- data/src/core/client_channel/subchannel.h +10 -0
- data/src/core/config/config_vars.cc +2 -0
- data/src/core/config/core_configuration.cc +4 -1
- data/src/core/config/core_configuration.h +23 -0
- data/src/core/credentials/call/call_creds_registry.h +125 -0
- data/src/core/credentials/call/call_creds_registry_init.cc +91 -0
- data/src/core/credentials/call/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +6 -48
- data/src/core/credentials/call/jwt_token_file/jwt_token_file_call_credentials.cc +86 -0
- data/src/core/credentials/call/jwt_token_file/jwt_token_file_call_credentials.h +74 -0
- data/src/core/credentials/call/jwt_util.cc +70 -0
- data/src/core/credentials/call/jwt_util.h +32 -0
- data/src/core/credentials/transport/alts/alts_credentials.cc +5 -0
- data/src/core/credentials/transport/alts/check_gcp_environment_windows.cc +2 -0
- data/src/core/credentials/transport/channel_creds_registry_init.cc +4 -2
- data/src/core/credentials/transport/google_default/google_default_credentials.cc +72 -4
- data/src/core/credentials/transport/ssl/ssl_credentials.cc +1 -2
- data/src/core/credentials/transport/ssl/ssl_security_connector.cc +8 -3
- data/src/core/credentials/transport/tls/grpc_tls_certificate_distributor.cc +29 -24
- data/src/core/credentials/transport/tls/grpc_tls_certificate_distributor.h +19 -8
- data/src/core/credentials/transport/tls/grpc_tls_certificate_provider.cc +96 -54
- data/src/core/credentials/transport/tls/grpc_tls_certificate_provider.h +15 -2
- data/src/core/credentials/transport/tls/load_system_roots_supported.cc +1 -0
- data/src/core/credentials/transport/tls/spiffe_utils.cc +371 -0
- data/src/core/credentials/transport/tls/spiffe_utils.h +171 -0
- data/src/core/credentials/transport/tls/ssl_utils.cc +11 -10
- data/src/core/credentials/transport/tls/ssl_utils.h +4 -2
- data/src/core/credentials/transport/tls/tls_credentials.cc +2 -0
- data/src/core/credentials/transport/tls/tls_security_connector.cc +11 -26
- data/src/core/credentials/transport/tls/tls_security_connector.h +12 -12
- data/src/core/credentials/transport/xds/xds_credentials.cc +0 -3
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +1 -2
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +8 -8
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +16 -16
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -6
- data/src/core/ext/filters/http/client_authority_filter.cc +3 -6
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +8 -8
- data/src/core/ext/filters/http/message_compress/compression_filter.h +25 -22
- data/src/core/ext/filters/http/server/http_server_filter.cc +3 -6
- data/src/core/ext/filters/http/server/http_server_filter.h +12 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +4 -4
- data/src/core/ext/filters/rbac/rbac_filter.cc +1 -1
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -5
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +120 -35
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +165 -117
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +0 -3
- data/src/core/ext/transport/chttp2/transport/decode_huff.cc +1239 -3514
- data/src/core/ext/transport/chttp2/transport/decode_huff.h +1008 -1486
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.h +23 -17
- data/src/core/ext/transport/chttp2/transport/frame.cc +99 -6
- data/src/core/ext/transport/chttp2/transport/frame.h +40 -2
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/header_assembler.h +290 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +11 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +12 -1
- data/src/core/ext/transport/chttp2/transport/http2_client_transport.cc +1233 -0
- data/src/core/ext/transport/chttp2/transport/http2_client_transport.h +712 -0
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +11 -38
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +65 -51
- data/src/core/ext/transport/chttp2/transport/http2_settings_manager.cc +61 -0
- data/src/core/ext/transport/chttp2/transport/http2_settings_manager.h +142 -0
- data/{third_party/abseil-cpp/absl/strings/cord_buffer.cc → src/core/ext/transport/chttp2/transport/http2_stats_collector.cc} +14 -14
- data/src/core/ext/transport/chttp2/transport/http2_stats_collector.h +33 -0
- data/src/core/ext/transport/chttp2/transport/http2_status.h +6 -1
- data/src/core/ext/transport/chttp2/transport/http2_transport.cc +121 -0
- data/src/core/ext/transport/chttp2/transport/http2_transport.h +76 -0
- data/src/core/ext/transport/chttp2/transport/http2_ztrace_collector.h +0 -29
- data/src/core/ext/transport/chttp2/transport/internal.h +18 -8
- data/src/core/ext/transport/chttp2/transport/keepalive.cc +105 -0
- data/src/core/ext/transport/chttp2/transport/keepalive.h +138 -0
- data/src/core/ext/transport/chttp2/transport/message_assembler.h +185 -0
- data/src/core/ext/transport/chttp2/transport/parsing.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/ping_callbacks.h +19 -0
- data/src/core/ext/transport/chttp2/transport/ping_promise.cc +152 -0
- data/src/core/ext/transport/chttp2/transport/ping_promise.h +197 -0
- data/src/core/ext/transport/chttp2/transport/ping_rate_policy.cc +5 -9
- data/src/core/ext/transport/chttp2/transport/ping_rate_policy.h +11 -0
- data/src/core/ext/transport/chttp2/transport/stream_data_queue.h +607 -0
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +39 -1
- data/src/core/ext/transport/chttp2/transport/transport_common.cc +19 -0
- data/src/core/ext/transport/chttp2/transport/transport_common.h +27 -0
- data/src/core/ext/transport/chttp2/transport/writable_streams.h +254 -0
- data/src/core/ext/transport/chttp2/transport/writing.cc +41 -13
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/channelz.upb.h +4959 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/channelz.upb_minitable.c +1111 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/channelz.upb_minitable.h +108 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/channelz.upb.h +571 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/channelz.upb_minitable.c +120 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/channelz.upb_minitable.h +36 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/promise.upb.h +1272 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/promise.upb_minitable.c +312 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/promise.upb_minitable.h +50 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/property_list.upb.h +1072 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/property_list.upb_minitable.c +230 -0
- data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/property_list.upb_minitable.h +44 -0
- data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/channelz.upbdefs.c +716 -0
- data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/channelz.upbdefs.h +227 -0
- data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/v2/promise.upbdefs.c +175 -0
- data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/v2/promise.upbdefs.h +82 -0
- data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/v2/property_list.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/v2/property_list.upbdefs.h +67 -0
- data/src/core/filter/auth/auth_filters.h +2 -27
- data/src/core/filter/auth/client_auth_filter.cc +0 -118
- data/src/core/filter/filter_args.h +9 -23
- data/src/core/filter/fused_filters.cc +154 -0
- data/src/core/handshaker/handshaker.cc +23 -14
- data/src/core/handshaker/handshaker.h +3 -0
- data/src/core/handshaker/http_connect/http_connect_handshaker.cc +3 -1
- data/src/core/handshaker/security/legacy_secure_endpoint.cc +7 -6
- data/src/core/handshaker/security/pipelined_secure_endpoint.cc +965 -0
- data/src/core/handshaker/security/secure_endpoint.cc +98 -38
- data/src/core/handshaker/security/secure_endpoint.h +8 -0
- data/src/core/handshaker/security/security_handshaker.cc +4 -1
- data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +7 -1
- data/src/core/lib/channel/channel_args.cc +15 -0
- data/src/core/lib/channel/channel_args.h +3 -0
- data/src/core/lib/channel/channel_stack.cc +22 -23
- data/src/core/lib/channel/channel_stack.h +9 -7
- data/src/core/lib/channel/channel_stack_builder_impl.cc +1 -1
- data/src/core/lib/channel/channel_stack_builder_impl.h +2 -7
- data/src/core/lib/channel/promise_based_filter.cc +15 -25
- data/src/core/lib/channel/promise_based_filter.h +11 -10
- data/src/core/lib/debug/trace_impl.h +0 -1
- data/src/core/lib/event_engine/ares_resolver.cc +165 -46
- data/src/core/lib/event_engine/ares_resolver.h +51 -3
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +12 -6
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +2 -4
- data/src/core/lib/event_engine/cf_engine/cfsocket_listener.cc +263 -0
- data/src/core/lib/event_engine/cf_engine/cfsocket_listener.h +107 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +31 -3
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +14 -6
- data/src/core/lib/event_engine/endpoint_channel_arg_wrapper.cc +40 -0
- data/src/core/lib/event_engine/endpoint_channel_arg_wrapper.h +60 -0
- data/src/core/lib/event_engine/event_engine.cc +7 -0
- data/src/core/lib/event_engine/extensions/channelz.h +10 -6
- data/src/core/lib/event_engine/grpc_polled_fd.h +5 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +139 -169
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +17 -19
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +90 -131
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +13 -13
- data/src/core/lib/event_engine/posix_engine/event_poller.h +18 -23
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +11 -23
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +3 -2
- data/src/core/lib/event_engine/posix_engine/file_descriptor_collection.cc +124 -0
- data/src/core/lib/event_engine/posix_engine/file_descriptor_collection.h +243 -0
- data/src/core/lib/event_engine/posix_engine/grpc_polled_fd_posix.h +30 -19
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +6 -2
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +6 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +4 -4
- data/src/core/lib/event_engine/posix_engine/lockfree_event.h +3 -4
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +147 -94
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -19
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +435 -229
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +78 -50
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +46 -38
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +6 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +32 -142
