Server API simplification

Remove 'secure_serer_create', and instead attach credentials to ports, meaning different ports can serve different credentials.

Makefile

@@ -2315,7 +2315,6 @@ LIBGRPC_SRC = \
     src/core/security/security_context.c \
     src/core/security/server_secure_chttp2.c \
     src/core/surface/secure_channel_create.c \
-    src/core/surface/secure_server_create.c \
     src/core/tsi/fake_transport_security.c \
     src/core/tsi/ssl_transport_security.c \
     src/core/tsi/transport_security.c \
@@ -2456,7 +2455,6 @@ src/core/security/secure_transport_setup.c: $(OPENSSL_DEP)
 src/core/security/security_context.c: $(OPENSSL_DEP)
 src/core/security/server_secure_chttp2.c: $(OPENSSL_DEP)
 src/core/surface/secure_channel_create.c: $(OPENSSL_DEP)
-src/core/surface/secure_server_create.c: $(OPENSSL_DEP)
 src/core/tsi/fake_transport_security.c: $(OPENSSL_DEP)
 src/core/tsi/ssl_transport_security.c: $(OPENSSL_DEP)
 src/core/tsi/transport_security.c: $(OPENSSL_DEP)
@@ -2614,7 +2612,6 @@ $(OBJDIR)/$(CONFIG)/src/core/security/secure_transport_setup.o:
 $(OBJDIR)/$(CONFIG)/src/core/security/security_context.o: 
 $(OBJDIR)/$(CONFIG)/src/core/security/server_secure_chttp2.o: 
 $(OBJDIR)/$(CONFIG)/src/core/surface/secure_channel_create.o: 
-$(OBJDIR)/$(CONFIG)/src/core/surface/secure_server_create.o: 
 $(OBJDIR)/$(CONFIG)/src/core/tsi/fake_transport_security.o: 
 $(OBJDIR)/$(CONFIG)/src/core/tsi/ssl_transport_security.o: 
 $(OBJDIR)/$(CONFIG)/src/core/tsi/transport_security.o: 

build.json

@@ -381,7 +381,6 @@
         "src/core/security/security_context.c",
         "src/core/security/server_secure_chttp2.c",
         "src/core/surface/secure_channel_create.c",
-        "src/core/surface/secure_server_create.c",
         "src/core/tsi/fake_transport_security.c",
         "src/core/tsi/ssl_transport_security.c",
         "src/core/tsi/transport_security.c"

include/grpc/grpc_security.h

@@ -168,17 +168,12 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
 
 /* --- Secure server creation. --- */
 
-/* Creates a secure server using the passed-in server credentials. */
-grpc_server *grpc_secure_server_create(grpc_server_credentials *creds,
-                                       grpc_completion_queue *cq,
-                                       const grpc_channel_args *args);
-
 /* Add a HTTP2 over an encrypted link over tcp listener.
    Server must have been created with grpc_secure_server_create.
    Returns bound port number on success, 0 on failure.
    REQUIRES: server not started */
-int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr);
-
+int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr,
+                                      grpc_server_credentials *creds);
 
 #ifdef __cplusplus
 }

src/core/security/factories.c

@@ -50,31 +50,3 @@ grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
   return grpc_secure_channel_create_with_factories(
       factories, GPR_ARRAY_SIZE(factories), creds, target, args);
 }
-
-grpc_server *grpc_secure_server_create(grpc_server_credentials *creds,
-                                       grpc_completion_queue *cq,
-                                       const grpc_channel_args *args) {
-  grpc_security_status status = GRPC_SECURITY_ERROR;
-  grpc_security_context *ctx = NULL;
-  grpc_server *server = NULL;
-  if (creds == NULL) return NULL; /* TODO(ctiller): Return lame server. */
-
-  if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) {
-    status = grpc_ssl_server_security_context_create(
-        grpc_ssl_server_credentials_get_config(creds), &ctx);
-  } else if (!strcmp(creds->type,
-                     GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) {
-    ctx = grpc_fake_server_security_context_create();
-    status = GRPC_SECURITY_OK;
-  }
-
-  if (status != GRPC_SECURITY_OK) {
-    gpr_log(GPR_ERROR,
-            "Unable to create secure server with credentials of type %s.",
-            creds->type);
-    return NULL; /* TODO(ctiller): Return lame server. */
-  }
-  server = grpc_secure_server_create_internal(cq, args, ctx);
-  grpc_security_context_unref(ctx);
-  return server;
-}

src/core/security/server_secure_chttp2.c

@@ -33,6 +33,8 @@
 
 #include <grpc/grpc.h>
 
+#include <string.h>
+
 #include "src/core/channel/http_filter.h"
 #include "src/core/channel/http_server_filter.h"
 #include "src/core/iomgr/resolve_address.h"
@@ -66,37 +68,64 @@ static void on_secure_transport_setup_done(void *server,
   }
 }
 
