[authz] get endpoint local/peer addresses via a handshaker

BUILD

@@ -601,6 +601,7 @@ grpc_cc_library(
         "//src/core:channel_stack_type",
         "//src/core:client_channel_backup_poller",
         "//src/core:default_event_engine",
+        "//src/core:endpoint_info_handshaker",
         "//src/core:experiments",
         "//src/core:forkable",
         "//src/core:grpc_authorization_base",
@@ -689,6 +690,7 @@ grpc_cc_library(
         "//src/core:channel_stack_type",
         "//src/core:client_channel_backup_poller",
         "//src/core:default_event_engine",
+        "//src/core:endpoint_info_handshaker",
         "//src/core:experiments",
         "//src/core:forkable",
         "//src/core:grpc_authorization_base",

CMakeLists.txt

@@ -2515,6 +2515,7 @@ add_library(grpc
   src/core/lib/transport/call_size_estimator.cc
   src/core/lib/transport/call_spine.cc
   src/core/lib/transport/connectivity_state.cc
+  src/core/lib/transport/endpoint_info_handshaker.cc
   src/core/lib/transport/error_utils.cc
   src/core/lib/transport/handshaker.cc
   src/core/lib/transport/handshaker_registry.cc
@@ -3240,6 +3241,7 @@ add_library(grpc_unsecure
   src/core/lib/transport/call_size_estimator.cc
   src/core/lib/transport/call_spine.cc
   src/core/lib/transport/connectivity_state.cc
+  src/core/lib/transport/endpoint_info_handshaker.cc
   src/core/lib/transport/error_utils.cc
   src/core/lib/transport/handshaker.cc
   src/core/lib/transport/handshaker_registry.cc
@@ -5340,6 +5342,7 @@ add_library(grpc_authorization_provider
   src/core/lib/transport/call_final_info.cc
   src/core/lib/transport/call_spine.cc
   src/core/lib/transport/connectivity_state.cc
+  src/core/lib/transport/endpoint_info_handshaker.cc
   src/core/lib/transport/error_utils.cc
   src/core/lib/transport/handshaker.cc
   src/core/lib/transport/handshaker_registry.cc

Makefile

@@ -1412,6 +1412,7 @@ LIBGRPC_SRC = \
     src/core/lib/transport/call_size_estimator.cc \
     src/core/lib/transport/call_spine.cc \
     src/core/lib/transport/connectivity_state.cc \
+    src/core/lib/transport/endpoint_info_handshaker.cc \
     src/core/lib/transport/error_utils.cc \
     src/core/lib/transport/handshaker.cc \
     src/core/lib/transport/handshaker_registry.cc \

Package.swift

@@ -1815,6 +1815,8 @@ let package = Package(
         "src/core/lib/transport/connectivity_state.cc",
         "src/core/lib/transport/connectivity_state.h",
         "src/core/lib/transport/custom_metadata.h",
+        "src/core/lib/transport/endpoint_info_handshaker.cc",
+        "src/core/lib/transport/endpoint_info_handshaker.h",
         "src/core/lib/transport/error_utils.cc",
         "src/core/lib/transport/error_utils.h",
         "src/core/lib/transport/handshaker.cc",