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.h +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_interface.h +211 -0
- data/src/core/lib/event_engine/posix_engine/posix_interface_posix.cc +1083 -0
- data/src/core/lib/event_engine/posix_engine/posix_interface_windows.cc +281 -0
- data/src/core/lib/event_engine/posix_engine/posix_write_event_sink.cc +154 -0
- data/src/core/lib/event_engine/posix_engine/posix_write_event_sink.h +174 -0
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +3 -719
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +11 -171
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +33 -22
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +13 -11
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +117 -151
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +26 -94
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +26 -25
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +6 -2
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +36 -62
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +6 -2
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +7 -6
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +12 -6
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +3 -1
- data/src/core/lib/event_engine/shim.cc +9 -0
- data/src/core/lib/event_engine/shim.h +3 -0
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +7 -3
- data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +0 -17
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +4 -2
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +3 -2
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +6 -1
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.h +4 -0
- data/src/core/lib/event_engine/windows/windows_endpoint.h +2 -6
- data/src/core/lib/event_engine/windows/windows_engine.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_engine.h +1 -3
- data/src/core/lib/event_engine/windows/windows_listener.cc +14 -2
- data/src/core/lib/experiments/experiments.cc +165 -99
- data/src/core/lib/experiments/experiments.h +65 -52
- data/src/core/lib/iomgr/combiner.cc +1 -1
- data/src/core/lib/iomgr/endpoint.cc +4 -3
- data/src/core/lib/iomgr/endpoint.h +7 -4
- data/src/core/lib/iomgr/endpoint_cfstream.cc +3 -2
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +7 -2
- data/src/core/lib/iomgr/ev_poll_posix.cc +7 -2
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +4 -6
- data/src/core/lib/iomgr/exec_ctx.h +3 -9
- data/src/core/lib/iomgr/socket_mutator.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_posix.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +15 -9
- data/src/core/lib/iomgr/tcp_windows.cc +3 -2
- data/src/core/lib/promise/activity.h +3 -2
- data/src/core/lib/promise/arena_promise.h +23 -7
- data/src/core/lib/promise/detail/promise_factory.h +10 -0
- data/src/core/lib/promise/detail/promise_like.h +118 -11
- data/src/core/lib/promise/detail/promise_variant.h +50 -0
- data/src/core/lib/promise/detail/seq_state.h +687 -548
- data/src/core/lib/promise/if.h +20 -0
- data/src/core/lib/promise/inter_activity_latch.h +147 -0
- data/src/core/lib/promise/inter_activity_mutex.h +547 -0
- data/src/core/lib/promise/loop.h +65 -3
- data/src/core/lib/promise/map.h +24 -0
- data/src/core/lib/promise/match_promise.h +103 -0
- data/src/core/lib/promise/mpsc.cc +425 -0
- data/src/core/lib/promise/mpsc.h +490 -0
- data/src/core/lib/promise/party.cc +55 -6
- data/src/core/lib/promise/party.h +68 -3
- data/src/core/lib/promise/poll.h +10 -0
- data/src/core/lib/promise/race.h +31 -0
- data/src/core/lib/promise/seq.h +4 -1
- data/src/core/lib/promise/status_flag.h +7 -0
- data/src/core/lib/promise/try_seq.h +4 -1
- data/src/core/lib/promise/wait_set.cc +28 -0
- data/src/core/lib/promise/wait_set.h +86 -0
- data/src/core/lib/resource_quota/arena.h +19 -0
- data/src/core/lib/resource_quota/memory_quota.cc +90 -3
- data/src/core/lib/resource_quota/memory_quota.h +20 -9
- data/src/core/lib/resource_quota/periodic_update.cc +14 -0
- data/src/core/lib/resource_quota/periodic_update.h +8 -0
- data/src/core/lib/resource_quota/resource_quota.cc +15 -4
- data/src/core/lib/resource_quota/resource_quota.h +3 -0
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +1 -2
- data/src/core/lib/slice/slice.h +5 -0
- data/src/core/lib/surface/call.cc +5 -5
- data/src/core/lib/surface/call.h +6 -5
- data/src/core/lib/surface/channel_create.cc +88 -13
- data/src/core/lib/surface/channel_create.h +4 -0
- data/src/core/lib/surface/channel_init.cc +164 -47
- data/src/core/lib/surface/channel_init.h +64 -1
- data/src/core/lib/surface/completion_queue.cc +2 -4
- data/src/core/lib/surface/filter_stack_call.cc +19 -10
- data/src/core/lib/surface/init.cc +6 -15
- data/src/core/lib/surface/legacy_channel.cc +3 -5
- data/src/core/lib/surface/legacy_channel.h +3 -1
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/promise_endpoint.cc +110 -0
- data/src/core/lib/transport/promise_endpoint.h +307 -0
- data/src/core/load_balancing/child_policy_handler.cc +2 -4
- data/src/core/load_balancing/delegating_helper.h +2 -3
- data/src/core/load_balancing/endpoint_list.cc +29 -2
- data/src/core/load_balancing/grpclb/client_load_reporting_filter.cc +3 -3
- data/src/core/load_balancing/grpclb/client_load_reporting_filter.h +1 -1
- data/src/core/load_balancing/health_check_client.cc +1 -5
- data/src/core/load_balancing/lb_policy.h +1 -3
- data/src/core/load_balancing/oob_backend_metric.cc +1 -5
- data/src/core/load_balancing/pick_first/pick_first.cc +15 -5
- data/src/core/load_balancing/xds/cds.cc +10 -1
- data/src/core/load_balancing/xds/xds_cluster_impl.cc +5 -3
- data/src/core/net/socket_mutator.cc +19 -0
- data/src/core/net/socket_mutator.h +25 -0
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver.h +6 -1
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +2 -1
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +8 -5
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +2 -1
- data/src/core/resolver/xds/xds_config.cc +6 -3
- data/src/core/resolver/xds/xds_config.h +9 -4
- data/src/core/resolver/xds/xds_dependency_manager.cc +22 -7
- data/src/core/resolver/xds/xds_dependency_manager.h +2 -1
- data/src/core/resolver/xds/xds_resolver.cc +31 -11
- data/src/core/server/server.cc +84 -13
- data/src/core/server/server.h +21 -2
- data/src/core/server/server_call_tracer_filter.cc +0 -66
- data/src/core/server/server_call_tracer_filter.h +64 -0
- data/src/core/server/server_config_selector_filter.cc +1 -1
- data/src/core/server/xds_server_config_fetcher.cc +63 -25
- data/src/core/service_config/service_config.h +1 -1
- data/src/core/service_config/service_config_channel_arg_filter.cc +3 -60
- data/src/core/service_config/service_config_channel_arg_filter.h +82 -0
- data/src/core/service_config/service_config_impl.h +1 -1
- data/src/core/telemetry/call_tracer.cc +20 -14
- data/src/core/telemetry/call_tracer.h +22 -17
- data/src/core/telemetry/context_list_entry.cc +38 -0
- data/src/core/telemetry/context_list_entry.h +42 -12
- data/src/core/telemetry/metrics.h +8 -8
- data/src/core/telemetry/stats_data.cc +369 -343
- data/src/core/telemetry/stats_data.h +341 -244
- data/src/core/telemetry/tcp_tracer.h +1 -1
- data/src/core/transport/auth_context.cc +20 -0
- data/src/core/transport/auth_context.h +4 -0
- data/src/core/transport/auth_context_comparator_registry.h +69 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +2 -3
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +11 -3
- data/src/core/tsi/fake_transport_security.cc +17 -0
- data/src/core/tsi/ssl_transport_security.cc +205 -32
- data/src/core/tsi/ssl_transport_security.h +19 -10
- data/src/core/tsi/ssl_transport_security_utils.cc +21 -0
- data/src/core/tsi/ssl_transport_security_utils.h +4 -0
- data/src/core/tsi/transport_security_grpc.cc +8 -0
- data/src/core/tsi/transport_security_grpc.h +15 -0
- data/src/core/util/backoff.cc +1 -5
- data/src/core/util/backoff.h +1 -0
- data/src/core/util/down_cast.h +1 -1
- data/src/core/util/function_signature.h +15 -1
- data/src/core/util/http_client/httpcli.cc +12 -5
- data/src/core/util/http_client/httpcli.h +4 -1
- data/src/core/util/http_client/httpcli_security_connector.cc +3 -1
- data/src/core/util/latent_see.cc +178 -146
- data/src/core/util/latent_see.h +249 -189
- data/src/core/util/log.cc +4 -0
- data/src/core/util/memory_usage.h +268 -0
- data/src/core/util/per_cpu.cc +2 -0
- data/src/core/util/per_cpu.h +7 -0
- data/src/core/util/shared_bit_gen.h +20 -0
- data/src/core/util/single_set_ptr.h +7 -4
- data/src/core/util/upb_utils.h +42 -0
- data/src/core/util/uri.cc +3 -2
- data/src/core/util/useful.h +144 -2
- data/src/core/util/wait_for_single_owner.cc +31 -0
- data/src/core/util/wait_for_single_owner.h +24 -0
- data/src/core/util/windows/directory_reader.cc +1 -0
- data/src/core/util/windows/thd.cc +1 -3
- data/src/core/util/work_serializer.cc +1 -1
- data/src/core/xds/grpc/file_watcher_certificate_provider_factory.cc +32 -5
- data/src/core/xds/grpc/file_watcher_certificate_provider_factory.h +5 -0
- data/src/core/xds/grpc/xds_bootstrap_grpc.cc +2 -0
- data/src/core/xds/grpc/xds_bootstrap_grpc.h +5 -0
- data/src/core/xds/grpc/xds_certificate_provider.cc +5 -6
- data/src/core/xds/grpc/xds_client_grpc.cc +6 -2
- data/src/core/xds/grpc/xds_common_types_parser.cc +138 -50
- data/src/core/xds/grpc/xds_common_types_parser.h +12 -0
- data/src/core/xds/grpc/xds_http_filter.h +7 -0
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +22 -0
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +3 -0
- data/src/core/xds/grpc/xds_route_config_parser.cc +15 -38
- data/src/core/xds/grpc/xds_server_grpc.cc +63 -13
- data/src/core/xds/grpc/xds_server_grpc.h +10 -2
- data/src/core/xds/grpc/xds_server_grpc_interface.h +4 -0
- data/src/core/xds/grpc/xds_transport_grpc.cc +18 -0
- data/src/core/xds/xds_client/xds_bootstrap.h +2 -0
- data/src/core/xds/xds_client/xds_client.cc +26 -5
- data/src/ruby/ext/grpc/extconf.rb +2 -0
- data/src/ruby/ext/grpc/rb_call.c +1 -8
- data/src/ruby/ext/grpc/rb_channel.c +70 -557
- data/src/ruby/ext/grpc/rb_channel.h +0 -3
- data/src/ruby/ext/grpc/rb_completion_queue.c +26 -14
- data/src/ruby/ext/grpc/rb_completion_queue.h +1 -7
- data/src/ruby/ext/grpc/rb_grpc.c +9 -5
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +2 -2
- data/src/ruby/ext/grpc/rb_loader.c +0 -4
- data/src/ruby/ext/grpc/rb_server.c +31 -50
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -4
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/core_spec.rb +22 -0
- data/src/ruby/spec/generic/active_call_spec.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/container.h +2 -19
- data/third_party/abseil-cpp/absl/base/attributes.h +76 -7
