update grpc_ssl_peer_to_auth_context

5 years ago · 40105dfa4b
parent 2057b35840
commit 40105dfa4b
4 changed files with 9 additions and 6 deletions
--- a/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
+++ b/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
@ -56,7 +56,8 @@ grpc_error* ssl_check_peer(
    gpr_free(msg);
    return error;
  }
-  *auth_context = grpc_ssl_peer_to_auth_context(peer);
+  *auth_context =
+      grpc_ssl_peer_to_auth_context(peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
  return GRPC_ERROR_NONE;
 }

--- a/src/core/lib/security/security_connector/ssl_utils.cc
+++ b/src/core/lib/security/security_connector/ssl_utils.cc
@ -195,7 +195,7 @@ int grpc_ssl_cmp_target_name(
 }

 grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context(
-    const tsi_peer* peer) {
+    const tsi_peer* peer, const char* transport_security_type) {
  size_t i;
  const char* peer_identity_property_name = nullptr;

@ -205,7 +205,7 @@ grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context(
      grpc_core::MakeRefCounted<grpc_auth_context>(nullptr);
  grpc_auth_context_add_cstring_property(
      ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
-      GRPC_SSL_TRANSPORT_SECURITY_TYPE);
+      transport_security_type);
  for (i = 0; i < peer->property_count; i++) {
    const tsi_peer_property* prop = &peer->properties[i];
    if (prop->name == nullptr) continue;
--- a/src/core/lib/security/security_connector/ssl_utils.h
+++ b/src/core/lib/security/security_connector/ssl_utils.h
@ -85,7 +85,7 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(

 /* Exposed for testing only. */
 grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context(
-    const tsi_peer* peer);
+    const tsi_peer* peer, const char* transport_security_type);
 tsi_peer grpc_shallow_peer_from_ssl_auth_context(
    const grpc_auth_context* auth_context);
 void grpc_shallow_peer_destruct(tsi_peer* peer);
--- a/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc
+++ b/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc
@ -173,7 +173,8 @@ void SpiffeChannelSecurityConnector::check_peer(
    tsi_peer_destruct(&peer);
    return;
  }
-  *auth_context = grpc_ssl_peer_to_auth_context(&peer);
+  *auth_context = grpc_ssl_peer_to_auth_context(
+      &peer, GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE);
  const SpiffeCredentials* creds =
      static_cast<const SpiffeCredentials*>(channel_creds());
  const grpc_tls_server_authorization_check_config* config =
@ -436,7 +437,8 @@ void SpiffeServerSecurityConnector::check_peer(
    grpc_core::RefCountedPtr<grpc_auth_context>* auth_context,
    grpc_closure* on_peer_checked) {
  grpc_error* error = grpc_ssl_check_alpn(&peer);
-  *auth_context = grpc_ssl_peer_to_auth_context(&peer);
+  *auth_context = grpc_ssl_peer_to_auth_context(
+      &peer, GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE);
  tsi_peer_destruct(&peer);
  GRPC_CLOSURE_SCHED(on_peer_checked, error);
 }