build_autogenerated.yaml

@@ -1144,6 +1144,7 @@ libs:
   - src/core/lib/transport/call_spine.h
   - src/core/lib/transport/connectivity_state.h
   - src/core/lib/transport/custom_metadata.h
+  - src/core/lib/transport/endpoint_info_handshaker.h
   - src/core/lib/transport/error_utils.h
   - src/core/lib/transport/handshaker.h
   - src/core/lib/transport/handshaker_factory.h
@@ -1944,6 +1945,7 @@ libs:
   - src/core/lib/transport/call_size_estimator.cc
   - src/core/lib/transport/call_spine.cc
   - src/core/lib/transport/connectivity_state.cc
+  - src/core/lib/transport/endpoint_info_handshaker.cc
   - src/core/lib/transport/error_utils.cc
   - src/core/lib/transport/handshaker.cc
   - src/core/lib/transport/handshaker_registry.cc
@@ -2610,6 +2612,7 @@ libs:
   - src/core/lib/transport/call_spine.h
   - src/core/lib/transport/connectivity_state.h
   - src/core/lib/transport/custom_metadata.h
+  - src/core/lib/transport/endpoint_info_handshaker.h
   - src/core/lib/transport/error_utils.h
   - src/core/lib/transport/handshaker.h
   - src/core/lib/transport/handshaker_factory.h
@@ -3028,6 +3031,7 @@ libs:
   - src/core/lib/transport/call_size_estimator.cc
   - src/core/lib/transport/call_spine.cc
   - src/core/lib/transport/connectivity_state.cc
+  - src/core/lib/transport/endpoint_info_handshaker.cc
   - src/core/lib/transport/error_utils.cc
   - src/core/lib/transport/handshaker.cc
   - src/core/lib/transport/handshaker_registry.cc
@@ -4679,6 +4683,7 @@ libs:
   - src/core/lib/transport/call_spine.h
   - src/core/lib/transport/connectivity_state.h
   - src/core/lib/transport/custom_metadata.h
+  - src/core/lib/transport/endpoint_info_handshaker.h
   - src/core/lib/transport/error_utils.h
   - src/core/lib/transport/handshaker.h
   - src/core/lib/transport/handshaker_factory.h
@@ -4974,6 +4979,7 @@ libs:
   - src/core/lib/transport/call_final_info.cc
   - src/core/lib/transport/call_spine.cc
   - src/core/lib/transport/connectivity_state.cc
+  - src/core/lib/transport/endpoint_info_handshaker.cc
   - src/core/lib/transport/error_utils.cc
   - src/core/lib/transport/handshaker.cc
   - src/core/lib/transport/handshaker_registry.cc

config.m4

@@ -787,6 +787,7 @@ if test "$PHP_GRPC" != "no"; then
     src/core/lib/transport/call_size_estimator.cc \
     src/core/lib/transport/call_spine.cc \
     src/core/lib/transport/connectivity_state.cc \
+    src/core/lib/transport/endpoint_info_handshaker.cc \
     src/core/lib/transport/error_utils.cc \
     src/core/lib/transport/handshaker.cc \
     src/core/lib/transport/handshaker_registry.cc \

config.w32

@@ -752,6 +752,7 @@ if (PHP_GRPC != "no") {
     "src\\core\\lib\\transport\\call_size_estimator.cc " +
     "src\\core\\lib\\transport\\call_spine.cc " +
     "src\\core\\lib\\transport\\connectivity_state.cc " +
+    "src\\core\\lib\\transport\\endpoint_info_handshaker.cc " +
     "src\\core\\lib\\transport\\error_utils.cc " +
     "src\\core\\lib\\transport\\handshaker.cc " +
     "src\\core\\lib\\transport\\handshaker_registry.cc " +

gRPC-C++.podspec

@@ -1248,6 +1248,7 @@ Pod::Spec.new do |s|
                       'src/core/lib/transport/call_spine.h',
                       'src/core/lib/transport/connectivity_state.h',
                       'src/core/lib/transport/custom_metadata.h',
+                      'src/core/lib/transport/endpoint_info_handshaker.h',
                       'src/core/lib/transport/error_utils.h',
                       'src/core/lib/transport/handshaker.h',
                       'src/core/lib/transport/handshaker_factory.h',
@@ -2517,6 +2518,7 @@ Pod::Spec.new do |s|
                               'src/core/lib/transport/call_spine.h',
                               'src/core/lib/transport/connectivity_state.h',
                               'src/core/lib/transport/custom_metadata.h',
+                              'src/core/lib/transport/endpoint_info_handshaker.h',
                               'src/core/lib/transport/error_utils.h',
                               'src/core/lib/transport/handshaker.h',
                               'src/core/lib/transport/handshaker_factory.h',

