[security] Refactor credentials types to remove special handling for insecure creds (#36176)

Forked from #35957

This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials.

The special code-paths for insecure creds are no longer necessary in the wake of #25586.

Closes #36176

COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36176 from drfloob:fork/35957/creds-API fd64d59c23
PiperOrigin-RevId: 621008166
pull/36217/head
AJ Heller 8 months ago committed by Copybara-Service
parent adf6c7b644
commit 822311c0d9
  1. 22
      BUILD
  2. 33
      CMakeLists.txt
  3. 35
      build_autogenerated.yaml
  4. 4
      gRPC-C++.podspec
  5. 62
      include/grpcpp/security/credentials.h
  6. 32
      include/grpcpp/security/server_credentials.h
  7. 4
      include/grpcpp/support/channel_arguments.h
  8. 9
      src/core/ext/transport/binder/server/binder_server_credentials.cc
  9. 39
      src/cpp/client/call_credentials.cc
  10. 47
      src/cpp/client/channel_credentials.cc
  11. 14
      src/cpp/client/cronet_credentials.cc
  12. 31
      src/cpp/client/insecure_credentials.cc
  13. 372
      src/cpp/client/secure_credentials.cc
  14. 99
      src/cpp/client/secure_credentials.h
  15. 23
      src/cpp/client/xds_credentials.cc
  16. 13
      src/cpp/common/channel_arguments.cc
  17. 41
      src/cpp/common/secure_channel_arguments.cc
  18. 19
      src/cpp/ext/chaotic_good.cc
  19. 21
      src/cpp/server/insecure_server_credentials.cc
  20. 13
      src/cpp/server/secure_server_credentials.cc
  21. 23
      src/cpp/server/secure_server_credentials.h
  22. 39
      src/cpp/server/server_credentials.cc
  23. 16
      src/cpp/server/xds_server_credentials.cc
  24. 10
      test/core/transport/binder/end2end/binder_server_test.cc
  25. 5
      test/cpp/end2end/client_lb_end2end_test.cc
  26. 25
      test/cpp/end2end/end2end_test.cc
  27. 7
      test/cpp/end2end/grpclb_end2end_test.cc
  28. 6
      test/cpp/end2end/resource_quota_end2end_stress_test.cc
  29. 9
      test/cpp/end2end/rls_end2end_test.cc
  30. 5
      test/cpp/end2end/service_config_end2end_test.cc
  31. 5
      test/cpp/end2end/xds/xds_csds_end2end_test.cc
  32. 6
      test/cpp/end2end/xds/xds_end2end_test_lib.cc
  33. 2
      test/cpp/ext/BUILD
  34. 8
      test/cpp/interop/client_helper.cc
  35. 1
      test/cpp/util/BUILD
  36. 41
      test/cpp/util/credentials.h
  37. 4
      tools/doxygen/Doxyfile.c++.internal

22
BUILD

@ -324,7 +324,9 @@ GRPC_PUBLIC_EVENT_ENGINE_HDRS = [
] ]
GRPCXX_SRCS = [ GRPCXX_SRCS = [
"src/cpp/client/call_credentials.cc",
"src/cpp/client/channel_cc.cc", "src/cpp/client/channel_cc.cc",
"src/cpp/client/channel_credentials.cc",
"src/cpp/client/client_callback.cc", "src/cpp/client/client_callback.cc",
"src/cpp/client/client_context.cc", "src/cpp/client/client_context.cc",
"src/cpp/client/client_interceptor.cc", "src/cpp/client/client_interceptor.cc",
@ -350,6 +352,7 @@ GRPCXX_SRCS = [
"src/cpp/server/server_callback.cc", "src/cpp/server/server_callback.cc",
"src/cpp/server/server_cc.cc", "src/cpp/server/server_cc.cc",
"src/cpp/server/server_context.cc", "src/cpp/server/server_context.cc",
"src/cpp/server/server_credentials.cc",
"src/cpp/server/server_posix.cc", "src/cpp/server/server_posix.cc",
"src/cpp/thread_manager/thread_manager.cc", "src/cpp/thread_manager/thread_manager.cc",
"src/cpp/util/byte_buffer_cc.cc", "src/cpp/util/byte_buffer_cc.cc",
@ -938,9 +941,7 @@ grpc_cc_library(
}, },
], ],
tags = ["nofixdeps"], tags = ["nofixdeps"],
visibility = [ visibility = ["@grpc:public"],
"@grpc:public",
],
deps = [ deps = [
"grpc++_base", "grpc++_base",
"//src/core:gpr_atm", "//src/core:gpr_atm",
@ -1213,6 +1214,9 @@ grpc_cc_library(
], ],
) )
# TODO(hork): restructure the grpc++_unsecure and grpc++ build targets in a
# similar way to how the grpc_unsecure and grpc targets were restructured in
# #25586
grpc_cc_library( grpc_cc_library(
name = "grpc++_unsecure", name = "grpc++_unsecure",
srcs = [ srcs = [
@ -1220,18 +1224,26 @@ grpc_cc_library(
"src/cpp/common/insecure_create_auth_context.cc", "src/cpp/common/insecure_create_auth_context.cc",
"src/cpp/server/insecure_server_credentials.cc", "src/cpp/server/insecure_server_credentials.cc",
], ],
external_deps = [
"absl/strings",
"absl/synchronization",
],
language = "c++", language = "c++",
public_hdrs = GRPCXX_PUBLIC_HDRS,
tags = [ tags = [
"avoid_dep", "avoid_dep",
"nofixdeps", "nofixdeps",
], ],
visibility = ["@grpc:public"], visibility = ["@grpc:public"],
deps = [ deps = [
"channel_arg_names",
"gpr", "gpr",
"grpc++_base_unsecure", "grpc++_base_unsecure",
"grpc++_codegen_proto", "grpc++_codegen_proto",
"grpc_public_hdrs", "grpc_public_hdrs",
"grpc_security_base",
"grpc_unsecure", "grpc_unsecure",
"//src/core:gpr_atm",
"//src/core:grpc_insecure_credentials", "//src/core:grpc_insecure_credentials",
], ],
) )
@ -2370,7 +2382,6 @@ grpc_cc_library(
"src/cpp/client/secure_credentials.cc", "src/cpp/client/secure_credentials.cc",
"src/cpp/common/auth_property_iterator.cc", "src/cpp/common/auth_property_iterator.cc",
"src/cpp/common/secure_auth_context.cc", "src/cpp/common/secure_auth_context.cc",
"src/cpp/common/secure_channel_arguments.cc",
"src/cpp/common/secure_create_auth_context.cc", "src/cpp/common/secure_create_auth_context.cc",
"src/cpp/common/tls_certificate_provider.cc", "src/cpp/common/tls_certificate_provider.cc",
"src/cpp/common/tls_certificate_verifier.cc", "src/cpp/common/tls_certificate_verifier.cc",
@ -2494,6 +2505,7 @@ grpc_cc_library(
"grpc_base", "grpc_base",
"grpc_health_upb", "grpc_health_upb",
"grpc_public_hdrs", "grpc_public_hdrs",
"grpc_security_base",
"grpc_service_config_impl", "grpc_service_config_impl",
"grpc_trace", "grpc_trace",
"grpc_unsecure", "grpc_unsecure",
@ -4700,7 +4712,7 @@ grpc_cc_library(
visibility = ["@grpc:chaotic_good"], visibility = ["@grpc:chaotic_good"],
deps = [ deps = [
"gpr", "gpr",
"grpc++_public_hdrs", "grpc++_base_unsecure",
"grpc_public_hdrs", "grpc_public_hdrs",
"//src/core:chaotic_good_connector", "//src/core:chaotic_good_connector",
"//src/core:chaotic_good_server", "//src/core:chaotic_good_server",

