|
|
|
@ -23,6 +23,7 @@ |
|
|
|
|
#include <string.h> |
|
|
|
|
|
|
|
|
|
#include "absl/log/check.h" |
|
|
|
|
#include "absl/log/log.h" |
|
|
|
|
#include "upb/mem/arena.hpp" |
|
|
|
|
|
|
|
|
|
#include <grpc/credentials.h> |
|
|
|
@ -87,7 +88,7 @@ typedef struct alts_tsi_handshaker_result { |
|
|
|
|
static tsi_result handshaker_result_extract_peer( |
|
|
|
|
const tsi_handshaker_result* self, tsi_peer* peer) { |
|
|
|
|
if (self == nullptr || peer == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "Invalid argument to handshaker_result_extract_peer()"); |
|
|
|
|
LOG(ERROR) << "Invalid argument to handshaker_result_extract_peer()"; |
|
|
|
|
return TSI_INVALID_ARGUMENT; |
|
|
|
|
} |
|
|
|
|
alts_tsi_handshaker_result* result = |
|
|
|
@ -97,7 +98,7 @@ static tsi_result handshaker_result_extract_peer( |
|
|
|
|
tsi_result ok = tsi_construct_peer(kTsiAltsNumOfPeerProperties, peer); |
|
|
|
|
int index = 0; |
|
|
|
|
if (ok != TSI_OK) { |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to construct tsi peer"); |
|
|
|
|
LOG(ERROR) << "Failed to construct tsi peer"; |
|
|
|
|
return ok; |
|
|
|
|
} |
|
|
|
|
CHECK_NE(&peer->properties[index], nullptr); |
|
|
|
@ -106,7 +107,7 @@ static tsi_result handshaker_result_extract_peer( |
|
|
|
|
&peer->properties[index]); |
|
|
|
|
if (ok != TSI_OK) { |
|
|
|
|
tsi_peer_destruct(peer); |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to set tsi peer property"); |
|
|
|
|
LOG(ERROR) << "Failed to set tsi peer property"; |
|
|
|
|
return ok; |
|
|
|
|
} |
|
|
|
|
index++; |
|
|
|
@ -116,7 +117,7 @@ static tsi_result handshaker_result_extract_peer( |
|
|
|
|
&peer->properties[index]); |
|
|
|
|
if (ok != TSI_OK) { |
|
|
|
|
tsi_peer_destruct(peer); |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to set tsi peer property"); |
|
|
|
|
LOG(ERROR) << "Failed to set tsi peer property"; |
|
|
|
|
} |
|
|
|
|
index++; |
|
|
|
|
CHECK_NE(&peer->properties[index], nullptr); |
|
|
|
@ -126,7 +127,7 @@ static tsi_result handshaker_result_extract_peer( |
|
|
|
|
GRPC_SLICE_LENGTH(result->rpc_versions), &peer->properties[index]); |
|
|
|
|
if (ok != TSI_OK) { |
|
|
|
|
tsi_peer_destruct(peer); |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to set tsi peer property"); |
|
|
|
|
LOG(ERROR) << "Failed to set tsi peer property"; |
|
|
|
|
} |
|
|
|
|
index++; |
|
|
|
|
CHECK_NE(&peer->properties[index], nullptr); |
|
|
|
@ -136,7 +137,7 @@ static tsi_result handshaker_result_extract_peer( |
|
|
|
|
GRPC_SLICE_LENGTH(result->serialized_context), &peer->properties[index]); |
|
|
|
|
if (ok != TSI_OK) { |
|
|
|
|
tsi_peer_destruct(peer); |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to set tsi peer property"); |
|
|
|
|
LOG(ERROR) << "Failed to set tsi peer property"; |
|
|
|
|
} |
|
|
|
|
index++; |
|
|
|
|
CHECK_NE(&peer->properties[index], nullptr); |
|
|
|
@ -146,7 +147,7 @@ static tsi_result handshaker_result_extract_peer( |
|
|
|
|
&peer->properties[index]); |
|
|
|
|
if (ok != TSI_OK) { |
|
|
|
|
tsi_peer_destruct(peer); |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to set tsi peer property"); |
|
|
|
|
LOG(ERROR) << "Failed to set tsi peer property"; |
|
|
|
|
} |
|
|
|
|
CHECK(++index == kTsiAltsNumOfPeerProperties); |
|
|
|
|
return ok; |
|
|
|
@ -163,8 +164,7 @@ static tsi_result handshaker_result_create_zero_copy_grpc_protector( |
|
|
|
|