gRPC-Core.podspec

@@ -1927,6 +1927,8 @@ Pod::Spec.new do |s|
                       'src/core/lib/transport/connectivity_state.cc',
                       'src/core/lib/transport/connectivity_state.h',
                       'src/core/lib/transport/custom_metadata.h',
+                      'src/core/lib/transport/endpoint_info_handshaker.cc',
+                      'src/core/lib/transport/endpoint_info_handshaker.h',
                       'src/core/lib/transport/error_utils.cc',
                       'src/core/lib/transport/error_utils.h',
                       'src/core/lib/transport/handshaker.cc',
@@ -3297,6 +3299,7 @@ Pod::Spec.new do |s|
                               'src/core/lib/transport/call_spine.h',
                               'src/core/lib/transport/connectivity_state.h',
                               'src/core/lib/transport/custom_metadata.h',
+                              'src/core/lib/transport/endpoint_info_handshaker.h',
                               'src/core/lib/transport/error_utils.h',
                               'src/core/lib/transport/handshaker.h',
                               'src/core/lib/transport/handshaker_factory.h',

grpc.gemspec

@@ -1817,6 +1817,8 @@ Gem::Specification.new do |s|
   s.files += %w( src/core/lib/transport/connectivity_state.cc )
   s.files += %w( src/core/lib/transport/connectivity_state.h )
   s.files += %w( src/core/lib/transport/custom_metadata.h )
+  s.files += %w( src/core/lib/transport/endpoint_info_handshaker.cc )
+  s.files += %w( src/core/lib/transport/endpoint_info_handshaker.h )
   s.files += %w( src/core/lib/transport/error_utils.cc )
   s.files += %w( src/core/lib/transport/error_utils.h )
   s.files += %w( src/core/lib/transport/handshaker.cc )

package.xml

@@ -1799,6 +1799,8 @@
     <file baseinstalldir="/" name="src/core/lib/transport/connectivity_state.cc" role="src" />
     <file baseinstalldir="/" name="src/core/lib/transport/connectivity_state.h" role="src" />
     <file baseinstalldir="/" name="src/core/lib/transport/custom_metadata.h" role="src" />
+    <file baseinstalldir="/" name="src/core/lib/transport/endpoint_info_handshaker.cc" role="src" />
+    <file baseinstalldir="/" name="src/core/lib/transport/endpoint_info_handshaker.h" role="src" />
     <file baseinstalldir="/" name="src/core/lib/transport/error_utils.cc" role="src" />
     <file baseinstalldir="/" name="src/core/lib/transport/error_utils.h" role="src" />
     <file baseinstalldir="/" name="src/core/lib/transport/handshaker.cc" role="src" />

src/core/BUILD

@@ -1270,6 +1270,33 @@ grpc_cc_library(
     ],
 )
 
+grpc_cc_library(
+    name = "endpoint_info_handshaker",
+    srcs = [
+        "lib/transport/endpoint_info_handshaker.cc",
+    ],
+    hdrs = [
+        "lib/transport/endpoint_info_handshaker.h",
+    ],
+    external_deps = [
+        "absl/status",
+    ],
+    language = "c++",
+    deps = [
+        "channel_args",
+        "closure",
+        "handshaker_factory",
+        "handshaker_registry",
+        "//:config",
+        "//:debug_location",
+        "//:exec_ctx",
+        "//:gpr",
+        "//:handshaker",
+        "//:iomgr",
+        "//:ref_counted_ptr",
+    ],
+)
+
 grpc_cc_library(
     name = "channel_creds_registry",
     hdrs = [
@@ -3691,6 +3718,7 @@ grpc_cc_library(
         "channel_args",
         "channel_fwd",
         "dual_ref_counted",
+        "endpoint_info_handshaker",
         "load_file",
         "metadata_batch",
         "ref_counted",
@@ -3703,7 +3731,6 @@ grpc_cc_library(
         "//:grpc_credentials_util",
         "//:grpc_security_base",
         "//:grpc_trace",
-        "//:iomgr",
         "//:parse_address",
         "//:promise",
         "//:ref_counted_ptr",