33
CMakeLists.txt generated

@ -4041,7 +4041,9 @@ add_library(grpc++
src/core/ext/transport/binder/wire_format/transaction.cc src/core/ext/transport/binder/wire_format/transaction.cc
src/core/ext/transport/binder/wire_format/wire_reader_impl.cc src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
src/core/ext/transport/binder/wire_format/wire_writer.cc src/core/ext/transport/binder/wire_format/wire_writer.cc
src/cpp/client/call_credentials.cc
src/cpp/client/channel_cc.cc src/cpp/client/channel_cc.cc
src/cpp/client/channel_credentials.cc
src/cpp/client/client_callback.cc src/cpp/client/client_callback.cc
src/cpp/client/client_context.cc src/cpp/client/client_context.cc
src/cpp/client/client_interceptor.cc src/cpp/client/client_interceptor.cc
@ -4059,7 +4061,6 @@ add_library(grpc++
src/cpp/common/resource_quota_cc.cc src/cpp/common/resource_quota_cc.cc
src/cpp/common/rpc_method.cc src/cpp/common/rpc_method.cc
src/cpp/common/secure_auth_context.cc src/cpp/common/secure_auth_context.cc
src/cpp/common/secure_channel_arguments.cc
src/cpp/common/secure_create_auth_context.cc src/cpp/common/secure_create_auth_context.cc
src/cpp/common/tls_certificate_provider.cc src/cpp/common/tls_certificate_provider.cc
src/cpp/common/tls_certificate_verifier.cc src/cpp/common/tls_certificate_verifier.cc
@ -4080,6 +4081,7 @@ add_library(grpc++
src/cpp/server/server_callback.cc src/cpp/server/server_callback.cc
src/cpp/server/server_cc.cc src/cpp/server/server_cc.cc
src/cpp/server/server_context.cc src/cpp/server/server_context.cc
src/cpp/server/server_credentials.cc
src/cpp/server/server_posix.cc src/cpp/server/server_posix.cc
src/cpp/server/xds_server_builder.cc src/cpp/server/xds_server_builder.cc
src/cpp/server/xds_server_credentials.cc src/cpp/server/xds_server_credentials.cc
@ -4789,7 +4791,9 @@ target_link_libraries(grpc++_test_util
endif() endif()
add_library(grpc++_unsecure add_library(grpc++_unsecure
src/cpp/client/call_credentials.cc
src/cpp/client/channel_cc.cc src/cpp/client/channel_cc.cc
src/cpp/client/channel_credentials.cc
src/cpp/client/client_callback.cc src/cpp/client/client_callback.cc
src/cpp/client/client_context.cc src/cpp/client/client_context.cc
src/cpp/client/client_interceptor.cc src/cpp/client/client_interceptor.cc
@ -4819,6 +4823,7 @@ add_library(grpc++_unsecure
src/cpp/server/server_callback.cc src/cpp/server/server_callback.cc
src/cpp/server/server_cc.cc src/cpp/server/server_cc.cc
src/cpp/server/server_context.cc src/cpp/server/server_context.cc
src/cpp/server/server_credentials.cc
src/cpp/server/server_posix.cc src/cpp/server/server_posix.cc
src/cpp/thread_manager/thread_manager.cc src/cpp/thread_manager/thread_manager.cc
src/cpp/util/byte_buffer_cc.cc src/cpp/util/byte_buffer_cc.cc
@ -8146,7 +8151,9 @@ add_executable(binder_transport_test
src/core/ext/transport/binder/wire_format/transaction.cc src/core/ext/transport/binder/wire_format/transaction.cc
src/core/ext/transport/binder/wire_format/wire_reader_impl.cc src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
src/core/ext/transport/binder/wire_format/wire_writer.cc src/core/ext/transport/binder/wire_format/wire_writer.cc
src/cpp/client/call_credentials.cc
src/cpp/client/channel_cc.cc src/cpp/client/channel_cc.cc
src/cpp/client/channel_credentials.cc
src/cpp/client/client_callback.cc src/cpp/client/client_callback.cc
src/cpp/client/client_context.cc src/cpp/client/client_context.cc
src/cpp/client/client_interceptor.cc src/cpp/client/client_interceptor.cc
@ -8163,7 +8170,6 @@ add_executable(binder_transport_test
src/cpp/common/resource_quota_cc.cc src/cpp/common/resource_quota_cc.cc
src/cpp/common/rpc_method.cc src/cpp/common/rpc_method.cc
src/cpp/common/secure_auth_context.cc src/cpp/common/secure_auth_context.cc
src/cpp/common/secure_channel_arguments.cc
src/cpp/common/secure_create_auth_context.cc src/cpp/common/secure_create_auth_context.cc
src/cpp/common/tls_certificate_provider.cc src/cpp/common/tls_certificate_provider.cc
src/cpp/common/tls_certificate_verifier.cc src/cpp/common/tls_certificate_verifier.cc
@ -8184,6 +8190,7 @@ add_executable(binder_transport_test
src/cpp/server/server_callback.cc src/cpp/server/server_callback.cc
src/cpp/server/server_cc.cc src/cpp/server/server_cc.cc
src/cpp/server/server_context.cc src/cpp/server/server_context.cc
src/cpp/server/server_credentials.cc
src/cpp/server/server_posix.cc src/cpp/server/server_posix.cc
src/cpp/thread_manager/thread_manager.cc src/cpp/thread_manager/thread_manager.cc
src/cpp/util/byte_buffer_cc.cc src/cpp/util/byte_buffer_cc.cc
@ -12658,7 +12665,9 @@ add_executable(endpoint_binder_pool_test
src/core/ext/transport/binder/wire_format/transaction.cc src/core/ext/transport/binder/wire_format/transaction.cc
src/core/ext/transport/binder/wire_format/wire_reader_impl.cc src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
src/core/ext/transport/binder/wire_format/wire_writer.cc src/core/ext/transport/binder/wire_format/wire_writer.cc
src/cpp/client/call_credentials.cc
src/cpp/client/channel_cc.cc src/cpp/client/channel_cc.cc
src/cpp/client/channel_credentials.cc
src/cpp/client/client_callback.cc src/cpp/client/client_callback.cc
src/cpp/client/client_context.cc src/cpp/client/client_context.cc
src/cpp/client/client_interceptor.cc src/cpp/client/client_interceptor.cc
@ -12675,7 +12684,6 @@ add_executable(endpoint_binder_pool_test
src/cpp/common/resource_quota_cc.cc src/cpp/common/resource_quota_cc.cc
src/cpp/common/rpc_method.cc src/cpp/common/rpc_method.cc
src/cpp/common/secure_auth_context.cc src/cpp/common/secure_auth_context.cc
src/cpp/common/secure_channel_arguments.cc
src/cpp/common/secure_create_auth_context.cc src/cpp/common/secure_create_auth_context.cc
src/cpp/common/tls_certificate_provider.cc src/cpp/common/tls_certificate_provider.cc
src/cpp/common/tls_certificate_verifier.cc src/cpp/common/tls_certificate_verifier.cc
@ -12696,6 +12704,7 @@ add_executable(endpoint_binder_pool_test
src/cpp/server/server_callback.cc src/cpp/server/server_callback.cc
src/cpp/server/server_cc.cc src/cpp/server/server_cc.cc
src/cpp/server/server_context.cc src/cpp/server/server_context.cc
src/cpp/server/server_credentials.cc
src/cpp/server/server_posix.cc src/cpp/server/server_posix.cc
src/cpp/thread_manager/thread_manager.cc src/cpp/thread_manager/thread_manager.cc
src/cpp/util/byte_buffer_cc.cc src/cpp/util/byte_buffer_cc.cc
@ -13513,7 +13522,9 @@ add_executable(fake_binder_test
src/core/ext/transport/binder/wire_format/transaction.cc src/core/ext/transport/binder/wire_format/transaction.cc
src/core/ext/transport/binder/wire_format/wire_reader_impl.cc src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
src/core/ext/transport/binder/wire_format/wire_writer.cc src/core/ext/transport/binder/wire_format/wire_writer.cc
src/cpp/client/call_credentials.cc
src/cpp/client/channel_cc.cc src/cpp/client/channel_cc.cc
src/cpp/client/channel_credentials.cc
src/cpp/client/client_callback.cc src/cpp/client/client_callback.cc
src/cpp/client/client_context.cc src/cpp/client/client_context.cc
src/cpp/client/client_interceptor.cc src/cpp/client/client_interceptor.cc
@ -13530,7 +13541,6 @@ add_executable(fake_binder_test
src/cpp/common/resource_quota_cc.cc src/cpp/common/resource_quota_cc.cc
src/cpp/common/rpc_method.cc src/cpp/common/rpc_method.cc
src/cpp/common/secure_auth_context.cc src/cpp/common/secure_auth_context.cc
src/cpp/common/secure_channel_arguments.cc
src/cpp/common/secure_create_auth_context.cc src/cpp/common/secure_create_auth_context.cc
src/cpp/common/tls_certificate_provider.cc src/cpp/common/tls_certificate_provider.cc
src/cpp/common/tls_certificate_verifier.cc src/cpp/common/tls_certificate_verifier.cc
@ -13551,6 +13561,7 @@ add_executable(fake_binder_test
src/cpp/server/server_callback.cc src/cpp/server/server_callback.cc
src/cpp/server/server_cc.cc src/cpp/server/server_cc.cc
src/cpp/server/server_context.cc src/cpp/server/server_context.cc
src/cpp/server/server_credentials.cc
src/cpp/server/server_posix.cc src/cpp/server/server_posix.cc
src/cpp/thread_manager/thread_manager.cc src/cpp/thread_manager/thread_manager.cc
src/cpp/util/byte_buffer_cc.cc src/cpp/util/byte_buffer_cc.cc
@ -30162,7 +30173,7 @@ target_include_directories(test_cpp_ext_chaotic_good_test
target_link_libraries(test_cpp_ext_chaotic_good_test target_link_libraries(test_cpp_ext_chaotic_good_test
${_gRPC_ALLTARGETS_LIBRARIES} ${_gRPC_ALLTARGETS_LIBRARIES}
gtest gtest
grpc++ grpc++_unsecure
grpc_test_util grpc_test_util
) )
@ -31346,7 +31357,9 @@ add_executable(transport_stream_receiver_test
src/core/ext/transport/binder/wire_format/transaction.cc src/core/ext/transport/binder/wire_format/transaction.cc
src/core/ext/transport/binder/wire_format/wire_reader_impl.cc src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
src/core/ext/transport/binder/wire_format/wire_writer.cc src/core/ext/transport/binder/wire_format/wire_writer.cc
src/cpp/client/call_credentials.cc
src/cpp/client/channel_cc.cc src/cpp/client/channel_cc.cc
src/cpp/client/channel_credentials.cc
src/cpp/client/client_callback.cc src/cpp/client/client_callback.cc
src/cpp/client/client_context.cc src/cpp/client/client_context.cc
src/cpp/client/client_interceptor.cc src/cpp/client/client_interceptor.cc
@ -31363,7 +31376,6 @@ add_executable(transport_stream_receiver_test
src/cpp/common/resource_quota_cc.cc src/cpp/common/resource_quota_cc.cc
src/cpp/common/rpc_method.cc src/cpp/common/rpc_method.cc
src/cpp/common/secure_auth_context.cc src/cpp/common/secure_auth_context.cc
src/cpp/common/secure_channel_arguments.cc
src/cpp/common/secure_create_auth_context.cc src/cpp/common/secure_create_auth_context.cc
src/cpp/common/tls_certificate_provider.cc src/cpp/common/tls_certificate_provider.cc
src/cpp/common/tls_certificate_verifier.cc src/cpp/common/tls_certificate_verifier.cc
@ -31384,6 +31396,7 @@ add_executable(transport_stream_receiver_test
src/cpp/server/server_callback.cc src/cpp/server/server_callback.cc
src/cpp/server/server_cc.cc src/cpp/server/server_cc.cc
src/cpp/server/server_context.cc src/cpp/server/server_context.cc
src/cpp/server/server_credentials.cc
src/cpp/server/server_posix.cc src/cpp/server/server_posix.cc
src/cpp/thread_manager/thread_manager.cc src/cpp/thread_manager/thread_manager.cc
src/cpp/util/byte_buffer_cc.cc src/cpp/util/byte_buffer_cc.cc
@ -32178,7 +32191,9 @@ add_executable(wire_reader_test
src/core/ext/transport/binder/wire_format/transaction.cc src/core/ext/transport/binder/wire_format/transaction.cc
src/core/ext/transport/binder/wire_format/wire_reader_impl.cc src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
src/core/ext/transport/binder/wire_format/wire_writer.cc src/core/ext/transport/binder/wire_format/wire_writer.cc
src/cpp/client/call_credentials.cc
src/cpp/client/channel_cc.cc src/cpp/client/channel_cc.cc
src/cpp/client/channel_credentials.cc
src/cpp/client/client_callback.cc src/cpp/client/client_callback.cc
src/cpp/client/client_context.cc src/cpp/client/client_context.cc
src/cpp/client/client_interceptor.cc src/cpp/client/client_interceptor.cc
@ -32195,7 +32210,6 @@ add_executable(wire_reader_test
src/cpp/common/resource_quota_cc.cc src/cpp/common/resource_quota_cc.cc
src/cpp/common/rpc_method.cc src/cpp/common/rpc_method.cc
src/cpp/common/secure_auth_context.cc src/cpp/common/secure_auth_context.cc
src/cpp/common/secure_channel_arguments.cc
src/cpp/common/secure_create_auth_context.cc src/cpp/common/secure_create_auth_context.cc
src/cpp/common/tls_certificate_provider.cc src/cpp/common/tls_certificate_provider.cc
src/cpp/common/tls_certificate_verifier.cc src/cpp/common/tls_certificate_verifier.cc
@ -32216,6 +32230,7 @@ add_executable(wire_reader_test
src/cpp/server/server_callback.cc src/cpp/server/server_callback.cc
src/cpp/server/server_cc.cc src/cpp/server/server_cc.cc
src/cpp/server/server_context.cc src/cpp/server/server_context.cc
src/cpp/server/server_credentials.cc
src/cpp/server/server_posix.cc src/cpp/server/server_posix.cc
src/cpp/thread_manager/thread_manager.cc src/cpp/thread_manager/thread_manager.cc
src/cpp/util/byte_buffer_cc.cc src/cpp/util/byte_buffer_cc.cc
@ -32284,7 +32299,9 @@ add_executable(wire_writer_test
src/core/ext/transport/binder/wire_format/transaction.cc src/core/ext/transport/binder/wire_format/transaction.cc
src/core/ext/transport/binder/wire_format/wire_reader_impl.cc src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
src/core/ext/transport/binder/wire_format/wire_writer.cc src/core/ext/transport/binder/wire_format/wire_writer.cc
src/cpp/client/call_credentials.cc
src/cpp/client/channel_cc.cc src/cpp/client/channel_cc.cc
src/cpp/client/channel_credentials.cc
src/cpp/client/client_callback.cc src/cpp/client/client_callback.cc
src/cpp/client/client_context.cc src/cpp/client/client_context.cc
src/cpp/client/client_interceptor.cc src/cpp/client/client_interceptor.cc
@ -32301,7 +32318,6 @@ add_executable(wire_writer_test
src/cpp/common/resource_quota_cc.cc src/cpp/common/resource_quota_cc.cc
src/cpp/common/rpc_method.cc src/cpp/common/rpc_method.cc
src/cpp/common/secure_auth_context.cc src/cpp/common/secure_auth_context.cc
src/cpp/common/secure_channel_arguments.cc
src/cpp/common/secure_create_auth_context.cc src/cpp/common/secure_create_auth_context.cc
src/cpp/common/tls_certificate_provider.cc src/cpp/common/tls_certificate_provider.cc
src/cpp/common/tls_certificate_verifier.cc src/cpp/common/tls_certificate_verifier.cc
@ -32322,6 +32338,7 @@ add_executable(wire_writer_test
src/cpp/server/server_callback.cc src/cpp/server/server_callback.cc
src/cpp/server/server_cc.cc src/cpp/server/server_cc.cc
src/cpp/server/server_context.cc src/cpp/server/server_context.cc
src/cpp/server/server_credentials.cc
src/cpp/server/server_posix.cc src/cpp/server/server_posix.cc
src/cpp/thread_manager/thread_manager.cc src/cpp/thread_manager/thread_manager.cc
src/cpp/util/byte_buffer_cc.cc src/cpp/util/byte_buffer_cc.cc