const tsi_handshaker_result* self, size_t* max_output_protected_frame_size, |
|
|
|
|
tsi_zero_copy_grpc_protector** protector) { |
|
|
|
|
if (self == nullptr || protector == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, |
|
|
|
|
"Invalid arguments to create_zero_copy_grpc_protector()"); |
|
|
|
|
LOG(ERROR) << "Invalid arguments to create_zero_copy_grpc_protector()"; |
|
|
|
|
return TSI_INVALID_ARGUMENT; |
|
|
|
|
} |
|
|
|
|
alts_tsi_handshaker_result* result = |
|
|
|
@ -198,7 +198,7 @@ static tsi_result handshaker_result_create_zero_copy_grpc_protector( |
|
|
|
|
/*is_integrity_only=*/false, /*enable_extra_copy=*/false, |
|
|
|
|
max_output_protected_frame_size, protector); |
|
|
|
|
if (ok != TSI_OK) { |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to create zero-copy grpc protector"); |
|
|
|
|
LOG(ERROR) << "Failed to create zero-copy grpc protector"; |
|
|
|
|
} |
|
|
|
|
return ok; |
|
|
|
|
} |
|
|
|
@ -207,8 +207,7 @@ static tsi_result handshaker_result_create_frame_protector( |
|
|
|
|
const tsi_handshaker_result* self, size_t* max_output_protected_frame_size, |
|
|
|
|
tsi_frame_protector** protector) { |
|
|
|
|
if (self == nullptr || protector == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, |
|
|
|
|
"Invalid arguments to handshaker_result_create_frame_protector()"); |
|
|
|
|
LOG(ERROR) << "Invalid arguments to handshaker_result_create_frame_protector()"; |
|
|
|
|
return TSI_INVALID_ARGUMENT; |
|
|
|
|
} |
|
|
|
|
alts_tsi_handshaker_result* result = |
|
|
|
@ -219,7 +218,7 @@ static tsi_result handshaker_result_create_frame_protector( |
|
|
|
|
kAltsAes128GcmRekeyKeyLength, result->is_client, /*is_rekey=*/true, |
|
|
|
|
max_output_protected_frame_size, protector); |
|
|
|
|
if (ok != TSI_OK) { |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to create frame protector"); |
|
|
|
|
LOG(ERROR) << "Failed to create frame protector"; |
|
|
|
|
} |
|
|
|
|
return ok; |
|
|
|
|
} |
|
|
|
@ -228,8 +227,7 @@ static tsi_result handshaker_result_get_unused_bytes( |
|
|
|
|
const tsi_handshaker_result* self, const unsigned char** bytes, |
|
|
|
|
size_t* bytes_size) { |
|
|
|
|
if (self == nullptr || bytes == nullptr || bytes_size == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, |
|
|
|
|
"Invalid arguments to handshaker_result_get_unused_bytes()"); |
|
|
|
|
LOG(ERROR) << "Invalid arguments to handshaker_result_get_unused_bytes()"; |
|
|
|
|
return TSI_INVALID_ARGUMENT; |
|
|
|
|
} |
|
|
|
|
alts_tsi_handshaker_result* result = |
|
|
|
@ -267,7 +265,7 @@ tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp, |
|
|
|
|
bool is_client, |
|
|
|
|
tsi_handshaker_result** result) { |
|
|
|
|
if (result == nullptr || resp == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "Invalid arguments to create_handshaker_result()"); |
|
|
|
|
LOG(ERROR) << "Invalid arguments to create_handshaker_result()"; |
|
|
|
|
return TSI_INVALID_ARGUMENT; |
|
|
|
|
} |
|
|
|
|
const grpc_gcp_HandshakerResult* hresult = |
|
|
|
@ -275,42 +273,42 @@ tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp, |
|
|
|
|
const grpc_gcp_Identity* identity = |
|
|
|
|
grpc_gcp_HandshakerResult_peer_identity(hresult); |
|
|
|
|
if (identity == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "Invalid identity"); |
|
|
|
|
LOG(ERROR) << "Invalid identity"; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
upb_StringView peer_service_account = |
