Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add a TLS credential surface API (experimental)

Browse Source
pull/17549/head
Yihua Zhang 6 years ago
parent 588486120d
commit a3d997cbdc
22 changed files with 724 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      BUILD
  2. 2
      CMakeLists.txt
  3. 3
      Makefile
  4. 2
      build.yaml
  5. 2
      config.m4
  6. 2
      config.w32
  7. 1
      gRPC-C++.podspec
  8. 3
      gRPC-Core.podspec
  9. 9
      grpc.def
  10. 2
      grpc.gemspec
  11. 1
      grpc.gyp
  12. 195
      include/grpc/grpc_security.h
  13. 2
      package.xml
  14. 192
      src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
  15. 213
      src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h
  16. 33
      src/core/lib/security/security_connector/ssl_utils.h
  17. 1
      src/python/grpcio/grpc_core_dependencies.py
  18. 18
      src/ruby/ext/grpc/rb_grpc_imports.generated.c
  19. 27
      src/ruby/ext/grpc/rb_grpc_imports.generated.h
  20. 9
      test/core/surface/public_headers_must_be_c89.c
  21. 2
      tools/doxygen/Doxyfile.core.internal
  22. 3
      tools/run_tests/generated/sources_and_headers.json

2
BUILD
Unescape View File

@ -1614,6 +1614,7 @@ grpc_cc_library(
"src/core/lib/security/credentials/oauth2/oauth2_credentials.cc",
"src/core/lib/security/credentials/plugin/plugin_credentials.cc",
"src/core/lib/security/credentials/ssl/ssl_credentials.cc",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc",
"src/core/lib/security/security_connector/alts/alts_security_connector.cc",
"src/core/lib/security/security_connector/fake/fake_security_connector.cc",
"src/core/lib/security/security_connector/load_system_roots_fallback.cc",
@ -1648,6 +1649,7 @@ grpc_cc_library(
"src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h",
"src/core/lib/security/security_connector/alts/alts_security_connector.h",
"src/core/lib/security/security_connector/fake/fake_security_connector.h",
"src/core/lib/security/security_connector/load_system_roots.h",

2
CMakeLists.txt
Unescape View File

@ -1151,6 +1151,7 @@ add_library(grpc
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc
src/core/lib/security/credentials/plugin/plugin_credentials.cc
src/core/lib/security/credentials/ssl/ssl_credentials.cc
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
src/core/lib/security/security_connector/alts/alts_security_connector.cc
src/core/lib/security/security_connector/fake/fake_security_connector.cc
src/core/lib/security/security_connector/load_system_roots_fallback.cc
@ -1609,6 +1610,7 @@ add_library(grpc_cronet
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc
src/core/lib/security/credentials/plugin/plugin_credentials.cc
src/core/lib/security/credentials/ssl/ssl_credentials.cc
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
src/core/lib/security/security_connector/alts/alts_security_connector.cc
src/core/lib/security/security_connector/fake/fake_security_connector.cc
src/core/lib/security/security_connector/load_system_roots_fallback.cc

3
Makefile
Unescape View File

@ -3672,6 +3672,7 @@ LIBGRPC_SRC = \
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \
src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
src/core/lib/security/security_connector/load_system_roots_fallback.cc \
@ -4124,6 +4125,7 @@ LIBGRPC_CRONET_SRC = \
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \
src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
src/core/lib/security/security_connector/load_system_roots_fallback.cc \
@ -25370,6 +25372,7 @@ src/core/lib/security/credentials/local/local_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/plugin/plugin_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/ssl/ssl_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/alts/alts_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/fake/fake_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/load_system_roots_fallback.cc: $(OPENSSL_DEP)

2
build.yaml
Unescape View File

@ -837,6 +837,7 @@ filegroups:
- src/core/lib/security/credentials/oauth2/oauth2_credentials.h
- src/core/lib/security/credentials/plugin/plugin_credentials.h
- src/core/lib/security/credentials/ssl/ssl_credentials.h
- src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h
- src/core/lib/security/security_connector/alts/alts_security_connector.h
- src/core/lib/security/security_connector/fake/fake_security_connector.h
- src/core/lib/security/security_connector/load_system_roots.h
@ -869,6 +870,7 @@ filegroups:
- src/core/lib/security/credentials/oauth2/oauth2_credentials.cc
- src/core/lib/security/credentials/plugin/plugin_credentials.cc
- src/core/lib/security/credentials/ssl/ssl_credentials.cc
- src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
- src/core/lib/security/security_connector/alts/alts_security_connector.cc
- src/core/lib/security/security_connector/fake/fake_security_connector.cc
- src/core/lib/security/security_connector/load_system_roots_fallback.cc

2
config.m4
Unescape View File

@ -283,6 +283,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \
src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
src/core/lib/security/security_connector/load_system_roots_fallback.cc \
@ -728,6 +729,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/oauth2)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/plugin)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/ssl)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/tls)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/security_connector)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/security_connector/alts)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/security_connector/fake)

