Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

rename spiffe to tls

Browse Source
pull/21399/head
Yihua Zhang 5 years ago
parent 7c46d37442
commit a6dbc7adb5
27 changed files with 221 additions and 232 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      BUILD
  2. 8
      BUILD.gn
  3. 18
      CMakeLists.txt
  4. 42
      Makefile
  5. 12
      build.yaml
  6. 4
      config.m4
  7. 4
      config.w32
  8. 8
      gRPC-C++.podspec
  9. 12
      gRPC-Core.podspec
  10. 8
      grpc.gemspec
  11. 4
      grpc.gyp
  12. 10
      include/grpc/grpc_security.h
  13. 8
      package.xml
  14. 47
      src/core/lib/security/credentials/tls/tls_credentials.cc
  15. 18
      src/core/lib/security/credentials/tls/tls_credentials.h
  16. 113
      src/core/lib/security/security_connector/tls/tls_security_connector.cc
  17. 33
      src/core/lib/security/security_connector/tls/tls_security_connector.h
  18. 2
      src/cpp/client/secure_credentials.cc
  19. 5
      src/cpp/server/secure_server_credentials.cc
  20. 4
      src/python/grpcio/grpc_core_dependencies.py
  21. 21
      test/core/end2end/fixtures/h2_tls.cc
  22. 2
      test/core/end2end/generate_tests.bzl
  23. 4
      test/core/security/BUILD
  24. 46
      test/core/security/tls_security_connector_test.cc
  25. 2
      test/cpp/client/credentials_test.cc
  26. 8
      tools/doxygen/Doxyfile.core.internal
  27. 2
      tools/run_tests/generated/tests.json

8
BUILD
Unescape View File

@ -1649,7 +1649,7 @@ grpc_cc_library(
"src/core/lib/security/credentials/plugin/plugin_credentials.cc",
"src/core/lib/security/credentials/ssl/ssl_credentials.cc",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc",
"src/core/lib/security/credentials/tls/spiffe_credentials.cc",
"src/core/lib/security/credentials/tls/tls_credentials.cc",
"src/core/lib/security/security_connector/alts/alts_security_connector.cc",
"src/core/lib/security/security_connector/fake/fake_security_connector.cc",
"src/core/lib/security/security_connector/load_system_roots_fallback.cc",
@ -1659,7 +1659,7 @@ grpc_cc_library(
"src/core/lib/security/security_connector/ssl/ssl_security_connector.cc",
"src/core/lib/security/security_connector/ssl_utils.cc",
"src/core/lib/security/security_connector/ssl_utils_config.cc",
"src/core/lib/security/security_connector/tls/spiffe_security_connector.cc",
"src/core/lib/security/security_connector/tls/tls_security_connector.cc",
"src/core/lib/security/transport/client_auth_filter.cc",
"src/core/lib/security/transport/secure_endpoint.cc",
"src/core/lib/security/transport/security_handshaker.cc",
@ -1687,7 +1687,7 @@ grpc_cc_library(
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h",
"src/core/lib/security/credentials/tls/spiffe_credentials.h",
"src/core/lib/security/credentials/tls/tls_credentials.h",
"src/core/lib/security/security_connector/alts/alts_security_connector.h",
"src/core/lib/security/security_connector/fake/fake_security_connector.h",
"src/core/lib/security/security_connector/load_system_roots.h",
@ -1697,7 +1697,7 @@ grpc_cc_library(
"src/core/lib/security/security_connector/ssl/ssl_security_connector.h",
"src/core/lib/security/security_connector/ssl_utils.h",
"src/core/lib/security/security_connector/ssl_utils_config.h",
"src/core/lib/security/security_connector/tls/spiffe_security_connector.h",
"src/core/lib/security/security_connector/tls/tls_security_connector.h",
"src/core/lib/security/transport/auth_filters.h",
"src/core/lib/security/transport/secure_endpoint.h",
"src/core/lib/security/transport/security_handshaker.h",

8
BUILD.gn
Unescape View File

@ -733,8 +733,8 @@ config("grpc_config") {
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h",
"src/core/lib/security/credentials/tls/spiffe_credentials.cc",
"src/core/lib/security/credentials/tls/spiffe_credentials.h",
"src/core/lib/security/credentials/tls/tls_credentials.cc",
"src/core/lib/security/credentials/tls/tls_credentials.h",
"src/core/lib/security/security_connector/alts/alts_security_connector.cc",
"src/core/lib/security/security_connector/alts/alts_security_connector.h",
"src/core/lib/security/security_connector/fake/fake_security_connector.cc",
@ -753,8 +753,8 @@ config("grpc_config") {
"src/core/lib/security/security_connector/ssl_utils.h",
"src/core/lib/security/security_connector/ssl_utils_config.cc",
"src/core/lib/security/security_connector/ssl_utils_config.h",
"src/core/lib/security/security_connector/tls/spiffe_security_connector.cc",
"src/core/lib/security/security_connector/tls/spiffe_security_connector.h",
"src/core/lib/security/security_connector/tls/tls_security_connector.cc",
"src/core/lib/security/security_connector/tls/tls_security_connector.h",
"src/core/lib/security/transport/auth_filters.h",
"src/core/lib/security/transport/client_auth_filter.cc",
"src/core/lib/security/transport/secure_endpoint.cc",

18
CMakeLists.txt
Unescape View File

@ -746,7 +746,7 @@ if(gRPC_BUILD_TESTS)
add_dependencies(buildtests_cxx grpc_cli)
add_dependencies(buildtests_cxx grpc_fetch_oauth2)
add_dependencies(buildtests_cxx grpc_linux_system_roots_test)
add_dependencies(buildtests_cxx grpc_spiffe_security_connector_test)
add_dependencies(buildtests_cxx grpc_tls_security_connector_test)
add_dependencies(buildtests_cxx grpc_tool_test)
add_dependencies(buildtests_cxx grpclb_api_test)
add_dependencies(buildtests_cxx grpclb_end2end_test)
@ -1306,7 +1306,7 @@ add_library(grpc
src/core/lib/security/credentials/plugin/plugin_credentials.cc
src/core/lib/security/credentials/ssl/ssl_credentials.cc
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
src/core/lib/security/credentials/tls/spiffe_credentials.cc
src/core/lib/security/credentials/tls/tls_credentials.cc
src/core/lib/security/security_connector/alts/alts_security_connector.cc
src/core/lib/security/security_connector/fake/fake_security_connector.cc
src/core/lib/security/security_connector/load_system_roots_fallback.cc
@ -1316,7 +1316,7 @@ add_library(grpc
src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
src/core/lib/security/security_connector/ssl_utils.cc
src/core/lib/security/security_connector/ssl_utils_config.cc
src/core/lib/security/security_connector/tls/spiffe_security_connector.cc
src/core/lib/security/security_connector/tls/tls_security_connector.cc
src/core/lib/security/transport/client_auth_filter.cc
src/core/lib/security/transport/secure_endpoint.cc
src/core/lib/security/transport/security_handshaker.cc
@ -1821,7 +1821,7 @@ add_library(grpc_cronet
src/core/lib/security/credentials/plugin/plugin_credentials.cc
src/core/lib/security/credentials/ssl/ssl_credentials.cc
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
src/core/lib/security/credentials/tls/spiffe_credentials.cc
src/core/lib/security/credentials/tls/tls_credentials.cc
src/core/lib/security/security_connector/alts/alts_security_connector.cc
src/core/lib/security/security_connector/fake/fake_security_connector.cc
src/core/lib/security/security_connector/load_system_roots_fallback.cc
@ -1831,7 +1831,7 @@ add_library(grpc_cronet
src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
src/core/lib/security/security_connector/ssl_utils.cc
src/core/lib/security/security_connector/ssl_utils_config.cc
src/core/lib/security/security_connector/tls/spiffe_security_connector.cc
src/core/lib/security/security_connector/tls/tls_security_connector.cc
src/core/lib/security/transport/client_auth_filter.cc
src/core/lib/security/transport/secure_endpoint.cc
src/core/lib/security/transport/security_handshaker.cc
@ -13185,13 +13185,13 @@ endif()
endif()
if(gRPC_BUILD_TESTS)
add_executable(grpc_spiffe_security_connector_test
test/core/security/spiffe_security_connector_test.cc
add_executable(grpc_tls_security_connector_test
test/core/security/tls_security_connector_test.cc
third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc
)
target_include_directories(grpc_spiffe_security_connector_test
target_include_directories(grpc_tls_security_connector_test
PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/include
@ -13208,7 +13208,7 @@ target_include_directories(grpc_spiffe_security_connector_test
${_gRPC_PROTO_GENS_DIR}
)
target_link_libraries(grpc_spiffe_security_connector_test
target_link_libraries(grpc_tls_security_connector_test
${_gRPC_PROTOBUF_LIBRARIES}
${_gRPC_ALLTARGETS_LIBRARIES}
grpc_test_util