|
|
|
|
grpc_gcp_Identity_service_account(identity); |
|
|
|
|
if (peer_service_account.size == 0) { |
|
|
|
|
gpr_log(GPR_ERROR, "Invalid peer service account"); |
|
|
|
|
LOG(ERROR) << "Invalid peer service account"; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
upb_StringView key_data = grpc_gcp_HandshakerResult_key_data(hresult); |
|
|
|
|
if (key_data.size < kAltsAes128GcmRekeyKeyLength) { |
|
|
|
|
gpr_log(GPR_ERROR, "Bad key length"); |
|
|
|
|
LOG(ERROR) << "Bad key length"; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
const grpc_gcp_RpcProtocolVersions* peer_rpc_version = |
|
|
|
|
grpc_gcp_HandshakerResult_peer_rpc_versions(hresult); |
|
|
|
|
if (peer_rpc_version == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "Peer does not set RPC protocol versions."); |
|
|
|
|
LOG(ERROR) << "Peer does not set RPC protocol versions."; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
upb_StringView application_protocol = |
|
|
|
|
grpc_gcp_HandshakerResult_application_protocol(hresult); |
|
|
|
|
if (application_protocol.size == 0) { |
|
|
|
|
gpr_log(GPR_ERROR, "Invalid application protocol"); |
|
|
|
|
LOG(ERROR) << "Invalid application protocol"; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
upb_StringView record_protocol = |
|
|
|
|
grpc_gcp_HandshakerResult_record_protocol(hresult); |
|
|
|
|
if (record_protocol.size == 0) { |
|
|
|
|
gpr_log(GPR_ERROR, "Invalid record protocol"); |
|
|
|
|
LOG(ERROR) << "Invalid record protocol"; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
const grpc_gcp_Identity* local_identity = |
|
|
|
|
grpc_gcp_HandshakerResult_local_identity(hresult); |
|
|
|
|
if (local_identity == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "Invalid local identity"); |
|
|
|
|
LOG(ERROR) << "Invalid local identity"; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
upb_StringView local_service_account = |
|
|
|
@ -331,7 +329,7 @@ tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp, |
|
|
|
|
bool serialized = grpc_gcp_rpc_protocol_versions_encode( |
|
|
|
|
peer_rpc_version, rpc_versions_arena.ptr(), &sresult->rpc_versions); |
|
|
|
|
if (!serialized) { |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to serialize peer's RPC protocol versions."); |
|
|
|
|
LOG(ERROR) << "Failed to serialize peer's RPC protocol versions."; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
upb::Arena context_arena; |
|
|
|
@ -348,7 +346,7 @@ tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp, |
|
|
|
|
context, const_cast<grpc_gcp_RpcProtocolVersions*>(peer_rpc_version)); |
|
|
|
|
grpc_gcp_Identity* peer_identity = const_cast<grpc_gcp_Identity*>(identity); |
|
|
|
|
if (peer_identity == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "Null peer identity in ALTS context."); |
|
|
|
|
LOG(ERROR) << "Null peer identity in ALTS context."; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
if (grpc_gcp_Identity_attributes_size(identity) != 0) { |
|
|
|
@ -372,7 +370,7 @@ tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp, |
|
|
|
|
char* serialized_ctx = grpc_gcp_AltsContext_serialize( |
|
|
|
|
context, context_arena.ptr(), &serialized_ctx_length); |
|
|
|
|
if (serialized_ctx == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to serialize peer's ALTS context."); |
|
|
|
|
LOG(ERROR) << "Failed to serialize peer's ALTS context."; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