@ -3884,7 +3884,9 @@ libs:
- src/core/ext/transport/binder/wire_format/transaction.cc - src/core/ext/transport/binder/wire_format/transaction.cc
- src/core/ext/transport/binder/wire_format/wire_reader_impl.cc - src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
- src/core/ext/transport/binder/wire_format/wire_writer.cc - src/core/ext/transport/binder/wire_format/wire_writer.cc
- src/cpp/client/call_credentials.cc
- src/cpp/client/channel_cc.cc - src/cpp/client/channel_cc.cc
- src/cpp/client/channel_credentials.cc
- src/cpp/client/client_callback.cc - src/cpp/client/client_callback.cc
- src/cpp/client/client_context.cc - src/cpp/client/client_context.cc
- src/cpp/client/client_interceptor.cc - src/cpp/client/client_interceptor.cc
@ -3902,7 +3904,6 @@ libs:
- src/cpp/common/resource_quota_cc.cc - src/cpp/common/resource_quota_cc.cc
- src/cpp/common/rpc_method.cc - src/cpp/common/rpc_method.cc
- src/cpp/common/secure_auth_context.cc - src/cpp/common/secure_auth_context.cc
- src/cpp/common/secure_channel_arguments.cc
- src/cpp/common/secure_create_auth_context.cc - src/cpp/common/secure_create_auth_context.cc
- src/cpp/common/tls_certificate_provider.cc - src/cpp/common/tls_certificate_provider.cc
- src/cpp/common/tls_certificate_verifier.cc - src/cpp/common/tls_certificate_verifier.cc
@ -3923,6 +3924,7 @@ libs:
- src/cpp/server/server_callback.cc - src/cpp/server/server_callback.cc
- src/cpp/server/server_cc.cc - src/cpp/server/server_cc.cc
- src/cpp/server/server_context.cc - src/cpp/server/server_context.cc
- src/cpp/server/server_credentials.cc
- src/cpp/server/server_posix.cc - src/cpp/server/server_posix.cc
- src/cpp/server/xds_server_builder.cc - src/cpp/server/xds_server_builder.cc
- src/cpp/server/xds_server_credentials.cc - src/cpp/server/xds_server_credentials.cc
@ -4022,6 +4024,7 @@ libs:
- test/core/util/tracer_util.h - test/core/util/tracer_util.h
- test/cpp/util/byte_buffer_proto_helper.h - test/cpp/util/byte_buffer_proto_helper.h
- test/cpp/util/create_test_channel.h - test/cpp/util/create_test_channel.h
- test/cpp/util/credentials.h
- test/cpp/util/string_ref_helper.h - test/cpp/util/string_ref_helper.h
- test/cpp/util/subprocess.h - test/cpp/util/subprocess.h
- test/cpp/util/test_credentials_provider.h - test/cpp/util/test_credentials_provider.h
@ -4264,7 +4267,9 @@ libs:
- src/cpp/server/thread_pool_interface.h - src/cpp/server/thread_pool_interface.h
- src/cpp/thread_manager/thread_manager.h - src/cpp/thread_manager/thread_manager.h
src: src:
- src/cpp/client/call_credentials.cc
- src/cpp/client/channel_cc.cc - src/cpp/client/channel_cc.cc
- src/cpp/client/channel_credentials.cc
- src/cpp/client/client_callback.cc - src/cpp/client/client_callback.cc
- src/cpp/client/client_context.cc - src/cpp/client/client_context.cc
- src/cpp/client/client_interceptor.cc - src/cpp/client/client_interceptor.cc
@ -4294,6 +4299,7 @@ libs:
- src/cpp/server/server_callback.cc - src/cpp/server/server_callback.cc
- src/cpp/server/server_cc.cc - src/cpp/server/server_cc.cc
- src/cpp/server/server_context.cc - src/cpp/server/server_context.cc
- src/cpp/server/server_credentials.cc
- src/cpp/server/server_posix.cc - src/cpp/server/server_posix.cc
- src/cpp/thread_manager/thread_manager.cc - src/cpp/thread_manager/thread_manager.cc
- src/cpp/util/byte_buffer_cc.cc - src/cpp/util/byte_buffer_cc.cc
@ -5275,6 +5281,7 @@ targets:
- test/core/util/slice_splitter.h - test/core/util/slice_splitter.h
- test/core/util/tracer_util.h - test/core/util/tracer_util.h
- test/cpp/util/byte_buffer_proto_helper.h - test/cpp/util/byte_buffer_proto_helper.h
- test/cpp/util/credentials.h
- test/cpp/util/string_ref_helper.h - test/cpp/util/string_ref_helper.h
- test/cpp/util/subprocess.h - test/cpp/util/subprocess.h
src: src:
@ -6163,7 +6170,9 @@ targets:
- src/core/ext/transport/binder/wire_format/transaction.cc - src/core/ext/transport/binder/wire_format/transaction.cc
- src/core/ext/transport/binder/wire_format/wire_reader_impl.cc - src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
- src/core/ext/transport/binder/wire_format/wire_writer.cc - src/core/ext/transport/binder/wire_format/wire_writer.cc
- src/cpp/client/call_credentials.cc
- src/cpp/client/channel_cc.cc - src/cpp/client/channel_cc.cc
- src/cpp/client/channel_credentials.cc
- src/cpp/client/client_callback.cc - src/cpp/client/client_callback.cc
- src/cpp/client/client_context.cc - src/cpp/client/client_context.cc
- src/cpp/client/client_interceptor.cc - src/cpp/client/client_interceptor.cc
@ -6180,7 +6189,6 @@ targets:
- src/cpp/common/resource_quota_cc.cc - src/cpp/common/resource_quota_cc.cc
- src/cpp/common/rpc_method.cc - src/cpp/common/rpc_method.cc
- src/cpp/common/secure_auth_context.cc - src/cpp/common/secure_auth_context.cc
- src/cpp/common/secure_channel_arguments.cc
- src/cpp/common/secure_create_auth_context.cc - src/cpp/common/secure_create_auth_context.cc
- src/cpp/common/tls_certificate_provider.cc - src/cpp/common/tls_certificate_provider.cc
- src/cpp/common/tls_certificate_verifier.cc - src/cpp/common/tls_certificate_verifier.cc
@ -6201,6 +6209,7 @@ targets:
- src/cpp/server/server_callback.cc - src/cpp/server/server_callback.cc
- src/cpp/server/server_cc.cc - src/cpp/server/server_cc.cc
- src/cpp/server/server_context.cc - src/cpp/server/server_context.cc
- src/cpp/server/server_credentials.cc
- src/cpp/server/server_posix.cc - src/cpp/server/server_posix.cc
- src/cpp/thread_manager/thread_manager.cc - src/cpp/thread_manager/thread_manager.cc
- src/cpp/util/byte_buffer_cc.cc - src/cpp/util/byte_buffer_cc.cc
@ -8848,7 +8857,9 @@ targets:
- src/core/ext/transport/binder/wire_format/transaction.cc - src/core/ext/transport/binder/wire_format/transaction.cc
- src/core/ext/transport/binder/wire_format/wire_reader_impl.cc - src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
- src/core/ext/transport/binder/wire_format/wire_writer.cc - src/core/ext/transport/binder/wire_format/wire_writer.cc
- src/cpp/client/call_credentials.cc
- src/cpp/client/channel_cc.cc - src/cpp/client/channel_cc.cc
- src/cpp/client/channel_credentials.cc
- src/cpp/client/client_callback.cc - src/cpp/client/client_callback.cc
- src/cpp/client/client_context.cc - src/cpp/client/client_context.cc
- src/cpp/client/client_interceptor.cc - src/cpp/client/client_interceptor.cc
@ -8865,7 +8876,6 @@ targets:
- src/cpp/common/resource_quota_cc.cc - src/cpp/common/resource_quota_cc.cc
- src/cpp/common/rpc_method.cc - src/cpp/common/rpc_method.cc
- src/cpp/common/secure_auth_context.cc - src/cpp/common/secure_auth_context.cc
- src/cpp/common/secure_channel_arguments.cc
- src/cpp/common/secure_create_auth_context.cc - src/cpp/common/secure_create_auth_context.cc
- src/cpp/common/tls_certificate_provider.cc - src/cpp/common/tls_certificate_provider.cc
- src/cpp/common/tls_certificate_verifier.cc - src/cpp/common/tls_certificate_verifier.cc
@ -8886,6 +8896,7 @@ targets:
- src/cpp/server/server_callback.cc - src/cpp/server/server_callback.cc
- src/cpp/server/server_cc.cc - src/cpp/server/server_cc.cc
- src/cpp/server/server_context.cc - src/cpp/server/server_context.cc
- src/cpp/server/server_credentials.cc
- src/cpp/server/server_posix.cc - src/cpp/server/server_posix.cc
- src/cpp/thread_manager/thread_manager.cc - src/cpp/thread_manager/thread_manager.cc
- src/cpp/util/byte_buffer_cc.cc - src/cpp/util/byte_buffer_cc.cc
@ -9338,7 +9349,9 @@ targets:
- src/core/ext/transport/binder/wire_format/transaction.cc - src/core/ext/transport/binder/wire_format/transaction.cc
- src/core/ext/transport/binder/wire_format/wire_reader_impl.cc - src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
- src/core/ext/transport/binder/wire_format/wire_writer.cc - src/core/ext/transport/binder/wire_format/wire_writer.cc
- src/cpp/client/call_credentials.cc
- src/cpp/client/channel_cc.cc - src/cpp/client/channel_cc.cc
- src/cpp/client/channel_credentials.cc
- src/cpp/client/client_callback.cc - src/cpp/client/client_callback.cc
- src/cpp/client/client_context.cc - src/cpp/client/client_context.cc
- src/cpp/client/client_interceptor.cc - src/cpp/client/client_interceptor.cc
@ -9355,7 +9368,6 @@ targets:
- src/cpp/common/resource_quota_cc.cc - src/cpp/common/resource_quota_cc.cc
- src/cpp/common/rpc_method.cc - src/cpp/common/rpc_method.cc
- src/cpp/common/secure_auth_context.cc - src/cpp/common/secure_auth_context.cc
- src/cpp/common/secure_channel_arguments.cc
- src/cpp/common/secure_create_auth_context.cc - src/cpp/common/secure_create_auth_context.cc
- src/cpp/common/tls_certificate_provider.cc - src/cpp/common/tls_certificate_provider.cc
- src/cpp/common/tls_certificate_verifier.cc - src/cpp/common/tls_certificate_verifier.cc
@ -9376,6 +9388,7 @@ targets:
- src/cpp/server/server_callback.cc - src/cpp/server/server_callback.cc
- src/cpp/server/server_cc.cc - src/cpp/server/server_cc.cc
- src/cpp/server/server_context.cc - src/cpp/server/server_context.cc
- src/cpp/server/server_credentials.cc
- src/cpp/server/server_posix.cc - src/cpp/server/server_posix.cc
- src/cpp/thread_manager/thread_manager.cc - src/cpp/thread_manager/thread_manager.cc
- src/cpp/util/byte_buffer_cc.cc - src/cpp/util/byte_buffer_cc.cc
@ -19012,7 +19025,7 @@ targets:
- test/cpp/ext/chaotic_good_test.cc - test/cpp/ext/chaotic_good_test.cc
deps: deps:
- gtest - gtest
- grpc++ - grpc++_unsecure
- grpc_test_util - grpc_test_util
- name: test_cpp_server_credentials_test - name: test_cpp_server_credentials_test
gtest: true gtest: true
@ -19528,7 +19541,9 @@ targets:
- src/core/ext/transport/binder/wire_format/transaction.cc - src/core/ext/transport/binder/wire_format/transaction.cc
- src/core/ext/transport/binder/wire_format/wire_reader_impl.cc - src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
- src/core/ext/transport/binder/wire_format/wire_writer.cc - src/core/ext/transport/binder/wire_format/wire_writer.cc
- src/cpp/client/call_credentials.cc
- src/cpp/client/channel_cc.cc - src/cpp/client/channel_cc.cc
- src/cpp/client/channel_credentials.cc
- src/cpp/client/client_callback.cc - src/cpp/client/client_callback.cc
- src/cpp/client/client_context.cc - src/cpp/client/client_context.cc
- src/cpp/client/client_interceptor.cc - src/cpp/client/client_interceptor.cc
@ -19545,7 +19560,6 @@ targets:
- src/cpp/common/resource_quota_cc.cc - src/cpp/common/resource_quota_cc.cc
- src/cpp/common/rpc_method.cc - src/cpp/common/rpc_method.cc
- src/cpp/common/secure_auth_context.cc - src/cpp/common/secure_auth_context.cc
- src/cpp/common/secure_channel_arguments.cc
- src/cpp/common/secure_create_auth_context.cc - src/cpp/common/secure_create_auth_context.cc
- src/cpp/common/tls_certificate_provider.cc - src/cpp/common/tls_certificate_provider.cc
- src/cpp/common/tls_certificate_verifier.cc - src/cpp/common/tls_certificate_verifier.cc
@ -19566,6 +19580,7 @@ targets:
- src/cpp/server/server_callback.cc - src/cpp/server/server_callback.cc
- src/cpp/server/server_cc.cc - src/cpp/server/server_cc.cc
- src/cpp/server/server_context.cc - src/cpp/server/server_context.cc
- src/cpp/server/server_credentials.cc
- src/cpp/server/server_posix.cc - src/cpp/server/server_posix.cc
- src/cpp/thread_manager/thread_manager.cc - src/cpp/thread_manager/thread_manager.cc
- src/cpp/util/byte_buffer_cc.cc - src/cpp/util/byte_buffer_cc.cc
@ -19903,7 +19918,9 @@ targets:
- src/core/ext/transport/binder/wire_format/transaction.cc - src/core/ext/transport/binder/wire_format/transaction.cc
- src/core/ext/transport/binder/wire_format/wire_reader_impl.cc - src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
- src/core/ext/transport/binder/wire_format/wire_writer.cc - src/core/ext/transport/binder/wire_format/wire_writer.cc
- src/cpp/client/call_credentials.cc
- src/cpp/client/channel_cc.cc - src/cpp/client/channel_cc.cc
- src/cpp/client/channel_credentials.cc
- src/cpp/client/client_callback.cc - src/cpp/client/client_callback.cc
- src/cpp/client/client_context.cc - src/cpp/client/client_context.cc
- src/cpp/client/client_interceptor.cc - src/cpp/client/client_interceptor.cc
@ -19920,7 +19937,6 @@ targets:
- src/cpp/common/resource_quota_cc.cc - src/cpp/common/resource_quota_cc.cc
- src/cpp/common/rpc_method.cc - src/cpp/common/rpc_method.cc
- src/cpp/common/secure_auth_context.cc - src/cpp/common/secure_auth_context.cc
- src/cpp/common/secure_channel_arguments.cc
- src/cpp/common/secure_create_auth_context.cc - src/cpp/common/secure_create_auth_context.cc
- src/cpp/common/tls_certificate_provider.cc - src/cpp/common/tls_certificate_provider.cc
- src/cpp/common/tls_certificate_verifier.cc - src/cpp/common/tls_certificate_verifier.cc
@ -19941,6 +19957,7 @@ targets:
- src/cpp/server/server_callback.cc - src/cpp/server/server_callback.cc
- src/cpp/server/server_cc.cc - src/cpp/server/server_cc.cc
- src/cpp/server/server_context.cc - src/cpp/server/server_context.cc
- src/cpp/server/server_credentials.cc
- src/cpp/server/server_posix.cc - src/cpp/server/server_posix.cc
- src/cpp/thread_manager/thread_manager.cc - src/cpp/thread_manager/thread_manager.cc
- src/cpp/util/byte_buffer_cc.cc - src/cpp/util/byte_buffer_cc.cc
@ -20010,7 +20027,9 @@ targets:
- src/core/ext/transport/binder/wire_format/transaction.cc - src/core/ext/transport/binder/wire_format/transaction.cc
- src/core/ext/transport/binder/wire_format/wire_reader_impl.cc - src/core/ext/transport/binder/wire_format/wire_reader_impl.cc
- src/core/ext/transport/binder/wire_format/wire_writer.cc - src/core/ext/transport/binder/wire_format/wire_writer.cc
- src/cpp/client/call_credentials.cc
- src/cpp/client/channel_cc.cc - src/cpp/client/channel_cc.cc
- src/cpp/client/channel_credentials.cc
- src/cpp/client/client_callback.cc - src/cpp/client/client_callback.cc
- src/cpp/client/client_context.cc - src/cpp/client/client_context.cc
- src/cpp/client/client_interceptor.cc - src/cpp/client/client_interceptor.cc
@ -20027,7 +20046,6 @@ targets:
- src/cpp/common/resource_quota_cc.cc - src/cpp/common/resource_quota_cc.cc
- src/cpp/common/rpc_method.cc - src/cpp/common/rpc_method.cc
- src/cpp/common/secure_auth_context.cc - src/cpp/common/secure_auth_context.cc
- src/cpp/common/secure_channel_arguments.cc
- src/cpp/common/secure_create_auth_context.cc - src/cpp/common/secure_create_auth_context.cc
- src/cpp/common/tls_certificate_provider.cc - src/cpp/common/tls_certificate_provider.cc
- src/cpp/common/tls_certificate_verifier.cc - src/cpp/common/tls_certificate_verifier.cc
@ -20048,6 +20066,7 @@ targets:
- src/cpp/server/server_callback.cc - src/cpp/server/server_callback.cc
- src/cpp/server/server_cc.cc - src/cpp/server/server_cc.cc
- src/cpp/server/server_context.cc - src/cpp/server/server_context.cc
- src/cpp/server/server_credentials.cc
- src/cpp/server/server_posix.cc - src/cpp/server/server_posix.cc
- src/cpp/thread_manager/thread_manager.cc - src/cpp/thread_manager/thread_manager.cc
- src/cpp/util/byte_buffer_cc.cc - src/cpp/util/byte_buffer_cc.cc

4
gRPC-C++.podspec generated

@ -1345,7 +1345,9 @@ Pod::Spec.new do |s|
'src/core/tsi/transport_security.h', 'src/core/tsi/transport_security.h',
'src/core/tsi/transport_security_grpc.h', 'src/core/tsi/transport_security_grpc.h',
'src/core/tsi/transport_security_interface.h', 'src/core/tsi/transport_security_interface.h',
'src/cpp/client/call_credentials.cc',
'src/cpp/client/channel_cc.cc', 'src/cpp/client/channel_cc.cc',
'src/cpp/client/channel_credentials.cc',
'src/cpp/client/client_callback.cc', 'src/cpp/client/client_callback.cc',
'src/cpp/client/client_context.cc', 'src/cpp/client/client_context.cc',
'src/cpp/client/client_interceptor.cc', 'src/cpp/client/client_interceptor.cc',
@ -1367,7 +1369,6 @@ Pod::Spec.new do |s|
'src/cpp/common/rpc_method.cc', 'src/cpp/common/rpc_method.cc',
'src/cpp/common/secure_auth_context.cc', 'src/cpp/common/secure_auth_context.cc',
'src/cpp/common/secure_auth_context.h', 'src/cpp/common/secure_auth_context.h',
'src/cpp/common/secure_channel_arguments.cc',
'src/cpp/common/secure_create_auth_context.cc', 'src/cpp/common/secure_create_auth_context.cc',
'src/cpp/common/tls_certificate_provider.cc', 'src/cpp/common/tls_certificate_provider.cc',
'src/cpp/common/tls_certificate_verifier.cc', 'src/cpp/common/tls_certificate_verifier.cc',
@ -1393,6 +1394,7 @@ Pod::Spec.new do |s|
'src/cpp/server/server_callback.cc', 'src/cpp/server/server_callback.cc',
'src/cpp/server/server_cc.cc', 'src/cpp/server/server_cc.cc',
'src/cpp/server/server_context.cc', 'src/cpp/server/server_context.cc',
'src/cpp/server/server_credentials.cc',
'src/cpp/server/server_posix.cc', 'src/cpp/server/server_posix.cc',
'src/cpp/server/thread_pool_interface.h', 'src/cpp/server/thread_pool_interface.h',
'src/cpp/server/xds_server_builder.cc', 'src/cpp/server/xds_server_builder.cc',

@ -37,9 +37,10 @@ struct grpc_call;
namespace grpc { namespace grpc {
class CallCredentials; class CallCredentials;
class SecureCallCredentials;
class SecureChannelCredentials;
class ChannelCredentials; class ChannelCredentials;
namespace testing {
std::string GetOauth2AccessToken();
}
std::shared_ptr<Channel> CreateCustomChannel( std::shared_ptr<Channel> CreateCustomChannel(
const grpc::string& target, const grpc::string& target,
@ -68,26 +69,18 @@ std::shared_ptr<ChannelCredentials> XdsCredentials(
/// \see https://grpc.io/docs/guides/auth.html /// \see https://grpc.io/docs/guides/auth.html
class ChannelCredentials : private grpc::internal::GrpcLibrary { class ChannelCredentials : private grpc::internal::GrpcLibrary {
public: public:
protected: ~ChannelCredentials() override;
friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
const std::shared_ptr<ChannelCredentials>& channel_creds,
const std::shared_ptr<CallCredentials>& call_creds);
// TODO(yashykt): We need this friend declaration mainly for access to protected:
// AsSecureCredentials(). Once we are able to remove insecure builds from gRPC explicit ChannelCredentials(grpc_channel_credentials* creds);
// (and also internal dependencies on the indirect method of creating a
// channel through credentials), we would be able to remove this.
friend std::shared_ptr<ChannelCredentials> grpc::XdsCredentials(
const std::shared_ptr<ChannelCredentials>& fallback_creds);
virtual SecureChannelCredentials* AsSecureCredentials() = 0; grpc_channel_credentials* c_creds() { return c_creds_; }
private: private:
friend std::shared_ptr<grpc::Channel> CreateCustomChannel( friend std::shared_ptr<grpc::Channel> CreateCustomChannel(
const grpc::string& target, const grpc::string& target,
const std::shared_ptr<grpc::ChannelCredentials>& creds, const std::shared_ptr<grpc::ChannelCredentials>& creds,
const grpc::ChannelArguments& args); const grpc::ChannelArguments& args);
friend std::shared_ptr<grpc::Channel> friend std::shared_ptr<grpc::Channel>
grpc::experimental::CreateCustomChannelWithInterceptors( grpc::experimental::CreateCustomChannelWithInterceptors(
const grpc::string& target, const grpc::string& target,
@ -96,24 +89,23 @@ class ChannelCredentials : private grpc::internal::GrpcLibrary {
std::vector<std::unique_ptr< std::vector<std::unique_ptr<
grpc::experimental::ClientInterceptorFactoryInterface>> grpc::experimental::ClientInterceptorFactoryInterface>>
interceptor_creators); interceptor_creators);
friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
const std::shared_ptr<ChannelCredentials>& channel_creds,
const std::shared_ptr<CallCredentials>& call_creds);
friend class XdsChannelCredentialsImpl;
virtual std::shared_ptr<Channel> CreateChannelImpl( virtual std::shared_ptr<Channel> CreateChannelImpl(
const grpc::string& target, const ChannelArguments& args) = 0; const grpc::string& target, const ChannelArguments& args) {
return CreateChannelWithInterceptors(target, args, {});
}
// This function should have been a pure virtual function, but it is
// implemented as a virtual function so that it does not break API.
virtual std::shared_ptr<Channel> CreateChannelWithInterceptors( virtual std::shared_ptr<Channel> CreateChannelWithInterceptors(
const grpc::string& /*target*/, const ChannelArguments& /*args*/, const grpc::string& target, const ChannelArguments& args,
std::vector<std::unique_ptr< std::vector<std::unique_ptr<
grpc::experimental::ClientInterceptorFactoryInterface>> grpc::experimental::ClientInterceptorFactoryInterface>>
/*interceptor_creators*/) { interceptor_creators);
return nullptr;
}
// TODO(yashkt): This is a hack that is needed since InsecureCredentials can grpc_channel_credentials* const c_creds_;
// not use grpc_channel_credentials internally and should be removed after
// insecure builds are removed from gRPC.
virtual bool IsInsecure() const { return false; }
}; };
/// A call credentials object encapsulates the state needed by a client to /// A call credentials object encapsulates the state needed by a client to
@ -122,22 +114,24 @@ class ChannelCredentials : private grpc::internal::GrpcLibrary {
/// \see https://grpc.io/docs/guides/auth.html /// \see https://grpc.io/docs/guides/auth.html
class CallCredentials : private grpc::internal::GrpcLibrary { class CallCredentials : private grpc::internal::GrpcLibrary {
public: public:
~CallCredentials() override;
/// Apply this instance's credentials to \a call. /// Apply this instance's credentials to \a call.
virtual bool ApplyToCall(grpc_call* call) = 0; bool ApplyToCall(grpc_call* call);
virtual grpc::string DebugString() {
return "CallCredentials did not provide a debug string"; grpc::string DebugString();
}
protected: protected:
explicit CallCredentials(grpc_call_credentials* creds);
private:
friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
const std::shared_ptr<ChannelCredentials>& channel_creds, const std::shared_ptr<ChannelCredentials>& channel_creds,
const std::shared_ptr<CallCredentials>& call_creds); const std::shared_ptr<CallCredentials>& call_creds);
friend class CompositeCallCredentialsImpl;
friend std::string grpc::testing::GetOauth2AccessToken();
friend std::shared_ptr<CallCredentials> CompositeCallCredentials( grpc_call_credentials* c_creds_ = nullptr;
const std::shared_ptr<CallCredentials>& creds1,
const std::shared_ptr<CallCredentials>& creds2);
virtual SecureCallCredentials* AsSecureCredentials() = 0;
}; };
/// Options used to build SslCredentials. /// Options used to build SslCredentials.