2
config.w32
Unescape View File

@ -258,6 +258,7 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\security\\credentials\\oauth2\\oauth2_credentials.cc " +
"src\\core\\lib\\security\\credentials\\plugin\\plugin_credentials.cc " +
"src\\core\\lib\\security\\credentials\\ssl\\ssl_credentials.cc " +
"src\\core\\lib\\security\\credentials\\tls\\grpc_tls_credentials_options.cc " +
"src\\core\\lib\\security\\security_connector\\alts\\alts_security_connector.cc " +
"src\\core\\lib\\security\\security_connector\\fake\\fake_security_connector.cc " +
"src\\core\\lib\\security\\security_connector\\load_system_roots_fallback.cc " +
@ -743,6 +744,7 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\oauth2");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\plugin");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\ssl");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\tls");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\security_connector");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\security_connector\\alts");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\security_connector\\fake");

1
gRPC-C++.podspec
Unescape View File

@ -300,6 +300,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.h',
'src/core/lib/security/security_connector/load_system_roots.h',

3
gRPC-Core.podspec
Unescape View File

@ -294,6 +294,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.h',
'src/core/lib/security/security_connector/load_system_roots.h',
@ -731,6 +732,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc',
'src/core/lib/security/credentials/plugin/plugin_credentials.cc',
'src/core/lib/security/credentials/ssl/ssl_credentials.cc',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc',
'src/core/lib/security/security_connector/alts/alts_security_connector.cc',
'src/core/lib/security/security_connector/fake/fake_security_connector.cc',
'src/core/lib/security/security_connector/load_system_roots_fallback.cc',
@ -923,6 +925,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.h',
'src/core/lib/security/security_connector/load_system_roots.h',

9
grpc.def
Unescape View File

@ -131,6 +131,15 @@ EXPORTS
grpc_alts_server_credentials_create
grpc_local_credentials_create
grpc_local_server_credentials_create
grpc_tls_credentials_options_create
grpc_tls_credentials_options_set_cert_request_type
grpc_tls_credentials_options_set_key_materials_config
grpc_tls_credentials_options_set_credential_reload_config
grpc_tls_credentials_options_set_server_authorization_check_config
grpc_tls_key_materials_config_create
grpc_tls_key_materials_config_set_key_materials
grpc_tls_credential_reload_config_create
grpc_tls_server_authorization_check_config_create
grpc_raw_byte_buffer_create
grpc_raw_compressed_byte_buffer_create
grpc_byte_buffer_copy

2
grpc.gemspec
Unescape View File

@ -224,6 +224,7 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.h )
s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.h )
s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.h )
s.files += %w( src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h )
s.files += %w( src/core/lib/security/security_connector/alts/alts_security_connector.h )
s.files += %w( src/core/lib/security/security_connector/fake/fake_security_connector.h )
s.files += %w( src/core/lib/security/security_connector/load_system_roots.h )
@ -665,6 +666,7 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.cc )
s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.cc )
s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.cc )
s.files += %w( src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc )
s.files += %w( src/core/lib/security/security_connector/alts/alts_security_connector.cc )
s.files += %w( src/core/lib/security/security_connector/fake/fake_security_connector.cc )
s.files += %w( src/core/lib/security/security_connector/load_system_roots_fallback.cc )

1
grpc.gyp
Unescape View File

@ -465,6 +465,7 @@
'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc',
'src/core/lib/security/credentials/plugin/plugin_credentials.cc',
'src/core/lib/security/credentials/ssl/ssl_credentials.cc',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc',
'src/core/lib/security/security_connector/alts/alts_security_connector.cc',
'src/core/lib/security/security_connector/fake/fake_security_connector.cc',
'src/core/lib/security/security_connector/load_system_roots_fallback.cc',

