Moving the google-internal security code in their own files.

Checked that the opensource version still builds. Just addressing core for now. We will do c++ later. Change on 2015/01/12 by jboeuf <jboeuf@google.com> ------------- Created by MOE: http://code.google.com/p/moe-java MOE_MIGRATED_REVID=83804014
10 years ago · 6ad120e435
parent c212585c41
commit 6ad120e435
12 changed files with 181 additions and 92 deletions
--- a/1
+++ b/1
@ -1224,6 +1224,7 @@ LIBGRPC_SRC = \
    src/core/security/auth.c \
    src/core/security/base64.c \
    src/core/security/credentials.c \
    src/core/security/factories.c \
    src/core/security/google_root_certs.c \
    src/core/security/json_token.c \
    src/core/security/secure_endpoint.c \
--- a/build.json
+++ b/build.json
@ -257,6 +257,7 @@
        "src/core/security/auth.c",
        "src/core/security/base64.c",
        "src/core/security/credentials.c",
        "src/core/security/factories.c",
        "src/core/security/google_root_certs.c",
        "src/core/security/json_token.c",
        "src/core/security/secure_endpoint.c",
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@ -97,7 +97,6 @@ grpc_credentials *grpc_fake_transport_security_credentials_create(void);
 grpc_credentials *grpc_iam_credentials_create(const char *authorization_token,
                                              const char *authority_selector);
 /* --- Secure channel creation. --- */
 /* The caller of the secure_channel_create functions may override the target
@ -152,7 +151,6 @@ grpc_server_credentials *grpc_ssl_server_credentials_create(
 grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
    void);
 /* --- Secure server creation. --- */
 /* Creates a secure server using the passed-in server credentials. */
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@ -819,6 +819,26 @@ const grpc_credentials_array *grpc_composite_credentials_get_credentials(
  return &c->inner;
 }
 grpc_credentials *grpc_credentials_contains_type(
    grpc_credentials *creds, const char *type,
    grpc_credentials **composite_creds) {
  size_t i;
  if (!strcmp(creds->type, type)) {
    if (composite_creds != NULL) *composite_creds = NULL;
    return creds;
  } else if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE)) {
    const grpc_credentials_array *inner_creds_array =
        grpc_composite_credentials_get_credentials(creds);
    for (i = 0; i < inner_creds_array->num_creds; i++) {
      if (!strcmp(type, inner_creds_array->creds_array[i]->type)) {
        if (composite_creds != NULL) *composite_creds = creds;
        return inner_creds_array->creds_array[i];
      }
    }
  }
  return NULL;
 }
 /* -- IAM credentials. -- */
 typedef struct {
@ -877,4 +897,3 @@ grpc_credentials *grpc_iam_credentials_create(const char *token,
 /* -- Default credentials TODO(jboeuf). -- */
 grpc_credentials *grpc_default_credentials_create(void) { return NULL; }
--- a/src/core/security/credentials.h
+++ b/src/core/security/credentials.h
@ -108,6 +108,14 @@ typedef struct {
 const grpc_credentials_array *grpc_composite_credentials_get_credentials(
    grpc_credentials *composite_creds);
 /* Returns creds if creds is of the specified type or the inner creds of the
   specified type (if found), if the creds is of type COMPOSITE.
   If composite_creds is not NULL, *composite_creds will point to creds if of
   type COMPOSITE in case of success. */
 grpc_credentials *grpc_credentials_contains_type(
    grpc_credentials *creds, const char *type,
    grpc_credentials **composite_creds);
 /* Exposed for testing only. */
 grpc_credentials_status
 grpc_oauth2_token_fetcher_credentials_parse_server_response(
@ -118,7 +126,6 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response(
 grpc_credentials *grpc_fake_oauth2_credentials_create(
    const char *token_md_value, int is_async);
 /* --- grpc_server_credentials. --- */
 typedef struct {
@ -136,5 +143,4 @@ struct grpc_server_credentials {
 const grpc_ssl_config *grpc_ssl_server_credentials_get_config(
    const grpc_server_credentials *ssl_creds);
 #endif  /* __GRPC_INTERNAL_SECURITY_CREDENTIALS_H__ */
--- a/src/core/security/factories.c
+++ b/src/core/security/factories.c
@ -0,0 +1,80 @@
 /*
 *
 * Copyright 2014, Google Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 *     * Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above
 * copyright notice, this list of conditions and the following disclaimer
 * in the documentation and/or other materials provided with the
 * distribution.