-static void on_accept(void *server, grpc_endpoint *tcp) {
-  const grpc_channel_args *args = grpc_server_get_channel_args(server);
-  grpc_security_context *ctx = grpc_find_security_context_in_args(args);
-  GPR_ASSERT(ctx);
-  grpc_setup_secure_transport(ctx, tcp, on_secure_transport_setup_done, server);
-}
+typedef struct {
+  grpc_tcp_server *tcp;
+  grpc_security_context *ctx;
+  grpc_server *server;
+} secured_port;
 
-/* Note: the following code is the same with server_chttp2.c */
+static void on_accept(void *spp, grpc_endpoint *tcp) {
+  secured_port *sp = spp;
+  grpc_setup_secure_transport(sp->ctx, tcp, on_secure_transport_setup_done, sp->server);
+}
 
 /* Server callback: start listening on our ports */
-static void start(grpc_server *server, void *tcpp, grpc_pollset **pollsets,
+static void start(grpc_server *server, void *spp, grpc_pollset **pollsets,
                   size_t pollset_count) {
-  grpc_tcp_server *tcp = tcpp;
-  grpc_tcp_server_start(tcp, pollsets, pollset_count, on_accept, server);
+  secured_port *sp = spp;
+  grpc_tcp_server_start(sp->tcp, pollsets, pollset_count, on_accept, sp);
 }
 
 /* Server callback: destroy the tcp listener (so we don't generate further
    callbacks) */
-static void destroy(grpc_server *server, void *tcpp) {
-  grpc_tcp_server *tcp = tcpp;
-  grpc_tcp_server_destroy(tcp);
+static void destroy(grpc_server *server, void *spp) {
+  secured_port *sp = spp;
+  grpc_tcp_server_destroy(sp->tcp);
+  grpc_security_context_unref(sp->ctx);
+  gpr_free(sp);
 }
 
-int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr) {
+int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds) {
   grpc_resolved_addresses *resolved = NULL;
   grpc_tcp_server *tcp = NULL;
   size_t i;
   unsigned count = 0;
   int port_num = -1;
   int port_temp;
+  grpc_security_status status = GRPC_SECURITY_ERROR;
+  grpc_security_context *ctx = NULL;
+  secured_port *sp = NULL;
+
+  /* create security context */
+  if (creds == NULL) goto error;
+
+  if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) {
+    status = grpc_ssl_server_security_context_create(
+        grpc_ssl_server_credentials_get_config(creds), &ctx);
+  } else if (!strcmp(creds->type,
+                     GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) {
+    ctx = grpc_fake_server_security_context_create();
+    status = GRPC_SECURITY_OK;
+  }
 
+  if (status != GRPC_SECURITY_OK) {
+    gpr_log(GPR_ERROR,
+            "Unable to create secure server with credentials of type %s.",
+            creds->type);
+    goto error;
+  }
+
+  /* resolve address */
   resolved = grpc_blocking_resolve_address(addr, "https");
   if (!resolved) {
     goto error;
@@ -132,18 +161,29 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr) {
   }
   grpc_resolved_addresses_destroy(resolved);
 
+  sp = gpr_malloc(sizeof(secured_port));
+  sp->tcp = tcp;
+  sp->ctx = ctx;
+  sp->server = server;
+
   /* Register with the server only upon success */
-  grpc_server_add_listener(server, tcp, start, destroy);
+  grpc_server_add_listener(server, sp, start, destroy);
 
   return port_num;
 
 /* Error path: cleanup and return */
 error:
+  if (ctx) {
+    grpc_security_context_unref(ctx);
+  }
   if (resolved) {
     grpc_resolved_addresses_destroy(resolved);
   }
   if (tcp) {
     grpc_tcp_server_destroy(tcp);
   }
+  if (sp) {
+    gpr_free(sp);
+  }
   return 0;
 }

src/core/surface/secure_server_create.c

@@ -1,57 +0,0 @@
-/*
- *
- * Copyright 2015, Google Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *     * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *     * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following disclaimer
- * in the documentation and/or other materials provided with the
- * distribution.
- *     * Neither the name of Google Inc. nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <grpc/grpc.h>
-
-#include "src/core/channel/channel_args.h"
-#include "src/core/security/security_context.h"
-#include "src/core/surface/completion_queue.h"
-#include "src/core/surface/server.h"
-#include <grpc/support/log.h>
-
-grpc_server *grpc_secure_server_create_internal(
-    grpc_completion_queue *cq, const grpc_channel_args *args,
-    grpc_security_context *context) {
-  grpc_arg context_arg;
-  grpc_channel_args *args_copy;
-  grpc_server *server;
-  if (grpc_find_security_context_in_args(args) != NULL) {
-    gpr_log(GPR_ERROR, "Cannot set security context in channel args.");
-  }
-
-  context_arg = grpc_security_context_to_arg(context);
-  args_copy = grpc_channel_args_copy_and_add(args, &context_arg);
-  server = grpc_server_create_from_filters(cq, NULL, 0, args_copy);
-  grpc_channel_args_destroy(args_copy);
-  return server;
-}