195
include/grpc/grpc_security.h
Unescape View File

@ -609,6 +609,201 @@ GRPCAPI grpc_channel_credentials* grpc_local_credentials_create(
GRPCAPI grpc_server_credentials* grpc_local_server_credentials_create(
grpc_local_connect_type type);
/** --- SPIFFE and HTTPS-based TLS channel/server credentials ---
* It is used for experimental purpose for now and subject to change. */
/** Config for TLS key materials. It is used for
* experimental purpose for now and subject to change. */
typedef struct grpc_tls_key_materials_config grpc_tls_key_materials_config;
/** Config for TLS credential reload. It is used for
* experimental purpose for now and subject to change. */
typedef struct grpc_tls_credential_reload_config
grpc_tls_credential_reload_config;
/** Config for TLS server authorization check. It is used for
* experimental purpose for now and subject to change. */
typedef struct grpc_tls_server_authorization_check_config
grpc_tls_server_authorization_check_config;
/** TLS credentials options. It is used for
* experimental purpose for now and subject to change. */
typedef struct grpc_tls_credentials_options grpc_tls_credentials_options;
/** Create an empty TLS credentials options. It is used for
* experimental purpose for now and subject to change. */
GRPCAPI grpc_tls_credentials_options* grpc_tls_credentials_options_create();
/** Set grpc_ssl_client_certificate_request_type field in credentials options
with the provided type. options should not be NULL.
It returns 1 on success and 0 on failure. It is used for
experimental purpose for now and subject to change. */
GRPCAPI int grpc_tls_credentials_options_set_cert_request_type(
grpc_tls_credentials_options* options,
grpc_ssl_client_certificate_request_type type);
/** Set grpc_tls_key_materials_config field in credentials options
with the provided config struct whose ownership is transferred.
Both parameters should not be NULL.
It returns 1 on success and 0 on failure. It is used for
experimental purpose for now and subject to change. */
GRPCAPI int grpc_tls_credentials_options_set_key_materials_config(
grpc_tls_credentials_options* options,
grpc_tls_key_materials_config* config);
/** Set grpc_tls_credential_reload_config field in credentials options
with the provided config struct whose ownership is transferred.
Both parameters should not be NULL.
It returns 1 on success and 0 on failure. It is used for
experimental purpose for now and subject to change. */
GRPCAPI int grpc_tls_credentials_options_set_credential_reload_config(
grpc_tls_credentials_options* options,
grpc_tls_credential_reload_config* config);
/** Set grpc_tls_server_authorization_check_config field in credentials options
with the provided config struct whose ownership is transferred.
Both parameters should not be NULL.
It returns 1 on success and 0 on failure. It is used for
experimental purpose for now and subject to change. */
GRPCAPI int grpc_tls_credentials_options_set_server_authorization_check_config(
grpc_tls_credentials_options* options,
grpc_tls_server_authorization_check_config* config);
/** --- TLS key materials config. ---
It is used for experimental purpose for now and subject to change. */
/** Create an empty grpc_tls_key_materials_config instance.
* It is used for experimental purpose for now and subject to change. */
GRPCAPI grpc_tls_key_materials_config* grpc_tls_key_materials_config_create();
/** Set grpc_tls_key_materials_config instance with provided a TLS certificate.
config will take the ownership of pem_root_certs and pem_key_cert_pairs.
It's valid for the caller to provide nullptr pem_root_certs, in which case
the gRPC-provided root cert will be used. pem_key_cert_pairs should not be
NULL. It returns 1 on success and 0 on failure. It is used for
experimental purpose for now and subject to change.
*/
GRPCAPI int grpc_tls_key_materials_config_set_key_materials(
grpc_tls_key_materials_config* config, const char* pem_root_certs,
const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
size_t num_key_cert_pairs);
/** --- TLS credential reload config. ---
It is used for experimental purpose for now and subject to change.*/
typedef struct grpc_tls_credential_reload_arg grpc_tls_credential_reload_arg;
/** A callback function provided by gRPC to handle the result of credential
reload. It is used when schedule API is implemented asynchronously and
serves to bring the control back to grpc C core. It is used for
experimental purpose for now and subject to change. */
typedef void (*grpc_tls_on_credential_reload_done_cb)(
grpc_tls_credential_reload_arg* arg);
/** A struct containing all information necessary to schedule/cancel
a credential reload request. cb and cb_user_data represent a gRPC-provided
callback and an argument passed to it. key_materials is an in/output
parameter containing currently used/newly reloaded credentials. status and
error_details are used to hold information about errors occurred when a
credential reload request is scheduled/cancelled. It is used for
experimental purpose for now and subject to change. */
struct grpc_tls_credential_reload_arg {
grpc_tls_on_credential_reload_done_cb cb;
void* cb_user_data;
grpc_tls_key_materials_config* key_materials_config;
grpc_status_code status;
const char* error_details;
};
/** Create a grpc_tls_credential_reload_config instance.
- config_user_data is config-specific, read-only user data
that works for all channels created with a credential using the config.
- schedule is a pointer to an application-provided callback used to invoke
credential reload API. The implementation of this method has to be
non-blocking, but can be performed synchronously or asynchronously.
1) If processing occurs synchronously, it populates arg->key_materials,
arg->status, and arg->error_details and returns zero.
2) If processing occurs asynchronously, it returns a non-zero value.
The application then invokes arg->cb when processing is completed. Note
that arg->cb cannot be invoked before schedule API returns.
- cancel is a pointer to an application-provided callback used to cancel
a credential reload request scheduled via an asynchronous schedule API.
arg is used to pinpoint an exact reloading request to be cancelled.
The operation may not have any effect if the request has already been
processed.
- destruct is a pointer to an application-provided callback used to clean up
any data associated with the config.
It is used for experimental purpose for now and subject to change.
*/
GRPCAPI grpc_tls_credential_reload_config*
grpc_tls_credential_reload_config_create(
const void* config_user_data,
int (*schedule)(void* config_user_data,
grpc_tls_credential_reload_arg* arg),
void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
void (*destruct)(void* config_user_data));
/** --- TLS server authorization check config. ---
* It is used for experimental purpose for now and subject to change. */
typedef struct grpc_tls_server_authorization_check_arg
grpc_tls_server_authorization_check_arg;
/** callback function provided by gRPC used to handle the result of server
authorization check. It is used when schedule API is implemented
asynchronously, and serves to bring the control back to gRPC C core. It is
used for experimental purpose for now and subject to change. */
typedef void (*grpc_tls_on_server_authorization_check_done_cb)(
grpc_tls_server_authorization_check_arg* arg);
/** A struct containing all information necessary to schedule/cancel a server
authorization check request. cb and cb_user_data represent a gRPC-provided
callback and an argument passed to it. result will store the result of
server authorization check. target_name is the name of an endpoint the
channel is connecting to and certificate represents a complete certificate
chain including both signing and leaf certificates. status and error_details
contain information about errors occurred when a server authorization check
request is scheduled/cancelled. It is used for experimental purpose for now
and subject to change.*/
struct grpc_tls_server_authorization_check_arg {
grpc_tls_on_server_authorization_check_done_cb cb;
void* cb_user_data;
int result;
const char* target_name;
const char* peer_cert;
grpc_status_code status;
const char* error_details;
};
/** Create a grpc_tls_server_authorization_check_config instance.
- config_user_data is config-specific, read-only user data
that works for all channels created with a credential using the config.
- schedule is a pointer to an application-provided callback used to invoke
server authorization check API. The implementation of this method has to
be non-blocking, but can be performed synchronously or asynchronously.
1)If processing occurs synchronously, it populates arg->result,
arg->status, and arg->error_details and returns zero.
2) If processing occurs asynchronously, it returns a non-zero value. The
application then invokes arg->cb when processing is completed. Note that
arg->cb cannot be invoked before schedule API returns.
- cancel is a pointer to an application-provided callback used to cancel a
server authorization check request scheduled via an asynchronous schedule
API. arg is used to pinpoint an exact check request to be cancelled. The
operation may not have any effect if the request has already been
processed.
- destruct is a pointer to an application-provided callback used to clean up
any data associated with the config.
It is used for experimental purpose for now and subject to change.
*/
GRPCAPI grpc_tls_server_authorization_check_config*
grpc_tls_server_authorization_check_config_create(
const void* config_user_data,
int (*schedule)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg),
void (*cancel)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg),
void (*destruct)(void* config_user_data));
#ifdef __cplusplus
}
#endif