- data/third_party/abseil-cpp/absl/base/call_once.h +11 -12
- data/third_party/abseil-cpp/absl/base/config.h +20 -129
- data/third_party/abseil-cpp/absl/base/{internal/fast_type_id.h → fast_type_id.h} +11 -16
- data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +0 -5
- data/third_party/abseil-cpp/absl/base/internal/cycleclock_config.h +7 -7
- data/third_party/abseil-cpp/absl/base/internal/endian.h +34 -38
- data/third_party/abseil-cpp/absl/base/internal/iterator_traits.h +71 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +6 -5
- data/third_party/abseil-cpp/absl/base/internal/{nullability_impl.h → nullability_deprecated.h} +45 -8
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +0 -9
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +3 -13
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +6 -6
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +8 -3
- data/third_party/abseil-cpp/absl/base/no_destructor.h +11 -32
- data/third_party/abseil-cpp/absl/base/nullability.h +84 -72
- data/third_party/abseil-cpp/absl/base/options.h +3 -80
- data/third_party/abseil-cpp/absl/base/policy_checks.h +7 -7
- data/third_party/abseil-cpp/absl/cleanup/cleanup.h +1 -3
- data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +3 -4
- data/third_party/abseil-cpp/absl/container/btree_map.h +4 -2
- data/third_party/abseil-cpp/absl/container/btree_set.h +4 -2
- data/third_party/abseil-cpp/absl/container/fixed_array.h +7 -14
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +5 -0
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +6 -1
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +8 -5
- data/third_party/abseil-cpp/absl/container/internal/btree.h +132 -29
- data/third_party/abseil-cpp/absl/container/internal/btree_container.h +175 -71
- data/third_party/abseil-cpp/absl/container/internal/common.h +43 -0
- data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +1 -2
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +9 -10
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +1 -8
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +0 -4
- data/third_party/abseil-cpp/absl/container/internal/hashtable_control_bytes.h +527 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +20 -4
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +31 -12
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +2 -7
- data/third_party/abseil-cpp/absl/container/internal/layout.h +26 -42
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +199 -68
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +1354 -183
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +881 -1424
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set_resize_impl.h +80 -0
- data/third_party/abseil-cpp/absl/crc/crc32c.cc +0 -4
- data/third_party/abseil-cpp/absl/crc/crc32c.h +7 -5
- data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +0 -22
- data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +45 -74
- data/third_party/abseil-cpp/absl/debugging/internal/addresses.h +57 -0
- data/third_party/abseil-cpp/absl/debugging/internal/decode_rust_punycode.cc +1 -1
- data/third_party/abseil-cpp/absl/debugging/internal/decode_rust_punycode.h +5 -5
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +8 -35
- data/third_party/abseil-cpp/absl/debugging/internal/demangle_rust.cc +16 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +40 -37
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +16 -7
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_emscripten-inl.inc +14 -5
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +10 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +27 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_riscv-inl.inc +13 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +4 -3
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +15 -28
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +19 -9
- data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +144 -27
- data/third_party/abseil-cpp/absl/debugging/stacktrace.h +73 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +19 -9
- data/third_party/abseil-cpp/absl/debugging/symbolize_emscripten.inc +3 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +25 -6
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +2 -2
- data/third_party/abseil-cpp/absl/flags/flag.h +4 -3
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +2 -2
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +2 -1
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +7 -6
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +4 -3
- data/third_party/abseil-cpp/absl/flags/reflection.cc +2 -3
- data/third_party/abseil-cpp/absl/functional/any_invocable.h +8 -10
- data/third_party/abseil-cpp/absl/functional/function_ref.h +2 -9
- data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +110 -226
- data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +10 -12
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -5
- data/third_party/abseil-cpp/absl/hash/hash.h +18 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +1 -5
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -61
- data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.cc +25 -68
- data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.h +2 -6
- data/third_party/abseil-cpp/absl/hash/internal/weakly_mixed_integer.h +38 -0
- data/third_party/abseil-cpp/absl/log/check.h +2 -1
- data/third_party/abseil-cpp/absl/log/globals.h +4 -5
- data/third_party/abseil-cpp/absl/log/internal/append_truncated.h +28 -0
- data/third_party/abseil-cpp/absl/log/internal/check_op.cc +22 -22
- data/third_party/abseil-cpp/absl/log/internal/check_op.h +65 -62
- data/third_party/abseil-cpp/absl/log/internal/conditions.cc +5 -3
- data/third_party/abseil-cpp/absl/log/internal/conditions.h +7 -2
- data/third_party/abseil-cpp/absl/log/internal/log_message.cc +85 -43
- data/third_party/abseil-cpp/absl/log/internal/log_message.h +84 -59
- data/third_party/abseil-cpp/absl/log/internal/nullstream.h +1 -0
- data/third_party/abseil-cpp/absl/log/internal/proto.cc +3 -2
- data/third_party/abseil-cpp/absl/log/internal/proto.h +3 -3
- data/third_party/abseil-cpp/absl/log/internal/strip.h +4 -12
- data/third_party/abseil-cpp/absl/log/internal/vlog_config.h +8 -6
- data/third_party/abseil-cpp/absl/log/internal/voidify.h +10 -4
- data/third_party/abseil-cpp/absl/log/log.h +48 -35
- data/third_party/abseil-cpp/absl/log/log_sink_registry.h +2 -2
- data/third_party/abseil-cpp/absl/meta/type_traits.h +46 -175
- data/third_party/abseil-cpp/absl/numeric/bits.h +68 -2
- data/third_party/abseil-cpp/absl/numeric/int128.cc +0 -52
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +7 -3
- data/third_party/abseil-cpp/absl/profiling/internal/exponential_biased.cc +1 -1
- data/third_party/abseil-cpp/absl/random/bit_gen_ref.h +10 -11
- data/third_party/abseil-cpp/absl/random/distributions.h +6 -8
- data/third_party/abseil-cpp/absl/random/gaussian_distribution.h +1 -1
- data/third_party/abseil-cpp/absl/random/internal/distribution_caller.h +5 -6
- data/third_party/abseil-cpp/absl/random/internal/{pool_urbg.cc → entropy_pool.cc} +22 -90
- data/third_party/abseil-cpp/absl/random/internal/entropy_pool.h +35 -0
- data/third_party/abseil-cpp/absl/random/internal/nonsecure_base.h +5 -6
- data/third_party/abseil-cpp/absl/random/internal/randen_detect.cc +1 -1
- data/third_party/abseil-cpp/absl/random/internal/seed_material.cc +20 -12
- data/third_party/abseil-cpp/absl/random/internal/seed_material.h +5 -5
- data/third_party/abseil-cpp/absl/random/random.h +88 -53
- data/third_party/abseil-cpp/absl/random/seed_sequences.cc +6 -2
- data/third_party/abseil-cpp/absl/status/internal/status_internal.cc +3 -4
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +3 -4
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -3
- data/third_party/abseil-cpp/absl/status/status.cc +4 -8
- data/third_party/abseil-cpp/absl/status/status.h +8 -8
- data/third_party/abseil-cpp/absl/status/status_payload_printer.h +2 -2
- data/third_party/abseil-cpp/absl/status/statusor.cc +2 -2
- data/third_party/abseil-cpp/absl/status/statusor.h +6 -6
- data/third_party/abseil-cpp/absl/strings/ascii.cc +9 -9
- data/third_party/abseil-cpp/absl/strings/ascii.h +18 -18
- data/third_party/abseil-cpp/absl/strings/charconv.cc +21 -22
- data/third_party/abseil-cpp/absl/strings/charconv.h +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +54 -58
- data/third_party/abseil-cpp/absl/strings/cord.h +94 -83
- data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +11 -11
- data/third_party/abseil-cpp/absl/strings/cord_analysis.h +3 -3
- data/third_party/abseil-cpp/absl/strings/escaping.cc +130 -149
- data/third_party/abseil-cpp/absl/strings/escaping.h +9 -10
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +6 -8
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.cc +0 -4
- data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +0 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +7 -63
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +1 -11
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +0 -22
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +5 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +4 -2
- data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +3 -3
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +0 -5
- data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +96 -1
- data/third_party/abseil-cpp/absl/strings/internal/utf8.h +15 -1
- data/third_party/abseil-cpp/absl/strings/numbers.cc +53 -32
- data/third_party/abseil-cpp/absl/strings/numbers.h +87 -58
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +6 -7
- data/third_party/abseil-cpp/absl/strings/str_cat.h +32 -32
- data/third_party/abseil-cpp/absl/strings/str_format.h +18 -18
- data/third_party/abseil-cpp/absl/strings/str_replace.cc +3 -3
- data/third_party/abseil-cpp/absl/strings/str_replace.h +6 -6
- data/third_party/abseil-cpp/absl/strings/string_view.cc +4 -9
- data/third_party/abseil-cpp/absl/strings/string_view.h +27 -32
- data/third_party/abseil-cpp/absl/strings/strip.h +4 -4
- data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -4
- data/third_party/abseil-cpp/absl/strings/substitute.h +66 -64
- data/third_party/abseil-cpp/absl/synchronization/internal/futex_waiter.cc +0 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.cc +0 -5
- data/third_party/abseil-cpp/absl/synchronization/internal/pthread_waiter.cc +0 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/sem_waiter.cc +0 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/stdcpp_waiter.cc +0 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter_base.cc +0 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/win32_waiter.cc +0 -4