|
sresult->serialized_context = |
|
|
|
@ -388,7 +386,7 @@ static void on_handshaker_service_resp_recv(void* arg, |
|
|
|
|
grpc_error_handle error) { |
|
|
|
|
alts_handshaker_client* client = static_cast<alts_handshaker_client*>(arg); |
|
|
|
|
if (client == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "ALTS handshaker client is nullptr"); |
|
|
|
|
LOG(ERROR) << "ALTS handshaker client is nullptr"; |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
bool success = true; |
|
|
|
@ -440,7 +438,7 @@ static tsi_result alts_tsi_handshaker_continue_handshaker_next( |
|
|
|
|
handshaker->client_vtable_for_testing, handshaker->is_client, |
|
|
|
|
handshaker->max_frame_size, error); |
|
|
|
|
if (client == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to create ALTS handshaker client"); |
|
|
|
|
LOG(ERROR) << "Failed to create ALTS handshaker client"; |
|
|
|
|
if (error != nullptr) *error = "Failed to create ALTS handshaker client"; |
|
|
|
|
return TSI_FAILED_PRECONDITION; |
|
|
|
|
} |
|
|
|
@ -449,7 +447,7 @@ static tsi_result alts_tsi_handshaker_continue_handshaker_next( |
|
|
|
|
CHECK_EQ(handshaker->client, nullptr); |
|
|
|
|
handshaker->client = client; |
|
|
|
|
if (handshaker->shutdown) { |
|
|
|
|
gpr_log(GPR_INFO, "TSI handshake shutdown"); |
|
|
|
|
LOG(INFO) << "TSI handshake shutdown"; |
|
|
|
|
if (error != nullptr) *error = "TSI handshaker shutdown"; |
|
|
|
|
return TSI_HANDSHAKE_SHUTDOWN; |
|
|
|
|
} |
|
|
|
@ -529,7 +527,7 @@ static tsi_result handshaker_next( |
|
|
|
|
size_t* /*bytes_to_send_size*/, tsi_handshaker_result** /*result*/, |
|
|
|
|
tsi_handshaker_on_next_done_cb cb, void* user_data, std::string* error) { |
|
|
|
|
if (self == nullptr || cb == nullptr) { |
|
|
|
|
gpr_log(GPR_ERROR, "Invalid arguments to handshaker_next()"); |
|
|
|
|
LOG(ERROR) << "Invalid arguments to handshaker_next()"; |
|
|
|
|
if (error != nullptr) *error = "invalid argument"; |
|
|
|
|
return TSI_INVALID_ARGUMENT; |
|
|
|
|
} |
|
|
|
@ -538,7 +536,7 @@ static tsi_result handshaker_next( |
|
|
|
|
{ |
|
|
|
|
grpc_core::MutexLock lock(&handshaker->mu); |
|
|
|
|
if (handshaker->shutdown) { |
|
|
|
|
gpr_log(GPR_INFO, "TSI handshake shutdown"); |
|
|
|
|
LOG(INFO) << "TSI handshake shutdown"; |
|
|
|
|
if (error != nullptr) *error = "handshake shutdown"; |
|
|
|
|
return TSI_HANDSHAKE_SHUTDOWN; |
|
|
|
|
} |
|
|
|
@ -569,7 +567,7 @@ static tsi_result handshaker_next( |
|
|
|
|
tsi_result ok = alts_tsi_handshaker_continue_handshaker_next( |
|
|
|
|
handshaker, received_bytes, received_bytes_size, cb, user_data, error); |
|
|
|
|
if (ok != TSI_OK) { |
|
|
|
|
gpr_log(GPR_ERROR, "Failed to schedule ALTS handshaker requests"); |
|
|
|
|
LOG(ERROR) << "Failed to schedule ALTS handshaker requests"; |
|
|
|
|
return ok; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
@ -651,7 +649,7 @@ tsi_result alts_tsi_handshaker_create( |
|
|
|
|
size_t user_specified_max_frame_size) { |
|
|
|
|
if (handshaker_service_url == nullptr || self == nullptr || |
|
|
|
|
options == nullptr || (is_client && target_name == nullptr)) { |
|
|
|
|
gpr_log(GPR_ERROR, "Invalid arguments to alts_tsi_handshaker_create()"); |
|
|
|
|
LOG(ERROR) << "Invalid arguments to alts_tsi_handshaker_create()"; |
|
|
|
|
return TSI_INVALID_ARGUMENT; |
|
|
|
|
} |
|
|
|
|
bool use_dedicated_cq = interested_parties == nullptr; |
|
|
|
|