42
Makefile
Unescape View File

@ -1237,7 +1237,7 @@ grpc_objective_c_plugin: $(BINDIR)/$(CONFIG)/grpc_objective_c_plugin
grpc_php_plugin: $(BINDIR)/$(CONFIG)/grpc_php_plugin
grpc_python_plugin: $(BINDIR)/$(CONFIG)/grpc_python_plugin
grpc_ruby_plugin: $(BINDIR)/$(CONFIG)/grpc_ruby_plugin
grpc_spiffe_security_connector_test: $(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test
grpc_tls_security_connector_test: $(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test
grpc_tool_test: $(BINDIR)/$(CONFIG)/grpc_tool_test
grpclb_api_test: $(BINDIR)/$(CONFIG)/grpclb_api_test
grpclb_end2end_test: $(BINDIR)/$(CONFIG)/grpclb_end2end_test
@ -1705,7 +1705,7 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/grpc_cli \
$(BINDIR)/$(CONFIG)/grpc_fetch_oauth2 \
$(BINDIR)/$(CONFIG)/grpc_linux_system_roots_test \
$(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test \
$(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test \
$(BINDIR)/$(CONFIG)/grpc_tool_test \
$(BINDIR)/$(CONFIG)/grpclb_api_test \
$(BINDIR)/$(CONFIG)/grpclb_end2end_test \
@ -1878,7 +1878,7 @@ buildtests_cxx: privatelibs_cxx \
$(BINDIR)/$(CONFIG)/grpc_cli \
$(BINDIR)/$(CONFIG)/grpc_fetch_oauth2 \
$(BINDIR)/$(CONFIG)/grpc_linux_system_roots_test \
$(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test \
$(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test \
$(BINDIR)/$(CONFIG)/grpc_tool_test \
$(BINDIR)/$(CONFIG)/grpclb_api_test \
$(BINDIR)/$(CONFIG)/grpclb_end2end_test \
@ -2383,8 +2383,8 @@ test_cxx: buildtests_cxx
$(Q) $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test || ( echo test grpc_alts_credentials_options_test failed ; exit 1 )
$(E) "[RUN] Testing grpc_linux_system_roots_test"
$(Q) $(BINDIR)/$(CONFIG)/grpc_linux_system_roots_test || ( echo test grpc_linux_system_roots_test failed ; exit 1 )
$(E) "[RUN] Testing grpc_spiffe_security_connector_test"
$(Q) $(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test || ( echo test grpc_spiffe_security_connector_test failed ; exit 1 )
$(E) "[RUN] Testing grpc_tls_security_connector_test"
$(Q) $(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test || ( echo test grpc_tls_security_connector_test failed ; exit 1 )
$(E) "[RUN] Testing grpc_tool_test"
$(Q) $(BINDIR)/$(CONFIG)/grpc_tool_test || ( echo test grpc_tool_test failed ; exit 1 )
$(E) "[RUN] Testing grpclb_api_test"
@ -3788,7 +3788,7 @@ LIBGRPC_SRC = \
src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/credentials/tls/spiffe_credentials.cc \
src/core/lib/security/credentials/tls/tls_credentials.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
src/core/lib/security/security_connector/load_system_roots_fallback.cc \
@ -3798,7 +3798,7 @@ LIBGRPC_SRC = \
src/core/lib/security/security_connector/ssl/ssl_security_connector.cc \
src/core/lib/security/security_connector/ssl_utils.cc \
src/core/lib/security/security_connector/ssl_utils_config.cc \
src/core/lib/security/security_connector/tls/spiffe_security_connector.cc \
src/core/lib/security/security_connector/tls/tls_security_connector.cc \
src/core/lib/security/transport/client_auth_filter.cc \
src/core/lib/security/transport/secure_endpoint.cc \
src/core/lib/security/transport/security_handshaker.cc \
@ -4295,7 +4295,7 @@ LIBGRPC_CRONET_SRC = \
src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/credentials/tls/spiffe_credentials.cc \
src/core/lib/security/credentials/tls/tls_credentials.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
src/core/lib/security/security_connector/load_system_roots_fallback.cc \
@ -4305,7 +4305,7 @@ LIBGRPC_CRONET_SRC = \
src/core/lib/security/security_connector/ssl/ssl_security_connector.cc \
src/core/lib/security/security_connector/ssl_utils.cc \
src/core/lib/security/security_connector/ssl_utils_config.cc \
src/core/lib/security/security_connector/tls/spiffe_security_connector.cc \
src/core/lib/security/security_connector/tls/tls_security_connector.cc \
src/core/lib/security/transport/client_auth_filter.cc \
src/core/lib/security/transport/secure_endpoint.cc \
src/core/lib/security/transport/security_handshaker.cc \
@ -17423,15 +17423,15 @@ ifneq ($(NO_DEPS),true)
endif
GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_SRC = \
test/core/security/spiffe_security_connector_test.cc \
GRPC_TLS_SECURITY_CONNECTOR_TEST_SRC = \
test/core/security/tls_security_connector_test.cc \
GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_SRC))))
GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(GRPC_TLS_SECURITY_CONNECTOR_TEST_SRC))))
ifeq ($(NO_SECURE),true)
# You can't build secure targets if you don't have OpenSSL.
$(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test: openssl_dep_error
$(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test: openssl_dep_error
else
@ -17442,26 +17442,26 @@ ifeq ($(NO_PROTOBUF),true)
# You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.5.0+.
$(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test: protobuf_dep_error
$(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test: protobuf_dep_error
else
$(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test: $(PROTOBUF_DEP) $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
$(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test: $(PROTOBUF_DEP) $(GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
$(E) "[LD] Linking $@"
$(Q) mkdir -p `dirname $@`
$(Q) $(LDXX) $(LDFLAGS) $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test
$(Q) $(LDXX) $(LDFLAGS) $(GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test
endif
endif
$(OBJDIR)/$(CONFIG)/test/core/security/spiffe_security_connector_test.o: $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
$(OBJDIR)/$(CONFIG)/test/core/security/tls_security_connector_test.o: $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a
deps_grpc_spiffe_security_connector_test: $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep)
deps_grpc_tls_security_connector_test: $(GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep)
ifneq ($(NO_SECURE),true)
ifneq ($(NO_DEPS),true)
-include $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep)
-include $(GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep)
endif
endif
@ -23112,7 +23112,7 @@ src/core/lib/security/credentials/oauth2/oauth2_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/plugin/plugin_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/ssl/ssl_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/tls/spiffe_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/tls/tls_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/alts/alts_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/fake/fake_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/load_system_roots_fallback.cc: $(OPENSSL_DEP)
@ -23122,7 +23122,7 @@ src/core/lib/security/security_connector/security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/ssl/ssl_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/ssl_utils.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/ssl_utils_config.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/tls/spiffe_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/tls/tls_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/transport/client_auth_filter.cc: $(OPENSSL_DEP)
src/core/lib/security/transport/secure_endpoint.cc: $(OPENSSL_DEP)
src/core/lib/security/transport/security_handshaker.cc: $(OPENSSL_DEP)

12
build.yaml
Unescape View File

@ -1282,7 +1282,7 @@ filegroups:
- src/core/lib/security/credentials/plugin/plugin_credentials.h
- src/core/lib/security/credentials/ssl/ssl_credentials.h
- src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h
- src/core/lib/security/credentials/tls/spiffe_credentials.h
- src/core/lib/security/credentials/tls/tls_credentials.h
- src/core/lib/security/security_connector/alts/alts_security_connector.h
- src/core/lib/security/security_connector/fake/fake_security_connector.h
- src/core/lib/security/security_connector/load_system_roots.h
@ -1292,7 +1292,7 @@ filegroups:
- src/core/lib/security/security_connector/ssl/ssl_security_connector.h
- src/core/lib/security/security_connector/ssl_utils.h
- src/core/lib/security/security_connector/ssl_utils_config.h
- src/core/lib/security/security_connector/tls/spiffe_security_connector.h
- src/core/lib/security/security_connector/tls/tls_security_connector.h
- src/core/lib/security/transport/auth_filters.h
- src/core/lib/security/transport/secure_endpoint.h
- src/core/lib/security/transport/security_handshaker.h
@ -1318,7 +1318,7 @@ filegroups:
- src/core/lib/security/credentials/plugin/plugin_credentials.cc
- src/core/lib/security/credentials/ssl/ssl_credentials.cc
- src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
- src/core/lib/security/credentials/tls/spiffe_credentials.cc
- src/core/lib/security/credentials/tls/tls_credentials.cc
- src/core/lib/security/security_connector/alts/alts_security_connector.cc
- src/core/lib/security/security_connector/fake/fake_security_connector.cc
- src/core/lib/security/security_connector/load_system_roots_fallback.cc
@ -1328,7 +1328,7 @@ filegroups:
- src/core/lib/security/security_connector/ssl/ssl_security_connector.cc
- src/core/lib/security/security_connector/ssl_utils.cc
- src/core/lib/security/security_connector/ssl_utils_config.cc
- src/core/lib/security/security_connector/tls/spiffe_security_connector.cc
- src/core/lib/security/security_connector/tls/tls_security_connector.cc
- src/core/lib/security/transport/client_auth_filter.cc
- src/core/lib/security/transport/secure_endpoint.cc
- src/core/lib/security/transport/security_handshaker.cc
@ -5078,12 +5078,12 @@ targets:
deps:
- grpc_plugin_support
secure: false
- name: grpc_spiffe_security_connector_test
- name: grpc_tls_security_connector_test
gtest: true
build: test
language: c++
src:
- test/core/security/spiffe_security_connector_test.cc
- test/core/security/tls_security_connector_test.cc
deps:
- grpc_test_util
- grpc++_test_util