src/core/ext/filters/rbac/rbac_filter.cc

@@ -88,17 +88,10 @@ absl::StatusOr<RbacFilter> RbacFilter::Create(const ChannelArgs& args,
   if (auth_context == nullptr) {
     return GRPC_ERROR_CREATE("No auth context found");
   }
-  auto* transport = args.GetObject<Transport>();
-  if (transport == nullptr) {
-    // This should never happen since the transport is always set on the server
-    // side.
-    return GRPC_ERROR_CREATE("No transport configured");
-  }
-  return RbacFilter(
-      grpc_channel_stack_filter_instance_number(
-          filter_args.channel_stack(),
-          filter_args.uninitialized_channel_element()),
-      EvaluateArgs::PerChannelArgs(auth_context, transport->GetEndpoint()));
+  return RbacFilter(grpc_channel_stack_filter_instance_number(
+                        filter_args.channel_stack(),
+                        filter_args.uninitialized_channel_element()),
+                    EvaluateArgs::PerChannelArgs(auth_context, args));
 }
 
 void RbacFilterRegister(CoreConfiguration::Builder* builder) {

src/core/lib/security/authorization/evaluate_args.cc

@@ -30,6 +30,7 @@
 #include "src/core/lib/gprpp/host_port.h"
 #include "src/core/lib/security/credentials/tls/tls_utils.h"
 #include "src/core/lib/slice/slice.h"
+#include "src/core/lib/transport/endpoint_info_handshaker.h"
 #include "src/core/lib/uri/uri_parser.h"
 
 namespace grpc_core {
@@ -70,7 +71,7 @@ EvaluateArgs::PerChannelArgs::Address ParseEndpointUri(
 }  // namespace
 
 EvaluateArgs::PerChannelArgs::PerChannelArgs(grpc_auth_context* auth_context,
-                                             grpc_endpoint* endpoint) {
+                                             const ChannelArgs& args) {
   if (auth_context != nullptr) {
     transport_security_type = GetAuthPropertyValue(
         auth_context, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME);
@@ -83,10 +84,10 @@ EvaluateArgs::PerChannelArgs::PerChannelArgs(grpc_auth_context* auth_context,
     subject =
         GetAuthPropertyValue(auth_context, GRPC_X509_SUBJECT_PROPERTY_NAME);
   }
-  if (endpoint != nullptr) {
-    local_address = ParseEndpointUri(grpc_endpoint_get_local_address(endpoint));
-    peer_address = ParseEndpointUri(grpc_endpoint_get_peer(endpoint));
-  }
+  local_address = ParseEndpointUri(
+      args.GetString(GRPC_ARG_ENDPOINT_LOCAL_ADDRESS).value_or(""));
+  peer_address = ParseEndpointUri(
+      args.GetString(GRPC_ARG_ENDPOINT_PEER_ADDRESS).value_or(""));
 }
 
 absl::string_view EvaluateArgs::GetPath() const {

src/core/lib/security/authorization/evaluate_args.h

@@ -25,13 +25,13 @@
 
 #include <grpc/grpc_security.h>
 
-#include "src/core/lib/iomgr/endpoint.h"
+#include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/iomgr/resolved_address.h"
 #include "src/core/lib/transport/metadata_batch.h"
 
 namespace grpc_core {
 
-class EvaluateArgs {
+class EvaluateArgs final {
  public:
   // Caller is responsible for ensuring auth_context outlives PerChannelArgs
   // struct.
@@ -44,7 +44,7 @@ class EvaluateArgs {
       int port = 0;
     };
 
-    PerChannelArgs(grpc_auth_context* auth_context, grpc_endpoint* endpoint);
+    PerChannelArgs(grpc_auth_context* auth_context, const ChannelArgs& args);
 
     absl::string_view transport_security_type;
     absl::string_view spiffe_id;

src/core/lib/security/authorization/grpc_server_authz_filter.cc

@@ -46,10 +46,10 @@ const NoInterceptor GrpcServerAuthzFilter::Call::OnServerToClientMessage;
 const NoInterceptor GrpcServerAuthzFilter::Call::OnFinalize;
 