test/core/echo/server.c

@@ -143,8 +143,8 @@ int main(int argc, char **argv) {
                                                     test_server1_cert};
     grpc_server_credentials *ssl_creds =
         grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1);
-    server = grpc_secure_server_create(ssl_creds, cq, &args);
-    GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr));
+    server = grpc_server_create(cq, &args);
+    GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr, ssl_creds));
     grpc_server_credentials_release(ssl_creds);
   } else {
     server = grpc_server_create(cq, &args);

test/core/end2end/fixtures/chttp2_fake_security.c

@@ -84,9 +84,9 @@ static void chttp2_init_server_secure_fullstack(
     grpc_server_destroy(f->server);
   }
   f->server =
-      grpc_secure_server_create(server_creds, f->server_cq, server_args);
+      grpc_server_create(f->server_cq, server_args);
+  GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr, server_creds));
   grpc_server_credentials_release(server_creds);
-  GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr));
   grpc_server_start(f->server);
 }
 

test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c

@@ -87,9 +87,9 @@ static void chttp2_init_server_secure_fullstack(
     grpc_server_destroy(f->server);
   }
   f->server =
-      grpc_secure_server_create(server_creds, f->server_cq, server_args);
+      grpc_server_create(f->server_cq, server_args);
+  GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr, server_creds));
   grpc_server_credentials_release(server_creds);
-  GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr));
   grpc_server_start(f->server);
 }
 

test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c

@@ -85,9 +85,9 @@ static void chttp2_init_server_secure_fullstack(
     grpc_server_destroy(f->server);
   }
   f->server =
-      grpc_secure_server_create(server_creds, f->server_cq, server_args);
+      grpc_server_create(f->server_cq, server_args);
+  GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr, server_creds));
   grpc_server_credentials_release(server_creds);
-  GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr));
   grpc_server_start(f->server);
 }
 

test/core/fling/server.c

@@ -205,8 +205,8 @@ int main(int argc, char **argv) {
                                                     test_server1_cert};
     grpc_server_credentials *ssl_creds =
         grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1);
-    server = grpc_secure_server_create(ssl_creds, cq, NULL);
-    GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr));
+    server = grpc_server_create(cq, NULL);
+    GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr, ssl_creds));
     grpc_server_credentials_release(ssl_creds);
   } else {
     server = grpc_server_create(cq, NULL);

vsprojects/vs2013/grpc.vcxproj

@@ -215,8 +215,6 @@
     </ClCompile>
     <ClCompile Include="..\..\src\core\surface\secure_channel_create.c">
     </ClCompile>
-    <ClCompile Include="..\..\src\core\surface\secure_server_create.c">
-    </ClCompile>
     <ClCompile Include="..\..\src\core\tsi\fake_transport_security.c">
     </ClCompile>
     <ClCompile Include="..\..\src\core\tsi\ssl_transport_security.c">

vsprojects/vs2013/grpc.vcxproj.filters

@@ -43,9 +43,6 @@
     <ClCompile Include="..\..\src\core\surface\secure_channel_create.c">
       <Filter>src\core\surface</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\src\core\surface\secure_server_create.c">
-      <Filter>src\core\surface</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\src\core\tsi\fake_transport_security.c">
       <Filter>src\core\tsi</Filter>
     </ClCompile>

vsprojects/vs2013/grpc_shared.vcxproj

@@ -219,8 +219,6 @@
     </ClCompile>
     <ClCompile Include="..\..\src\core\surface\secure_channel_create.c">
     </ClCompile>
-    <ClCompile Include="..\..\src\core\surface\secure_server_create.c">
-    </ClCompile>
     <ClCompile Include="..\..\src\core\tsi\fake_transport_security.c">
     </ClCompile>
     <ClCompile Include="..\..\src\core\tsi\ssl_transport_security.c">

vsprojects/vs2013/grpc_shared.vcxproj.filters

@@ -43,9 +43,6 @@
     <ClCompile Include="..\..\src\core\surface\secure_channel_create.c">
       <Filter>src\core\surface</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\src\core\surface\secure_server_create.c">
-      <Filter>src\core\surface</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\src\core\tsi\fake_transport_security.c">
       <Filter>src\core\tsi</Filter>
     </ClCompile>