4
config.m4
Unescape View File

@ -362,7 +362,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/security/credentials/plugin/plugin_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/credentials/tls/spiffe_credentials.cc \
src/core/lib/security/credentials/tls/tls_credentials.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
src/core/lib/security/security_connector/load_system_roots_fallback.cc \
@ -372,7 +372,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/security/security_connector/ssl/ssl_security_connector.cc \
src/core/lib/security/security_connector/ssl_utils.cc \
src/core/lib/security/security_connector/ssl_utils_config.cc \
src/core/lib/security/security_connector/tls/spiffe_security_connector.cc \
src/core/lib/security/security_connector/tls/tls_security_connector.cc \
src/core/lib/security/transport/client_auth_filter.cc \
src/core/lib/security/transport/secure_endpoint.cc \
src/core/lib/security/transport/security_handshaker.cc \

4
config.w32
Unescape View File

@ -265,7 +265,7 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\security\\credentials\\plugin\\plugin_credentials.cc " +
"src\\core\\lib\\security\\credentials\\ssl\\ssl_credentials.cc " +
"src\\core\\lib\\security\\credentials\\tls\\grpc_tls_credentials_options.cc " +
"src\\core\\lib\\security\\credentials\\tls\\spiffe_credentials.cc " +
"src\\core\\lib\\security\\credentials\\tls\\tls_credentials.cc " +
"src\\core\\lib\\security\\security_connector\\alts\\alts_security_connector.cc " +
"src\\core\\lib\\security\\security_connector\\fake\\fake_security_connector.cc " +
"src\\core\\lib\\security\\security_connector\\load_system_roots_fallback.cc " +
@ -275,7 +275,7 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\security\\security_connector\\ssl\\ssl_security_connector.cc " +
"src\\core\\lib\\security\\security_connector\\ssl_utils.cc " +
"src\\core\\lib\\security\\security_connector\\ssl_utils_config.cc " +
"src\\core\\lib\\security\\security_connector\\tls\\spiffe_security_connector.cc " +
"src\\core\\lib\\security\\security_connector\\tls\\tls_security_connector.cc " +
"src\\core\\lib\\security\\transport\\client_auth_filter.cc " +
"src\\core\\lib\\security\\transport\\secure_endpoint.cc " +
"src\\core\\lib\\security\\transport\\security_handshaker.cc " +

8
gRPC-C++.podspec
Unescape View File

@ -545,7 +545,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/credentials/tls/spiffe_credentials.h',
'src/core/lib/security/credentials/tls/tls_credentials.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.h',
'src/core/lib/security/security_connector/load_system_roots.h',
@ -555,7 +555,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/security_connector/ssl/ssl_security_connector.h',
'src/core/lib/security/security_connector/ssl_utils.h',
'src/core/lib/security/security_connector/ssl_utils_config.h',
'src/core/lib/security/security_connector/tls/spiffe_security_connector.h',
'src/core/lib/security/security_connector/tls/tls_security_connector.h',
'src/core/lib/security/transport/auth_filters.h',
'src/core/lib/security/transport/secure_endpoint.h',
'src/core/lib/security/transport/security_handshaker.h',
@ -1133,7 +1133,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/credentials/tls/spiffe_credentials.h',
'src/core/lib/security/credentials/tls/tls_credentials.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.h',
'src/core/lib/security/security_connector/load_system_roots.h',
@ -1143,7 +1143,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/security_connector/ssl/ssl_security_connector.h',
'src/core/lib/security/security_connector/ssl_utils.h',
'src/core/lib/security/security_connector/ssl_utils_config.h',
'src/core/lib/security/security_connector/tls/spiffe_security_connector.h',
'src/core/lib/security/security_connector/tls/tls_security_connector.h',
'src/core/lib/security/transport/auth_filters.h',
'src/core/lib/security/transport/secure_endpoint.h',
'src/core/lib/security/transport/security_handshaker.h',

12
gRPC-Core.podspec
Unescape View File

@ -785,8 +785,8 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/credentials/tls/spiffe_credentials.cc',
'src/core/lib/security/credentials/tls/spiffe_credentials.h',
'src/core/lib/security/credentials/tls/tls_credentials.cc',
'src/core/lib/security/credentials/tls/tls_credentials.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.cc',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.cc',
@ -805,8 +805,8 @@ Pod::Spec.new do |s|
'src/core/lib/security/security_connector/ssl_utils.h',
'src/core/lib/security/security_connector/ssl_utils_config.cc',
'src/core/lib/security/security_connector/ssl_utils_config.h',
'src/core/lib/security/security_connector/tls/spiffe_security_connector.cc',
'src/core/lib/security/security_connector/tls/spiffe_security_connector.h',
'src/core/lib/security/security_connector/tls/tls_security_connector.cc',
'src/core/lib/security/security_connector/tls/tls_security_connector.h',
'src/core/lib/security/transport/auth_filters.h',
'src/core/lib/security/transport/client_auth_filter.cc',
'src/core/lib/security/transport/secure_endpoint.cc',
@ -1238,7 +1238,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/credentials/tls/spiffe_credentials.h',
'src/core/lib/security/credentials/tls/tls_credentials.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.h',
'src/core/lib/security/security_connector/load_system_roots.h',
@ -1248,7 +1248,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/security_connector/ssl/ssl_security_connector.h',
'src/core/lib/security/security_connector/ssl_utils.h',
'src/core/lib/security/security_connector/ssl_utils_config.h',
'src/core/lib/security/security_connector/tls/spiffe_security_connector.h',
'src/core/lib/security/security_connector/tls/tls_security_connector.h',
'src/core/lib/security/transport/auth_filters.h',
'src/core/lib/security/transport/secure_endpoint.h',
'src/core/lib/security/transport/security_handshaker.h',

8
grpc.gemspec
Unescape View File

@ -697,8 +697,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.h )
s.files += %w( src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc )
s.files += %w( src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h )
s.files += %w( src/core/lib/security/credentials/tls/spiffe_credentials.cc )
s.files += %w( src/core/lib/security/credentials/tls/spiffe_credentials.h )
s.files += %w( src/core/lib/security/credentials/tls/tls_credentials.cc )
s.files += %w( src/core/lib/security/credentials/tls/tls_credentials.h )
s.files += %w( src/core/lib/security/security_connector/alts/alts_security_connector.cc )
s.files += %w( src/core/lib/security/security_connector/alts/alts_security_connector.h )
s.files += %w( src/core/lib/security/security_connector/fake/fake_security_connector.cc )
@ -717,8 +717,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/security_connector/ssl_utils.h )
s.files += %w( src/core/lib/security/security_connector/ssl_utils_config.cc )
s.files += %w( src/core/lib/security/security_connector/ssl_utils_config.h )
s.files += %w( src/core/lib/security/security_connector/tls/spiffe_security_connector.cc )
s.files += %w( src/core/lib/security/security_connector/tls/spiffe_security_connector.h )
s.files += %w( src/core/lib/security/security_connector/tls/tls_security_connector.cc )
s.files += %w( src/core/lib/security/security_connector/tls/tls_security_connector.h )
s.files += %w( src/core/lib/security/transport/auth_filters.h )
s.files += %w( src/core/lib/security/transport/client_auth_filter.cc )
s.files += %w( src/core/lib/security/transport/secure_endpoint.cc )