@ -34,7 +34,7 @@ namespace grpc {
class Server; class Server;
class ServerCredentials; class ServerCredentials;
class SecureServerCredentials;
/// Options to create ServerCredentials with SSL /// Options to create ServerCredentials with SSL
struct SslServerCredentialsOptions { struct SslServerCredentialsOptions {
/// \warning Deprecated /// \warning Deprecated
@ -68,17 +68,22 @@ std::shared_ptr<ServerCredentials> XdsServerCredentials(
/// Wrapper around \a grpc_server_credentials, a way to authenticate a server. /// Wrapper around \a grpc_server_credentials, a way to authenticate a server.
class ServerCredentials : private grpc::internal::GrpcLibrary { class ServerCredentials : private grpc::internal::GrpcLibrary {
public: public:
~ServerCredentials() override;
/// This method is not thread-safe and has to be called before the server is /// This method is not thread-safe and has to be called before the server is
/// started. The last call to this function wins. /// started. The last call to this function wins.
virtual void SetAuthMetadataProcessor( virtual void SetAuthMetadataProcessor(
const std::shared_ptr<grpc::AuthMetadataProcessor>& processor) = 0; const std::shared_ptr<grpc::AuthMetadataProcessor>& processor);
protected:
explicit ServerCredentials(grpc_server_credentials* creds);
grpc_server_credentials* c_creds() const { return c_creds_; }
private: private:
// Needed for access to AddPortToServer.
friend class Server; friend class Server;
// Needed for access to c_creds_.
// We need this friend declaration for access to Insecure() and
// AsSecureServerCredentials(). When these two functions are no longer
// necessary, this friend declaration can be removed too.
friend std::shared_ptr<ServerCredentials> grpc::XdsServerCredentials( friend std::shared_ptr<ServerCredentials> grpc::XdsServerCredentials(
const std::shared_ptr<ServerCredentials>& fallback_credentials); const std::shared_ptr<ServerCredentials>& fallback_credentials);
@ -87,18 +92,9 @@ class ServerCredentials : private grpc::internal::GrpcLibrary {
/// ///
/// \return bound port number on success, 0 on failure. /// \return bound port number on success, 0 on failure.
// TODO(dgq): the "port" part seems to be a misnomer. // TODO(dgq): the "port" part seems to be a misnomer.
virtual int AddPortToServer(const std::string& addr, grpc_server* server) = 0; virtual int AddPortToServer(const std::string& addr, grpc_server* server);
// TODO(yashykt): This is a hack since InsecureServerCredentials() cannot use grpc_server_credentials* c_creds_;
// grpc_insecure_server_credentials_create() and should be removed after
// insecure builds are removed from gRPC.
virtual bool IsInsecure() const { return false; }
// TODO(yashkt): This is a hack that should be removed once we remove insecure
// builds and the indirect method of adding ports to a server.
virtual SecureServerCredentials* AsSecureServerCredentials() {
return nullptr;
}
}; };
/// Builds SSL ServerCredentials given SSL specific options /// Builds SSL ServerCredentials given SSL specific options

@ -28,7 +28,7 @@
#include <grpcpp/support/config.h> #include <grpcpp/support/config.h>
namespace grpc { namespace grpc {
class SecureChannelCredentials; class ChannelCredentials;
namespace testing { namespace testing {
class ChannelArgumentsTest; class ChannelArgumentsTest;
} // namespace testing } // namespace testing
@ -120,7 +120,7 @@ class ChannelArguments {
} }
private: private:
friend class grpc::SecureChannelCredentials; friend class grpc::ChannelCredentials;
friend class grpc::testing::ChannelArgumentsTest; friend class grpc::testing::ChannelArgumentsTest;
/// Default pointer argument operations. /// Default pointer argument operations.

@ -32,7 +32,7 @@ class BinderServerCredentialsImpl final : public ServerCredentials {
explicit BinderServerCredentialsImpl( explicit BinderServerCredentialsImpl(
std::shared_ptr<grpc::experimental::binder::SecurityPolicy> std::shared_ptr<grpc::experimental::binder::SecurityPolicy>
security_policy) security_policy)
: security_policy_(security_policy) {} : ServerCredentials(nullptr), security_policy_(security_policy) {}
#ifdef GPR_SUPPORT_BINDER_TRANSPORT #ifdef GPR_SUPPORT_BINDER_TRANSPORT
int AddPortToServer(const std::string& addr, grpc_server* server) override { int AddPortToServer(const std::string& addr, grpc_server* server) override {
return grpc_core::AddBinderPort( return grpc_core::AddBinderPort(
@ -50,14 +50,7 @@ class BinderServerCredentialsImpl final : public ServerCredentials {
} }
#endif // GPR_SUPPORT_BINDER_TRANSPORT #endif // GPR_SUPPORT_BINDER_TRANSPORT
void SetAuthMetadataProcessor(
const std::shared_ptr<AuthMetadataProcessor>& /*processor*/) override {
grpc_core::Crash("unreachable");
}
private: private:
bool IsInsecure() const override { return true; }
std::shared_ptr<grpc::experimental::binder::SecurityPolicy> security_policy_; std::shared_ptr<grpc::experimental::binder::SecurityPolicy> security_policy_;
}; };

@ -0,0 +1,39 @@
// Copyright 2024 The gRPC Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <grpc/support/port_platform.h>
#include "absl/strings/str_cat.h"
#include <grpcpp/security/credentials.h>
#include "src/core/lib/security/credentials/credentials.h"
namespace grpc {
CallCredentials::CallCredentials(grpc_call_credentials* c_creds)
: c_creds_(c_creds) {
GPR_ASSERT(c_creds != nullptr);
}
CallCredentials::~CallCredentials() { grpc_call_credentials_release(c_creds_); }
grpc::string CallCredentials::DebugString() {
return absl::StrCat("CallCredentials{", c_creds_->debug_string(), "}");
}
bool CallCredentials::ApplyToCall(grpc_call* call) {
return grpc_call_set_credentials(call, c_creds_) == GRPC_CALL_OK;
}
} // namespace grpc

@ -0,0 +1,47 @@
// Copyright 2024 The gRPC Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <grpc/support/port_platform.h>
#include <memory>
#include <string>
#include <vector>
#include <grpc/grpc.h>
#include <grpc/grpc_security.h>
#include <grpcpp/security/credentials.h>
#include <grpcpp/support/channel_arguments.h>
namespace grpc {
ChannelCredentials::ChannelCredentials(grpc_channel_credentials* c_creds)
: c_creds_(c_creds) {}
ChannelCredentials::~ChannelCredentials() {
grpc_channel_credentials_release(c_creds_);
}
std::shared_ptr<Channel> ChannelCredentials::CreateChannelWithInterceptors(
const std::string& target, const ChannelArguments& args,
std::vector<
std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>>
interceptor_creators) {
grpc_channel_args channel_args;
args.SetChannelArgs(&channel_args);
return grpc::CreateChannelInternal(
args.GetSslTargetNameOverride(),
grpc_channel_create(target.c_str(), c_creds_, &channel_args),
std::move(interceptor_creators));
}
} // namespace grpc

@ -35,17 +35,8 @@ namespace grpc {
class CronetChannelCredentialsImpl final : public ChannelCredentials { class CronetChannelCredentialsImpl final : public ChannelCredentials {
public: public:
explicit CronetChannelCredentialsImpl(void* engine) : engine_(engine) {} explicit CronetChannelCredentialsImpl(void* engine)
: ChannelCredentials(nullptr), engine_(engine) {}
std::shared_ptr<grpc::Channel> CreateChannelImpl(
const string& target, const grpc::ChannelArguments& args) override {
return CreateChannelWithInterceptors(
target, args,
std::vector<std::unique_ptr<
experimental::ClientInterceptorFactoryInterface>>());
}
SecureChannelCredentials* AsSecureCredentials() override { return nullptr; }
private: private:
std::shared_ptr<grpc::Channel> CreateChannelWithInterceptors( std::shared_ptr<grpc::Channel> CreateChannelWithInterceptors(
@ -61,6 +52,7 @@ class CronetChannelCredentialsImpl final : public ChannelCredentials {
&channel_args, nullptr), &channel_args, nullptr),
std::move(interceptor_creators)); std::move(interceptor_creators));
} }
void* engine_; void* engine_;
}; };

@ -16,9 +16,6 @@
// //
// //
#include <memory> #include <memory>
#include <string>
#include <utility>
#include <vector>
#include <grpc/grpc.h> #include <grpc/grpc.h>
#include <grpc/grpc_security.h> #include <grpc/grpc_security.h>
@ -27,21 +24,14 @@
#include <grpcpp/support/channel_arguments.h> #include <grpcpp/support/channel_arguments.h>
#include <grpcpp/support/client_interceptor.h> #include <grpcpp/support/client_interceptor.h>
#include "src/cpp/client/create_channel_internal.h"
namespace grpc { namespace grpc {
namespace { namespace {
class InsecureChannelCredentialsImpl final : public ChannelCredentials { class InsecureChannelCredentialsImpl final : public ChannelCredentials {
public: public:
std::shared_ptr<Channel> CreateChannelImpl( InsecureChannelCredentialsImpl()
const std::string& target, const ChannelArguments& args) override { : ChannelCredentials(grpc_insecure_credentials_create()) {}
return CreateChannelWithInterceptors(
target, args,
std::vector<std::unique_ptr<
grpc::experimental::ClientInterceptorFactoryInterface>>());
}
private:
std::shared_ptr<Channel> CreateChannelWithInterceptors( std::shared_ptr<Channel> CreateChannelWithInterceptors(
const std::string& target, const ChannelArguments& args, const std::string& target, const ChannelArguments& args,
std::vector<std::unique_ptr< std::vector<std::unique_ptr<
@ -49,24 +39,15 @@ class InsecureChannelCredentialsImpl final : public ChannelCredentials {
interceptor_creators) override { interceptor_creators) override {
grpc_channel_args channel_args; grpc_channel_args channel_args;
args.SetChannelArgs(&channel_args); args.SetChannelArgs(&channel_args);
grpc_channel_credentials* creds = grpc_insecure_credentials_create(); return grpc::CreateChannelInternal(
std::shared_ptr<Channel> channel = grpc::CreateChannelInternal( "", grpc_channel_create(target.c_str(), c_creds(), &channel_args),
"", grpc_channel_create(target.c_str(), creds, &channel_args),
std::move(interceptor_creators)); std::move(interceptor_creators));
grpc_channel_credentials_release(creds);
return channel;
} }
SecureChannelCredentials* AsSecureCredentials() override { return nullptr; }
private:
bool IsInsecure() const override { return true; }
}; };
} // namespace } // namespace
std::shared_ptr<ChannelCredentials> InsecureChannelCredentials() { std::shared_ptr<ChannelCredentials> InsecureChannelCredentials() {
return std::shared_ptr<ChannelCredentials>( return std::make_shared<InsecureChannelCredentialsImpl>();
new InsecureChannelCredentialsImpl());
} }
} // namespace grpc } // namespace grpc