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +1 -1
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +97 -69
- data/third_party/abseil-cpp/absl/synchronization/notification.h +1 -1
- data/third_party/abseil-cpp/absl/time/civil_time.cc +1 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +12 -7
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +90 -111
- data/third_party/abseil-cpp/absl/time/time.h +20 -15
- data/third_party/abseil-cpp/absl/types/optional.h +7 -747
- data/third_party/abseil-cpp/absl/types/span.h +13 -11
- data/third_party/abseil-cpp/absl/types/variant.h +5 -784
- data/third_party/abseil-cpp/absl/utility/utility.h +10 -185
- data/third_party/cares/cares/include/ares.h +925 -460
- data/third_party/cares/cares/include/ares_dns.h +86 -71
- data/third_party/cares/cares/include/ares_dns_record.h +1118 -0
- data/third_party/cares/cares/include/ares_nameser.h +215 -189
- data/third_party/cares/cares/include/ares_version.h +37 -14
- data/third_party/cares/cares/src/lib/ares_addrinfo2hostent.c +305 -0
- data/third_party/cares/cares/src/lib/ares_addrinfo_localhost.c +245 -0
- data/third_party/cares/cares/src/lib/ares_android.c +216 -164
- data/third_party/cares/cares/src/lib/ares_android.h +25 -14
- data/third_party/cares/cares/src/lib/ares_cancel.c +68 -44
- data/third_party/cares/cares/src/lib/ares_close_sockets.c +137 -0
- data/third_party/cares/cares/src/lib/ares_conn.c +511 -0
- data/third_party/cares/cares/src/lib/ares_conn.h +196 -0
- data/third_party/cares/cares/src/lib/ares_cookie.c +461 -0
- data/third_party/cares/cares/src/lib/ares_data.c +93 -181
- data/third_party/cares/cares/src/lib/ares_data.h +50 -39
- data/third_party/cares/cares/src/lib/ares_destroy.c +127 -89
- data/third_party/cares/cares/src/lib/ares_free_hostent.c +35 -24
- data/third_party/cares/cares/src/lib/ares_free_string.c +24 -16
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +45 -38
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +549 -663
- data/third_party/cares/cares/src/lib/ares_getenv.c +25 -15
- data/third_party/cares/cares/src/lib/ares_getenv.h +26 -18
- data/third_party/cares/cares/src/lib/ares_gethostbyaddr.c +163 -221
- data/third_party/cares/cares/src/lib/ares_gethostbyname.c +222 -223
- data/third_party/cares/cares/src/lib/ares_getnameinfo.c +328 -338
- data/third_party/cares/cares/src/lib/ares_hosts_file.c +952 -0
- data/third_party/cares/cares/src/lib/ares_inet_net_pton.h +25 -19
- data/third_party/cares/cares/src/lib/ares_init.c +425 -2091
- data/third_party/cares/cares/src/lib/ares_ipv6.h +63 -33
- data/third_party/cares/cares/src/lib/ares_library_init.c +110 -54
- data/third_party/cares/cares/src/lib/ares_metrics.c +261 -0
- data/third_party/cares/cares/src/lib/ares_options.c +418 -332
- data/third_party/cares/cares/src/lib/ares_parse_into_addrinfo.c +179 -0
- data/third_party/cares/cares/src/lib/ares_private.h +558 -356
- data/third_party/cares/cares/src/lib/ares_process.c +1224 -1369
- data/third_party/cares/cares/src/lib/ares_qcache.c +430 -0
- data/third_party/cares/cares/src/lib/ares_query.c +126 -121
- data/third_party/cares/cares/src/lib/ares_search.c +564 -262
- data/third_party/cares/cares/src/lib/ares_send.c +264 -93
- data/third_party/cares/cares/src/lib/ares_set_socket_functions.c +588 -0
- data/third_party/cares/cares/src/lib/ares_setup.h +115 -111
- data/third_party/cares/cares/src/lib/ares_socket.c +425 -0
- data/third_party/cares/cares/src/lib/ares_socket.h +163 -0
- data/third_party/cares/cares/src/lib/ares_sortaddrinfo.c +447 -0
- data/third_party/cares/cares/src/lib/ares_strerror.c +83 -48
- data/third_party/cares/cares/src/lib/ares_sysconfig.c +639 -0
- data/third_party/cares/cares/src/lib/ares_sysconfig_files.c +839 -0
- data/third_party/cares/cares/src/lib/ares_sysconfig_mac.c +373 -0
- data/third_party/cares/cares/src/lib/ares_sysconfig_win.c +621 -0
- data/third_party/cares/cares/src/lib/ares_timeout.c +136 -73
- data/third_party/cares/cares/src/lib/ares_update_servers.c +1362 -0
- data/third_party/cares/cares/src/lib/ares_version.c +29 -4
- data/third_party/cares/cares/src/lib/config-dos.h +88 -89
- data/third_party/cares/cares/src/lib/config-win32.h +122 -77
- data/third_party/cares/cares/src/lib/dsa/ares_array.c +394 -0
- data/third_party/cares/cares/src/lib/dsa/ares_htable.c +447 -0
- data/third_party/cares/cares/src/lib/dsa/ares_htable.h +174 -0
- data/third_party/cares/cares/src/lib/dsa/ares_htable_asvp.c +224 -0
- data/third_party/cares/cares/src/lib/dsa/ares_htable_dict.c +228 -0
- data/third_party/cares/cares/src/lib/dsa/ares_htable_strvp.c +210 -0
- data/third_party/cares/cares/src/lib/dsa/ares_htable_szvp.c +188 -0
- data/third_party/cares/cares/src/lib/dsa/ares_htable_vpstr.c +186 -0
- data/third_party/cares/cares/src/lib/dsa/ares_htable_vpvp.c +194 -0
- data/third_party/cares/cares/src/lib/dsa/ares_llist.c +382 -0
- data/third_party/cares/cares/src/lib/dsa/ares_slist.c +479 -0
- data/third_party/cares/cares/src/lib/dsa/ares_slist.h +207 -0
- data/third_party/cares/cares/src/lib/event/ares_event.h +191 -0
- data/third_party/cares/cares/src/lib/event/ares_event_configchg.c +743 -0
- data/third_party/cares/cares/src/lib/event/ares_event_epoll.c +192 -0
- data/third_party/cares/cares/src/lib/event/ares_event_kqueue.c +248 -0
- data/third_party/cares/cares/src/lib/event/ares_event_poll.c +140 -0
- data/third_party/cares/cares/src/lib/event/ares_event_select.c +159 -0
- data/third_party/cares/cares/src/lib/event/ares_event_thread.c +567 -0
- data/third_party/cares/cares/src/lib/event/ares_event_wake_pipe.c +166 -0
- data/third_party/cares/cares/src/lib/event/ares_event_win32.c +978 -0
- data/third_party/cares/cares/src/lib/event/ares_event_win32.h +161 -0
- data/third_party/cares/cares/src/lib/include/ares_array.h +276 -0
- data/third_party/cares/cares/src/lib/include/ares_buf.h +732 -0
- data/third_party/cares/cares/src/lib/include/ares_htable_asvp.h +130 -0
- data/third_party/cares/cares/src/lib/include/ares_htable_dict.h +123 -0
- data/third_party/cares/cares/src/lib/include/ares_htable_strvp.h +130 -0
- data/third_party/cares/cares/src/lib/include/ares_htable_szvp.h +118 -0
- data/third_party/cares/cares/src/lib/include/ares_htable_vpstr.h +111 -0
- data/third_party/cares/cares/src/lib/include/ares_htable_vpvp.h +128 -0
- data/third_party/cares/cares/src/lib/include/ares_llist.h +239 -0
- data/third_party/cares/cares/src/lib/include/ares_mem.h +38 -0
- data/third_party/cares/cares/src/lib/include/ares_str.h +244 -0
- data/third_party/cares/cares/src/lib/inet_net_pton.c +202 -157
- data/third_party/cares/cares/src/lib/inet_ntop.c +87 -69
- data/third_party/cares/cares/src/lib/legacy/ares_create_query.c +78 -0
- data/third_party/cares/cares/src/lib/legacy/ares_expand_name.c +99 -0
- data/third_party/cares/cares/src/lib/legacy/ares_expand_string.c +107 -0
- data/third_party/cares/cares/src/lib/legacy/ares_fds.c +80 -0
- data/third_party/cares/cares/src/lib/legacy/ares_getsock.c +85 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_a_reply.c +107 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_aaaa_reply.c +109 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_caa_reply.c +137 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_mx_reply.c +110 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_naptr_reply.c +132 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_ns_reply.c +154 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_ptr_reply.c +213 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_soa_reply.c +115 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_srv_reply.c +114 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_txt_reply.c +144 -0
- data/third_party/cares/cares/src/lib/legacy/ares_parse_uri_reply.c +113 -0
- data/third_party/cares/cares/src/lib/record/ares_dns_mapping.c +982 -0
- data/third_party/cares/cares/src/lib/record/ares_dns_multistring.c +307 -0
- data/third_party/cares/cares/src/lib/record/ares_dns_multistring.h +72 -0
- data/third_party/cares/cares/src/lib/record/ares_dns_name.c +673 -0
- data/third_party/cares/cares/src/lib/record/ares_dns_parse.c +1329 -0
- data/third_party/cares/cares/src/lib/record/ares_dns_private.h +273 -0
- data/third_party/cares/cares/src/lib/record/ares_dns_record.c +1661 -0
- data/third_party/cares/cares/src/lib/record/ares_dns_write.c +1229 -0
- data/third_party/cares/cares/src/lib/str/ares_buf.c +1498 -0
- data/third_party/cares/cares/src/lib/str/ares_str.c +508 -0
- data/third_party/cares/cares/src/lib/str/ares_strsplit.c +90 -0
- data/third_party/cares/cares/src/lib/str/ares_strsplit.h +51 -0
- data/third_party/cares/cares/src/lib/thirdparty/apple/dnsinfo.h +122 -0
- data/third_party/cares/cares/src/lib/util/ares_iface_ips.c +628 -0
- data/third_party/cares/cares/src/lib/util/ares_iface_ips.h +139 -0
- data/third_party/cares/cares/src/lib/util/ares_math.c +158 -0
- data/third_party/cares/cares/src/lib/util/ares_math.h +45 -0
- data/third_party/cares/cares/src/lib/util/ares_rand.c +389 -0
- data/third_party/cares/cares/src/lib/util/ares_rand.h +36 -0
- data/third_party/cares/cares/src/lib/util/ares_threads.c +614 -0
- data/third_party/cares/cares/src/lib/util/ares_threads.h +60 -0
- data/third_party/cares/cares/src/lib/util/ares_time.h +48 -0
- data/third_party/cares/cares/src/lib/util/ares_timeval.c +95 -0
- data/third_party/cares/cares/src/lib/util/ares_uri.c +1626 -0
- data/third_party/cares/cares/src/lib/util/ares_uri.h +252 -0
- data/third_party/cares/cares/src/lib/windows_port.c +16 -9
- metadata +192 -68
- data/src/core/lib/event_engine/forkable.cc +0 -105
- data/src/core/lib/event_engine/forkable.h +0 -67
- data/src/core/lib/iomgr/python_util.h +0 -46
- data/src/core/util/ring_buffer.h +0 -122
- data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +0 -108
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +0 -241
- data/third_party/abseil-cpp/absl/log/log_entry.cc +0 -41
- data/third_party/abseil-cpp/absl/random/internal/pool_urbg.h +0 -131
- data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +0 -66
- data/third_party/abseil-cpp/absl/types/bad_optional_access.h +0 -78
- data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +0 -82
- data/third_party/abseil-cpp/absl/types/bad_variant_access.h +0 -82
- data/third_party/abseil-cpp/absl/types/internal/optional.h +0 -352
- data/third_party/abseil-cpp/absl/types/internal/variant.h +0 -1622
- data/third_party/cares/cares/include/ares_rules.h +0 -125
- data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +0 -266