2
package.xml
Unescape View File

@ -229,6 +229,7 @@
<file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/alts/alts_security_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/fake/fake_security_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/load_system_roots.h" role="src" />
@ -670,6 +671,7 @@
<file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/alts/alts_security_connector.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/fake/fake_security_connector.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/load_system_roots_fallback.cc" role="src" />

192
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
Unescape View File

@ -0,0 +1,192 @@
/*
*
* Copyright 2018 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
#include <stdlib.h>
#include <string.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
/** -- gRPC TLS key materials config API implementation. -- **/
void grpc_tls_key_materials_config::set_key_materials(
grpc_core::UniquePtr<char> pem_root_certs,
PemKeyCertPairList pem_key_cert_pair_list) {
pem_key_cert_pair_list_ = std::move(pem_key_cert_pair_list);
pem_root_certs_ = std::move(pem_root_certs);
}
/** -- gRPC TLS credential reload config API implementation. -- **/
grpc_tls_credential_reload_config::grpc_tls_credential_reload_config(
const void* config_user_data,
int (*schedule)(void* config_user_data,
grpc_tls_credential_reload_arg* arg),
void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
void (*destruct)(void* config_user_data))
: config_user_data_(const_cast<void*>(config_user_data)),
schedule_(schedule),
cancel_(cancel),
destruct_(destruct) {}
grpc_tls_credential_reload_config::~grpc_tls_credential_reload_config() {
if (destruct_ != nullptr) {
destruct_((void*)config_user_data_);
}
}
/** -- gRPC TLS server authorization check API implementation. -- **/
grpc_tls_server_authorization_check_config::
grpc_tls_server_authorization_check_config(
const void* config_user_data,
int (*schedule)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg),
void (*cancel)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg),
void (*destruct)(void* config_user_data))
: config_user_data_(const_cast<void*>(config_user_data)),
schedule_(schedule),
cancel_(cancel),
destruct_(destruct) {}
grpc_tls_server_authorization_check_config::
~grpc_tls_server_authorization_check_config() {
if (destruct_ != nullptr) {
destruct_((void*)config_user_data_);
}
}
/** -- Wrapper APIs declared in grpc_security.h -- **/
grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
return grpc_core::New<grpc_tls_credentials_options>();
}
int grpc_tls_credentials_options_set_cert_request_type(
grpc_tls_credentials_options* options,
grpc_ssl_client_certificate_request_type type) {
if (options == nullptr) {
gpr_log(GPR_ERROR,
"Invalid nullptr arguments to "
"grpc_tls_credentials_options_set_cert_request_type()");
return 0;
}
options->set_cert_request_type(type);
return 1;
}
int grpc_tls_credentials_options_set_key_materials_config(
grpc_tls_credentials_options* options,
grpc_tls_key_materials_config* config) {
if (options == nullptr || config == nullptr) {
gpr_log(GPR_ERROR,
"Invalid nullptr arguments to "
"grpc_tls_credentials_options_set_key_materials_config()");
return 0;
}
options->set_key_materials_config(config->Ref());
return 1;
}
int grpc_tls_credentials_options_set_credential_reload_config(
grpc_tls_credentials_options* options,
grpc_tls_credential_reload_config* config) {
if (options == nullptr || config == nullptr) {
gpr_log(GPR_ERROR,
"Invalid nullptr arguments to "
"grpc_tls_credentials_options_set_credential_reload_config()");
return 0;
}
options->set_credential_reload_config(config->Ref());
return 1;
}
int grpc_tls_credentials_options_set_server_authorization_check_config(
grpc_tls_credentials_options* options,
grpc_tls_server_authorization_check_config* config) {
if (options == nullptr || config == nullptr) {
gpr_log(
GPR_ERROR,
"Invalid nullptr arguments to "
"grpc_tls_credentials_options_set_server_authorization_check_config()");
return 0;
}
options->set_server_authorization_check_config(config->Ref());
return 1;
}
grpc_tls_key_materials_config* grpc_tls_key_materials_config_create() {
return grpc_core::New<grpc_tls_key_materials_config>();
}
int grpc_tls_key_materials_config_set_key_materials(
grpc_tls_key_materials_config* config, const char* root_certs,
const grpc_ssl_pem_key_cert_pair** key_cert_pairs, size_t num) {
if (config == nullptr || key_cert_pairs == nullptr || num == 0) {
gpr_log(GPR_ERROR,
"Invalid arguments to "
"grpc_tls_key_materials_config_set_key_materials()");
return 0;
}
grpc_core::UniquePtr<char> pem_root(const_cast<char*>(root_certs));
grpc_tls_key_materials_config::PemKeyCertPairList cert_pair_list;
for (size_t i = 0; i < num; i++) {
grpc_core::PemKeyCertPair key_cert_pair(
const_cast<grpc_ssl_pem_key_cert_pair*>(key_cert_pairs[i]));
cert_pair_list.emplace_back(std::move(key_cert_pair));
}
config->set_key_materials(std::move(pem_root), std::move(cert_pair_list));
gpr_free(key_cert_pairs);
return 1;
}
grpc_tls_credential_reload_config* grpc_tls_credential_reload_config_create(
const void* config_user_data,
int (*schedule)(void* config_user_data,
grpc_tls_credential_reload_arg* arg),
void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
void (*destruct)(void* config_user_data)) {
if (schedule == nullptr) {
gpr_log(
GPR_ERROR,
"Schedule API is nullptr in creating TLS credential reload config.");
return nullptr;
}
return grpc_core::New<grpc_tls_credential_reload_config>(
config_user_data, schedule, cancel, destruct);
}
grpc_tls_server_authorization_check_config*
grpc_tls_server_authorization_check_config_create(
const void* config_user_data,
int (*schedule)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg),
void (*cancel)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg),
void (*destruct)(void* config_user_data)) {
if (schedule == nullptr) {
gpr_log(GPR_ERROR,
"Schedule API is nullptr in creating TLS server authorization "
"check config.");
return nullptr;
}
return grpc_core::New<grpc_tls_server_authorization_check_config>(
config_user_data, schedule, cancel, destruct);
}