4
grpc.gyp
Unescape View File

@ -434,7 +434,7 @@
'src/core/lib/security/credentials/plugin/plugin_credentials.cc',
'src/core/lib/security/credentials/ssl/ssl_credentials.cc',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc',
'src/core/lib/security/credentials/tls/spiffe_credentials.cc',
'src/core/lib/security/credentials/tls/tls_credentials.cc',
'src/core/lib/security/security_connector/alts/alts_security_connector.cc',
'src/core/lib/security/security_connector/fake/fake_security_connector.cc',
'src/core/lib/security/security_connector/load_system_roots_fallback.cc',
@ -444,7 +444,7 @@
'src/core/lib/security/security_connector/ssl/ssl_security_connector.cc',
'src/core/lib/security/security_connector/ssl_utils.cc',
'src/core/lib/security/security_connector/ssl_utils_config.cc',
'src/core/lib/security/security_connector/tls/spiffe_security_connector.cc',
'src/core/lib/security/security_connector/tls/tls_security_connector.cc',
'src/core/lib/security/transport/client_auth_filter.cc',
'src/core/lib/security/transport/secure_endpoint.cc',
'src/core/lib/security/transport/security_handshaker.cc',

10
include/grpc/grpc_security.h
Unescape View File

@ -698,7 +698,7 @@ GRPCAPI grpc_channel_credentials* grpc_local_credentials_create(
GRPCAPI grpc_server_credentials* grpc_local_server_credentials_create(
grpc_local_connect_type type);
/** --- SPIFFE and HTTPS-based TLS channel/server credentials ---
/** --- TLS channel/server credentials ---
* It is used for experimental purpose for now and subject to change. */
/** Config for TLS key materials. It is used for
@ -938,10 +938,8 @@ grpc_tls_server_authorization_check_config_create(
grpc_tls_server_authorization_check_arg* arg),
void (*destruct)(void* config_user_data));
/** --- SPIFFE channel/server credentials --- **/
/**
* This method creates a TLS SPIFFE channel credential object.
* This method creates a TLS channel credential object.
* It takes ownership of the options parameter.
*
* - options: grpc TLS credentials options instance.
@ -952,7 +950,7 @@ grpc_tls_server_authorization_check_config_create(
* to change.
*/
grpc_channel_credentials* grpc_tls_spiffe_credentials_create(
grpc_channel_credentials* grpc_tls_credentials_create(
grpc_tls_credentials_options* options);
/**
@ -966,7 +964,7 @@ grpc_channel_credentials* grpc_tls_spiffe_credentials_create(
* It is used for experimental purpose for now and subject
* to change.
*/
grpc_server_credentials* grpc_tls_spiffe_server_credentials_create(
grpc_server_credentials* grpc_tls_server_credentials_create(
grpc_tls_credentials_options* options);
#ifdef __cplusplus

8
package.xml
Unescape View File

@ -680,8 +680,8 @@
<file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/tls/spiffe_credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/tls/spiffe_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/tls/tls_credentials.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/tls/tls_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/alts/alts_security_connector.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/alts/alts_security_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/fake/fake_security_connector.cc" role="src" />
@ -700,8 +700,8 @@
<file baseinstalldir="/" name="src/core/lib/security/security_connector/ssl_utils.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/ssl_utils_config.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/ssl_utils_config.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/tls/spiffe_security_connector.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/tls/spiffe_security_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/tls/tls_security_connector.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/security_connector/tls/tls_security_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/auth_filters.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/client_auth_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.cc" role="src" />

47
src/core/lib/security/credentials/tls/spiffe_credentials.cc → src/core/lib/security/credentials/tls/tls_credentials.cc
Unescape View File

@ -18,7 +18,7 @@
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/credentials/tls/spiffe_credentials.h"
#include "src/core/lib/security/credentials/tls/tls_credentials.h"
#include <cstring>
@ -28,24 +28,23 @@
#include <grpc/support/string_util.h>
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/security/security_connector/tls/spiffe_security_connector.h"
#include "src/core/lib/security/security_connector/tls/tls_security_connector.h"
#define GRPC_CREDENTIALS_TYPE_SPIFFE "Spiffe"
#define GRPC_CREDENTIALS_TYPE_TLS "Tls"
namespace {
bool CredentialOptionSanityCheck(const grpc_tls_credentials_options* options,
bool is_client) {
if (options == nullptr) {
gpr_log(GPR_ERROR, "SPIFFE TLS credentials options is nullptr.");
gpr_log(GPR_ERROR, "TLS credentials options is nullptr.");
return false;
}
if (options->key_materials_config() == nullptr &&
options->credential_reload_config() == nullptr) {
gpr_log(
GPR_ERROR,
"SPIFFE TLS credentials options must specify either key materials or "
"credential reload config.");
gpr_log(GPR_ERROR,
"TLS credentials options must specify either key materials or "
"credential reload config.");
return false;
}
if (!is_client && options->server_authorization_check_config() != nullptr) {
@ -58,15 +57,15 @@ bool CredentialOptionSanityCheck(const grpc_tls_credentials_options* options,
} // namespace
SpiffeCredentials::SpiffeCredentials(
TlsCredentials::TlsCredentials(
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
: grpc_channel_credentials(GRPC_CREDENTIALS_TYPE_SPIFFE),
: grpc_channel_credentials(GRPC_CREDENTIALS_TYPE_TLS),
options_(std::move(options)) {}
SpiffeCredentials::~SpiffeCredentials() {}
TlsCredentials::~TlsCredentials() {}
grpc_core::RefCountedPtr<grpc_channel_security_connector>
SpiffeCredentials::create_security_connector(
TlsCredentials::create_security_connector(
grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
const char* target_name, const grpc_channel_args* args,
grpc_channel_args** new_args) {
@ -84,8 +83,8 @@ SpiffeCredentials::create_security_connector(
static_cast<tsi_ssl_session_cache*>(arg->value.pointer.p);
}
}
grpc_core::RefCountedPtr<grpc_channel_security_connector> sc = grpc_core::
SpiffeChannelSecurityConnector::CreateSpiffeChannelSecurityConnector(
grpc_core::RefCountedPtr<grpc_channel_security_connector> sc =
grpc_core::TlsChannelSecurityConnector::CreateTlsChannelSecurityConnector(
this->Ref(), std::move(call_creds), target_name,
overridden_target_name, ssl_session_cache);
if (sc == nullptr) {
@ -97,33 +96,33 @@ SpiffeCredentials::create_security_connector(
return sc;
}
SpiffeServerCredentials::SpiffeServerCredentials(
TlsServerCredentials::TlsServerCredentials(
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
: grpc_server_credentials(GRPC_CREDENTIALS_TYPE_SPIFFE),
: grpc_server_credentials(GRPC_CREDENTIALS_TYPE_TLS),
options_(std::move(options)) {}
SpiffeServerCredentials::~SpiffeServerCredentials() {}
TlsServerCredentials::~TlsServerCredentials() {}
grpc_core::RefCountedPtr<grpc_server_security_connector>
SpiffeServerCredentials::create_security_connector() {
return grpc_core::SpiffeServerSecurityConnector::
CreateSpiffeServerSecurityConnector(this->Ref());
TlsServerCredentials::create_security_connector() {
return grpc_core::TlsServerSecurityConnector::
CreateTlsServerSecurityConnector(this->Ref());
}
grpc_channel_credentials* grpc_tls_spiffe_credentials_create(
grpc_channel_credentials* grpc_tls_credentials_create(
grpc_tls_credentials_options* options) {
if (!CredentialOptionSanityCheck(options, true /* is_client */)) {
return nullptr;
}
return new SpiffeCredentials(
return new TlsCredentials(
grpc_core::RefCountedPtr<grpc_tls_credentials_options>(options));
}
grpc_server_credentials* grpc_tls_spiffe_server_credentials_create(
grpc_server_credentials* grpc_tls_server_credentials_create(
grpc_tls_credentials_options* options) {
if (!CredentialOptionSanityCheck(options, false /* is_client */)) {
return nullptr;
}
return new SpiffeServerCredentials(
return new TlsServerCredentials(
grpc_core::RefCountedPtr<grpc_tls_credentials_options>(options));
}

18
src/core/lib/security/credentials/tls/spiffe_credentials.h → src/core/lib/security/credentials/tls/tls_credentials.h
Unescape View File

@ -16,8 +16,8 @@
*
*/
#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_SPIFFE_CREDENTIALS_H
#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_SPIFFE_CREDENTIALS_H
#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_TLS_CREDENTIALS_H
#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_TLS_CREDENTIALS_H
#include <grpc/support/port_platform.h>
@ -26,11 +26,11 @@
#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
class SpiffeCredentials final : public grpc_channel_credentials {
class TlsCredentials final : public grpc_channel_credentials {
public:
explicit SpiffeCredentials(
explicit TlsCredentials(
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options);
~SpiffeCredentials() override;
~TlsCredentials() override;
grpc_core::RefCountedPtr<grpc_channel_security_connector>
create_security_connector(
@ -44,11 +44,11 @@ class SpiffeCredentials final : public grpc_channel_credentials {
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options_;
};
class SpiffeServerCredentials final : public grpc_server_credentials {
class TlsServerCredentials final : public grpc_server_credentials {
public:
explicit SpiffeServerCredentials(
explicit TlsServerCredentials(
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options);
~SpiffeServerCredentials() override;
~TlsServerCredentials() override;
grpc_core::RefCountedPtr<grpc_server_security_connector>
create_security_connector() override;
@ -59,4 +59,4 @@ class SpiffeServerCredentials final : public grpc_server_credentials {
grpc_core::RefCountedPtr<grpc_tls_credentials_options> options_;
};
#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_SPIFFE_CREDENTIALS_H */
#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_TLS_CREDENTIALS_H */