- data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +0 -240
- data/third_party/cares/cares/src/lib/ares__close_sockets.c +0 -61
- data/third_party/cares/cares/src/lib/ares__get_hostent.c +0 -260
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +0 -229
- data/third_party/cares/cares/src/lib/ares__read_line.c +0 -73
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +0 -258
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +0 -507
- data/third_party/cares/cares/src/lib/ares__timeval.c +0 -111
- data/third_party/cares/cares/src/lib/ares_create_query.c +0 -197
- data/third_party/cares/cares/src/lib/ares_expand_name.c +0 -311
- data/third_party/cares/cares/src/lib/ares_expand_string.c +0 -67
- data/third_party/cares/cares/src/lib/ares_fds.c +0 -59
- data/third_party/cares/cares/src/lib/ares_getsock.c +0 -66
- data/third_party/cares/cares/src/lib/ares_iphlpapi.h +0 -221
- data/third_party/cares/cares/src/lib/ares_llist.c +0 -63
- data/third_party/cares/cares/src/lib/ares_llist.h +0 -39
- data/third_party/cares/cares/src/lib/ares_mkquery.c +0 -24
- data/third_party/cares/cares/src/lib/ares_nowarn.c +0 -260
- data/third_party/cares/cares/src/lib/ares_nowarn.h +0 -61
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +0 -90
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +0 -92
- data/third_party/cares/cares/src/lib/ares_parse_caa_reply.c +0 -199
- data/third_party/cares/cares/src/lib/ares_parse_mx_reply.c +0 -164
- data/third_party/cares/cares/src/lib/ares_parse_naptr_reply.c +0 -183
- data/third_party/cares/cares/src/lib/ares_parse_ns_reply.c +0 -177
- data/third_party/cares/cares/src/lib/ares_parse_ptr_reply.c +0 -228
- data/third_party/cares/cares/src/lib/ares_parse_soa_reply.c +0 -179
- data/third_party/cares/cares/src/lib/ares_parse_srv_reply.c +0 -168
- data/third_party/cares/cares/src/lib/ares_parse_txt_reply.c +0 -214
- data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +0 -184
- data/third_party/cares/cares/src/lib/ares_platform.c +0 -11042
- data/third_party/cares/cares/src/lib/ares_platform.h +0 -43
- data/third_party/cares/cares/src/lib/ares_rand.c +0 -279
- data/third_party/cares/cares/src/lib/ares_strcasecmp.c +0 -66
- data/third_party/cares/cares/src/lib/ares_strcasecmp.h +0 -30
- data/third_party/cares/cares/src/lib/ares_strdup.c +0 -42
- data/third_party/cares/cares/src/lib/ares_strdup.h +0 -24
- data/third_party/cares/cares/src/lib/ares_strsplit.c +0 -94
- data/third_party/cares/cares/src/lib/ares_strsplit.h +0 -42
- data/third_party/cares/cares/src/lib/ares_writev.c +0 -79
- data/third_party/cares/cares/src/lib/ares_writev.h +0 -36
- data/third_party/cares/cares/src/lib/bitncmp.c +0 -59
- data/third_party/cares/cares/src/lib/bitncmp.h +0 -26
- data/third_party/cares/cares/src/lib/setup_once.h +0 -554
- data/third_party/cares/cares/src/tools/ares_getopt.h +0 -53
|
@@ -131,7 +131,7 @@ class TcpCallTracer {
|
|
|
131
131
|
virtual void RecordEvent(
|
|
132
132
|
grpc_event_engine::experimental::internal::WriteEvent event,
|
|
133
133
|
absl::Time time, size_t byte_offset,
|
|
134
|
-
std::vector<TcpEventMetric
|
|
134
|
+
const std::vector<TcpEventMetric>& metrics) = 0;
|
|
135
135
|
};
|
|
136
136
|
|
|
137
137
|
class TcpConnectionTracer {
|
|
@@ -27,6 +27,7 @@
|
|
|
27
27
|
|
|
28
28
|
#include "absl/log/check.h"
|
|
29
29
|
#include "absl/log/log.h"
|
|
30
|
+
#include "src/core/config/core_configuration.h"
|
|
30
31
|
#include "src/core/lib/channel/channel_args.h"
|
|
31
32
|
#include "src/core/lib/debug/trace.h"
|
|
32
33
|
#include "src/core/lib/iomgr/exec_ctx.h"
|
|
@@ -151,6 +152,10 @@ void grpc_auth_context::add_property(const char* name, const char* value,
|
|
|
151
152
|
prop->value_length = value_length;
|
|
152
153
|
}
|
|
153
154
|
|
|
155
|
+
void grpc_auth_context::set_protocol(absl::string_view protocol) {
|
|
156
|
+
protocol_ = protocol;
|
|
157
|
+
}
|
|
158
|
+
|
|
154
159
|
void grpc_auth_context_add_property(grpc_auth_context* ctx, const char* name,
|
|
155
160
|
const char* value, size_t value_length) {
|
|
156
161
|
GRPC_TRACE_LOG(api, INFO) << absl::StrFormat(
|
|
@@ -233,3 +238,18 @@ grpc_auth_context* grpc_find_auth_context_in_args(
|
|
|
233
238
|
}
|
|
234
239
|
return nullptr;
|
|
235
240
|
}
|
|
241
|
+
|
|
242
|
+
std::optional<bool> grpc_auth_context::CompareAuthContext(
|
|
243
|
+
const grpc_auth_context* other) {
|
|
244
|
+
if (protocol_.empty() || other->protocol_.empty() ||
|
|
245
|
+
protocol_ != other->protocol_) {
|
|
246
|
+
return std::nullopt;
|
|
247
|
+
}
|
|
248
|
+
auto* comparator = grpc_core::CoreConfiguration::Get()
|
|
249
|
+
.auth_context_comparator_registry()
|
|
250
|
+
.GetComparator(protocol_);
|
|
251
|
+
if (comparator == nullptr) {
|
|
252
|
+
return std::nullopt;
|
|
253
|
+
}
|
|
254
|
+
return (*comparator)(this, other);
|
|
255
|
+
}
|
|
@@ -120,6 +120,9 @@ struct grpc_auth_context
|
|
|
120
120
|
void ensure_capacity();
|
|
121
121
|
void add_property(const char* name, const char* value, size_t value_length);
|
|
122
122
|
void add_cstring_property(const char* name, const char* value);
|
|
123
|
+
void set_protocol(absl::string_view protocol);
|
|
124
|
+
// Returns std::nullopt if auth context comparison is not supported.
|
|
125
|
+
std::optional<bool> CompareAuthContext(const grpc_auth_context* other);
|
|
123
126
|
|
|
124
127
|
private:
|
|
125
128
|
grpc_core::RefCountedPtr<grpc_auth_context> chained_;
|
|
@@ -127,6 +130,7 @@ struct grpc_auth_context
|
|
|
127
130
|
const char* peer_identity_property_name_ = nullptr;
|
|
128
131
|
std::unique_ptr<Extension> extension_;
|
|
129
132
|
grpc_core::OrphanablePtr<grpc_core::ConnectionContext> connection_context_;
|
|
133
|
+
std::string protocol_;
|
|
130
134
|
};
|
|
131
135
|
|
|
132
136
|
// --- Channel args for auth context ---
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
//
|
|
2
|
+
// Copyright 2025 gRPC authors.
|
|
3
|
+
//
|
|
4
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
+
// you may not use this file except in compliance with the License.
|
|
6
|
+
// You may obtain a copy of the License at
|
|
7
|
+
//
|
|
8
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
+
//
|
|
10
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
+
// See the License for the specific language governing permissions and
|
|
14
|
+
// limitations under the License.
|
|
15
|
+
//
|
|
16
|
+
|
|
17
|
+
#ifndef GRPC_SRC_CORE_TRANSPORT_AUTH_CONTEXT_COMPARATOR_REGISTRY_H
|
|
18
|
+
#define GRPC_SRC_CORE_TRANSPORT_AUTH_CONTEXT_COMPARATOR_REGISTRY_H
|
|
19
|
+
|
|
20
|
+
#include <grpc/impl/grpc_types.h>
|
|
21
|
+
|
|
22
|
+
#include "absl/functional/any_invocable.h"
|
|
23
|
+
#include "src/core/lib/channel/channel_args.h"
|
|
24
|
+
|
|
25
|
+
struct grpc_auth_context;
|
|
26
|
+
|
|
27
|
+
class AuthContextComparatorRegistry {
|
|
28
|
+
private:
|
|
29
|
+
using Compare = absl::AnyInvocable<bool(const grpc_auth_context*,
|
|
30
|
+
const grpc_auth_context*)>;
|
|
31
|
+
using ComparatorMap = std::map<std::string, std::unique_ptr<Compare>>;
|
|
32
|
+
|
|
33
|
+
public:
|
|
34
|
+
class Builder {
|
|
35
|
+
public:
|
|
36
|
+
void RegisterComparator(
|
|
37
|
+
std::string name,
|
|
38
|
+
std::unique_ptr<absl::AnyInvocable<bool(const grpc_auth_context*,
|
|
39
|
+
const grpc_auth_context*)>>
|
|
40
|
+
comparator) {
|
|
41
|
+
if (comparators_.find(name) != comparators_.end()) {
|
|
42
|
+
LOG(FATAL) << "Duplicate comparator registration: " << name;
|
|
43
|
+
}
|
|
44
|
+
comparators_[name] = std::move(comparator);
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
AuthContextComparatorRegistry Build() {
|
|
48
|
+
return AuthContextComparatorRegistry(std::move(comparators_));
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
private:
|
|
52
|
+
ComparatorMap comparators_;
|
|
53
|
+
};
|
|
54
|
+
|
|
55
|
+
Compare* GetComparator(absl::string_view name) const {
|
|
56
|
+
auto it = comparators_.find(std::string(name));
|
|
57
|
+
if (it == comparators_.end()) {
|
|
58
|
+
return nullptr;
|
|
59
|
+
}
|
|
60
|
+
return it->second.get();
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
private:
|
|
64
|
+
explicit AuthContextComparatorRegistry(ComparatorMap comparators)
|
|
65
|
+
: comparators_(std::move(comparators)) {}
|
|
66
|
+
ComparatorMap comparators_;
|
|
67
|
+
};
|
|
68
|
+
|
|
69
|
+
#endif // GRPC_SRC_CORE_TRANSPORT_AUTH_CONTEXT_COMPARATOR_REGISTRY_H
|
|
@@ -235,11 +235,10 @@ void alts_handshaker_client_handle_response(alts_handshaker_client* c,
|
|
|
235
235
|
return;
|
|
236
236
|
}
|
|
237
237
|
if (recv_buffer == nullptr) {
|
|
238
|
-
VLOG(2)
|
|
239
|
-
<< "recv_buffer is nullptr in alts_tsi_handshaker_handle_response()";
|
|
238
|
+
VLOG(2) << "failed to receive a response from the alts handshaker service";
|
|
240
239
|
handle_response_done(
|
|
241
240
|
client, TSI_INTERNAL_ERROR,
|
|
242
|
-
"
|
|
241
|
+
"failed to receive a response from the alts handshaker service",
|
|
243
242
|
nullptr, 0, nullptr);
|
|
244
243
|
return;
|
|
245
244
|
}
|
|
@@ -249,12 +249,20 @@ static tsi_result alts_zero_copy_grpc_protector_max_frame_size(
|
|
|
249
249
|
return TSI_OK;
|
|
250
250
|
}
|
|
251
251
|
|
|
252
|
+
static bool alts_zero_copy_grpc_protector_read_frame_size(
|
|
253
|
+
tsi_zero_copy_grpc_protector*, grpc_slice_buffer* protected_slices,
|
|
254
|
+
uint32_t* frame_size) {
|
|
255
|
+
if (frame_size == nullptr) return false;
|
|
256
|
+
return read_frame_size(protected_slices, frame_size);
|
|
257
|
+
}
|
|
258
|
+
|
|
252
259
|
static const tsi_zero_copy_grpc_protector_vtable
|
|
253
260
|
alts_zero_copy_grpc_protector_vtable = {
|
|
254
261
|
alts_zero_copy_grpc_protector_protect,
|
|
255
262
|
alts_zero_copy_grpc_protector_unprotect,
|
|
256
263
|
alts_zero_copy_grpc_protector_destroy,
|
|
257
|
-
alts_zero_copy_grpc_protector_max_frame_size
|
|
264
|
+
alts_zero_copy_grpc_protector_max_frame_size,
|
|
265
|
+
alts_zero_copy_grpc_protector_read_frame_size};
|
|
258
266
|
|
|
259
267
|
tsi_result alts_zero_copy_grpc_protector_create(
|
|
260
268
|
const grpc_core::GsecKeyFactoryInterface& key_factory, bool is_client,
|
|
@@ -262,8 +270,8 @@ tsi_result alts_zero_copy_grpc_protector_create(
|
|
|
262
270
|
size_t* max_protected_frame_size,
|
|
263
271
|
tsi_zero_copy_grpc_protector** protector) {
|
|
264
272
|
if (protector == nullptr) {
|
|
265
|
-
LOG(ERROR)
|
|
266
|
-
|
|
273
|
+
LOG(ERROR) << "Invalid nullptr arguments to "
|
|
274
|
+
"alts_zero_copy_grpc_protector create.";
|
|
267
275
|
return TSI_INVALID_ARGUMENT;
|
|
268
276
|
}
|
|
269
277
|
// Creates alts_zero_copy_protector.