213
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h
Unescape View File

@ -0,0 +1,213 @@
/*
*
* Copyright 2018 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
#include <grpc/support/port_platform.h>
#include <grpc/grpc_security.h>
#include "src/core/lib/gprpp/inlined_vector.h"
#include "src/core/lib/gprpp/ref_counted.h"
#include "src/core/lib/security/security_connector/ssl_utils.h"
/** TLS key materials config. **/
struct grpc_tls_key_materials_config
: public grpc_core::RefCounted<grpc_tls_key_materials_config> {
public:
typedef grpc_core::InlinedVector<grpc_core::PemKeyCertPair, 1>
PemKeyCertPairList;
/** Getters for member fields. **/
const char* pem_root_certs() const { return pem_root_certs_.get(); }
const PemKeyCertPairList& pem_key_cert_pair_list() const {
return pem_key_cert_pair_list_;
}
/** Setters for member fields. **/
void set_key_materials(grpc_core::UniquePtr<char> pem_root_certs,
PemKeyCertPairList pem_key_cert_pair_list);
private:
PemKeyCertPairList pem_key_cert_pair_list_;
grpc_core::UniquePtr<char> pem_root_certs_;
};
/** TLS credential reload config. **/
struct grpc_tls_credential_reload_config
: public grpc_core::RefCounted<grpc_tls_credential_reload_config> {
public:
grpc_tls_credential_reload_config(
const void* config_user_data,
int (*schedule)(void* config_user_data,
grpc_tls_credential_reload_arg* arg),
void (*cancel)(void* config_user_data,
grpc_tls_credential_reload_arg* arg),
void (*destruct)(void* config_user_data));
~grpc_tls_credential_reload_config();
int Schedule(grpc_tls_credential_reload_arg* arg) const {
return schedule_(config_user_data_, arg);
}
void Cancel(grpc_tls_credential_reload_arg* arg) const {
if (cancel_ == nullptr) {
gpr_log(GPR_ERROR, "cancel API is nullptr.");
return;
}
cancel_(config_user_data_, arg);
}
private:
/** config-specific, read-only user data that works for all channels created
with a credential using the config. */
void* config_user_data_;
/** callback function for invoking credential reload API. The implementation
of this method has to be non-blocking, but can be performed synchronously
or asynchronously.
If processing occurs synchronously, it populates \a arg->key_materials, \a
arg->status, and \a arg->error_details and returns zero.
If processing occurs asynchronously, it returns a non-zero value.
Application then invokes \a arg->cb when processing is completed. Note that
\a arg->cb cannot be invoked before \a schedule returns.
*/
int (*schedule_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
/** callback function for cancelling a credential reload request scheduled via
an asynchronous \a schedule. \a arg is used to pinpoint an exact reloading
request to be cancelled, and the operation may not have any effect if the
request has already been processed. */
void (*cancel_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
/** callback function for cleaning up any data associated with credential
reload config. */
void (*destruct_)(void* config_user_data);
};
/** TLS server authorization check config. **/
struct grpc_tls_server_authorization_check_config
: public grpc_core::RefCounted<grpc_tls_server_authorization_check_config> {
public:
grpc_tls_server_authorization_check_config(
const void* config_user_data,
int (*schedule)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg),
void (*cancel)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg),
void (*destruct)(void* config_user_data));
~grpc_tls_server_authorization_check_config();
int Schedule(grpc_tls_server_authorization_check_arg* arg) const {
return schedule_(config_user_data_, arg);
}
void Cancel(grpc_tls_server_authorization_check_arg* arg) const {
if (cancel_ == nullptr) {
gpr_log(GPR_ERROR, "cancel API is nullptr.");
return;
}
cancel_(config_user_data_, arg);
}
private:
/** config-specific, read-only user data that works for all channels created
with a Credential using the config. */
void* config_user_data_;
/** callback function for invoking server authorization check. The
implementation of this method has to be non-blocking, but can be performed
synchronously or asynchronously.
If processing occurs synchronously, it populates \a arg->result, \a
arg->status, and \a arg->error_details, and returns zero.
If processing occurs asynchronously, it returns a non-zero value.
Application then invokes \a arg->cb when processing is completed. Note that
\a arg->cb cannot be invoked before \a schedule() returns.
*/
int (*schedule_)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg);
/** callback function for canceling a server authorization check request. */
void (*cancel_)(void* config_user_data,
grpc_tls_server_authorization_check_arg* arg);
/** callback function for cleaning up any data associated with server
authorization check config. */
void (*destruct_)(void* config_user_data);
};
/* TLS credentials options. */
struct grpc_tls_credentials_options
: public grpc_core::RefCounted<grpc_tls_credentials_options> {
public:
~grpc_tls_credentials_options() {
if (key_materials_config_.get() != nullptr) {
key_materials_config_.get()->Unref();
}
if (credential_reload_config_.get() != nullptr) {
credential_reload_config_.get()->Unref();
}
if (server_authorization_check_config_.get() != nullptr) {
server_authorization_check_config_.get()->Unref();
}
}
/* Getters for member fields. */
grpc_ssl_client_certificate_request_type cert_request_type() const {
return cert_request_type_;
}
const grpc_tls_key_materials_config* key_materials_config() const {
return key_materials_config_.get();
}
const grpc_tls_credential_reload_config* credential_reload_config() const {
return credential_reload_config_.get();
}
const grpc_tls_server_authorization_check_config*
server_authorization_check_config() const {
return server_authorization_check_config_.get();
}
grpc_tls_key_materials_config* mutable_key_materials_config() {
return key_materials_config_.get();
}
/* Setters for member fields. */
void set_cert_request_type(
const grpc_ssl_client_certificate_request_type type) {
cert_request_type_ = type;
}
void set_key_materials_config(
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> config) {
key_materials_config_ = std::move(config);
}
void set_credential_reload_config(
grpc_core::RefCountedPtr<grpc_tls_credential_reload_config> config) {
credential_reload_config_ = std::move(config);
}
void set_server_authorization_check_config(
grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
config) {
server_authorization_check_config_ = std::move(config);
}
private:
grpc_ssl_client_certificate_request_type cert_request_type_;
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> key_materials_config_;
grpc_core::RefCountedPtr<grpc_tls_credential_reload_config>
credential_reload_config_;
grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
server_authorization_check_config_;
};
#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H \
*/