 GrpcServerAuthzFilter::GrpcServerAuthzFilter(
-    RefCountedPtr<grpc_auth_context> auth_context, grpc_endpoint* endpoint,
+    RefCountedPtr<grpc_auth_context> auth_context, const ChannelArgs& args,
     RefCountedPtr<grpc_authorization_policy_provider> provider)
     : auth_context_(std::move(auth_context)),
-      per_channel_evaluate_args_(auth_context_.get(), endpoint),
+      per_channel_evaluate_args_(auth_context_.get(), args),
       provider_(std::move(provider)) {}
 
 absl::StatusOr<GrpcServerAuthzFilter> GrpcServerAuthzFilter::Create(
@@ -59,12 +59,9 @@ absl::StatusOr<GrpcServerAuthzFilter> GrpcServerAuthzFilter::Create(
   if (provider == nullptr) {
     return absl::InvalidArgumentError("Failed to get authorization provider.");
   }
-  // grpc_endpoint isn't needed because the current gRPC authorization policy
-  // does not support any rules that requires looking for source or destination
-  // addresses.
   return GrpcServerAuthzFilter(
-      auth_context != nullptr ? auth_context->Ref() : nullptr,
-      /*endpoint=*/nullptr, provider->Ref());
+      auth_context != nullptr ? auth_context->Ref() : nullptr, args,
+      provider->Ref());
 }
 
 bool GrpcServerAuthzFilter::IsAuthorized(ClientMetadata& initial_metadata) {

src/core/lib/security/authorization/grpc_server_authz_filter.h

@@ -25,7 +25,6 @@
 #include "src/core/lib/channel/channel_fwd.h"
 #include "src/core/lib/channel/promise_based_filter.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
-#include "src/core/lib/iomgr/endpoint.h"
 #include "src/core/lib/promise/arena_promise.h"
 #include "src/core/lib/security/authorization/authorization_policy_provider.h"
 #include "src/core/lib/security/authorization/evaluate_args.h"
@@ -55,7 +54,7 @@ class GrpcServerAuthzFilter final
 
  private:
   GrpcServerAuthzFilter(
-      RefCountedPtr<grpc_auth_context> auth_context, grpc_endpoint* endpoint,
+      RefCountedPtr<grpc_auth_context> auth_context, const ChannelArgs& args,
       RefCountedPtr<grpc_authorization_policy_provider> provider);
 
   bool IsAuthorized(ClientMetadata& initial_metadata);

src/core/lib/transport/endpoint_info_handshaker.cc

@@ -0,0 +1,80 @@
+//
+// Copyright 2024 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/lib/transport/endpoint_info_handshaker.h"
+
+#include <memory>
+
+#include "absl/status/status.h"
+
+#include "src/core/lib/channel/channel_args.h"
+#include "src/core/lib/gprpp/debug_location.h"
+#include "src/core/lib/gprpp/ref_counted_ptr.h"
+#include "src/core/lib/iomgr/closure.h"
+#include "src/core/lib/iomgr/endpoint.h"
+#include "src/core/lib/iomgr/exec_ctx.h"
+#include "src/core/lib/transport/handshaker.h"
+#include "src/core/lib/transport/handshaker_factory.h"
+#include "src/core/lib/transport/handshaker_registry.h"
+
+namespace grpc_core {
+
+namespace {
+
+class EndpointInfoHandshaker : public Handshaker {
+ public:
+  const char* name() const override { return "endpoint_info"; }
+
+  void DoHandshake(grpc_tcp_server_acceptor* /*acceptor*/,
+                   grpc_closure* on_handshake_done,
+                   HandshakerArgs* args) override {
+    args->args = args->args
+                     .Set(GRPC_ARG_ENDPOINT_LOCAL_ADDRESS,
+                          grpc_endpoint_get_local_address(args->endpoint))
+                     .Set(GRPC_ARG_ENDPOINT_PEER_ADDRESS,
+                          grpc_endpoint_get_peer(args->endpoint));
+    ExecCtx::Run(DEBUG_LOCATION, on_handshake_done, absl::OkStatus());
+  }
+
+  void Shutdown(grpc_error_handle /*why*/) override {}
+};
+
+class EndpointInfoHandshakerFactory : public HandshakerFactory {
+ public:
+  void AddHandshakers(const ChannelArgs& /*args*/,
+                      grpc_pollset_set* /*interested_parties*/,
+                      HandshakeManager* handshake_mgr) override {
+    handshake_mgr->Add(MakeRefCounted<EndpointInfoHandshaker>());
+  }
+
+  HandshakerPriority Priority() override {
+    // Needs to be after kTCPConnectHandshakers.
+    return HandshakerPriority::kSecurityHandshakers;
+  }
+};
+
+}  // namespace
+
+void RegisterEndpointInfoHandshaker(CoreConfiguration::Builder* builder) {
+  builder->handshaker_registry()->RegisterHandshakerFactory(
+      HANDSHAKER_CLIENT, std::make_unique<EndpointInfoHandshakerFactory>());
+  builder->handshaker_registry()->RegisterHandshakerFactory(
+      HANDSHAKER_SERVER, std::make_unique<EndpointInfoHandshakerFactory>());
+}
+
+}  // namespace grpc_core