|
|
@@ -520,12 +520,29 @@ static tsi_result fake_zero_copy_grpc_protector_max_frame_size(
|
|
|
520
520
|
return TSI_OK;
|
|
521
521
|
}
|
|
522
522
|
|
|
523
|
+
static bool fake_zero_copy_grpc_protector_read_frame_size(
|
|
524
|
+
tsi_zero_copy_grpc_protector*, grpc_slice_buffer* protected_slices,
|
|
525
|
+
uint32_t* frame_size) {
|
|
526
|
+
if (frame_size == nullptr) return false;
|
|
527
|
+
uint32_t parsed_frame_size = 0;
|
|
528
|
+
while (protected_slices->length >= TSI_FAKE_FRAME_HEADER_SIZE) {
|
|
529
|
+
uint32_t parsed_frame_size = read_frame_size(protected_slices);
|
|
530
|
+
if (parsed_frame_size <= 4) {
|
|
531
|
+
LOG(ERROR) << "Invalid frame size.";
|
|
532
|
+
return false;
|
|
533
|
+
}
|
|
534
|
+
}
|
|
535
|
+
*frame_size = parsed_frame_size;
|
|
536
|
+
return true;
|
|
537
|
+
}
|
|
538
|
+
|
|
523
539
|
static const tsi_zero_copy_grpc_protector_vtable
|
|
524
540
|
zero_copy_grpc_protector_vtable = {
|
|
525
541
|
fake_zero_copy_grpc_protector_protect,
|
|
526
542
|
fake_zero_copy_grpc_protector_unprotect,
|
|
527
543
|
fake_zero_copy_grpc_protector_destroy,
|
|
528
544
|
fake_zero_copy_grpc_protector_max_frame_size,
|
|
545
|
+
fake_zero_copy_grpc_protector_read_frame_size,
|
|
529
546
|
};
|
|
530
547
|
|
|
531
548
|
// --- tsi_handshaker_result methods implementation. ---
|
|
@@ -71,6 +71,7 @@
|
|
|
71
71
|
#include "src/core/tsi/transport_security_interface.h"
|
|
72
72
|
#include "src/core/util/crash.h"
|
|
73
73
|
#include "src/core/util/env.h"
|
|
74
|
+
#include "src/core/util/match.h"
|
|
74
75
|
#include "src/core/util/sync.h"
|
|
75
76
|
#include "src/core/util/useful.h"
|
|
76
77
|
|
|
@@ -118,6 +119,7 @@ struct tsi_ssl_client_handshaker_factory {
|
|
|
118
119
|
size_t alpn_protocol_list_length;
|
|
119
120
|
grpc_core::RefCountedPtr<tsi::SslSessionLRUCache> session_cache;
|
|
120
121
|
grpc_core::RefCountedPtr<TlsSessionKeyLogger> key_logger;
|
|
122
|
+
std::shared_ptr<RootCertInfo> root_cert_info;
|
|
121
123
|
};
|
|
122
124
|
|
|
123
125
|
struct tsi_ssl_server_handshaker_factory {
|
|
@@ -131,6 +133,7 @@ struct tsi_ssl_server_handshaker_factory {
|
|
|
131
133
|
unsigned char* alpn_protocol_list;
|
|
132
134
|
size_t alpn_protocol_list_length;
|
|
133
135
|
grpc_core::RefCountedPtr<TlsSessionKeyLogger> key_logger;
|
|
136
|
+
std::shared_ptr<RootCertInfo> root_cert_info;
|
|
134
137
|
};
|
|
135
138
|
|
|
136
139
|
struct tsi_ssl_handshaker {
|
|
@@ -250,6 +253,7 @@ int ServerHandshakerFactoryAlpnCallback(SSL* /*ssl*/, const unsigned char** out,
|
|
|
250
253
|
static gpr_once g_init_openssl_once = GPR_ONCE_INIT;
|
|
251
254
|
static int g_ssl_ctx_ex_factory_index = -1;
|
|
252
255
|
static int g_ssl_ctx_ex_crl_provider_index = -1;
|
|
256
|
+
static int g_ssl_ctx_ex_spiffe_bundle_map_index = -1;
|
|
253
257
|
static const unsigned char kSslSessionIdContext[] = {'g', 'r', 'p', 'c'};
|
|
254
258
|
static int g_ssl_ex_verified_root_cert_index = -1;
|
|
255
259
|
#if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_NO_ENGINE)
|
|
@@ -340,6 +344,10 @@ static void init_openssl(void) {
|
|
|
340
344
|
SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
|
|
341
345
|
CHECK_NE(g_ssl_ctx_ex_crl_provider_index, -1);
|
|
342
346
|
|
|
347
|
+
g_ssl_ctx_ex_spiffe_bundle_map_index =
|
|
348
|
+
SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
|
|
349
|
+
CHECK_NE(g_ssl_ctx_ex_spiffe_bundle_map_index, -1);
|
|
350
|
+
|
|
343
351
|
g_ssl_ex_verified_root_cert_index = SSL_get_ex_new_index(
|
|
344
352
|
0, nullptr, nullptr, nullptr, verified_root_cert_free);
|
|
345
353
|
CHECK_NE(g_ssl_ex_verified_root_cert_index, -1);
|
|
@@ -1231,6 +1239,114 @@ static int CheckChainRevocation(
|
|
|
1231
1239
|
return 1;
|
|
1232
1240
|
}
|
|
1233
1241
|
|
|
1242
|
+
static grpc_core::SpiffeBundleMap* GetSpiffeBundleMap(X509_STORE_CTX* ctx) {
|
|
1243
|
+
CHECK(ctx != nullptr);
|
|
1244
|
+
ERR_clear_error();
|
|
1245
|
+
int ssl_index = SSL_get_ex_data_X509_STORE_CTX_idx();
|
|
1246
|
+
if (ssl_index < 0) {
|
|
1247
|
+
char err_str[256];
|
|
1248
|
+
ERR_error_string_n(ERR_get_error(), err_str, sizeof(err_str));
|
|
1249
|
+
GRPC_TRACE_LOG(tsi, INFO)
|
|
1250
|
+
<< "error getting the SSL index from the X509_STORE_CTX while getting "
|
|
1251
|
+
"the SPIFFE Bundle Map: "
|
|
1252
|
+
<< err_str;
|
|
1253
|
+
return nullptr;
|
|
1254
|
+
}
|
|
1255
|
+
SSL* ssl = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, ssl_index));
|
|
1256
|
+
if (ssl == nullptr) {
|
|
1257
|
+
GRPC_TRACE_LOG(tsi, INFO)
|
|
1258
|
+
<< "error while fetching SPIFFE Bundle Map. SSL object is null";
|
|
1259
|
+
return nullptr;
|
|
1260
|
+
}
|
|
1261
|
+
SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl);
|
|
1262
|
+
return static_cast<grpc_core::SpiffeBundleMap*>(
|
|
1263
|
+
SSL_CTX_get_ex_data(ssl_ctx, g_ssl_ctx_ex_spiffe_bundle_map_index));
|
|
1264
|
+
}
|
|
1265
|
+
|
|
1266
|
+
static absl::StatusOr<std::string> GetSpiffeUriFromCert(X509* cert) {
|
|
1267
|
+
CHECK(cert != nullptr);
|
|
1268
|
+
GENERAL_NAMES* subject_alt_names = static_cast<GENERAL_NAMES*>(
|
|
1269
|
+
X509_get_ext_d2i(cert, NID_subject_alt_name, nullptr, nullptr));
|
|
1270
|
+
int uri_count = 0;
|
|
1271
|
+
absl::StatusOr<std::string> spiffe_uri = absl::InvalidArgumentError(
|
|
1272
|
+
"spiffe: no SPIFFE ID found in leaf certificate.");
|
|
1273
|
+
if (subject_alt_names != nullptr) {
|
|
1274
|
+
size_t subject_alt_name_count = sk_GENERAL_NAME_num(subject_alt_names);
|
|
1275
|
+
for (size_t i = 0; i < subject_alt_name_count; i++) {
|
|
1276
|
+
GENERAL_NAME* subject_alt_name =
|
|
1277
|
+
sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i));
|
|
1278
|
+
if (subject_alt_name == nullptr) {
|
|
1279
|
+
continue;
|
|
1280
|
+
}
|
|
1281
|
+
if (subject_alt_name->type == GEN_URI) {
|
|
1282
|
+
uri_count++;
|
|
1283
|
+
if (uri_count > 1) {
|
|
1284
|
+
sk_GENERAL_NAME_pop_free(subject_alt_names, GENERAL_NAME_free);
|
|
1285
|
+
return absl::InvalidArgumentError(
|
|
1286
|
+
"spiffe: more than one SAN URI found while doing SPIFFE "
|
|
1287
|
+
"validation. Must "
|
|
1288
|
+
"have exactly one URI SAN that is the SPIFFE ID.");
|
|
1289
|
+
}
|
|
1290
|
+
spiffe_uri = grpc_core::ParseUriString(subject_alt_name);
|
|
1291
|
+
}
|
|
1292
|
+
}
|
|
1293
|
+
}
|
|
1294
|
+
sk_GENERAL_NAME_pop_free(subject_alt_names, GENERAL_NAME_free);
|
|
1295
|
+
GRPC_RETURN_IF_ERROR(spiffe_uri.status());
|
|
1296
|
+
if (spiffe_uri->empty()) {
|
|
1297
|
+
return absl::InvalidArgumentError(
|
|
1298
|
+
"spiffe: no URI SAN found in leaf certificate");
|
|
1299
|
+
}
|
|
1300
|
+
return spiffe_uri;
|
|
1301
|
+
}
|
|
1302
|
+
|
|
1303
|
+
static absl::StatusOr<std::string> SpiffeTrustDomainFromCert(X509* cert) {
|
|
1304
|
+
CHECK(cert != nullptr);
|
|
1305
|
+
auto subject_name = GetSpiffeUriFromCert(cert);
|
|
1306
|
+
GRPC_RETURN_IF_ERROR(subject_name.status());
|
|
1307
|
+
auto spiffe_id = grpc_core::SpiffeId::FromString(*subject_name);
|
|
1308
|
+
GRPC_RETURN_IF_ERROR(spiffe_id.status());
|
|
1309
|
+
return std::string(spiffe_id->trust_domain());
|
|
1310
|
+
}
|
|
1311
|
+
|
|
1312
|
+
// Fills ctx's trusted roots with the roots in the SPIFFE Bundle Map that
|
|
1313
|
+
// are associated with the to-be-verified leaf certificate's trust domain.