33
src/core/lib/security/security_connector/ssl_utils.h
Unescape View File

@ -89,6 +89,39 @@ class DefaultSslRootStore {
static grpc_slice default_pem_root_certs_;
};
class PemKeyCertPair {
public:
// Construct from the C struct. We steal its members and then immediately
// free it.
explicit PemKeyCertPair(grpc_ssl_pem_key_cert_pair* pair)
: private_key_(const_cast<char*>(pair->private_key)),
cert_chain_(const_cast<char*>(pair->cert_chain)) {
gpr_free(pair);
}
// Movable.
PemKeyCertPair(PemKeyCertPair&& other) {
private_key_ = std::move(other.private_key_);
cert_chain_ = std::move(other.cert_chain_);
}
PemKeyCertPair& operator=(PemKeyCertPair&& other) {
private_key_ = std::move(other.private_key_);
cert_chain_ = std::move(other.cert_chain_);
return *this;
}
// Not copyable.
PemKeyCertPair(const PemKeyCertPair&) = delete;
PemKeyCertPair& operator=(const PemKeyCertPair&) = delete;
char* private_key() const { return private_key_.get(); }
char* cert_chain() const { return cert_chain_.get(); }
private:
grpc_core::UniquePtr<char> private_key_;
grpc_core::UniquePtr<char> cert_chain_;
};
} // namespace grpc_core
#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_SSL_UTILS_H \

1
src/python/grpcio/grpc_core_dependencies.py
Unescape View File

@ -257,6 +257,7 @@ CORE_SOURCE_FILES = [
'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc',
'src/core/lib/security/credentials/plugin/plugin_credentials.cc',
'src/core/lib/security/credentials/ssl/ssl_credentials.cc',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc',
'src/core/lib/security/security_connector/alts/alts_security_connector.cc',
'src/core/lib/security/security_connector/fake/fake_security_connector.cc',
'src/core/lib/security/security_connector/load_system_roots_fallback.cc',