@ -20,8 +20,8 @@
#include <string.h> #include <string.h>
#include <algorithm>
#include <map> #include <map>
#include <memory>
#include <utility> #include <utility>
#include "absl/status/status.h" #include "absl/status/status.h"
@ -30,6 +30,7 @@
#include "absl/types/optional.h" #include "absl/types/optional.h"
#include <grpc/event_engine/event_engine.h> #include <grpc/event_engine/event_engine.h>
#include <grpc/grpc.h>
#include <grpc/grpc_security_constants.h> #include <grpc/grpc_security_constants.h>
#include <grpc/slice.h> #include <grpc/slice.h>
#include <grpc/support/json.h> #include <grpc/support/json.h>
@ -47,73 +48,44 @@
#include "src/core/lib/event_engine/default_event_engine.h" #include "src/core/lib/event_engine/default_event_engine.h"
#include "src/core/lib/gprpp/env.h" #include "src/core/lib/gprpp/env.h"
#include "src/core/lib/gprpp/load_file.h" #include "src/core/lib/gprpp/load_file.h"
#include "src/core/lib/gprpp/status_helper.h"
#include "src/core/lib/iomgr/error.h"
#include "src/core/lib/json/json.h" #include "src/core/lib/json/json.h"
#include "src/core/lib/json/json_reader.h" #include "src/core/lib/json/json_reader.h"
#include "src/core/lib/security/util/json_util.h" #include "src/core/lib/security/util/json_util.h"
#include "src/cpp/client/create_channel_internal.h"
#include "src/cpp/common/secure_auth_context.h" #include "src/cpp/common/secure_auth_context.h"
#include "src/cpp/server/thread_pool_interface.h"
namespace grpc { namespace grpc {
SecureChannelCredentials::SecureChannelCredentials( namespace {
grpc_channel_credentials* c_creds) class WrappedCallCredentials : public CallCredentials {
: c_creds_(c_creds) {} public:
explicit WrappedCallCredentials(grpc_call_credentials* creds)
std::shared_ptr<Channel> SecureChannelCredentials::CreateChannelImpl( : CallCredentials(creds) {}
const std::string& target, const ChannelArguments& args) { };
return CreateChannelWithInterceptors(
target, args,
std::vector<std::unique_ptr<
grpc::experimental::ClientInterceptorFactoryInterface>>());
}
std::shared_ptr<Channel>
SecureChannelCredentials::CreateChannelWithInterceptors(
const std::string& target, const ChannelArguments& args,
std::vector<
std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>>
interceptor_creators) {
grpc_channel_args channel_args;
args.SetChannelArgs(&channel_args);
return grpc::CreateChannelInternal(
args.GetSslTargetNameOverride(),
grpc_channel_create(target.c_str(), c_creds_, &channel_args),
std::move(interceptor_creators));
}
SecureCallCredentials::SecureCallCredentials(grpc_call_credentials* c_creds)
: c_creds_(c_creds) {}
bool SecureCallCredentials::ApplyToCall(grpc_call* call) { std::shared_ptr<WrappedCallCredentials> WrapCallCredentials(
return grpc_call_set_credentials(call, c_creds_) == GRPC_CALL_OK; grpc_call_credentials* creds) {
return creds == nullptr ? nullptr
: std::make_shared<WrappedCallCredentials>(creds);
} }
namespace internal { class WrappedChannelCredentials final : public ChannelCredentials {
public:
explicit WrappedChannelCredentials(grpc_channel_credentials* c_creds)
: ChannelCredentials(c_creds) {}
};
std::shared_ptr<ChannelCredentials> WrapChannelCredentials( std::shared_ptr<WrappedChannelCredentials> WrapChannelCredentials(
grpc_channel_credentials* creds) { grpc_channel_credentials* creds) {
return creds == nullptr ? nullptr return creds == nullptr ? nullptr
: std::shared_ptr<ChannelCredentials>( : std::make_shared<WrappedChannelCredentials>(creds);
new SecureChannelCredentials(creds));
} }
} // namespace internal
namespace {
std::shared_ptr<CallCredentials> WrapCallCredentials(
grpc_call_credentials* creds) {
return creds == nullptr ? nullptr
: std::shared_ptr<CallCredentials>(
new SecureCallCredentials(creds));
}
} // namespace } // namespace
std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials() { std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials() {
grpc::internal::GrpcLibrary init; // To call grpc_init(). grpc::internal::GrpcLibrary init; // To call grpc_init().
return internal::WrapChannelCredentials( return WrapChannelCredentials(
grpc_google_default_credentials_create(nullptr)); grpc_google_default_credentials_create(nullptr));
} }
@ -130,12 +102,10 @@ std::shared_ptr<ChannelCredentials> SslCredentials(
grpc::internal::GrpcLibrary init; // To call grpc_init(). grpc::internal::GrpcLibrary init; // To call grpc_init().
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = { grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {
options.pem_private_key.c_str(), options.pem_cert_chain.c_str()}; options.pem_private_key.c_str(), options.pem_cert_chain.c_str()};
return WrapChannelCredentials(grpc_ssl_credentials_create(
grpc_channel_credentials* c_creds = grpc_ssl_credentials_create(
options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(), options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(),
options.pem_private_key.empty() ? nullptr : &pem_key_cert_pair, nullptr, options.pem_private_key.empty() ? nullptr : &pem_key_cert_pair, nullptr,
nullptr); nullptr));
return internal::WrapChannelCredentials(c_creds);
} }
namespace experimental { namespace experimental {
@ -259,21 +229,6 @@ std::shared_ptr<CallCredentials> StsCredentials(
return WrapCallCredentials(grpc_sts_credentials_create(&opts, nullptr)); return WrapCallCredentials(grpc_sts_credentials_create(&opts, nullptr));
} }
std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
std::unique_ptr<MetadataCredentialsPlugin> plugin,
grpc_security_level min_security_level) {
grpc::internal::GrpcLibrary init; // To call grpc_init().
const char* type = plugin->GetType();
grpc::MetadataCredentialsPluginWrapper* wrapper =
new grpc::MetadataCredentialsPluginWrapper(std::move(plugin));
grpc_metadata_credentials_plugin c_plugin = {
grpc::MetadataCredentialsPluginWrapper::GetMetadata,
grpc::MetadataCredentialsPluginWrapper::DebugString,
grpc::MetadataCredentialsPluginWrapper::Destroy, wrapper, type};
return WrapCallCredentials(grpc_metadata_credentials_create_from_plugin(
c_plugin, min_security_level, nullptr));
}
// Builds ALTS Credentials given ALTS specific options // Builds ALTS Credentials given ALTS specific options
std::shared_ptr<ChannelCredentials> AltsCredentials( std::shared_ptr<ChannelCredentials> AltsCredentials(
const AltsCredentialsOptions& options) { const AltsCredentialsOptions& options) {
@ -286,20 +241,20 @@ std::shared_ptr<ChannelCredentials> AltsCredentials(
} }
grpc_channel_credentials* c_creds = grpc_alts_credentials_create(c_options); grpc_channel_credentials* c_creds = grpc_alts_credentials_create(c_options);
grpc_alts_credentials_options_destroy(c_options); grpc_alts_credentials_options_destroy(c_options);
return internal::WrapChannelCredentials(c_creds); return WrapChannelCredentials(c_creds);
} }
// Builds Local Credentials // Builds Local Credentials
std::shared_ptr<ChannelCredentials> LocalCredentials( std::shared_ptr<ChannelCredentials> LocalCredentials(
grpc_local_connect_type type) { grpc_local_connect_type type) {
grpc::internal::GrpcLibrary init; // To call grpc_init(). grpc::internal::GrpcLibrary init; // To call grpc_init().
return internal::WrapChannelCredentials(grpc_local_credentials_create(type)); return WrapChannelCredentials(grpc_local_credentials_create(type));
} }
// Builds TLS Credentials given TLS options. // Builds TLS Credentials given TLS options.
std::shared_ptr<ChannelCredentials> TlsCredentials( std::shared_ptr<ChannelCredentials> TlsCredentials(
const TlsChannelCredentialsOptions& options) { const TlsChannelCredentialsOptions& options) {
return internal::WrapChannelCredentials( return WrapChannelCredentials(
grpc_tls_credentials_create(options.c_credentials_options())); grpc_tls_credentials_create(options.c_credentials_options()));
} }
@ -361,93 +316,24 @@ std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
// here. This is OK because the underlying C objects (i.e., channel_creds and // here. This is OK because the underlying C objects (i.e., channel_creds and
// call_creds) into grpc_composite_credentials_create will see their refcounts // call_creds) into grpc_composite_credentials_create will see their refcounts
// incremented. // incremented.
SecureChannelCredentials* s_channel_creds = return channel_creds->c_creds_ == nullptr
channel_creds->AsSecureCredentials(); ? nullptr
SecureCallCredentials* s_call_creds = call_creds->AsSecureCredentials(); : WrapChannelCredentials(grpc_composite_channel_credentials_create(
if (s_channel_creds && s_call_creds) { channel_creds->c_creds_, call_creds->c_creds_, nullptr));
return internal::WrapChannelCredentials(
grpc_composite_channel_credentials_create(
s_channel_creds->GetRawCreds(), s_call_creds->GetRawCreds(),
nullptr));
}
return nullptr;
} }
class CompositeCallCredentialsImpl : public CallCredentials {
public:
CompositeCallCredentialsImpl(const std::shared_ptr<CallCredentials>& creds1,
const std::shared_ptr<CallCredentials>& creds2)
: CallCredentials(grpc_composite_call_credentials_create(
creds1->c_creds_, creds2->c_creds_, nullptr)) {}
};
std::shared_ptr<CallCredentials> CompositeCallCredentials( std::shared_ptr<CallCredentials> CompositeCallCredentials(
const std::shared_ptr<CallCredentials>& creds1, const std::shared_ptr<CallCredentials>& creds1,
const std::shared_ptr<CallCredentials>& creds2) { const std::shared_ptr<CallCredentials>& creds2) {
SecureCallCredentials* s_creds1 = creds1->AsSecureCredentials(); return std::make_shared<CompositeCallCredentialsImpl>(creds1, creds2);
SecureCallCredentials* s_creds2 = creds2->AsSecureCredentials();
if (s_creds1 != nullptr && s_creds2 != nullptr) {
return WrapCallCredentials(grpc_composite_call_credentials_create(
s_creds1->GetRawCreds(), s_creds2->GetRawCreds(), nullptr));
}
return nullptr;
}
std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
std::unique_ptr<MetadataCredentialsPlugin> plugin) {
grpc::internal::GrpcLibrary init; // To call grpc_init().
const char* type = plugin->GetType();
grpc::MetadataCredentialsPluginWrapper* wrapper =
new grpc::MetadataCredentialsPluginWrapper(std::move(plugin));
grpc_metadata_credentials_plugin c_plugin = {
grpc::MetadataCredentialsPluginWrapper::GetMetadata,
grpc::MetadataCredentialsPluginWrapper::DebugString,
grpc::MetadataCredentialsPluginWrapper::Destroy, wrapper, type};
return WrapCallCredentials(grpc_metadata_credentials_create_from_plugin(
c_plugin, GRPC_PRIVACY_AND_INTEGRITY, nullptr));
}
char* MetadataCredentialsPluginWrapper::DebugString(void* wrapper) {
GPR_ASSERT(wrapper);
MetadataCredentialsPluginWrapper* w =
static_cast<MetadataCredentialsPluginWrapper*>(wrapper);
return gpr_strdup(w->plugin_->DebugString().c_str());
}
void MetadataCredentialsPluginWrapper::Destroy(void* wrapper) {
if (wrapper == nullptr) return;
grpc_event_engine::experimental::GetDefaultEventEngine()->Run([wrapper] {
grpc_core::ApplicationCallbackExecCtx callback_exec_ctx;
grpc_core::ExecCtx exec_ctx;
delete static_cast<MetadataCredentialsPluginWrapper*>(wrapper);
});
}
int MetadataCredentialsPluginWrapper::GetMetadata(
void* wrapper, grpc_auth_metadata_context context,
grpc_credentials_plugin_metadata_cb cb, void* user_data,
grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
size_t* num_creds_md, grpc_status_code* status,
const char** error_details) {
GPR_ASSERT(wrapper);
MetadataCredentialsPluginWrapper* w =
static_cast<MetadataCredentialsPluginWrapper*>(wrapper);
if (!w->plugin_) {
*num_creds_md = 0;
*status = GRPC_STATUS_OK;
*error_details = nullptr;
return 1;
}
if (w->plugin_->IsBlocking()) {
// The internals of context may be destroyed if GetMetadata is cancelled.
// Make a copy for InvokePlugin.
grpc_auth_metadata_context context_copy = grpc_auth_metadata_context();
grpc_auth_metadata_context_copy(&context, &context_copy);
// Asynchronous return.
w->thread_pool_->Add([w, context_copy, cb, user_data]() mutable {
w->MetadataCredentialsPluginWrapper::InvokePlugin(
context_copy, cb, user_data, nullptr, nullptr, nullptr, nullptr);
grpc_auth_metadata_context_reset(&context_copy);
});
return 0;
} else {
// Synchronous return.
w->InvokePlugin(context, cb, user_data, creds_md, num_creds_md, status,
error_details);
return 1;
}
} }
namespace { namespace {
@ -459,61 +345,147 @@ void UnrefMetadata(const std::vector<grpc_metadata>& md) {
} }
} }
} // namespace class MetadataCredentialsPluginWrapper final : private internal::GrpcLibrary {
public:
void MetadataCredentialsPluginWrapper::InvokePlugin( static void Destroy(void* wrapper) {
grpc_auth_metadata_context context, grpc_credentials_plugin_metadata_cb cb, if (wrapper == nullptr) return;
void* user_data, grpc_metadata creds_md[4], size_t* num_creds_md, grpc_event_engine::experimental::GetDefaultEventEngine()->Run([wrapper] {
grpc_status_code* status_code, const char** error_details) { grpc_core::ApplicationCallbackExecCtx callback_exec_ctx;
std::multimap<std::string, std::string> metadata; grpc_core::ExecCtx exec_ctx;
delete static_cast<MetadataCredentialsPluginWrapper*>(wrapper);
// const_cast is safe since the SecureAuthContext only inc/dec the refcount });
// and the object is passed as a const ref to plugin_->GetMetadata.
SecureAuthContext cpp_channel_auth_context(
const_cast<grpc_auth_context*>(context.channel_auth_context));
Status status = plugin_->GetMetadata(context.service_url, context.method_name,
cpp_channel_auth_context, &metadata);
std::vector<grpc_metadata> md;
for (auto& metadatum : metadata) {
grpc_metadata md_entry;
md_entry.key = SliceFromCopiedString(metadatum.first);
md_entry.value = SliceFromCopiedString(metadatum.second);
md.push_back(md_entry);
} }
if (creds_md != nullptr) {
// Synchronous return. static int GetMetadata(
if (md.size() > GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX) { void* wrapper, grpc_auth_metadata_context context,
grpc_credentials_plugin_metadata_cb cb, void* user_data,
grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
size_t* num_creds_md, grpc_status_code* status,
const char** error_details) {
GPR_ASSERT(wrapper);
MetadataCredentialsPluginWrapper* w =
static_cast<MetadataCredentialsPluginWrapper*>(wrapper);
if (!w->plugin_) {
*num_creds_md = 0; *num_creds_md = 0;
*status_code = GRPC_STATUS_INTERNAL; *status = GRPC_STATUS_OK;
*error_details = gpr_strdup( *error_details = nullptr;
"blocking plugin credentials returned too many metadata keys"); return 1;
UnrefMetadata(md); }
if (w->plugin_->IsBlocking()) {
// The internals of context may be destroyed if GetMetadata is cancelled.
// Make a copy for InvokePlugin.
grpc_auth_metadata_context context_copy = grpc_auth_metadata_context();
grpc_auth_metadata_context_copy(&context, &context_copy);
// Asynchronous return.
// TODO(hork): replace with EventEngine::Run
w->thread_pool_->Add([w, context_copy, cb, user_data]() mutable {
w->MetadataCredentialsPluginWrapper::InvokePlugin(
context_copy, cb, user_data, nullptr, nullptr, nullptr, nullptr);
grpc_auth_metadata_context_reset(&context_copy);
});
return 0;
} else { } else {
for (const auto& elem : md) { // Synchronous return.
creds_md[*num_creds_md].key = elem.key; w->InvokePlugin(context, cb, user_data, creds_md, num_creds_md, status,
creds_md[*num_creds_md].value = elem.value; error_details);
++(*num_creds_md); return 1;
}
}
static char* DebugString(void* wrapper) {
GPR_ASSERT(wrapper);
MetadataCredentialsPluginWrapper* w =
static_cast<MetadataCredentialsPluginWrapper*>(wrapper);
return gpr_strdup(w->plugin_->DebugString().c_str());
}
explicit MetadataCredentialsPluginWrapper(
std::unique_ptr<MetadataCredentialsPlugin> plugin)
: plugin_(std::move(plugin)) {
if (plugin_->IsBlocking()) {
thread_pool_.reset(CreateDefaultThreadPool());
}
}
private:
void InvokePlugin(
grpc_auth_metadata_context context,
grpc_credentials_plugin_metadata_cb cb, void* user_data,
grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
size_t* num_creds_md, grpc_status_code* status_code,
const char** error_details) {
std::multimap<std::string, std::string> metadata;
// const_cast is safe since the SecureAuthContext only inc/dec the refcount
// and the object is passed as a const ref to plugin_->GetMetadata.
SecureAuthContext cpp_channel_auth_context(
const_cast<grpc_auth_context*>(context.channel_auth_context));
Status status =
plugin_->GetMetadata(context.service_url, context.method_name,
cpp_channel_auth_context, &metadata);
std::vector<grpc_metadata> md;
for (auto& metadatum : metadata) {
grpc_metadata md_entry;
md_entry.key = SliceFromCopiedString(metadatum.first);
md_entry.value = SliceFromCopiedString(metadatum.second);
md.push_back(md_entry);
}
if (creds_md != nullptr) {
// Synchronous return.
if (md.size() > GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX) {
*num_creds_md = 0;
*status_code = GRPC_STATUS_INTERNAL;
*error_details = gpr_strdup(
"blocking plugin credentials returned too many metadata keys");
UnrefMetadata(md);
} else {
for (const auto& elem : md) {
creds_md[*num_creds_md].key = elem.key;
creds_md[*num_creds_md].value = elem.value;
++(*num_creds_md);
}
*status_code = static_cast<grpc_status_code>(status.error_code());
*error_details =
status.ok() ? nullptr : gpr_strdup(status.error_message().c_str());
} }
*status_code = static_cast<grpc_status_code>(status.error_code()); } else {
*error_details = // Asynchronous return.
status.ok() ? nullptr : gpr_strdup(status.error_message().c_str()); cb(user_data, md.empty() ? nullptr : &md[0], md.size(),
static_cast<grpc_status_code>(status.error_code()),
status.error_message().c_str());
UnrefMetadata(md);
} }
} else {
// Asynchronous return.
cb(user_data, md.empty() ? nullptr : &md[0], md.size(),
static_cast<grpc_status_code>(status.error_code()),
status.error_message().c_str());
UnrefMetadata(md);
} }
std::unique_ptr<ThreadPoolInterface> thread_pool_;
std::unique_ptr<MetadataCredentialsPlugin> plugin_;
};
} // namespace
namespace experimental {
std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
std::unique_ptr<MetadataCredentialsPlugin> plugin,
grpc_security_level min_security_level) {
grpc::internal::GrpcLibrary init; // To call grpc_init().
const char* type = plugin->GetType();
MetadataCredentialsPluginWrapper* wrapper =
new MetadataCredentialsPluginWrapper(std::move(plugin));
grpc_metadata_credentials_plugin c_plugin = {
MetadataCredentialsPluginWrapper::GetMetadata,
MetadataCredentialsPluginWrapper::DebugString,
MetadataCredentialsPluginWrapper::Destroy, wrapper, type};
return WrapCallCredentials(grpc_metadata_credentials_create_from_plugin(
c_plugin, min_security_level, nullptr));
} }
MetadataCredentialsPluginWrapper::MetadataCredentialsPluginWrapper( } // namespace experimental
std::unique_ptr<MetadataCredentialsPlugin> plugin)
: plugin_(std::move(plugin)) { std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
if (plugin_->IsBlocking()) { std::unique_ptr<MetadataCredentialsPlugin> plugin) {
thread_pool_.reset(CreateDefaultThreadPool()); return experimental::MetadataCredentialsFromPlugin(
} std::move(plugin), GRPC_PRIVACY_AND_INTEGRITY);
} }
} // namespace grpc } // namespace grpc