|
|
1314
|
+
// For more detail see
|
|
1315
|
+
// https://github.com/grpc/proposal/blob/master/A87-mtls-spiffe-support.md
|
|
1316
|
+
absl::Status ConfigureSpiffeRoots(
|
|
1317
|
+
X509_STORE_CTX* ctx, grpc_core::SpiffeBundleMap* spiffe_bundle_map) {
|
|
1318
|
+
CHECK(ctx != nullptr);
|
|
1319
|
+
if (spiffe_bundle_map == nullptr) {
|
|
1320
|
+
return absl::InvalidArgumentError(
|
|
1321
|
+
"cannot configure spiffe roots with a nullptr spiffe_bundle_map.");
|
|
1322
|
+
}
|
|
1323
|
+
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
1324
|
+
X509* leaf_cert = X509_STORE_CTX_get0_cert(ctx);
|
|
1325
|
+
#else
|
|
1326
|
+
X509* leaf_cert = ctx->cert;
|
|
1327
|
+
#endif
|
|
1328
|
+
if (leaf_cert == nullptr) {
|
|
1329
|
+
return absl::InvalidArgumentError(
|
|
1330
|
+
"A SPIFFE bundle map was configured but the leaf cert is null");
|
|
1331
|
+
}
|
|
1332
|
+
absl::StatusOr<std::string> trust_domain =
|
|
1333
|
+
SpiffeTrustDomainFromCert(leaf_cert);
|
|
1334
|
+
GRPC_RETURN_IF_ERROR(trust_domain.status());
|
|
1335
|
+
auto root_stack = spiffe_bundle_map->GetRootStack(*trust_domain);
|
|
1336
|
+
GRPC_RETURN_IF_ERROR(root_stack.status());
|
|
1337
|
+
if (*root_stack == nullptr) {
|
|
1338
|
+
return absl::InvalidArgumentError(
|
|
1339
|
+
"spiffe: root stack in the SPIFFE Bundle Map is nullptr.");
|
|
1340
|
+
}
|
|
1341
|
+
// the boringSSL library objective-C used did not have this function defined
|
|
1342
|
+
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_APPLE)
|
|
1343
|
+
X509_STORE_CTX_set0_trusted_stack(ctx, *root_stack);
|
|
1344
|
+
#else
|
|
1345
|
+
X509_STORE_CTX_trusted_stack(ctx, *root_stack);
|
|
1346
|
+
#endif
|
|
1347
|
+
return absl::OkStatus();
|
|
1348
|
+
}
|
|
1349
|
+
|
|
1234
1350
|
// The custom verification function to set in OpenSSL using
|
|
1235
1351
|
// X509_set_cert_verify_callback. This calls the standard OpenSSL procedure
|
|
1236
1352
|
// (X509_verify_cert), then also extracts the root certificate in the built
|
|
@@ -1238,12 +1354,24 @@ static int CheckChainRevocation(
|
|
|
1238
1354
|
// returns 1 on success, indicating a trusted chain to a root of trust was
|
|
1239
1355
|
// found, 0 if a trusted chain could not be built.
|
|
1240
1356
|
static int CustomVerificationFunction(X509_STORE_CTX* ctx, void* arg) {
|
|
1357
|
+
CHECK(ctx != nullptr);
|
|
1358
|
+
grpc_core::SpiffeBundleMap* spiffe_bundle_map = GetSpiffeBundleMap(ctx);
|
|
1359
|
+
if (spiffe_bundle_map != nullptr) {
|
|
1360
|
+
// If a SPIFFE Bundle Map is configured, we'll use
|
|
1361
|
+
// X509_STORE_CTX_set0_trusted_stack to then configure these as the roots
|
|
1362
|
+
// for verification.
|
|
1363
|
+
absl::Status status = ConfigureSpiffeRoots(ctx, spiffe_bundle_map);
|
|
1364
|
+
if (!status.ok()) {
|
|
1365
|
+
VLOG(2) << "Failed to configure SPIFFE roots: " << status;
|
|
1366
|
+
return -1;
|
|
1367
|
+
}
|
|
1368
|
+
}
|
|
1241
1369
|
int ret = X509_verify_cert(ctx);
|
|
1242
1370
|
if (ret <= 0) {
|
|
1243
1371
|
VLOG(2) << "Failed to verify cert chain.";
|
|
1244
1372
|
// Verification failed. We shouldn't expect to have a verified chain, so
|
|
1245
|
-
// there is no need to attempt to extract the root cert from it, check
|
|
1246
|
-
// revocation, or check anything else.
|
|
1373
|
+
// there is no need to attempt to extract the root cert from it, check
|
|
1374
|
+
// for revocation, or check anything else.
|
|
1247
1375
|
return ret;
|
|
1248
1376
|
}
|
|
1249
1377
|
grpc_core::experimental::CrlProvider* provider = GetCrlProvider(ctx);
|
|
@@ -1257,9 +1385,9 @@ static int CustomVerificationFunction(X509_STORE_CTX* ctx, void* arg) {
|
|
|
1257
1385
|
return RootCertExtractCallback(ctx, arg);
|
|
1258
1386
|
}
|
|
1259
1387
|
|
|
1260
|
-
// Sets the min and max TLS version of |ssl_context| to |min_tls_version|
|
|
1261
|
-
// |max_tls_version|, respectively. Calling this method is a no-op when
|
|
1262
|
-
// OpenSSL versions < 1.1.
|
|
1388
|
+
// Sets the min and max TLS version of |ssl_context| to |min_tls_version|
|
|
1389
|
+
// and |max_tls_version|, respectively. Calling this method is a no-op when
|
|
1390
|
+
// using OpenSSL versions < 1.1.