113
src/core/lib/security/security_connector/tls/spiffe_security_connector.cc → src/core/lib/security/security_connector/tls/tls_security_connector.cc
Unescape View File

@ -18,7 +18,7 @@
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/security_connector/tls/spiffe_security_connector.h"
#include "src/core/lib/security/security_connector/tls/tls_security_connector.h"
#include <stdbool.h>
#include <string.h>
@ -30,7 +30,7 @@
#include "src/core/lib/gprpp/host_port.h"
#include "src/core/lib/security/credentials/ssl/ssl_credentials.h"
#include "src/core/lib/security/credentials/tls/spiffe_credentials.h"
#include "src/core/lib/security/credentials/tls/tls_credentials.h"
#include "src/core/lib/security/security_connector/ssl_utils.h"
#include "src/core/lib/security/transport/security_handshaker.h"
#include "src/core/lib/slice/slice_internal.h"
@ -62,7 +62,7 @@ tsi_ssl_pem_key_cert_pair* ConvertToTsiPemKeyCertPair(
} // namespace
/** -- Util function to fetch SPIFFE server/channel credentials. -- */
/** -- Util function to fetch TLS server/channel credentials. -- */
grpc_status_code TlsFetchKeyMaterials(
const grpc_core::RefCountedPtr<grpc_tls_key_materials_config>&
key_materials_config,
@ -111,7 +111,7 @@ grpc_status_code TlsFetchKeyMaterials(
return status;
}
SpiffeChannelSecurityConnector::SpiffeChannelSecurityConnector(
TlsChannelSecurityConnector::TlsChannelSecurityConnector(
grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,
grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds,
const char* target_name, const char* overridden_target_name)
@ -129,7 +129,7 @@ SpiffeChannelSecurityConnector::SpiffeChannelSecurityConnector(
target_name_ = grpc_core::StringViewToCString(host);
}
SpiffeChannelSecurityConnector::~SpiffeChannelSecurityConnector() {
TlsChannelSecurityConnector::~TlsChannelSecurityConnector() {
if (client_handshaker_factory_ != nullptr) {
tsi_ssl_client_handshaker_factory_unref(client_handshaker_factory_);
}
@ -139,7 +139,7 @@ SpiffeChannelSecurityConnector::~SpiffeChannelSecurityConnector() {
ServerAuthorizationCheckArgDestroy(check_arg_);
}
void SpiffeChannelSecurityConnector::add_handshakers(
void TlsChannelSecurityConnector::add_handshakers(
const grpc_channel_args* args, grpc_pollset_set* /*interested_parties*/,
grpc_core::HandshakeManager* handshake_mgr) {
if (RefreshHandshakerFactory() != GRPC_SECURITY_OK) {
@ -162,7 +162,7 @@ void SpiffeChannelSecurityConnector::add_handshakers(
handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(tsi_hs, this, args));
}
void SpiffeChannelSecurityConnector::check_peer(
void TlsChannelSecurityConnector::check_peer(
tsi_peer peer, grpc_endpoint* /*ep*/,
grpc_core::RefCountedPtr<grpc_auth_context>* auth_context,
grpc_closure* on_peer_checked) {
@ -175,10 +175,10 @@ void SpiffeChannelSecurityConnector::check_peer(
tsi_peer_destruct(&peer);
return;
}
*auth_context = grpc_ssl_peer_to_auth_context(
&peer, GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE);
const SpiffeCredentials* creds =
static_cast<const SpiffeCredentials*>(channel_creds());
*auth_context =
grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE);
const TlsCredentials* creds =
static_cast<const TlsCredentials*>(channel_creds());
const grpc_tls_server_authorization_check_config* config =
creds->options().server_authorization_check_config();
/* If server authorization config is not null, use it to perform
@ -216,10 +216,9 @@ void SpiffeChannelSecurityConnector::check_peer(
tsi_peer_destruct(&peer);
}
int SpiffeChannelSecurityConnector::cmp(
int TlsChannelSecurityConnector::cmp(
const grpc_security_connector* other_sc) const {
auto* other =
reinterpret_cast<const SpiffeChannelSecurityConnector*>(other_sc);
auto* other = reinterpret_cast<const TlsChannelSecurityConnector*>(other_sc);
int c = channel_security_connector_cmp(other);
if (c != 0) {
return c;
@ -229,7 +228,7 @@ int SpiffeChannelSecurityConnector::cmp(
other->overridden_target_name_.get());
}
bool SpiffeChannelSecurityConnector::check_call_host(
bool TlsChannelSecurityConnector::check_call_host(
grpc_core::StringView host, grpc_auth_context* auth_context,
grpc_closure* on_call_host_checked, grpc_error** error) {
return grpc_ssl_check_call_host(host, target_name_.get(),
@ -237,13 +236,13 @@ bool SpiffeChannelSecurityConnector::check_call_host(
on_call_host_checked, error);
}
void SpiffeChannelSecurityConnector::cancel_check_call_host(
void TlsChannelSecurityConnector::cancel_check_call_host(
grpc_closure* /*on_call_host_checked*/, grpc_error* error) {
GRPC_ERROR_UNREF(error);
}
grpc_core::RefCountedPtr<grpc_channel_security_connector>
SpiffeChannelSecurityConnector::CreateSpiffeChannelSecurityConnector(
TlsChannelSecurityConnector::CreateTlsChannelSecurityConnector(
grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,
grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds,
const char* target_name, const char* overridden_target_name,
@ -251,17 +250,17 @@ SpiffeChannelSecurityConnector::CreateSpiffeChannelSecurityConnector(
if (channel_creds == nullptr) {
gpr_log(GPR_ERROR,
"channel_creds is nullptr in "
"SpiffeChannelSecurityConnectorCreate()");
"TlsChannelSecurityConnectorCreate()");
return nullptr;
}
if (target_name == nullptr) {
gpr_log(GPR_ERROR,
"target_name is nullptr in "
"SpiffeChannelSecurityConnectorCreate()");
"TlsChannelSecurityConnectorCreate()");
return nullptr;
}
grpc_core::RefCountedPtr<SpiffeChannelSecurityConnector> c =
grpc_core::MakeRefCounted<SpiffeChannelSecurityConnector>(
grpc_core::RefCountedPtr<TlsChannelSecurityConnector> c =
grpc_core::MakeRefCounted<TlsChannelSecurityConnector>(
std::move(channel_creds), std::move(request_metadata_creds),
target_name, overridden_target_name);
if (c->InitializeHandshakerFactory(ssl_session_cache) != GRPC_SECURITY_OK) {
@ -271,7 +270,7 @@ SpiffeChannelSecurityConnector::CreateSpiffeChannelSecurityConnector(
return c;
}
grpc_security_status SpiffeChannelSecurityConnector::ReplaceHandshakerFactory(
grpc_security_status TlsChannelSecurityConnector::ReplaceHandshakerFactory(
tsi_ssl_session_cache* ssl_session_cache) {
/* Free the client handshaker factory if exists. */
if (client_handshaker_factory_) {
@ -288,12 +287,11 @@ grpc_security_status SpiffeChannelSecurityConnector::ReplaceHandshakerFactory(
return status;
}
grpc_security_status
SpiffeChannelSecurityConnector::InitializeHandshakerFactory(
grpc_security_status TlsChannelSecurityConnector::InitializeHandshakerFactory(
tsi_ssl_session_cache* ssl_session_cache) {
grpc_core::MutexLock lock(&mu_);
const SpiffeCredentials* creds =
static_cast<const SpiffeCredentials*>(channel_creds());
const TlsCredentials* creds =
static_cast<const TlsCredentials*>(channel_creds());
grpc_tls_key_materials_config* key_materials_config =
creds->options().key_materials_config();
/* Copy key materials config from credential options. */
@ -315,11 +313,10 @@ SpiffeChannelSecurityConnector::InitializeHandshakerFactory(
return ReplaceHandshakerFactory(ssl_session_cache);
}
grpc_security_status