@ -19,14 +19,6 @@
#ifndef GRPC_SRC_CPP_CLIENT_SECURE_CREDENTIALS_H #ifndef GRPC_SRC_CPP_CLIENT_SECURE_CREDENTIALS_H
#define GRPC_SRC_CPP_CLIENT_SECURE_CREDENTIALS_H #define GRPC_SRC_CPP_CLIENT_SECURE_CREDENTIALS_H
#include <stddef.h>
#include <memory>
#include <string>
#include <vector>
#include "absl/strings/str_cat.h"
#include <grpc/grpc.h> #include <grpc/grpc.h>
#include <grpc/grpc_security.h> #include <grpc/grpc_security.h>
#include <grpc/status.h> #include <grpc/status.h>
@ -35,65 +27,9 @@
#include <grpcpp/security/credentials.h> #include <grpcpp/security/credentials.h>
#include <grpcpp/support/channel_arguments.h> #include <grpcpp/support/channel_arguments.h>
#include <grpcpp/support/client_interceptor.h> #include <grpcpp/support/client_interceptor.h>
// TODO(yashykt): We shouldn't be including "src/core" headers.
#include "src/core/lib/iomgr/exec_ctx.h"
#include "src/core/lib/security/credentials/credentials.h"
#include "src/cpp/server/thread_pool_interface.h"
namespace grpc { namespace grpc {
class Channel;
class SecureChannelCredentials final : public ChannelCredentials {
public:
explicit SecureChannelCredentials(grpc_channel_credentials* c_creds);
~SecureChannelCredentials() override {
grpc_core::ExecCtx exec_ctx;
if (c_creds_ != nullptr) c_creds_->Unref();
}
grpc_channel_credentials* GetRawCreds() { return c_creds_; }
std::shared_ptr<Channel> CreateChannelImpl(
const std::string& target, const ChannelArguments& args) override;
SecureChannelCredentials* AsSecureCredentials() override { return this; }
private:
std::shared_ptr<Channel> CreateChannelWithInterceptors(
const std::string& target, const ChannelArguments& args,
std::vector<std::unique_ptr<
grpc::experimental::ClientInterceptorFactoryInterface>>
interceptor_creators) override;
grpc_channel_credentials* const c_creds_;
};
class SecureCallCredentials final : public CallCredentials {
public:
explicit SecureCallCredentials(grpc_call_credentials* c_creds);
~SecureCallCredentials() override {
grpc_core::ExecCtx exec_ctx;
if (c_creds_ != nullptr) c_creds_->Unref();
}
grpc_call_credentials* GetRawCreds() { return c_creds_; }
bool ApplyToCall(grpc_call* call) override;
SecureCallCredentials* AsSecureCredentials() override { return this; }
std::string DebugString() override {
return absl::StrCat("SecureCallCredentials{",
std::string(c_creds_->debug_string()), "}");
}
private:
grpc_call_credentials* const c_creds_;
};
namespace internal {
std::shared_ptr<ChannelCredentials> WrapChannelCredentials(
grpc_channel_credentials* creds);
} // namespace internal
namespace experimental { namespace experimental {
// Transforms C++ STS Credentials options to core options. The pointers of the // Transforms C++ STS Credentials options to core options. The pointers of the
@ -104,29 +40,22 @@ grpc_sts_credentials_options StsCredentialsCppToCoreOptions(
} // namespace experimental } // namespace experimental
class MetadataCredentialsPluginWrapper final : private internal::GrpcLibrary { /// ---- DEPRECATED ----
/// This type is going away. Prefer creating a subclass of
/// grpc::ChannelCredentials.
class SecureChannelCredentials final : public grpc::ChannelCredentials {
public: public:
static void Destroy(void* wrapper); SecureChannelCredentials(grpc_channel_credentials* c_creds)
static int GetMetadata( : ChannelCredentials(c_creds) {}
void* wrapper, grpc_auth_metadata_context context, };
grpc_credentials_plugin_metadata_cb cb, void* user_data,
grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
size_t* num_creds_md, grpc_status_code* status,
const char** error_details);
static char* DebugString(void* wrapper);
explicit MetadataCredentialsPluginWrapper(
std::unique_ptr<MetadataCredentialsPlugin> plugin);
private: /// ---- DEPRECATED ----
void InvokePlugin( /// This type is going away. Prefer creating a subclass of
grpc_auth_metadata_context context, /// grpc::CallCredentials.
grpc_credentials_plugin_metadata_cb cb, void* user_data, class SecureCallCredentials final : public grpc::CallCredentials {
grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX], public:
size_t* num_creds_md, grpc_status_code* status_code, SecureCallCredentials(grpc_call_credentials* c_creds)
const char** error_details); : CallCredentials(c_creds) {}
std::unique_ptr<ThreadPoolInterface> thread_pool_;
std::unique_ptr<MetadataCredentialsPlugin> plugin_;
}; };
} // namespace grpc } // namespace grpc

@ -23,24 +23,21 @@
#include <grpc/support/log.h> #include <grpc/support/log.h>
#include <grpcpp/security/credentials.h> #include <grpcpp/security/credentials.h>
#include "src/cpp/client/secure_credentials.h"
namespace grpc { namespace grpc {
class XdsChannelCredentialsImpl final : public ChannelCredentials {
public:
explicit XdsChannelCredentialsImpl(
const std::shared_ptr<ChannelCredentials>& fallback_creds)
: ChannelCredentials(
grpc_xds_credentials_create(fallback_creds->c_creds_)) {
GPR_ASSERT(fallback_creds->c_creds_ != nullptr);
}
};
std::shared_ptr<ChannelCredentials> XdsCredentials( std::shared_ptr<ChannelCredentials> XdsCredentials(
const std::shared_ptr<ChannelCredentials>& fallback_creds) { const std::shared_ptr<ChannelCredentials>& fallback_creds) {
GPR_ASSERT(fallback_creds != nullptr); GPR_ASSERT(fallback_creds != nullptr);
if (fallback_creds->IsInsecure()) { return std::make_shared<XdsChannelCredentialsImpl>(fallback_creds);
grpc_channel_credentials* insecure_creds =
grpc_insecure_credentials_create();
auto xds_creds = internal::WrapChannelCredentials(
grpc_xds_credentials_create(insecure_creds));
grpc_channel_credentials_release(insecure_creds);
return xds_creds;
} else {
return internal::WrapChannelCredentials(grpc_xds_credentials_create(
fallback_creds->AsSecureCredentials()->GetRawCreds()));
}
} }
namespace experimental { namespace experimental {

@ -217,4 +217,17 @@ void ChannelArguments::SetChannelArgs(grpc_channel_args* channel_args) const {
} }
} }
void ChannelArguments::SetSslTargetNameOverride(const std::string& name) {
SetString(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, name);
}
std::string ChannelArguments::GetSslTargetNameOverride() const {
for (unsigned int i = 0; i < args_.size(); i++) {
if (std::string(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == args_[i].key) {
return args_[i].value.string;
}
}
return "";
}
} // namespace grpc } // namespace grpc

@ -1,41 +0,0 @@
//
//
// Copyright 2015 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
//
#include <string>
#include <vector>
#include <grpc/grpc.h>
#include <grpc/impl/channel_arg_names.h>
#include <grpcpp/support/channel_arguments.h>
namespace grpc {
void ChannelArguments::SetSslTargetNameOverride(const std::string& name) {
SetString(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, name);
}
std::string ChannelArguments::GetSslTargetNameOverride() const {
for (unsigned int i = 0; i < args_.size(); i++) {
if (std::string(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == args_[i].key) {
return args_[i].value.string;
}
}
return "";
}
} // namespace grpc

@ -20,7 +20,6 @@
#include "src/core/ext/transport/chaotic_good/client/chaotic_good_connector.h" #include "src/core/ext/transport/chaotic_good/client/chaotic_good_connector.h"
#include "src/core/ext/transport/chaotic_good/server/chaotic_good_server.h" #include "src/core/ext/transport/chaotic_good/server/chaotic_good_server.h"
#include "src/core/lib/gprpp/crash.h"
namespace grpc { namespace grpc {
@ -29,11 +28,9 @@ namespace {
class ChaoticGoodInsecureChannelCredentialsImpl final class ChaoticGoodInsecureChannelCredentialsImpl final
: public ChannelCredentials { : public ChannelCredentials {
public: public:
std::shared_ptr<Channel> CreateChannelImpl( ChaoticGoodInsecureChannelCredentialsImpl() : ChannelCredentials(nullptr) {}
const grpc::string& target, const grpc::ChannelArguments& args) override {
return CreateChannelWithInterceptors(target, args, {});
}
private:
std::shared_ptr<Channel> CreateChannelWithInterceptors( std::shared_ptr<Channel> CreateChannelWithInterceptors(
const grpc::string& target, const grpc::ChannelArguments& args, const grpc::string& target, const grpc::ChannelArguments& args,
std::vector< std::vector<
@ -46,24 +43,16 @@ class ChaoticGoodInsecureChannelCredentialsImpl final
std::move(interceptor_creators)); std::move(interceptor_creators));
return channel; return channel;
} }
SecureChannelCredentials* AsSecureCredentials() override { return nullptr; }
private:
bool IsInsecure() const override { return true; }
}; };
class ChaoticGoodInsecureServerCredentialsImpl final class ChaoticGoodInsecureServerCredentialsImpl final
: public ServerCredentials { : public ServerCredentials {
public: public:
ChaoticGoodInsecureServerCredentialsImpl() : ServerCredentials(nullptr) {}
int AddPortToServer(const std::string& addr, grpc_server* server) override { int AddPortToServer(const std::string& addr, grpc_server* server) override {
return grpc_server_add_chaotic_good_port(server, addr.c_str()); return grpc_server_add_chaotic_good_port(server, addr.c_str());
} }
void SetAuthMetadataProcessor(
const std::shared_ptr<AuthMetadataProcessor>&) override {
grpc_core::Crash("Not supported on insecure server credentials");
}
}; };
} // namespace } // namespace

@ -17,7 +17,6 @@
// //
#include <memory> #include <memory>
#include <string>
#include <grpc/grpc.h> #include <grpc/grpc.h>
#include <grpc/grpc_security.h> #include <grpc/grpc_security.h>
@ -29,27 +28,13 @@ namespace grpc {
namespace { namespace {
class InsecureServerCredentialsImpl final : public ServerCredentials { class InsecureServerCredentialsImpl final : public ServerCredentials {
public: public:
int AddPortToServer(const std::string& addr, grpc_server* server) override { InsecureServerCredentialsImpl()
grpc_server_credentials* server_creds = : ServerCredentials(grpc_insecure_server_credentials_create()) {}
grpc_insecure_server_credentials_create();
int result = grpc_server_add_http2_port(server, addr.c_str(), server_creds);
grpc_server_credentials_release(server_creds);
return result;
}
void SetAuthMetadataProcessor(
const std::shared_ptr<grpc::AuthMetadataProcessor>& processor) override {
(void)processor;
GPR_ASSERT(0); // Should not be called on InsecureServerCredentials.
}
private:
bool IsInsecure() const override { return true; }
}; };
} // namespace } // namespace
std::shared_ptr<ServerCredentials> InsecureServerCredentials() { std::shared_ptr<ServerCredentials> InsecureServerCredentials() {
return std::shared_ptr<ServerCredentials>( return std::make_shared<InsecureServerCredentialsImpl>();
new InsecureServerCredentialsImpl());
} }
} // namespace grpc } // namespace grpc

@ -18,8 +18,6 @@
#include "src/cpp/server/secure_server_credentials.h" #include "src/cpp/server/secure_server_credentials.h"
#include <algorithm>
#include <map>
#include <memory> #include <memory>
#include <utility> #include <utility>
#include <vector> #include <vector>
@ -51,6 +49,7 @@ void AuthMetadataProcessorAsyncWrapper::Process(
return; return;
} }
if (w->processor_->IsBlocking()) { if (w->processor_->IsBlocking()) {
// TODO(hork): replace with EventEngine::Run
w->thread_pool_->Add([w, context, md, num_md, cb, user_data] { w->thread_pool_->Add([w, context, md, num_md, cb, user_data] {
w->AuthMetadataProcessorAsyncWrapper::InvokeProcessor(context, md, num_md, w->AuthMetadataProcessorAsyncWrapper::InvokeProcessor(context, md, num_md,
cb, user_data); cb, user_data);
@ -97,17 +96,15 @@ void AuthMetadataProcessorAsyncWrapper::InvokeProcessor(
status.error_message().c_str()); status.error_message().c_str());
} }
int SecureServerCredentials::AddPortToServer(const std::string& addr, SecureServerCredentials::SecureServerCredentials(grpc_server_credentials* creds)
grpc_server* server) { : ServerCredentials(creds) {}
return grpc_server_add_http2_port(server, addr.c_str(), creds_);
}
void SecureServerCredentials::SetAuthMetadataProcessor( void SecureServerCredentials::SetAuthMetadataProcessor(
const std::shared_ptr<grpc::AuthMetadataProcessor>& processor) { const std::shared_ptr<grpc::AuthMetadataProcessor>& processor) {
auto* wrapper = new grpc::AuthMetadataProcessorAsyncWrapper(processor); auto* wrapper = new grpc::AuthMetadataProcessorAsyncWrapper(processor);
grpc_server_credentials_set_auth_metadata_processor( grpc_server_credentials_set_auth_metadata_processor(
creds_, {grpc::AuthMetadataProcessorAsyncWrapper::Process, c_creds(), {grpc::AuthMetadataProcessorAsyncWrapper::Process,
grpc::AuthMetadataProcessorAsyncWrapper::Destroy, wrapper}); grpc::AuthMetadataProcessorAsyncWrapper::Destroy, wrapper});
} }
std::shared_ptr<ServerCredentials> SslServerCredentials( std::shared_ptr<ServerCredentials> SslServerCredentials(