 *     * Neither the name of Google Inc. nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 #include <string.h>
 #include "src/core/security/credentials.h"
 #include "src/core/security/security_context.h"
 #include "src/core/surface/lame_client.h"
 #include <grpc/support/alloc.h>
 #include <grpc/support/log.h>
 #include <grpc/support/useful.h>
 grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
                                         const char *target,
                                         const grpc_channel_args *args) {
  grpc_secure_channel_factory factories[] = {
      {GRPC_CREDENTIALS_TYPE_SSL, grpc_ssl_channel_create},
      {GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY,
       grpc_fake_transport_security_channel_create}};
  return grpc_secure_channel_create_with_factories(
      factories, GPR_ARRAY_SIZE(factories), creds, target, args);
 }
 grpc_server *grpc_secure_server_create(grpc_server_credentials *creds,
                                       grpc_completion_queue *cq,
                                       const grpc_channel_args *args) {
  grpc_security_status status = GRPC_SECURITY_ERROR;
  grpc_security_context *ctx = NULL;
  grpc_server *server = NULL;
  if (creds == NULL) return NULL; /* TODO(ctiller): Return lame server. */
  if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) {
    status = grpc_ssl_server_security_context_create(
        grpc_ssl_server_credentials_get_config(creds), &ctx);
  } else if (!strcmp(creds->type,
                     GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) {
    ctx = grpc_fake_server_security_context_create();
    status = GRPC_SECURITY_OK;
  }
  if (status != GRPC_SECURITY_OK) {
    gpr_log(GPR_ERROR,
            "Unable to create secure server with credentials of type %s.",
            creds->type);
    return NULL; /* TODO(ctiller): Return lame server. */
  }
  server = grpc_secure_server_create_internal(cq, args, ctx);
  grpc_security_context_unref(ctx);
  return server;
 }
--- a/src/core/security/security_context.c
+++ b/src/core/security/security_context.c
@ -438,19 +438,18 @@ error:
  return GRPC_SECURITY_ERROR;
 }
 /* -- High level objects. -- */
-static grpc_channel *grpc_ssl_channel_create(grpc_credentials *creds,
+grpc_channel *grpc_ssl_channel_create(grpc_credentials *ssl_creds,
-                                             const grpc_ssl_config *config,
+                                      grpc_credentials *request_metadata_creds,
-                                             const char *target,
+                                      const char *target,
-                                             const grpc_channel_args *args) {
+                                      const grpc_channel_args *args) {
  grpc_channel_security_context *ctx = NULL;
  grpc_channel *channel = NULL;
  grpc_security_status status = GRPC_SECURITY_OK;
  size_t i = 0;
  const char *secure_peer_name = target;
  for (i = 0; args && i < args->num_args; i++) {
    grpc_arg *arg = &args->args[i];
    if (!strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) &&
@ -459,8 +458,9 @@ static grpc_channel *grpc_ssl_channel_create(grpc_credentials *creds,
      break;
    }
  }
-  status = grpc_ssl_channel_security_context_create(creds, config,
+  status = grpc_ssl_channel_security_context_create(
-                                                    secure_peer_name, &ctx);
+      request_metadata_creds, grpc_ssl_credentials_get_config(ssl_creds),
      secure_peer_name, &ctx);
  if (status != GRPC_SECURITY_OK) {
    return grpc_lame_client_channel_create();
  }
@ -469,36 +469,22 @@ static grpc_channel *grpc_ssl_channel_create(grpc_credentials *creds,
  return channel;
 }
-
+grpc_channel *grpc_fake_transport_security_channel_create(
-static grpc_credentials *get_creds_from_composite(
+    grpc_credentials *fake_creds, grpc_credentials *request_metadata_creds,
-    grpc_credentials *composite_creds, const char *type) {
+    const char *target, const grpc_channel_args *args) {
-  size_t i;