SpiffeChannelSecurityConnector::RefreshHandshakerFactory() {
grpc_security_status TlsChannelSecurityConnector::RefreshHandshakerFactory() {
grpc_core::MutexLock lock(&mu_);
const SpiffeCredentials* creds =
static_cast<const SpiffeCredentials*>(channel_creds());
const TlsCredentials* creds =
static_cast<const TlsCredentials*>(channel_creds());
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(),
@ -334,18 +331,17 @@ SpiffeChannelSecurityConnector::RefreshHandshakerFactory() {
}
}
void SpiffeChannelSecurityConnector::ServerAuthorizationCheckDone(
void TlsChannelSecurityConnector::ServerAuthorizationCheckDone(
grpc_tls_server_authorization_check_arg* arg) {
GPR_ASSERT(arg != nullptr);
grpc_core::ExecCtx exec_ctx;
grpc_error* error = ProcessServerAuthorizationCheckResult(arg);
SpiffeChannelSecurityConnector* connector =
static_cast<SpiffeChannelSecurityConnector*>(arg->cb_user_data);
TlsChannelSecurityConnector* connector =
static_cast<TlsChannelSecurityConnector*>(arg->cb_user_data);
grpc_core::ExecCtx::Run(DEBUG_LOCATION, connector->on_peer_checked_, error);
}
grpc_error*
SpiffeChannelSecurityConnector::ProcessServerAuthorizationCheckResult(
grpc_error* TlsChannelSecurityConnector::ProcessServerAuthorizationCheckResult(
grpc_tls_server_authorization_check_arg* arg) {
grpc_error* error = GRPC_ERROR_NONE;
char* msg = nullptr;
@ -377,7 +373,7 @@ SpiffeChannelSecurityConnector::ProcessServerAuthorizationCheckResult(
}
grpc_tls_server_authorization_check_arg*
SpiffeChannelSecurityConnector::ServerAuthorizationCheckArgCreate(
TlsChannelSecurityConnector::ServerAuthorizationCheckArgCreate(
void* user_data) {
grpc_tls_server_authorization_check_arg* arg =
new grpc_tls_server_authorization_check_arg();
@ -387,7 +383,7 @@ SpiffeChannelSecurityConnector::ServerAuthorizationCheckArgCreate(
return arg;
}
void SpiffeChannelSecurityConnector::ServerAuthorizationCheckArgDestroy(
void TlsChannelSecurityConnector::ServerAuthorizationCheckArgDestroy(
grpc_tls_server_authorization_check_arg* arg) {
if (arg == nullptr) {
return;
@ -401,14 +397,14 @@ void SpiffeChannelSecurityConnector::ServerAuthorizationCheckArgDestroy(
delete arg;
}
SpiffeServerSecurityConnector::SpiffeServerSecurityConnector(
TlsServerSecurityConnector::TlsServerSecurityConnector(
grpc_core::RefCountedPtr<grpc_server_credentials> server_creds)
: grpc_server_security_connector(GRPC_SSL_URL_SCHEME,
std::move(server_creds)) {
key_materials_config_ = grpc_tls_key_materials_config_create()->Ref();
}
SpiffeServerSecurityConnector::~SpiffeServerSecurityConnector() {
TlsServerSecurityConnector::~TlsServerSecurityConnector() {
if (server_handshaker_factory_ != nullptr) {
tsi_ssl_server_handshaker_factory_unref(server_handshaker_factory_);
}
@ -417,7 +413,7 @@ SpiffeServerSecurityConnector::~SpiffeServerSecurityConnector() {
}
}
void SpiffeServerSecurityConnector::add_handshakers(
void TlsServerSecurityConnector::add_handshakers(
const grpc_channel_args* args, grpc_pollset_set* /*interested_parties*/,
grpc_core::HandshakeManager* handshake_mgr) {
/* Refresh handshaker factory if needed. */
@ -425,7 +421,7 @@ void SpiffeServerSecurityConnector::add_handshakers(
gpr_log(GPR_ERROR, "Handshaker factory refresh failed.");
return;
}
/* Create a TLS SPIFFE TSI handshaker for server. */
/* Create a TLS TSI handshaker for server. */
tsi_handshaker* tsi_hs = nullptr;
tsi_result result = tsi_ssl_server_handshaker_factory_create_handshaker(
server_handshaker_factory_, &tsi_hs);
@ -437,34 +433,34 @@ void SpiffeServerSecurityConnector::add_handshakers(
handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(tsi_hs, this, args));
}
void SpiffeServerSecurityConnector::check_peer(
void TlsServerSecurityConnector::check_peer(
tsi_peer peer, grpc_endpoint* /*ep*/,
grpc_core::RefCountedPtr<grpc_auth_context>* auth_context,
grpc_closure* on_peer_checked) {
grpc_error* error = grpc_ssl_check_alpn(&peer);
*auth_context = grpc_ssl_peer_to_auth_context(
&peer, GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE);
*auth_context =
grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE);
tsi_peer_destruct(&peer);
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, error);
}
int SpiffeServerSecurityConnector::cmp(
int TlsServerSecurityConnector::cmp(
const grpc_security_connector* other) const {
return server_security_connector_cmp(
static_cast<const grpc_server_security_connector*>(other));
}
grpc_core::RefCountedPtr<grpc_server_security_connector>
SpiffeServerSecurityConnector::CreateSpiffeServerSecurityConnector(
TlsServerSecurityConnector::CreateTlsServerSecurityConnector(
grpc_core::RefCountedPtr<grpc_server_credentials> server_creds) {
if (server_creds == nullptr) {
gpr_log(GPR_ERROR,
"server_creds is nullptr in "
"SpiffeServerSecurityConnectorCreate()");
"TlsServerSecurityConnectorCreate()");
return nullptr;
}
grpc_core::RefCountedPtr<SpiffeServerSecurityConnector> c =
grpc_core::MakeRefCounted<SpiffeServerSecurityConnector>(
grpc_core::RefCountedPtr<TlsServerSecurityConnector> c =
grpc_core::MakeRefCounted<TlsServerSecurityConnector>(
std::move(server_creds));
if (c->InitializeHandshakerFactory() != GRPC_SECURITY_OK) {
gpr_log(GPR_ERROR, "Could not initialize server handshaker factory.");
@ -473,9 +469,9 @@ SpiffeServerSecurityConnector::CreateSpiffeServerSecurityConnector(
return c;
}
grpc_security_status SpiffeServerSecurityConnector::ReplaceHandshakerFactory() {
const SpiffeServerCredentials* creds =
static_cast<const SpiffeServerCredentials*>(server_creds());
grpc_security_status TlsServerSecurityConnector::ReplaceHandshakerFactory() {
const TlsServerCredentials* creds =
static_cast<const TlsServerCredentials*>(server_creds());
/* Free the server handshaker factory if exists. */
if (server_handshaker_factory_) {
tsi_ssl_server_handshaker_factory_unref(server_handshaker_factory_);
@ -495,11 +491,10 @@ grpc_security_status SpiffeServerSecurityConnector::ReplaceHandshakerFactory() {
return status;
}
grpc_security_status
SpiffeServerSecurityConnector::InitializeHandshakerFactory() {
grpc_security_status TlsServerSecurityConnector::InitializeHandshakerFactory() {
grpc_core::MutexLock lock(&mu_);
const SpiffeServerCredentials* creds =
static_cast<const SpiffeServerCredentials*>(server_creds());
const TlsServerCredentials* creds =
static_cast<const TlsServerCredentials*>(server_creds());
grpc_tls_key_materials_config* key_materials_config =
creds->options().key_materials_config();
if (key_materials_config != nullptr) {
@ -520,10 +515,10 @@ SpiffeServerSecurityConnector::InitializeHandshakerFactory() {
return ReplaceHandshakerFactory();
}
grpc_security_status SpiffeServerSecurityConnector::RefreshHandshakerFactory() {
grpc_security_status TlsServerSecurityConnector::RefreshHandshakerFactory() {
grpc_core::MutexLock lock(&mu_);
const SpiffeServerCredentials* creds =
static_cast<const SpiffeServerCredentials*>(server_creds());
const TlsServerCredentials* creds =
static_cast<const TlsServerCredentials*>(server_creds());
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(),