@ -19,10 +19,7 @@
#ifndef GRPC_SRC_CPP_SERVER_SECURE_SERVER_CREDENTIALS_H #ifndef GRPC_SRC_CPP_SERVER_SECURE_SERVER_CREDENTIALS_H
#define GRPC_SRC_CPP_SERVER_SECURE_SERVER_CREDENTIALS_H #define GRPC_SRC_CPP_SERVER_SECURE_SERVER_CREDENTIALS_H
#include <stddef.h>
#include <memory> #include <memory>
#include <string>
#include <grpc/grpc.h> #include <grpc/grpc.h>
#include <grpc/grpc_security.h> #include <grpc/grpc_security.h>
@ -32,9 +29,6 @@
#include "src/cpp/server/thread_pool_interface.h" #include "src/cpp/server/thread_pool_interface.h"
namespace grpc { namespace grpc {
class SecureServerCredentials;
class AuthMetadataProcessorAsyncWrapper final { class AuthMetadataProcessorAsyncWrapper final {
public: public:
static void Destroy(void* wrapper); static void Destroy(void* wrapper);
@ -59,25 +53,18 @@ class AuthMetadataProcessorAsyncWrapper final {
std::shared_ptr<AuthMetadataProcessor> processor_; std::shared_ptr<AuthMetadataProcessor> processor_;
}; };
// TODO(hork): Remove this class once we either (a) allow AuthMetadataProcessor
// to be used with any creds type as requested in #21589 or (b) find a way to
// remove AuthMetadataProcessor in favor of some new server-side interception
// API.
class SecureServerCredentials final : public ServerCredentials { class SecureServerCredentials final : public ServerCredentials {
public: public:
explicit SecureServerCredentials(grpc_server_credentials* creds) explicit SecureServerCredentials(grpc_server_credentials* creds);
: creds_(creds) {}
~SecureServerCredentials() override {
grpc_server_credentials_release(creds_);
}
int AddPortToServer(const std::string& addr, grpc_server* server) override;
void SetAuthMetadataProcessor( void SetAuthMetadataProcessor(
const std::shared_ptr<grpc::AuthMetadataProcessor>& processor) override; const std::shared_ptr<grpc::AuthMetadataProcessor>& processor) override;
grpc_server_credentials* c_creds() { return creds_; }
private: private:
SecureServerCredentials* AsSecureServerCredentials() override { return this; }
grpc_server_credentials* creds_;
std::unique_ptr<grpc::AuthMetadataProcessorAsyncWrapper> processor_; std::unique_ptr<grpc::AuthMetadataProcessorAsyncWrapper> processor_;
}; };

@ -0,0 +1,39 @@
// Copyright 2024 The gRPC Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <grpc/support/port_platform.h>
#include <grpcpp/security/server_credentials.h>
#include "src/core/lib/gprpp/crash.h"
namespace grpc {
ServerCredentials::ServerCredentials(grpc_server_credentials* creds)
: c_creds_(creds) {}
ServerCredentials::~ServerCredentials() {
grpc_server_credentials_release(c_creds_);
}
void ServerCredentials::SetAuthMetadataProcessor(
const std::shared_ptr<grpc::AuthMetadataProcessor>& /* processor */) {
grpc_core::Crash("Not Supported");
}
int ServerCredentials::AddPortToServer(const std::string& addr,
grpc_server* server) {
return grpc_server_add_http2_port(server, addr.c_str(), c_creds_);
}
} // namespace grpc

@ -23,24 +23,14 @@
#include <grpc/support/log.h> #include <grpc/support/log.h>
#include <grpcpp/security/server_credentials.h> #include <grpcpp/security/server_credentials.h>
#include "src/cpp/server/secure_server_credentials.h"
namespace grpc { namespace grpc {
std::shared_ptr<ServerCredentials> XdsServerCredentials( std::shared_ptr<ServerCredentials> XdsServerCredentials(
const std::shared_ptr<ServerCredentials>& fallback_credentials) { const std::shared_ptr<ServerCredentials>& fallback_credentials) {
GPR_ASSERT(fallback_credentials != nullptr); GPR_ASSERT(fallback_credentials != nullptr);
if (fallback_credentials->IsInsecure()) { GPR_ASSERT(fallback_credentials->c_creds_ != nullptr);
grpc_server_credentials* insecure_creds = return std::shared_ptr<ServerCredentials>(new ServerCredentials(
grpc_insecure_server_credentials_create(); grpc_xds_server_credentials_create(fallback_credentials->c_creds_)));
auto xds_creds = std::make_shared<SecureServerCredentials>(
grpc_xds_server_credentials_create(insecure_creds));
grpc_server_credentials_release(insecure_creds);
return xds_creds;
}
return std::make_shared<SecureServerCredentials>(
grpc_xds_server_credentials_create(
fallback_credentials->AsSecureServerCredentials()->c_creds()));
} }
namespace experimental { namespace experimental {

@ -38,6 +38,8 @@ namespace {
class BinderServerCredentialsImpl final : public ServerCredentials { class BinderServerCredentialsImpl final : public ServerCredentials {
public: public:
BinderServerCredentialsImpl() : ServerCredentials(nullptr) {}
int AddPortToServer(const std::string& addr, grpc_server* server) override { int AddPortToServer(const std::string& addr, grpc_server* server) override {
return grpc_core::AddBinderPort( return grpc_core::AddBinderPort(
addr, server, addr, server,
@ -49,14 +51,6 @@ class BinderServerCredentialsImpl final : public ServerCredentials {
std::make_shared< std::make_shared<
grpc::experimental::binder::UntrustedSecurityPolicy>()); grpc::experimental::binder::UntrustedSecurityPolicy>());
} }
void SetAuthMetadataProcessor(
const std::shared_ptr<AuthMetadataProcessor>& /*processor*/) override {
grpc_core::Crash("unreachable");
}
private:
bool IsInsecure() const override { return true; }
}; };
} // namespace } // namespace

@ -70,7 +70,6 @@
#include "src/core/resolver/fake/fake_resolver.h" #include "src/core/resolver/fake/fake_resolver.h"
#include "src/core/service_config/service_config.h" #include "src/core/service_config/service_config.h"
#include "src/core/service_config/service_config_impl.h" #include "src/core/service_config/service_config_impl.h"
#include "src/cpp/client/secure_credentials.h"
#include "src/cpp/server/secure_server_credentials.h" #include "src/cpp/server/secure_server_credentials.h"
#include "src/proto/grpc/health/v1/health.grpc.pb.h" #include "src/proto/grpc/health/v1/health.grpc.pb.h"
#include "src/proto/grpc/testing/echo.grpc.pb.h" #include "src/proto/grpc/testing/echo.grpc.pb.h"
@ -81,6 +80,7 @@
#include "test/core/util/test_lb_policies.h" #include "test/core/util/test_lb_policies.h"
#include "test/cpp/end2end/connection_attempt_injector.h" #include "test/cpp/end2end/connection_attempt_injector.h"
#include "test/cpp/end2end/test_service_impl.h" #include "test/cpp/end2end/test_service_impl.h"
#include "test/cpp/util/credentials.h"
namespace grpc { namespace grpc {
namespace testing { namespace testing {
@ -262,8 +262,7 @@ class ClientLbEnd2endTest : public ::testing::Test {
protected: protected:
ClientLbEnd2endTest() ClientLbEnd2endTest()
: server_host_("localhost"), : server_host_("localhost"),
creds_(new SecureChannelCredentials( creds_(std::make_shared<FakeTransportSecurityChannelCredentials>()) {}
grpc_fake_transport_security_credentials_create())) {}
void SetUp() override { grpc_init(); } void SetUp() override { grpc_init(); }

@ -84,52 +84,53 @@ const char kTestCredsPluginErrorMsg[] = "Could not find plugin metadata.";
const char kFakeToken[] = "fake_token"; const char kFakeToken[] = "fake_token";
const char kFakeSelector[] = "fake_selector"; const char kFakeSelector[] = "fake_selector";
const char kExpectedFakeCredsDebugString[] = const char kExpectedFakeCredsDebugString[] =
"SecureCallCredentials{GoogleIAMCredentials{Token:present," "CallCredentials{GoogleIAMCredentials{Token:present,"
"AuthoritySelector:fake_selector}}"; "AuthoritySelector:fake_selector}}";
const char kWrongToken[] = "wrong_token"; const char kWrongToken[] = "wrong_token";
const char kWrongSelector[] = "wrong_selector"; const char kWrongSelector[] = "wrong_selector";
const char kExpectedWrongCredsDebugString[] = const char kExpectedWrongCredsDebugString[] =
"SecureCallCredentials{GoogleIAMCredentials{Token:present," "CallCredentials{GoogleIAMCredentials{Token:present,"
"AuthoritySelector:wrong_selector}}"; "AuthoritySelector:wrong_selector}}";
const char kFakeToken1[] = "fake_token1"; const char kFakeToken1[] = "fake_token1";
const char kFakeSelector1[] = "fake_selector1"; const char kFakeSelector1[] = "fake_selector1";
const char kExpectedFakeCreds1DebugString[] = const char kExpectedFakeCreds1DebugString[] =
"SecureCallCredentials{GoogleIAMCredentials{Token:present," "CallCredentials{GoogleIAMCredentials{Token:present,"
"AuthoritySelector:fake_selector1}}"; "AuthoritySelector:fake_selector1}}";
const char kFakeToken2[] = "fake_token2"; const char kFakeToken2[] = "fake_token2";
const char kFakeSelector2[] = "fake_selector2"; const char kFakeSelector2[] = "fake_selector2";
const char kExpectedFakeCreds2DebugString[] = const char kExpectedFakeCreds2DebugString[] =
"SecureCallCredentials{GoogleIAMCredentials{Token:present," "CallCredentials{GoogleIAMCredentials{Token:present,"
"AuthoritySelector:fake_selector2}}"; "AuthoritySelector:fake_selector2}}";
const char kExpectedAuthMetadataPluginKeyFailureCredsDebugString[] = const char kExpectedAuthMetadataPluginKeyFailureCredsDebugString[] =
"SecureCallCredentials{TestMetadataCredentials{key:TestPluginMetadata," "CallCredentials{TestMetadataCredentials{key:TestPluginMetadata,"
"value:Does not matter, will fail the key is invalid.}}"; "value:Does not matter, will fail the key is invalid.}}";
const char kExpectedAuthMetadataPluginValueFailureCredsDebugString[] = const char kExpectedAuthMetadataPluginValueFailureCredsDebugString[] =
"SecureCallCredentials{TestMetadataCredentials{key:test-plugin-metadata," "CallCredentials{TestMetadataCredentials{key:test-plugin-metadata,"
"value:With illegal \n value.}}"; "value:With illegal \n value.}}";
const char kExpectedAuthMetadataPluginWithDeadlineCredsDebugString[] = const char kExpectedAuthMetadataPluginWithDeadlineCredsDebugString[] =
"SecureCallCredentials{TestMetadataCredentials{key:meta_key,value:Does not " "CallCredentials{TestMetadataCredentials{key:meta_key,value:Does "
"not "
"matter}}"; "matter}}";
const char kExpectedNonBlockingAuthMetadataPluginFailureCredsDebugString[] = const char kExpectedNonBlockingAuthMetadataPluginFailureCredsDebugString[] =
"SecureCallCredentials{TestMetadataCredentials{key:test-plugin-metadata," "CallCredentials{TestMetadataCredentials{key:test-plugin-metadata,"
"value:Does not matter, will fail anyway (see 3rd param)}}"; "value:Does not matter, will fail anyway (see 3rd param)}}";
const char const char
kExpectedNonBlockingAuthMetadataPluginAndProcessorSuccessCredsDebugString kExpectedNonBlockingAuthMetadataPluginAndProcessorSuccessCredsDebugString
[] = "SecureCallCredentials{TestMetadataCredentials{key:test-plugin-" [] = "CallCredentials{TestMetadataCredentials{key:test-plugin-"
"metadata,value:Dr Jekyll}}"; "metadata,value:Dr Jekyll}}";
const char const char
kExpectedNonBlockingAuthMetadataPluginAndProcessorFailureCredsDebugString kExpectedNonBlockingAuthMetadataPluginAndProcessorFailureCredsDebugString
[] = "SecureCallCredentials{TestMetadataCredentials{key:test-plugin-" [] = "CallCredentials{TestMetadataCredentials{key:test-plugin-"
"metadata,value:Mr Hyde}}"; "metadata,value:Mr Hyde}}";
const char kExpectedBlockingAuthMetadataPluginFailureCredsDebugString[] = const char kExpectedBlockingAuthMetadataPluginFailureCredsDebugString[] =
"SecureCallCredentials{TestMetadataCredentials{key:test-plugin-metadata," "CallCredentials{TestMetadataCredentials{key:test-plugin-metadata,"
"value:Does not matter, will fail anyway (see 3rd param)}}"; "value:Does not matter, will fail anyway (see 3rd param)}}";
const char kExpectedCompositeCallCredsDebugString[] = const char kExpectedCompositeCallCredsDebugString[] =
"SecureCallCredentials{CompositeCallCredentials{TestMetadataCredentials{" "CallCredentials{CompositeCallCredentials{TestMetadataCredentials{"
"key:call-creds-key1,value:call-creds-val1},TestMetadataCredentials{key:" "key:call-creds-key1,value:call-creds-val1},TestMetadataCredentials{key:"
"call-creds-key2,value:call-creds-val2}}}"; "call-creds-key2,value:call-creds-val2}}}";

@ -58,7 +58,6 @@
#include "src/core/resolver/endpoint_addresses.h" #include "src/core/resolver/endpoint_addresses.h"
#include "src/core/resolver/fake/fake_resolver.h" #include "src/core/resolver/fake/fake_resolver.h"
#include "src/core/service_config/service_config_impl.h" #include "src/core/service_config/service_config_impl.h"
#include "src/cpp/client/secure_credentials.h"
#include "src/cpp/server/secure_server_credentials.h" #include "src/cpp/server/secure_server_credentials.h"
#include "src/proto/grpc/lb/v1/load_balancer.grpc.pb.h" #include "src/proto/grpc/lb/v1/load_balancer.grpc.pb.h"
#include "src/proto/grpc/testing/echo.grpc.pb.h" #include "src/proto/grpc/testing/echo.grpc.pb.h"
@ -67,6 +66,7 @@
#include "test/core/util/test_config.h" #include "test/core/util/test_config.h"
#include "test/cpp/end2end/counted_service.h" #include "test/cpp/end2end/counted_service.h"
#include "test/cpp/end2end/test_service_impl.h" #include "test/cpp/end2end/test_service_impl.h"
#include "test/cpp/util/credentials.h"
#include "test/cpp/util/test_config.h" #include "test/cpp/util/test_config.h"
// TODO(dgq): Other scenarios in need of testing: // TODO(dgq): Other scenarios in need of testing:
@ -605,9 +605,8 @@ class GrpclbEnd2endTest : public ::testing::Test {
grpc_fake_transport_security_credentials_create(); grpc_fake_transport_security_credentials_create();
grpc_call_credentials* call_creds = grpc_md_only_test_credentials_create( grpc_call_credentials* call_creds = grpc_md_only_test_credentials_create(
kCallCredsMdKey, kCallCredsMdValue); kCallCredsMdKey, kCallCredsMdValue);
std::shared_ptr<ChannelCredentials> creds( auto creds = std::make_shared<TestCompositeChannelCredentials>(
new SecureChannelCredentials(grpc_composite_channel_credentials_create( channel_creds, call_creds);
channel_creds, call_creds, nullptr)));
call_creds->Unref(); call_creds->Unref();
channel_creds->Unref(); channel_creds->Unref();
channel_ = grpc::CreateCustomChannel( channel_ = grpc::CreateCustomChannel(