+  grpc_channel_security_context *ctx =
-  const grpc_credentials_array *inner_creds_array =
+      grpc_fake_channel_security_context_create(request_metadata_creds);
-      grpc_composite_credentials_get_credentials(composite_creds);
+  grpc_channel *channel =
-  for (i = 0; i < inner_creds_array->num_creds; i++) {
+      grpc_secure_channel_create_internal(target, args, ctx);
-    if (!strcmp(type, inner_creds_array->creds_array[i]->type)) {
+  grpc_security_context_unref(&ctx->base);
-      return inner_creds_array->creds_array[i];
+  return channel;
    }
  }
  return NULL;
 }
-static grpc_channel *grpc_channel_create_from_composite_creds(
+grpc_channel *grpc_secure_channel_create_with_factories(
-    grpc_credentials *composite_creds, const char *target,
+    const grpc_secure_channel_factory *factories, size_t num_factories,
    grpc_credentials *creds, const char *target,
    const grpc_channel_args *args) {
-  grpc_credentials *creds =
+  size_t i;
      get_creds_from_composite(composite_creds, GRPC_CREDENTIALS_TYPE_SSL);
  if (creds != NULL) {
    return grpc_ssl_channel_create(
        composite_creds, grpc_ssl_credentials_get_config(creds), target, args);
  }
  gpr_log(GPR_ERROR, "Credentials is insufficient to create a secure channel.");
  return grpc_lame_client_channel_create();
 }
 grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
                                         const char *target,
                                         const grpc_channel_args *args) {
  if (creds == NULL) {
    gpr_log(GPR_ERROR, "No credentials to create a secure channel.");
    return grpc_lame_client_channel_create();
@ -508,25 +494,22 @@ grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
            "Credentials is insufficient to create a secure channel.");
    return grpc_lame_client_channel_create();
  }
-  if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) {
+
-    return grpc_ssl_channel_create(NULL, grpc_ssl_credentials_get_config(creds),
+  for (i = 0; i < num_factories; i++) {
-                                   target, args);
+    grpc_credentials *composite_creds = NULL;
-  } else if (!strcmp(creds->type,
+    grpc_credentials *transport_security_creds = NULL;
-                     GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) {
+    transport_security_creds = grpc_credentials_contains_type(
-    grpc_channel_security_context *ctx =
+        creds, factories[i].creds_type, &composite_creds);
-        grpc_fake_channel_security_context_create(NULL);
+    if (transport_security_creds != NULL) {
-    grpc_channel *channel =
+      return factories[i].factory(transport_security_creds, composite_creds,
-        grpc_secure_channel_create_internal(target, args, ctx);
+                                  target, args);
-    grpc_security_context_unref(&ctx->base);
+    }
    return channel;
  } else if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE)) {
    return grpc_channel_create_from_composite_creds(creds, target, args);
  } else {
    gpr_log(GPR_ERROR,
            "Unknown credentials type %s for creating a secure channel.",
            creds->type);
    return grpc_lame_client_channel_create();
  }
  gpr_log(GPR_ERROR,
          "Unknown credentials type %s for creating a secure channel.",
          creds->type);
  return grpc_lame_client_channel_create();
 }
 grpc_channel *grpc_default_secure_channel_create(
@ -534,30 +517,3 @@ grpc_channel *grpc_default_secure_channel_create(
  return grpc_secure_channel_create(grpc_default_credentials_create(), target,
                                    args);
 }
 grpc_server *grpc_secure_server_create(grpc_server_credentials *creds,
                                       grpc_completion_queue *cq,
                                       const grpc_channel_args *args) {
  grpc_security_status status = GRPC_SECURITY_ERROR;
  grpc_security_context *ctx = NULL;
  grpc_server *server = NULL;
  if (creds == NULL) return NULL; /* TODO(ctiller): Return lame server. */
  if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) {