src/core/lib/transport/endpoint_info_handshaker.h

@@ -0,0 +1,37 @@
+//
+// Copyright 2022 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef GRPC_SRC_CORE_LIB_TRANSPORT_ENDPOINT_INFO_HANDSHAKER_H
+#define GRPC_SRC_CORE_LIB_TRANSPORT_ENDPOINT_INFO_HANDSHAKER_H
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/lib/config/core_configuration.h"
+
+// Set by the handshaker to indicate the local address of the endpoint.
+#define GRPC_ARG_ENDPOINT_LOCAL_ADDRESS "grpc.internal.endpoint_local_address"
+
+// Set by the handshaker to indicate the peer address of the endpoint.
+#define GRPC_ARG_ENDPOINT_PEER_ADDRESS "grpc.internal.endpoint_peer_address"
+
+namespace grpc_core {
+
+// Register the endpoint info handshaker into the configuration builder.
+void RegisterEndpointInfoHandshaker(CoreConfiguration::Builder* builder);
+
+}  // namespace grpc_core
+
+#endif  // GRPC_SRC_CORE_LIB_TRANSPORT_ENDPOINT_INFO_HANDSHAKER_H

src/core/lib/transport/handshaker_factory.h

@@ -49,8 +49,7 @@ class HandshakerFactory {
     // Applicable mainly for Client handshakers.
     kTCPConnectHandshakers,
     // Handshakers responsible for the actual HTTP connect established.
-    // Applicable
-    // mainly for Client handshakers.
+    // Applicable mainly for Client handshakers.
     kHTTPConnectHandshakers,
     // Handshakers that should be called before security handshakes but after
     // connect establishment. Applicable mainly for Server handshakers

src/core/plugin_registry/grpc_plugin_registry.cc

@@ -25,6 +25,7 @@
 #include "src/core/lib/surface/channel_stack_type.h"
 #include "src/core/lib/surface/lame_client.h"
 #include "src/core/lib/surface/server.h"
+#include "src/core/lib/transport/endpoint_info_handshaker.h"
 #include "src/core/lib/transport/http_connect_handshaker.h"
 #include "src/core/lib/transport/tcp_connect_handshaker.h"
 
@@ -95,6 +96,7 @@ void BuildCoreConfiguration(CoreConfiguration::Builder* builder) {
   // The order of the handshaker registration is crucial here.
   // We want TCP connect handshaker to be registered last so that it is added
   // to the start of the handshaker list.
+  RegisterEndpointInfoHandshaker(builder);
   RegisterHttpConnectHandshaker(builder);
   RegisterTCPConnectHandshaker(builder);
   RegisterPriorityLbPolicy(builder);

src/python/grpcio/grpc_core_dependencies.py

@@ -761,6 +761,7 @@ CORE_SOURCE_FILES = [
     'src/core/lib/transport/call_size_estimator.cc',
     'src/core/lib/transport/call_spine.cc',
     'src/core/lib/transport/connectivity_state.cc',
+    'src/core/lib/transport/endpoint_info_handshaker.cc',
     'src/core/lib/transport/error_utils.cc',
     'src/core/lib/transport/handshaker.cc',
     'src/core/lib/transport/handshaker_registry.cc',

test/core/util/evaluate_args_test_util.h

@@ -26,6 +26,7 @@
 #include <grpc/event_engine/memory_allocator.h>
 #include <grpc/grpc_security.h>
 