18
src/ruby/ext/grpc/rb_grpc_imports.generated.c
Unescape View File

@ -154,6 +154,15 @@ grpc_alts_credentials_create_type grpc_alts_credentials_create_import;
grpc_alts_server_credentials_create_type grpc_alts_server_credentials_create_import;
grpc_local_credentials_create_type grpc_local_credentials_create_import;
grpc_local_server_credentials_create_type grpc_local_server_credentials_create_import;
grpc_tls_credentials_options_create_type grpc_tls_credentials_options_create_import;
grpc_tls_credentials_options_set_cert_request_type_type grpc_tls_credentials_options_set_cert_request_type_import;
grpc_tls_credentials_options_set_key_materials_config_type grpc_tls_credentials_options_set_key_materials_config_import;
grpc_tls_credentials_options_set_credential_reload_config_type grpc_tls_credentials_options_set_credential_reload_config_import;
grpc_tls_credentials_options_set_server_authorization_check_config_type grpc_tls_credentials_options_set_server_authorization_check_config_import;
grpc_tls_key_materials_config_create_type grpc_tls_key_materials_config_create_import;
grpc_tls_key_materials_config_set_key_materials_type grpc_tls_key_materials_config_set_key_materials_import;
grpc_tls_credential_reload_config_create_type grpc_tls_credential_reload_config_create_import;
grpc_tls_server_authorization_check_config_create_type grpc_tls_server_authorization_check_config_create_import;
grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import;
grpc_raw_compressed_byte_buffer_create_type grpc_raw_compressed_byte_buffer_create_import;
grpc_byte_buffer_copy_type grpc_byte_buffer_copy_import;
@ -412,6 +421,15 @@ void grpc_rb_load_imports(HMODULE library) {
grpc_alts_server_credentials_create_import = (grpc_alts_server_credentials_create_type) GetProcAddress(library, "grpc_alts_server_credentials_create");
grpc_local_credentials_create_import = (grpc_local_credentials_create_type) GetProcAddress(library, "grpc_local_credentials_create");
grpc_local_server_credentials_create_import = (grpc_local_server_credentials_create_type) GetProcAddress(library, "grpc_local_server_credentials_create");
grpc_tls_credentials_options_create_import = (grpc_tls_credentials_options_create_type) GetProcAddress(library, "grpc_tls_credentials_options_create");
grpc_tls_credentials_options_set_cert_request_type_import = (grpc_tls_credentials_options_set_cert_request_type_type) GetProcAddress(library, "grpc_tls_credentials_options_set_cert_request_type");
grpc_tls_credentials_options_set_key_materials_config_import = (grpc_tls_credentials_options_set_key_materials_config_type) GetProcAddress(library, "grpc_tls_credentials_options_set_key_materials_config");
grpc_tls_credentials_options_set_credential_reload_config_import = (grpc_tls_credentials_options_set_credential_reload_config_type) GetProcAddress(library, "grpc_tls_credentials_options_set_credential_reload_config");
grpc_tls_credentials_options_set_server_authorization_check_config_import = (grpc_tls_credentials_options_set_server_authorization_check_config_type) GetProcAddress(library, "grpc_tls_credentials_options_set_server_authorization_check_config");
grpc_tls_key_materials_config_create_import = (grpc_tls_key_materials_config_create_type) GetProcAddress(library, "grpc_tls_key_materials_config_create");
grpc_tls_key_materials_config_set_key_materials_import = (grpc_tls_key_materials_config_set_key_materials_type) GetProcAddress(library, "grpc_tls_key_materials_config_set_key_materials");
grpc_tls_credential_reload_config_create_import = (grpc_tls_credential_reload_config_create_type) GetProcAddress(library, "grpc_tls_credential_reload_config_create");
grpc_tls_server_authorization_check_config_create_import = (grpc_tls_server_authorization_check_config_create_type) GetProcAddress(library, "grpc_tls_server_authorization_check_config_create");
grpc_raw_byte_buffer_create_import = (grpc_raw_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_byte_buffer_create");
grpc_raw_compressed_byte_buffer_create_import = (grpc_raw_compressed_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_compressed_byte_buffer_create");
grpc_byte_buffer_copy_import = (grpc_byte_buffer_copy_type) GetProcAddress(library, "grpc_byte_buffer_copy");