|
|
1263
1391
|
static tsi_result tsi_set_min_and_max_tls_versions(
|
|
1264
1392
|
SSL_CTX* ssl_context, tsi_tls_version min_tls_version,
|
|
1265
1393
|
tsi_tls_version max_tls_version) {
|
|
@@ -2127,6 +2255,8 @@ tsi_result tsi_ssl_client_handshaker_factory_create_handshaker(
|
|
|
2127
2255
|
size_t ssl_bio_buf_size,
|
|
2128
2256
|
std::optional<std::string> alpn_preferred_protocol_list,
|
|
2129
2257
|
tsi_handshaker** handshaker) {
|
|
2258
|
+
GRPC_TRACE_LOG(tsi, INFO)
|
|
2259
|
+
<< "Creating SSL handshaker with SNI " << server_name_indication;
|
|
2130
2260
|
return create_tsi_ssl_handshaker(
|
|
2131
2261
|
factory->ssl_context, 1, server_name_indication, network_bio_buf_size,
|
|
2132
2262
|
ssl_bio_buf_size, alpn_preferred_protocol_list, &factory->base,
|
|
@@ -2153,9 +2283,7 @@ static void tsi_ssl_client_handshaker_factory_destroy(
|
|
|
2153
2283
|
reinterpret_cast<tsi_ssl_client_handshaker_factory*>(factory);
|
|
2154
2284
|
if (self->ssl_context != nullptr) SSL_CTX_free(self->ssl_context);
|
|
2155
2285
|
if (self->alpn_protocol_list != nullptr) gpr_free(self->alpn_protocol_list);
|
|
2156
|
-
self
|
|
2157
|
-
self->key_logger.reset();
|
|
2158
|
-
gpr_free(self);
|
|
2286
|
+
delete self;
|
|
2159
2287
|
}
|
|
2160
2288
|
|
|
2161
2289
|
static int client_handshaker_factory_npn_callback(
|
|
@@ -2204,8 +2332,7 @@ static void tsi_ssl_server_handshaker_factory_destroy(
|
|
|
2204
2332
|
gpr_free(self->ssl_context_x509_subject_names);
|
|
2205
2333
|
}
|
|
2206
2334
|
if (self->alpn_protocol_list != nullptr) gpr_free(self->alpn_protocol_list);
|
|
2207
|
-
self
|
|
2208
|
-
gpr_free(self);
|
|
2335
|
+
delete self;
|
|
2209
2336
|
}
|
|
2210
2337
|
|
|
2211
2338
|
static int does_entry_match_name(absl::string_view entry,
|
|
@@ -2328,7 +2455,9 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
|
|
|
2328
2455
|
tsi_ssl_client_handshaker_factory** factory) {
|
|
2329
2456
|
tsi_ssl_client_handshaker_options options;
|
|
2330
2457
|
options.pem_key_cert_pair = pem_key_cert_pair;
|
|
2331
|
-
|
|
2458
|
+
if (pem_root_certs != nullptr) {
|
|
2459
|
+
options.root_cert_info = std::make_shared<RootCertInfo>(pem_root_certs);
|
|
2460
|
+
}
|
|
2332
2461
|
options.cipher_suites = cipher_suites;
|
|
2333
2462
|
options.alpn_protocols = alpn_protocols;
|
|
2334
2463
|
options.num_alpn_protocols = num_alpn_protocols;
|
|
@@ -2347,7 +2476,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
|
|
|
2347
2476
|
|
|
2348
2477
|
if (factory == nullptr) return TSI_INVALID_ARGUMENT;
|
|
2349
2478
|
*factory = nullptr;
|
|
2350
|
-
if (options->
|
|
2479
|
+
if (options->root_store == nullptr && options->root_cert_info == nullptr &&
|
|
2351
2480
|
!options->skip_server_certificate_verification) {
|
|
2352
2481
|
return TSI_INVALID_ARGUMENT;
|
|
2353
2482
|
}
|
|
@@ -2370,8 +2499,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
|
|
|
2370
2499
|
ssl_context, options->min_tls_version, options->max_tls_version);
|
|
2371
2500
|
if (result != TSI_OK) return result;
|
|
2372
2501
|
|
|
2373
|
-
impl =
|
|
2374
|
-
gpr_zalloc(sizeof(*impl)));
|
|
2502
|
+
impl = new tsi_ssl_client_handshaker_factory();
|
|
2375
2503
|
tsi_ssl_handshaker_factory_init(&impl->base);
|
|
2376
2504
|
impl->base.vtable = &client_handshaker_factory_vtable;
|
|
2377
2505
|
impl->ssl_context = ssl_context;
|
|
@@ -2384,6 +2512,9 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
|
|
|
2384
2512
|
server_handshaker_factory_new_session_callback);
|
|
2385
2513
|
SSL_CTX_set_session_cache_mode(ssl_context, SSL_SESS_CACHE_CLIENT);
|
|
2386
2514
|
}
|
|
2515
|
+
if (options->root_cert_info != nullptr) {
|
|
2516
|
+
impl->root_cert_info = options->root_cert_info;
|
|
2517
|
+
}
|
|
2387
2518
|
|
|
2388
2519
|
#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
|
|
2389
2520
|
if (options->key_logger != nullptr) {
|
|
@@ -2415,10 +2546,23 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
|
|
|
2415
2546
|
#endif
|
|
2416
2547
|
if (OPENSSL_VERSION_NUMBER < 0x10100000 ||
|
|
2417
2548
|
(options->root_store == nullptr &&
|
|
2418
|
-
options->
|
|
2419
|
-
|
|
2420
|
-
|
|
2421
|
-
|
|
2549
|
+
options->root_cert_info != nullptr)) {
|
|
2550
|
+
Match(
|
|
2551
|
+
*options->root_cert_info,
|
|
2552
|
+
[&](const std::string& pem_root_certs) {
|
|
2553
|
+
result = ssl_ctx_load_verification_certs(
|
|
2554
|
+
ssl_context, pem_root_certs.c_str(), pem_root_certs.size(),
|
|
2555
|
+
nullptr);
|
|
2556
|
+
},
|
|
2557
|
+
[&](const grpc_core::SpiffeBundleMap& spiffe_bundle_map) {
|
|
2558
|
+
X509_STORE* cert_store = SSL_CTX_get_cert_store(ssl_context);
|
|
2559
|
+
X509_STORE_set_flags(cert_store, X509_V_FLAG_PARTIAL_CHAIN |
|
|
2560
|
+
X509_V_FLAG_TRUSTED_FIRST);
|
|
2561
|
+
const void* p = &spiffe_bundle_map;
|
|
2562
|
+
void* map = const_cast<void*>(p);
|
|
2563
|
+
SSL_CTX_set_ex_data(ssl_context,
|
|
2564
|
+
g_ssl_ctx_ex_spiffe_bundle_map_index, map);
|
|
2565
|
+
});
|
|
2422
2566
|
X509_STORE* cert_store = SSL_CTX_get_cert_store(ssl_context);
|
|
2423
2567
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
|
2424
2568
|
X509_VERIFY_PARAM* param = X509_STORE_get0_param(cert_store);
|
|
@@ -2516,7 +2660,10 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
|
|
|
2516
2660
|
tsi_ssl_server_handshaker_options options;
|
|
2517
2661
|
options.pem_key_cert_pairs = pem_key_cert_pairs;
|
|
2518
2662
|
options.num_key_cert_pairs = num_key_cert_pairs;
|
|
2519
|
-
|
|
2663
|
+
if (pem_client_root_certs != nullptr) {
|
|
2664
|
+
options.root_cert_info =
|
|
2665
|
+
std::make_shared<RootCertInfo>(pem_client_root_certs);
|
|
2666
|
+
}
|
|
2520
2667
|
options.client_certificate_request = client_certificate_request;
|
|
2521
2668
|
options.cipher_suites = cipher_suites;
|
|
2522
2669
|
options.alpn_protocols = alpn_protocols;
|
|
@@ -2541,8 +2688,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
|
|
|
2541
2688
|
return TSI_INVALID_ARGUMENT;
|
|
2542
2689
|
}
|
|
2543
2690
|
|
|
2544
|
-
impl =
|
|
2545
|
-
gpr_zalloc(sizeof(*impl)));
|
|
2691
|
+
impl = new tsi_ssl_server_handshaker_factory();
|
|
2546
2692
|
tsi_ssl_handshaker_factory_init(&impl->base);
|
|
2547
2693
|
impl->base.vtable = &server_handshaker_factory_vtable;
|
|
2548
2694
|
|
|
@@ -2556,6 +2702,9 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
|
|
|
2556
2702
|
return TSI_OUT_OF_RESOURCES;
|
|
2557
2703
|
}
|
|
2558
2704
|
impl->ssl_context_count = options->num_key_cert_pairs;
|
|
2705
|
+
if (options->root_cert_info != nullptr) {
|
|
2706
|
+
impl->root_cert_info = options->root_cert_info;
|
|
2707
|
+
}
|
|
2559
2708
|
|
|
2560
2709
|
if (options->num_alpn_protocols > 0) {
|
|
2561
2710
|
result = BuildAlpnProtocolNameList(
|
|
@@ -2620,20 +2769,34 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
|
|
|
2620
2769
|
break;
|
|
2621
2770
|
}
|
|
2622
2771
|
}
|
|
2623
|
-
|
|
2624
|
-
|
|
2625
|
-
|
|
2626
|
-
|
|
2627
|
-
|
|
2628
|
-
|
|
2629
|
-
|
|
2772
|
+
if (options->root_cert_info != nullptr) {
|
|
2773
|
+
Match(
|
|
2774
|
+
*options->root_cert_info,
|
|
2775
|
+
[&](const std::string& pem_root_certs) {
|
|
2776
|
+
STACK_OF(X509_NAME)* root_names = nullptr;
|
|
2777
|
+
result = ssl_ctx_load_verification_certs(
|
|
2778
|
+
impl->ssl_contexts[i], pem_root_certs.c_str(),
|
|
2779
|
+
pem_root_certs.size(), nullptr);
|
|
2780
|
+
if (result != TSI_OK) {
|
|
2781
|
+
LOG(ERROR) << "Invalid verification certs.";
|
|
2782
|
+
}
|
|
2783
|
+
if (options->send_client_ca_list) {
|
|
2784
|
+
SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
|
|
2785
|
+
}
|
|
2786
|
+
},
|
|
2787
|
+
[&](const grpc_core::SpiffeBundleMap& spiffe_bundle_map) {
|
|
2788
|
+
X509_STORE* cert_store =
|
|
2789
|
+
SSL_CTX_get_cert_store(impl->ssl_contexts[i]);
|
|
2790
|
+
X509_STORE_set_flags(cert_store, X509_V_FLAG_PARTIAL_CHAIN |
|
|
2791
|
+
X509_V_FLAG_TRUSTED_FIRST);
|
|
2792
|
+
const void* p = &spiffe_bundle_map;
|
|
2793
|
+
void* map = const_cast<void*>(p);
|
|
2794
|
+
SSL_CTX_set_ex_data(impl->ssl_contexts[i],
|
|
2795
|
+
g_ssl_ctx_ex_spiffe_bundle_map_index, map);
|
|
2796
|
+
});
|
|
2630
2797
|
if (result != TSI_OK) {
|
|
2631
|
-
LOG(ERROR) << "Invalid verification certs.";
|
|
2632
2798
|
break;
|
|
2633
2799
|
}
|
|
2634
|
-
if (options->send_client_ca_list) {
|
|
2635
|
-
SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
|
|
2636
|
-
}
|
|
2637
2800
|
}
|
|
2638
2801
|
switch (options->client_certificate_request) {
|
|
2639
2802
|
case TSI_DONT_REQUEST_CLIENT_CERTIFICATE:
|
|
@@ -2768,6 +2931,16 @@ int tsi_ssl_peer_matches_name(const tsi_peer* peer, absl::string_view name) {
|
|
|
2768
2931
|
return 0; // Not found.
|
|
2769
2932
|
}
|
|
2770
2933
|
|
|
2934
|
+
bool IsRootCertInfoEmpty(const RootCertInfo* root_cert_info) {
|
|
2935
|
+
if (root_cert_info == nullptr) return true;
|
|
2936
|
+
return Match(
|
|
2937
|
+
*root_cert_info,
|
|
2938
|
+
[&](const std::string& pem_root_certs) { return pem_root_certs.empty(); },
|
|
2939
|
+
[&](const grpc_core::SpiffeBundleMap& spiffe_bundle_map) {
|
|
2940
|
+
return spiffe_bundle_map.size() == 0;
|
|
2941
|
+
});
|
|
2942
|
+
}
|
|
2943
|
+
|
|
2771
2944
|
// --- Testing support. ---
|
|
2772
2945
|
const tsi_ssl_handshaker_factory_vtable* tsi_ssl_handshaker_factory_swap_vtable(
|
|
2773
2946
|
tsi_ssl_handshaker_factory* factory,
|