@ -34,11 +34,11 @@
#include "src/core/lib/experiments/config.h" #include "src/core/lib/experiments/config.h"
#include "src/core/lib/gprpp/notification.h" #include "src/core/lib/gprpp/notification.h"
#include "src/core/lib/security/credentials/fake/fake_credentials.h" #include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "src/cpp/client/secure_credentials.h"
#include "src/cpp/server/secure_server_credentials.h" #include "src/cpp/server/secure_server_credentials.h"
#include "src/proto/grpc/testing/echo.grpc.pb.h" #include "src/proto/grpc/testing/echo.grpc.pb.h"
#include "test/core/util/port.h" #include "test/core/util/port.h"
#include "test/core/util/test_config.h" #include "test/core/util/test_config.h"
#include "test/cpp/util/credentials.h"
// IWYU pragma: no_include <sys/socket.h> // IWYU pragma: no_include <sys/socket.h>
@ -186,9 +186,7 @@ class End2EndConnectionQuotaTest : public ::testing::TestWithParam<int> {
return EchoTestService::NewStub(CreateCustomChannel( return EchoTestService::NewStub(CreateCustomChannel(
connect_address_, connect_address_,
std::make_shared<SecureChannelCredentials>( std::make_shared<FakeTransportSecurityChannelCredentials>(), args));
grpc_fake_transport_security_credentials_create()),
args));
} }
void TestExceedingConnectionQuota() { void TestExceedingConnectionQuota() {

@ -52,7 +52,6 @@
#include "src/core/load_balancing/rls/rls.h" #include "src/core/load_balancing/rls/rls.h"
#include "src/core/resolver/fake/fake_resolver.h" #include "src/core/resolver/fake/fake_resolver.h"
#include "src/core/service_config/service_config_impl.h" #include "src/core/service_config/service_config_impl.h"
#include "src/cpp/client/secure_credentials.h"
#include "src/cpp/server/secure_server_credentials.h" #include "src/cpp/server/secure_server_credentials.h"
#include "src/proto/grpc/lookup/v1/rls.grpc.pb.h" #include "src/proto/grpc/lookup/v1/rls.grpc.pb.h"
#include "src/proto/grpc/lookup/v1/rls.pb.h" #include "src/proto/grpc/lookup/v1/rls.pb.h"
@ -65,6 +64,7 @@
#include "test/cpp/end2end/counted_service.h" #include "test/cpp/end2end/counted_service.h"
#include "test/cpp/end2end/rls_server.h" #include "test/cpp/end2end/rls_server.h"
#include "test/cpp/end2end/test_service_impl.h" #include "test/cpp/end2end/test_service_impl.h"
#include "test/cpp/util/credentials.h"
#include "test/cpp/util/test_config.h" #include "test/cpp/util/test_config.h"
using ::grpc::lookup::v1::RouteLookupRequest; using ::grpc::lookup::v1::RouteLookupRequest;
@ -198,13 +198,12 @@ class RlsEnd2endTest : public ::testing::Test {
grpc_fake_transport_security_credentials_create(); grpc_fake_transport_security_credentials_create();
grpc_call_credentials* call_creds = grpc_md_only_test_credentials_create( grpc_call_credentials* call_creds = grpc_md_only_test_credentials_create(
kCallCredsMdKey, kCallCredsMdValue); kCallCredsMdKey, kCallCredsMdValue);
auto creds = std::make_shared<SecureChannelCredentials>( auto creds = std::make_shared<TestCompositeChannelCredentials>(
grpc_composite_channel_credentials_create(channel_creds, call_creds, channel_creds, call_creds);
nullptr));
call_creds->Unref(); call_creds->Unref();
channel_creds->Unref(); channel_creds->Unref();
target_uri_ = absl::StrCat("fake:///", kServerName); target_uri_ = absl::StrCat("fake:///", kServerName);
channel_ = grpc::CreateCustomChannel(target_uri_, std::move(creds), args); channel_ = grpc::CreateCustomChannel(target_uri_, creds, args);
stub_ = grpc::testing::EchoTestService::NewStub(channel_); stub_ = grpc::testing::EchoTestService::NewStub(channel_);
} }

@ -59,13 +59,13 @@
#include "src/core/resolver/endpoint_addresses.h" #include "src/core/resolver/endpoint_addresses.h"
#include "src/core/resolver/fake/fake_resolver.h" #include "src/core/resolver/fake/fake_resolver.h"
#include "src/core/service_config/service_config_impl.h" #include "src/core/service_config/service_config_impl.h"
#include "src/cpp/client/secure_credentials.h"
#include "src/cpp/server/secure_server_credentials.h" #include "src/cpp/server/secure_server_credentials.h"
#include "src/proto/grpc/testing/echo.grpc.pb.h" #include "src/proto/grpc/testing/echo.grpc.pb.h"
#include "test/core/util/port.h" #include "test/core/util/port.h"
#include "test/core/util/resolve_localhost_ip46.h" #include "test/core/util/resolve_localhost_ip46.h"
#include "test/core/util/test_config.h" #include "test/core/util/test_config.h"
#include "test/cpp/end2end/test_service_impl.h" #include "test/cpp/end2end/test_service_impl.h"
#include "test/cpp/util/credentials.h"
namespace grpc { namespace grpc {
namespace testing { namespace testing {
@ -119,8 +119,7 @@ class ServiceConfigEnd2endTest : public ::testing::Test {
ServiceConfigEnd2endTest() ServiceConfigEnd2endTest()
: server_host_("localhost"), : server_host_("localhost"),
kRequestMessage_("Live long and prosper."), kRequestMessage_("Live long and prosper."),
creds_(new SecureChannelCredentials( creds_(std::make_shared<FakeTransportSecurityChannelCredentials>()) {}
grpc_fake_transport_security_credentials_create())) {}
static void SetUpTestSuite() { static void SetUpTestSuite() {
// Make the backup poller poll very frequently in order to pick up // Make the backup poller poll very frequently in order to pick up

@ -29,7 +29,6 @@
#include "src/core/client_channel/backup_poller.h" #include "src/core/client_channel/backup_poller.h"
#include "src/core/lib/config/config_vars.h" #include "src/core/lib/config/config_vars.h"
#include "src/cpp/client/secure_credentials.h"
#include "src/proto/grpc/testing/xds/v3/cluster.grpc.pb.h" #include "src/proto/grpc/testing/xds/v3/cluster.grpc.pb.h"
#include "src/proto/grpc/testing/xds/v3/endpoint.grpc.pb.h" #include "src/proto/grpc/testing/xds/v3/endpoint.grpc.pb.h"
#include "src/proto/grpc/testing/xds/v3/http_connection_manager.grpc.pb.h" #include "src/proto/grpc/testing/xds/v3/http_connection_manager.grpc.pb.h"
@ -38,6 +37,7 @@
#include "test/core/util/resolve_localhost_ip46.h" #include "test/core/util/resolve_localhost_ip46.h"
#include "test/core/util/test_config.h" #include "test/core/util/test_config.h"
#include "test/cpp/end2end/xds/xds_end2end_test_lib.h" #include "test/cpp/end2end/xds/xds_end2end_test_lib.h"
#include "test/cpp/util/credentials.h"
#ifndef DISABLED_XDS_PROTO_IN_CC #ifndef DISABLED_XDS_PROTO_IN_CC
@ -246,8 +246,7 @@ class ClientStatusDiscoveryServiceTest : public XdsEnd2endTest {
grpc_core::LocalIpAndPort(admin_server_thread_->port()); grpc_core::LocalIpAndPort(admin_server_thread_->port());
admin_channel_ = grpc::CreateChannel( admin_channel_ = grpc::CreateChannel(
admin_server_address, admin_server_address,
std::make_shared<SecureChannelCredentials>( std::make_shared<FakeTransportSecurityChannelCredentials>());
grpc_fake_transport_security_credentials_create()));
csds_stub_ = csds_stub_ =
envoy::service::status::v3::ClientStatusDiscoveryService::NewStub( envoy::service::status::v3::ClientStatusDiscoveryService::NewStub(
admin_channel_); admin_channel_);

@ -30,7 +30,6 @@
#include "absl/strings/str_cat.h" #include "absl/strings/str_cat.h"
#include "absl/strings/str_format.h" #include "absl/strings/str_format.h"
#include "absl/strings/str_join.h" #include "absl/strings/str_join.h"
#include "absl/strings/str_replace.h"
#include "absl/strings/string_view.h" #include "absl/strings/string_view.h"
#include "absl/types/optional.h" #include "absl/types/optional.h"
@ -42,10 +41,10 @@
#include "src/core/lib/gpr/tmpfile.h" #include "src/core/lib/gpr/tmpfile.h"
#include "src/core/lib/gprpp/env.h" #include "src/core/lib/gprpp/env.h"
#include "src/core/lib/surface/server.h" #include "src/core/lib/surface/server.h"
#include "src/cpp/client/secure_credentials.h"
#include "src/proto/grpc/testing/xds/v3/router.grpc.pb.h" #include "src/proto/grpc/testing/xds/v3/router.grpc.pb.h"
#include "test/core/util/resolve_localhost_ip46.h" #include "test/core/util/resolve_localhost_ip46.h"
#include "test/core/util/tls_utils.h" #include "test/core/util/tls_utils.h"
#include "test/cpp/util/credentials.h"
#include "test/cpp/util/tls_test_utils.h" #include "test/cpp/util/tls_test_utils.h"
namespace grpc { namespace grpc {
@ -572,8 +571,7 @@ std::shared_ptr<Channel> XdsEnd2endTest::CreateChannel(
std::shared_ptr<ChannelCredentials> channel_creds = std::shared_ptr<ChannelCredentials> channel_creds =
GetParam().use_xds_credentials() GetParam().use_xds_credentials()
? XdsCredentials(CreateTlsFallbackCredentials()) ? XdsCredentials(CreateTlsFallbackCredentials())
: std::make_shared<SecureChannelCredentials>( : std::make_shared<FakeTransportSecurityChannelCredentials>();
grpc_fake_transport_security_credentials_create());
return grpc::CreateCustomChannel(uri, channel_creds, *args); return grpc::CreateCustomChannel(uri, channel_creds, *args);
} }

@ -32,7 +32,7 @@ grpc_cc_test(
language = "C++", language = "C++",
tags = [], tags = [],
deps = [ deps = [
"//:grpc++", "//:grpc++_unsecure",
"//:grpcpp_chaotic_good", "//:grpcpp_chaotic_good",
"//test/core/util:grpc_test_util", "//test/core/util:grpc_test_util",
], ],

@ -34,8 +34,6 @@
#include <grpcpp/create_channel.h> #include <grpcpp/create_channel.h>
#include <grpcpp/security/credentials.h> #include <grpcpp/security/credentials.h>
#include "src/core/lib/gprpp/crash.h"
#include "src/cpp/client/secure_credentials.h"
#include "test/core/security/oauth2_utils.h" #include "test/core/security/oauth2_utils.h"
#include "test/cpp/util/create_test_channel.h" #include "test/cpp/util/create_test_channel.h"
#include "test/cpp/util/test_credentials_provider.h" #include "test/cpp/util/test_credentials_provider.h"
@ -68,11 +66,7 @@ std::string GetServiceAccountJsonKey() {
std::string GetOauth2AccessToken() { std::string GetOauth2AccessToken() {
std::shared_ptr<CallCredentials> creds = GoogleComputeEngineCredentials(); std::shared_ptr<CallCredentials> creds = GoogleComputeEngineCredentials();
SecureCallCredentials* secure_creds = char* token = grpc_test_fetch_oauth2_token_with_credentials(creds->c_creds_);
dynamic_cast<SecureCallCredentials*>(creds.get());
GPR_ASSERT(secure_creds != nullptr);
grpc_call_credentials* c_creds = secure_creds->GetRawCreds();
char* token = grpc_test_fetch_oauth2_token_with_credentials(c_creds);
GPR_ASSERT(token != nullptr); GPR_ASSERT(token != nullptr);
gpr_log(GPR_INFO, "Get raw oauth2 access token: %s", token); gpr_log(GPR_INFO, "Get raw oauth2 access token: %s", token);
std::string access_token(token + sizeof("Bearer ") - 1); std::string access_token(token + sizeof("Bearer ") - 1);

@ -60,6 +60,7 @@ GRPCXX_TESTUTIL_SRCS = [
GRPCXX_TESTUTIL_HDRS = [ GRPCXX_TESTUTIL_HDRS = [
"byte_buffer_proto_helper.h", "byte_buffer_proto_helper.h",
"credentials.h",
"string_ref_helper.h", "string_ref_helper.h",
"subprocess.h", "subprocess.h",
] ]

@ -0,0 +1,41 @@
// Copyright 2024 The gRPC Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef GRPC_TEST_CPP_UTIL_CREDENTIALS_H
#define GRPC_TEST_CPP_UTIL_CREDENTIALS_H
#include <grpcpp/security/credentials.h>
#include "src/core/lib/security/credentials/fake/fake_credentials.h"
namespace grpc {
namespace testing {
class FakeTransportSecurityChannelCredentials : public ChannelCredentials {
public:
FakeTransportSecurityChannelCredentials()
: ChannelCredentials(grpc_fake_transport_security_credentials_create()) {}
};
class TestCompositeChannelCredentials : public ChannelCredentials {
public:
TestCompositeChannelCredentials(grpc_channel_credentials* channel_creds,
grpc_call_credentials* call_creds)
: ChannelCredentials(grpc_composite_channel_credentials_create(
channel_creds, call_creds, nullptr)) {}
};
} // namespace testing
} // namespace grpc
#endif // GRPC_TEST_CPP_UTIL_CREDENTIALS_H

@ -3011,7 +3011,9 @@ src/core/tsi/transport_security_grpc.cc \
src/core/tsi/transport_security_grpc.h \ src/core/tsi/transport_security_grpc.h \
src/core/tsi/transport_security_interface.h \ src/core/tsi/transport_security_interface.h \
src/cpp/README.md \ src/cpp/README.md \
src/cpp/client/call_credentials.cc \
src/cpp/client/channel_cc.cc \ src/cpp/client/channel_cc.cc \
src/cpp/client/channel_credentials.cc \
src/cpp/client/client_callback.cc \ src/cpp/client/client_callback.cc \
src/cpp/client/client_context.cc \ src/cpp/client/client_context.cc \
src/cpp/client/client_interceptor.cc \ src/cpp/client/client_interceptor.cc \
@ -3033,7 +3035,6 @@ src/cpp/common/resource_quota_cc.cc \
src/cpp/common/rpc_method.cc \ src/cpp/common/rpc_method.cc \
src/cpp/common/secure_auth_context.cc \ src/cpp/common/secure_auth_context.cc \
src/cpp/common/secure_auth_context.h \ src/cpp/common/secure_auth_context.h \
src/cpp/common/secure_channel_arguments.cc \
src/cpp/common/secure_create_auth_context.cc \ src/cpp/common/secure_create_auth_context.cc \
src/cpp/common/tls_certificate_provider.cc \ src/cpp/common/tls_certificate_provider.cc \
src/cpp/common/tls_certificate_verifier.cc \ src/cpp/common/tls_certificate_verifier.cc \
@ -3059,6 +3060,7 @@ src/cpp/server/server_builder.cc \
src/cpp/server/server_callback.cc \ src/cpp/server/server_callback.cc \
src/cpp/server/server_cc.cc \ src/cpp/server/server_cc.cc \
src/cpp/server/server_context.cc \ src/cpp/server/server_context.cc \
src/cpp/server/server_credentials.cc \
src/cpp/server/server_posix.cc \ src/cpp/server/server_posix.cc \
src/cpp/server/thread_pool_interface.h \ src/cpp/server/thread_pool_interface.h \
src/cpp/server/xds_server_builder.cc \ src/cpp/server/xds_server_builder.cc \

Loading…
Cancel
Save