27
src/ruby/ext/grpc/rb_grpc_imports.generated.h
Unescape View File

@ -437,6 +437,33 @@ extern grpc_local_credentials_create_type grpc_local_credentials_create_import;
typedef grpc_server_credentials*(*grpc_local_server_credentials_create_type)(grpc_local_connect_type type);
extern grpc_local_server_credentials_create_type grpc_local_server_credentials_create_import;
#define grpc_local_server_credentials_create grpc_local_server_credentials_create_import
typedef grpc_tls_credentials_options*(*grpc_tls_credentials_options_create_type)();
extern grpc_tls_credentials_options_create_type grpc_tls_credentials_options_create_import;
#define grpc_tls_credentials_options_create grpc_tls_credentials_options_create_import
typedef int(*grpc_tls_credentials_options_set_cert_request_type_type)(grpc_tls_credentials_options* options, grpc_ssl_client_certificate_request_type type);
extern grpc_tls_credentials_options_set_cert_request_type_type grpc_tls_credentials_options_set_cert_request_type_import;
#define grpc_tls_credentials_options_set_cert_request_type grpc_tls_credentials_options_set_cert_request_type_import
typedef int(*grpc_tls_credentials_options_set_key_materials_config_type)(grpc_tls_credentials_options* options, grpc_tls_key_materials_config* config);
extern grpc_tls_credentials_options_set_key_materials_config_type grpc_tls_credentials_options_set_key_materials_config_import;
#define grpc_tls_credentials_options_set_key_materials_config grpc_tls_credentials_options_set_key_materials_config_import
typedef int(*grpc_tls_credentials_options_set_credential_reload_config_type)(grpc_tls_credentials_options* options, grpc_tls_credential_reload_config* config);
extern grpc_tls_credentials_options_set_credential_reload_config_type grpc_tls_credentials_options_set_credential_reload_config_import;
#define grpc_tls_credentials_options_set_credential_reload_config grpc_tls_credentials_options_set_credential_reload_config_import
typedef int(*grpc_tls_credentials_options_set_server_authorization_check_config_type)(grpc_tls_credentials_options* options, grpc_tls_server_authorization_check_config* config);
extern grpc_tls_credentials_options_set_server_authorization_check_config_type grpc_tls_credentials_options_set_server_authorization_check_config_import;
#define grpc_tls_credentials_options_set_server_authorization_check_config grpc_tls_credentials_options_set_server_authorization_check_config_import
typedef grpc_tls_key_materials_config*(*grpc_tls_key_materials_config_create_type)();
extern grpc_tls_key_materials_config_create_type grpc_tls_key_materials_config_create_import;
#define grpc_tls_key_materials_config_create grpc_tls_key_materials_config_create_import
typedef int(*grpc_tls_key_materials_config_set_key_materials_type)(grpc_tls_key_materials_config* config, const char* pem_root_certs, const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs, size_t num_key_cert_pairs);
extern grpc_tls_key_materials_config_set_key_materials_type grpc_tls_key_materials_config_set_key_materials_import;
#define grpc_tls_key_materials_config_set_key_materials grpc_tls_key_materials_config_set_key_materials_import
typedef grpc_tls_credential_reload_config*(*grpc_tls_credential_reload_config_create_type)(const void* config_user_data, int (*schedule)(void* config_user_data, grpc_tls_credential_reload_arg* arg), void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg), void (*destruct)(void* config_user_data));
extern grpc_tls_credential_reload_config_create_type grpc_tls_credential_reload_config_create_import;
#define grpc_tls_credential_reload_config_create grpc_tls_credential_reload_config_create_import
typedef grpc_tls_server_authorization_check_config*(*grpc_tls_server_authorization_check_config_create_type)(const void* config_user_data, int (*schedule)(void* config_user_data, grpc_tls_server_authorization_check_arg* arg), void (*cancel)(void* config_user_data, grpc_tls_server_authorization_check_arg* arg), void (*destruct)(void* config_user_data));
extern grpc_tls_server_authorization_check_config_create_type grpc_tls_server_authorization_check_config_create_import;
#define grpc_tls_server_authorization_check_config_create grpc_tls_server_authorization_check_config_create_import
typedef grpc_byte_buffer*(*grpc_raw_byte_buffer_create_type)(grpc_slice* slices, size_t nslices);
extern grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import;
#define grpc_raw_byte_buffer_create grpc_raw_byte_buffer_create_import

9
test/core/surface/public_headers_must_be_c89.c
Unescape View File

@ -191,6 +191,15 @@ int main(int argc, char **argv) {
printf("%lx", (unsigned long) grpc_alts_server_credentials_create);
printf("%lx", (unsigned long) grpc_local_credentials_create);
printf("%lx", (unsigned long) grpc_local_server_credentials_create);
printf("%lx", (unsigned long) grpc_tls_credentials_options_create);
printf("%lx", (unsigned long) grpc_tls_credentials_options_set_cert_request_type);
printf("%lx", (unsigned long) grpc_tls_credentials_options_set_key_materials_config);
printf("%lx", (unsigned long) grpc_tls_credentials_options_set_credential_reload_config);
printf("%lx", (unsigned long) grpc_tls_credentials_options_set_server_authorization_check_config);
printf("%lx", (unsigned long) grpc_tls_key_materials_config_create);
printf("%lx", (unsigned long) grpc_tls_key_materials_config_set_key_materials);
printf("%lx", (unsigned long) grpc_tls_credential_reload_config_create);
printf("%lx", (unsigned long) grpc_tls_server_authorization_check_config_create);
printf("%lx", (unsigned long) grpc_raw_byte_buffer_create);
printf("%lx", (unsigned long) grpc_raw_compressed_byte_buffer_create);
printf("%lx", (unsigned long) grpc_byte_buffer_copy);

2
tools/doxygen/Doxyfile.core.internal
Unescape View File

@ -1384,6 +1384,8 @@ src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/plugin/plugin_credentials.h \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.h \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.h \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \

3
tools/run_tests/generated/sources_and_headers.json
Unescape View File

@ -10381,6 +10381,7 @@
"src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h",
"src/core/lib/security/security_connector/alts/alts_security_connector.h",
"src/core/lib/security/security_connector/fake/fake_security_connector.h",
"src/core/lib/security/security_connector/load_system_roots.h",
@ -10434,6 +10435,8 @@
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/credentials/ssl/ssl_credentials.cc",
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h",
"src/core/lib/security/security_connector/alts/alts_security_connector.cc",
"src/core/lib/security/security_connector/alts/alts_security_connector.h",
"src/core/lib/security/security_connector/fake/fake_security_connector.cc",

Write Preview
Loading…
Cancel
Save