    status = grpc_ssl_server_security_context_create(
        grpc_ssl_server_credentials_get_config(creds), &ctx);
  } else if (!strcmp(creds->type,
                     GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) {
    ctx = grpc_fake_server_security_context_create();
    status = GRPC_SECURITY_OK;
  } else {
    gpr_log(GPR_ERROR,
            "Unable to create secure server with credentials of type %s.",
            creds->type);
  }
  if (status != GRPC_SECURITY_OK) {
    return NULL; /* TODO(ctiller): Return lame server. */
  }
  server = grpc_secure_server_create_internal(cq, args, ctx);
  grpc_security_context_unref(ctx);
  return server;
 }
--- a/src/core/security/security_context.h
+++ b/src/core/security/security_context.h
@ -159,17 +159,41 @@ grpc_security_status grpc_ssl_channel_security_context_create(
 grpc_security_status grpc_ssl_server_security_context_create(
    const grpc_ssl_config *config, grpc_security_context **ctx);
 /* --- Creation of high level objects. --- */
 /* Secure client channel creation. */
 grpc_channel *grpc_ssl_channel_create(grpc_credentials *ssl_creds,
                                      grpc_credentials *request_metadata_creds,
                                      const char *target,
                                      const grpc_channel_args *args);
 grpc_channel *grpc_fake_transport_security_channel_create(
    grpc_credentials *fake_creds, grpc_credentials *request_metadata_creds,
    const char *target, const grpc_channel_args *args);
 grpc_channel *grpc_secure_channel_create_internal(
    const char *target, const grpc_channel_args *args,
    grpc_channel_security_context *ctx);
 typedef grpc_channel *(*grpc_secure_channel_factory_func)(
    grpc_credentials *transport_security_creds,
    grpc_credentials *request_metadata_creds, const char *target,
    const grpc_channel_args *args);
 typedef struct {
  const char *creds_type;
  grpc_secure_channel_factory_func factory;
 } grpc_secure_channel_factory;
 grpc_channel *grpc_secure_channel_create_with_factories(
    const grpc_secure_channel_factory *factories, size_t num_factories,
    grpc_credentials *creds, const char *target, const grpc_channel_args *args);
 /* Secure server creation. */
 grpc_server *grpc_secure_server_create_internal(
    grpc_completion_queue *cq, const grpc_channel_args *args,
    grpc_security_context *ctx);
-#endif  /* __GRPC_INTERNAL_SECURITY_SECURITY_CONTEXT_H__ */
+grpc_server *grpc_secure_server_create_internal(grpc_completion_queue *cq,
                                                const grpc_channel_args *args,
                                                grpc_security_context *ctx);
 #endif /* __GRPC_INTERNAL_SECURITY_SECURITY_CONTEXT_H__ */
--- a/src/cpp/client/credentials.cc
+++ b/src/cpp/client/credentials.cc
@ -34,7 +34,7 @@
 #include <string>
-#include <grpc/grpc_security.h>
+#include <grpc/grpc_security_google.h>
 #include <grpc/support/log.h>
 #include <grpc++/credentials.h>
--- a/src/cpp/server/server_credentials.cc
+++ b/src/cpp/server/server_credentials.cc
@ -32,7 +32,7 @@
 */
-#include <grpc/grpc_security.h>
+#include <grpc/grpc_security_google.h>
 #include <grpc++/server_credentials.h>
--- a/vsprojects/vs2013/grpc.vcxproj
+++ b/vsprojects/vs2013/grpc.vcxproj
@ -175,6 +175,8 @@
    </ClCompile>
    <ClCompile Include="..\..\src\core\security\credentials.c">
    </ClCompile>
    <ClCompile Include="..\..\src\core\security\factories.c">
    </ClCompile>
    <ClCompile Include="..\..\src\core\security\google_root_certs.c">
    </ClCompile>
    <ClCompile Include="..\..\src\core\security\json_token.c">
--- a/vsprojects/vs2013/grpc_unsecure.vcxproj
+++ b/vsprojects/vs2013/grpc_unsecure.vcxproj
@ -175,6 +175,8 @@
    </ClCompile>
    <ClCompile Include="..\..\src\core\security\credentials.c">
    </ClCompile>
    <ClCompile Include="..\..\src\core\security\factories.c">
    </ClCompile>
    <ClCompile Include="..\..\src\core\security\google_root_certs.c">
    </ClCompile>
    <ClCompile Include="..\..\src\core\security\json_token.c">