33
src/core/lib/security/security_connector/tls/spiffe_security_connector.h → src/core/lib/security/security_connector/tls/tls_security_connector.h
Unescape View File

@ -16,8 +16,8 @@
*
*/
#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_SPIFFE_SECURITY_CONNECTOR_H
#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_SPIFFE_SECURITY_CONNECTOR_H
#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_TLS_SECURITY_CONNECTOR_H
#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_TLS_SECURITY_CONNECTOR_H
#include <grpc/support/port_platform.h>
@ -25,27 +25,27 @@
#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
#define GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE "spiffe"
#define GRPC_TLS_TRANSPORT_SECURITY_TYPE "tls"
namespace grpc_core {
// Spiffe channel security connector.
class SpiffeChannelSecurityConnector final
// TLS channel security connector.
class TlsChannelSecurityConnector final
: public grpc_channel_security_connector {
public:
// static factory method to create a SPIFFE channel security connector.
// static factory method to create a TLS channel security connector.
static grpc_core::RefCountedPtr<grpc_channel_security_connector>
CreateSpiffeChannelSecurityConnector(
CreateTlsChannelSecurityConnector(
grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,
grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds,
const char* target_name, const char* overridden_target_name,
tsi_ssl_session_cache* ssl_session_cache);
SpiffeChannelSecurityConnector(
TlsChannelSecurityConnector(
grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,
grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds,
const char* target_name, const char* overridden_target_name);
~SpiffeChannelSecurityConnector() override;
~TlsChannelSecurityConnector() override;
void add_handshakers(const grpc_channel_args* args,
grpc_pollset_set* interested_parties,
@ -105,18 +105,17 @@ class SpiffeChannelSecurityConnector final
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> key_materials_config_;
};
// Spiffe server security connector.
class SpiffeServerSecurityConnector final
: public grpc_server_security_connector {
// TLS server security connector.
class TlsServerSecurityConnector final : public grpc_server_security_connector {
public:
// static factory method to create a SPIFFE server security connector.
// static factory method to create a TLS server security connector.
static grpc_core::RefCountedPtr<grpc_server_security_connector>
CreateSpiffeServerSecurityConnector(
CreateTlsServerSecurityConnector(
grpc_core::RefCountedPtr<grpc_server_credentials> server_creds);
explicit SpiffeServerSecurityConnector(
explicit TlsServerSecurityConnector(
grpc_core::RefCountedPtr<grpc_server_credentials> server_creds);
~SpiffeServerSecurityConnector() override;
~TlsServerSecurityConnector() override;
void add_handshakers(const grpc_channel_args* args,
grpc_pollset_set* interested_parties,
@ -154,5 +153,5 @@ grpc_status_code TlsFetchKeyMaterials(
} // namespace grpc_core
#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_SPIFFE_SECURITY_CONNECTOR_H \
#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_TLS_SECURITY_CONNECTOR_H \
*/

2
src/cpp/client/secure_credentials.cc
Unescape View File

@ -282,7 +282,7 @@ std::shared_ptr<ChannelCredentials> LocalCredentials(
std::shared_ptr<ChannelCredentials> TlsCredentials(
const TlsCredentialsOptions& options) {
return WrapChannelCredentials(
grpc_tls_spiffe_credentials_create(options.c_credentials_options()));
grpc_tls_credentials_create(options.c_credentials_options()));
}
} // namespace experimental

5
src/cpp/server/secure_server_credentials.cc
Unescape View File

@ -149,9 +149,8 @@ std::shared_ptr<ServerCredentials> LocalServerCredentials(
std::shared_ptr<ServerCredentials> TlsServerCredentials(
const TlsCredentialsOptions& options) {
return std::shared_ptr<ServerCredentials>(
new SecureServerCredentials(grpc_tls_spiffe_server_credentials_create(
options.c_credentials_options())));
return std::shared_ptr<ServerCredentials>(new SecureServerCredentials(
grpc_tls_server_credentials_create(options.c_credentials_options())));
}
} // namespace experimental

4
src/python/grpcio/grpc_core_dependencies.py
Unescape View File

@ -341,7 +341,7 @@ CORE_SOURCE_FILES = [
'src/core/lib/security/credentials/plugin/plugin_credentials.cc',
'src/core/lib/security/credentials/ssl/ssl_credentials.cc',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc',
'src/core/lib/security/credentials/tls/spiffe_credentials.cc',
'src/core/lib/security/credentials/tls/tls_credentials.cc',
'src/core/lib/security/security_connector/alts/alts_security_connector.cc',
'src/core/lib/security/security_connector/fake/fake_security_connector.cc',
'src/core/lib/security/security_connector/load_system_roots_fallback.cc',
@ -351,7 +351,7 @@ CORE_SOURCE_FILES = [
'src/core/lib/security/security_connector/ssl/ssl_security_connector.cc',
'src/core/lib/security/security_connector/ssl_utils.cc',
'src/core/lib/security/security_connector/ssl_utils_config.cc',
'src/core/lib/security/security_connector/tls/spiffe_security_connector.cc',
'src/core/lib/security/security_connector/tls/tls_security_connector.cc',
'src/core/lib/security/transport/client_auth_filter.cc',
'src/core/lib/security/transport/secure_endpoint.cc',
'src/core/lib/security/transport/security_handshaker.cc',

21
test/core/end2end/fixtures/h2_spiffe.cc → test/core/end2end/fixtures/h2_tls.cc
Unescape View File

@ -128,7 +128,7 @@ static int server_authz_check_async(
fullstack_secure_fixture_data* ffd =
static_cast<fullstack_secure_fixture_data*>(config_user_data);
ffd->thd_list.push_back(
grpc_core::Thread("h2_spiffe_test", &server_authz_check_cb, arg));
grpc_core::Thread("h2_tls_test", &server_authz_check_cb, arg));
ffd->thd_list[ffd->thd_list.size() - 1].Start();
return 1;
}
@ -189,8 +189,8 @@ static int server_cred_reload_sync(void* /*config_user_data*/,
return 0;
}
// Create a SPIFFE channel credential.
static grpc_channel_credentials* create_spiffe_channel_credentials(
// Create a TLS channel credential.
static grpc_channel_credentials* create_tls_channel_credentials(
fullstack_secure_fixture_data* ffd) {
grpc_tls_credentials_options* options = grpc_tls_credentials_options_create();
/* Set credential reload config. */
@ -205,13 +205,13 @@ static grpc_channel_credentials* create_spiffe_channel_credentials(
ffd, server_authz_check_async, nullptr, nullptr);
grpc_tls_credentials_options_set_server_authorization_check_config(
options, check_config);
/* Create SPIFFE channel credentials. */
grpc_channel_credentials* creds = grpc_tls_spiffe_credentials_create(options);
/* Create TLS channel credentials. */
grpc_channel_credentials* creds = grpc_tls_credentials_create(options);
return creds;
}
// Create a SPIFFE server credential.
static grpc_server_credentials* create_spiffe_server_credentials() {
// Create a TLS server credential.
static grpc_server_credentials* create_tls_server_credentials() {
grpc_tls_credentials_options* options = grpc_tls_credentials_options_create();
/* Set credential reload config. */
grpc_tls_credential_reload_config* reload_config =
@ -222,14 +222,13 @@ static grpc_server_credentials* create_spiffe_server_credentials() {
/* Set client certificate request type. */
grpc_tls_credentials_options_set_cert_request_type(
options, GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
grpc_server_credentials* creds =
grpc_tls_spiffe_server_credentials_create(options);
grpc_server_credentials* creds = grpc_tls_server_credentials_create(options);
return creds;
}
static void chttp2_init_client(grpc_end2end_test_fixture* f,
grpc_channel_args* client_args) {
grpc_channel_credentials* ssl_creds = create_spiffe_channel_credentials(
grpc_channel_credentials* ssl_creds = create_tls_channel_credentials(
static_cast<fullstack_secure_fixture_data*>(f->fixture_data));
grpc_arg ssl_name_override = {
GRPC_ARG_STRING,
@ -255,7 +254,7 @@ static int fail_server_auth_check(grpc_channel_args* server_args) {
static void chttp2_init_server(grpc_end2end_test_fixture* f,
grpc_channel_args* server_args) {
grpc_server_credentials* ssl_creds = create_spiffe_server_credentials();
grpc_server_credentials* ssl_creds = create_tls_server_credentials();
if (fail_server_auth_check(server_args)) {
grpc_auth_metadata_processor processor = {process_auth_failure, nullptr,
nullptr};

2
test/core/end2end/generate_tests.bzl
Unescape View File

@ -88,7 +88,7 @@ END2END_FIXTURES = {
),
"h2_ssl": _fixture_options(secure = True),
"h2_ssl_cred_reload": _fixture_options(secure = True),
"h2_spiffe": _fixture_options(secure = True),
"h2_tls": _fixture_options(secure = True),
"h2_local_uds": _fixture_options(secure = True, dns_resolver = False, _platforms = ["linux", "mac", "posix"]),
"h2_local_ipv4": _fixture_options(secure = True, dns_resolver = False, _platforms = ["linux", "mac", "posix"]),
"h2_local_ipv6": _fixture_options(secure = True, dns_resolver = False, _platforms = ["linux", "mac", "posix"]),

4
test/core/security/BUILD
Unescape View File

@ -259,8 +259,8 @@ grpc_cc_test(
)
grpc_cc_test(
name = "spiffe_security_connector_test",
srcs = ["spiffe_security_connector_test.cc"],
name = "tls_security_connector_test",
srcs = ["tls_security_connector_test.cc"],
external_deps = [
"gtest",
],