+#include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/resource_quota/arena.h"
 #include "src/core/lib/resource_quota/memory_quota.h"
@@ -33,17 +34,13 @@
 #include "src/core/lib/security/authorization/evaluate_args.h"
 #include "src/core/lib/security/context/security_context.h"
 #include "src/core/lib/slice/slice.h"
+#include "src/core/lib/transport/endpoint_info_handshaker.h"
 #include "src/core/lib/transport/metadata_batch.h"
-#include "test/core/util/mock_authorization_endpoint.h"
 
 namespace grpc_core {
 
-class EvaluateArgsTestUtil {
+class EvaluateArgsTestUtil final {
  public:
-  EvaluateArgsTestUtil() = default;
-
-  ~EvaluateArgsTestUtil() { delete channel_args_; }
-
   void AddPairToMetadata(const char* key, const char* value) {
     metadata_.Append(key, Slice::FromStaticString(value),
                      [](absl::string_view, const Slice&) {
@@ -53,11 +50,11 @@ class EvaluateArgsTestUtil {
   }
 
   void SetLocalEndpoint(absl::string_view local_uri) {
-    endpoint_.SetLocalAddress(local_uri);
+    args_ = args_.Set(GRPC_ARG_ENDPOINT_LOCAL_ADDRESS, local_uri);
   }
 
   void SetPeerEndpoint(absl::string_view peer_uri) {
-    endpoint_.SetPeer(peer_uri);
+    args_ = args_.Set(GRPC_ARG_ENDPOINT_PEER_ADDRESS, peer_uri);
   }
 
   void AddPropertyToAuthContext(const char* name, const char* value) {
@@ -66,8 +63,8 @@ class EvaluateArgsTestUtil {
 
   EvaluateArgs MakeEvaluateArgs() {
     channel_args_ =
-        new EvaluateArgs::PerChannelArgs(&auth_context_, &endpoint_);
-    return EvaluateArgs(&metadata_, channel_args_);
+        std::make_unique<EvaluateArgs::PerChannelArgs>(&auth_context_, args_);
+    return EvaluateArgs(&metadata_, channel_args_.get());
   }
 
  private:
@@ -75,9 +72,9 @@ class EvaluateArgsTestUtil {
       ResourceQuota::Default()->memory_quota()->CreateMemoryAllocator(
           "EvaluateArgsTestUtil");
   grpc_metadata_batch metadata_;
-  MockAuthorizationEndpoint endpoint_{/*local_uri=*/"", /*peer_uri=*/""};
   grpc_auth_context auth_context_{nullptr};
-  EvaluateArgs::PerChannelArgs* channel_args_ = nullptr;
+  ChannelArgs args_;
+  std::unique_ptr<EvaluateArgs::PerChannelArgs> channel_args_;
 };
 
 }  // namespace grpc_core

tools/doxygen/Doxyfile.c++.internal

@@ -2816,6 +2816,8 @@ src/core/lib/transport/call_spine.h \
 src/core/lib/transport/connectivity_state.cc \
 src/core/lib/transport/connectivity_state.h \
 src/core/lib/transport/custom_metadata.h \
+src/core/lib/transport/endpoint_info_handshaker.cc \
+src/core/lib/transport/endpoint_info_handshaker.h \
 src/core/lib/transport/error_utils.cc \
 src/core/lib/transport/error_utils.h \
 src/core/lib/transport/handshaker.cc \

tools/doxygen/Doxyfile.core.internal

@@ -2593,6 +2593,8 @@ src/core/lib/transport/call_spine.h \
 src/core/lib/transport/connectivity_state.cc \
 src/core/lib/transport/connectivity_state.h \
 src/core/lib/transport/custom_metadata.h \
+src/core/lib/transport/endpoint_info_handshaker.cc \
+src/core/lib/transport/endpoint_info_handshaker.h \
 src/core/lib/transport/error_utils.cc \
 src/core/lib/transport/error_utils.h \
 src/core/lib/transport/handshaker.cc \