46
test/core/security/spiffe_security_connector_test.cc → test/core/security/tls_security_connector_test.cc
Unescape View File

@ -25,7 +25,7 @@
#include <grpc/support/string_util.h>
#include <gtest/gtest.h>
#include "src/core/lib/security/security_connector/tls/spiffe_security_connector.h"
#include "src/core/lib/security/security_connector/tls/tls_security_connector.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include "test/core/util/test_config.h"
@ -75,9 +75,9 @@ int CredReloadAsync(void* /*config_user_data*/,
namespace grpc {
namespace testing {
class SpiffeSecurityConnectorTest : public ::testing::Test {
class TlsSecurityConnectorTest : public ::testing::Test {
protected:
SpiffeSecurityConnectorTest() {}
TlsSecurityConnectorTest() {}
void SetUp() override {
options_ = grpc_tls_credentials_options_create()->Ref();
config_ = grpc_tls_key_materials_config_create()->Ref();
@ -115,7 +115,7 @@ class SpiffeSecurityConnectorTest : public ::testing::Test {
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> config_;
};
TEST_F(SpiffeSecurityConnectorTest, NoKeysAndConfig) {
TEST_F(TlsSecurityConnectorTest, NoKeysAndConfig) {
grpc_ssl_certificate_config_reload_status reload_status;
grpc_status_code status =
TlsFetchKeyMaterials(config_, *options_, &reload_status);
@ -123,7 +123,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeysAndConfig) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, NoKeySuccessReload) {
TEST_F(TlsSecurityConnectorTest, NoKeySuccessReload) {
grpc_ssl_certificate_config_reload_status reload_status;
SetOptions(SUCCESS);
grpc_status_code status =
@ -133,7 +133,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeySuccessReload) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, NoKeyFailReload) {
TEST_F(TlsSecurityConnectorTest, NoKeyFailReload) {
grpc_ssl_certificate_config_reload_status reload_status;
SetOptions(FAIL);
grpc_status_code status =
@ -143,7 +143,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeyFailReload) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, NoKeyAsyncReload) {
TEST_F(TlsSecurityConnectorTest, NoKeyAsyncReload) {
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
SetOptions(ASYNC);
@ -154,7 +154,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeyAsyncReload) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, NoKeyUnchangedReload) {
TEST_F(TlsSecurityConnectorTest, NoKeyUnchangedReload) {
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
SetOptions(UNCHANGED);
@ -165,7 +165,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeyUnchangedReload) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, WithKeyNoReload) {
TEST_F(TlsSecurityConnectorTest, WithKeyNoReload) {
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
SetKeyMaterialsConfig();
@ -175,7 +175,7 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeyNoReload) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, WithKeySuccessReload) {
TEST_F(TlsSecurityConnectorTest, WithKeySuccessReload) {
grpc_ssl_certificate_config_reload_status reload_status;
SetOptions(SUCCESS);
SetKeyMaterialsConfig();
@ -186,7 +186,7 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeySuccessReload) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, WithKeyFailReload) {
TEST_F(TlsSecurityConnectorTest, WithKeyFailReload) {
grpc_ssl_certificate_config_reload_status reload_status;
SetOptions(FAIL);
SetKeyMaterialsConfig();
@ -197,7 +197,7 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeyFailReload) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, WithKeyAsyncReload) {
TEST_F(TlsSecurityConnectorTest, WithKeyAsyncReload) {
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
SetOptions(ASYNC);
@ -209,7 +209,7 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeyAsyncReload) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, WithKeyUnchangedReload) {
TEST_F(TlsSecurityConnectorTest, WithKeyUnchangedReload) {
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
SetOptions(UNCHANGED);
@ -221,10 +221,10 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeyUnchangedReload) {
options_->Unref();
}
TEST_F(SpiffeSecurityConnectorTest, CreateChannelSecurityConnectorSuccess) {
TEST_F(TlsSecurityConnectorTest, CreateChannelSecurityConnectorSuccess) {
SetOptions(SUCCESS);
auto cred = std::unique_ptr<grpc_channel_credentials>(
grpc_tls_spiffe_credentials_create(options_.get()));
grpc_tls_credentials_create(options_.get()));
const char* target_name = "some_target";
grpc_channel_args* new_args = nullptr;
auto connector =
@ -233,39 +233,39 @@ TEST_F(SpiffeSecurityConnectorTest, CreateChannelSecurityConnectorSuccess) {
grpc_channel_args_destroy(new_args);
}
TEST_F(SpiffeSecurityConnectorTest,
TEST_F(TlsSecurityConnectorTest,
CreateChannelSecurityConnectorFailNoTargetName) {
SetOptions(SUCCESS);
auto cred = std::unique_ptr<grpc_channel_credentials>(
grpc_tls_spiffe_credentials_create(options_.get()));
grpc_tls_credentials_create(options_.get()));
grpc_channel_args* new_args = nullptr;
auto connector =
cred->create_security_connector(nullptr, nullptr, nullptr, &new_args);
EXPECT_EQ(connector, nullptr);
}
TEST_F(SpiffeSecurityConnectorTest, CreateChannelSecurityConnectorFailInit) {
TEST_F(TlsSecurityConnectorTest, CreateChannelSecurityConnectorFailInit) {
SetOptions(FAIL);
auto cred = std::unique_ptr<grpc_channel_credentials>(
grpc_tls_spiffe_credentials_create(options_.get()));
grpc_tls_credentials_create(options_.get()));
grpc_channel_args* new_args = nullptr;
auto connector =
cred->create_security_connector(nullptr, nullptr, nullptr, &new_args);
EXPECT_EQ(connector, nullptr);
}
TEST_F(SpiffeSecurityConnectorTest, CreateServerSecurityConnectorSuccess) {
TEST_F(TlsSecurityConnectorTest, CreateServerSecurityConnectorSuccess) {
SetOptions(SUCCESS);
auto cred = std::unique_ptr<grpc_server_credentials>(
grpc_tls_spiffe_server_credentials_create(options_.get()));
grpc_tls_server_credentials_create(options_.get()));
auto connector = cred->create_security_connector();
EXPECT_NE(connector, nullptr);
}
TEST_F(SpiffeSecurityConnectorTest, CreateServerSecurityConnectorFailInit) {
TEST_F(TlsSecurityConnectorTest, CreateServerSecurityConnectorFailInit) {
SetOptions(FAIL);
auto cred = std::unique_ptr<grpc_server_credentials>(
grpc_tls_spiffe_server_credentials_create(options_.get()));
grpc_tls_server_credentials_create(options_.get()));
auto connector = cred->create_security_connector();
EXPECT_EQ(connector, nullptr);
}

2
test/cpp/client/credentials_test.cc
Unescape View File

@ -648,7 +648,7 @@ TEST_F(CredentialsTest, TlsCredentialsOptionsCppToC) {
}
// This test demonstrates how the SPIFFE credentials will be used.
TEST_F(CredentialsTest, LoadSpiffeChannelCredentials) {
TEST_F(CredentialsTest, LoadTlsChannelCredentials) {
std::shared_ptr<TestTlsCredentialReload> test_credential_reload(
new TestTlsCredentialReload());
std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config(

8
tools/doxygen/Doxyfile.core.internal
Unescape View File

@ -1487,8 +1487,8 @@ src/core/lib/security/credentials/ssl/ssl_credentials.cc \
src/core/lib/security/credentials/ssl/ssl_credentials.h \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h \
src/core/lib/security/credentials/tls/spiffe_credentials.cc \
src/core/lib/security/credentials/tls/spiffe_credentials.h \
src/core/lib/security/credentials/tls/tls_credentials.cc \
src/core/lib/security/credentials/tls/tls_credentials.h \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.h \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
@ -1507,8 +1507,8 @@ src/core/lib/security/security_connector/ssl_utils.cc \
src/core/lib/security/security_connector/ssl_utils.h \
src/core/lib/security/security_connector/ssl_utils_config.cc \
src/core/lib/security/security_connector/ssl_utils_config.h \
src/core/lib/security/security_connector/tls/spiffe_security_connector.cc \
src/core/lib/security/security_connector/tls/spiffe_security_connector.h \
src/core/lib/security/security_connector/tls/tls_security_connector.cc \
src/core/lib/security/security_connector/tls/tls_security_connector.h \
src/core/lib/security/transport/auth_filters.h \
src/core/lib/security/transport/client_auth_filter.cc \
src/core/lib/security/transport/secure_endpoint.cc \

2
tools/run_tests/generated/tests.json
Unescape View File

@ -4726,7 +4726,7 @@
"flaky": false,
"gtest": true,
"language": "c++",
"name": "grpc_spiffe_security_connector_test",
"name": "grpc_tls_security_connector_test",
"platforms": [
"linux",
"mac",

Write Preview
Loading…
Cancel
Save