Implemented Yihua's comments

6 years ago · c2fd3844dc
parent 94d3e95e8d
commit c2fd3844dc
13 changed files with 272 additions and 194 deletions
--- a/2
+++ b/2
@ -358,12 +358,14 @@ grpc_cc_library(
        "src/cpp/common/secure_channel_arguments.cc",
        "src/cpp/common/secure_create_auth_context.cc",
        "src/cpp/common/tls_credentials_options.cc",
+        "src/cpp/common/tls_credentials_options_util.cc",
        "src/cpp/server/insecure_server_credentials.cc",
        "src/cpp/server/secure_server_credentials.cc",
    ],
    hdrs = [
        "src/cpp/client/secure_credentials.h",
        "src/cpp/common/secure_auth_context.h",
+        "src/cpp/common/tls_credentials_options_util.h",
        "src/cpp/server/secure_server_credentials.h",
    ],
    language = "c++",
--- a/BUILD.gn
+++ b/BUILD.gn
@ -1391,6 +1391,8 @@ config("grpc_config") {
        "src/cpp/common/secure_channel_arguments.cc",
        "src/cpp/common/secure_create_auth_context.cc",
        "src/cpp/common/tls_credentials_options.cc",
+        "src/cpp/common/tls_credentials_options_util.cc",
+        "src/cpp/common/tls_credentials_options_util.h",
        "src/cpp/common/validate_service_config.cc",
        "src/cpp/common/version_cc.cc",
        "src/cpp/server/async_generic_service.cc",
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -3164,6 +3164,7 @@ add_library(grpc++
  src/cpp/common/secure_channel_arguments.cc
  src/cpp/common/secure_create_auth_context.cc
  src/cpp/common/tls_credentials_options.cc
+  src/cpp/common/tls_credentials_options_util.cc
  src/cpp/server/insecure_server_credentials.cc
  src/cpp/server/secure_server_credentials.cc
  src/cpp/client/channel_cc.cc
--- a/2
+++ b/2
@ -5578,6 +5578,7 @@ LIBGRPC++_SRC = \
    src/cpp/common/secure_channel_arguments.cc \
    src/cpp/common/secure_create_auth_context.cc \
    src/cpp/common/tls_credentials_options.cc \
+    src/cpp/common/tls_credentials_options_util.cc \
    src/cpp/server/insecure_server_credentials.cc \
    src/cpp/server/secure_server_credentials.cc \
    src/cpp/client/channel_cc.cc \
@ -22660,6 +22661,7 @@ src/cpp/common/secure_auth_context.cc: $(OPENSSL_DEP)
 src/cpp/common/secure_channel_arguments.cc: $(OPENSSL_DEP)
 src/cpp/common/secure_create_auth_context.cc: $(OPENSSL_DEP)
 src/cpp/common/tls_credentials_options.cc: $(OPENSSL_DEP)
+src/cpp/common/tls_credentials_options_util.cc: $(OPENSSL_DEP)
 src/cpp/ext/proto_server_reflection.cc: $(OPENSSL_DEP)
 src/cpp/ext/proto_server_reflection_plugin.cc: $(OPENSSL_DEP)
 src/cpp/server/channelz/channelz_service.cc: $(OPENSSL_DEP)
--- a/build.yaml
+++ b/build.yaml
@ -1811,6 +1811,7 @@ libs:
  - include/grpcpp/impl/codegen/core_codegen.h
  - src/cpp/client/secure_credentials.h
  - src/cpp/common/secure_auth_context.h
+  - src/cpp/common/tls_credentials_options_util.h
  - src/cpp/server/secure_server_credentials.h
  src:
  - src/cpp/client/insecure_credentials.cc
@ -1820,6 +1821,7 @@ libs:
  - src/cpp/common/secure_channel_arguments.cc
  - src/cpp/common/secure_create_auth_context.cc
  - src/cpp/common/tls_credentials_options.cc
+  - src/cpp/common/tls_credentials_options_util.cc
  - src/cpp/server/insecure_server_credentials.cc
  - src/cpp/server/secure_server_credentials.cc
  deps:
--- a/gRPC-C++.podspec
+++ b/gRPC-C++.podspec
@ -220,6 +220,7 @@ Pod::Spec.new do |s|
    ss.source_files = 'include/grpcpp/impl/codegen/core_codegen.h',
                      'src/cpp/client/secure_credentials.h',
                      'src/cpp/common/secure_auth_context.h',
+                      'src/cpp/common/tls_credentials_options_util.h',
                      'src/cpp/server/secure_server_credentials.h',
                      'src/cpp/client/create_channel_internal.h',
                      'src/cpp/common/channel_filter.h',
@ -235,6 +236,7 @@ Pod::Spec.new do |s|
                      'src/cpp/common/secure_channel_arguments.cc',
                      'src/cpp/common/secure_create_auth_context.cc',
                      'src/cpp/common/tls_credentials_options.cc',
+                      'src/cpp/common/tls_credentials_options_util.cc',
                      'src/cpp/server/insecure_server_credentials.cc',
                      'src/cpp/server/secure_server_credentials.cc',
                      'src/cpp/client/channel_cc.cc',
@ -278,6 +280,7 @@ Pod::Spec.new do |s|
    ss.private_header_files = 'include/grpcpp/impl/codegen/core_codegen.h',
                              'src/cpp/client/secure_credentials.h',
                              'src/cpp/common/secure_auth_context.h',
+                              'src/cpp/common/tls_credentials_options_util.h',
                              'src/cpp/server/secure_server_credentials.h',
                              'src/cpp/client/create_channel_internal.h',
                              'src/cpp/common/channel_filter.h',
--- a/grpc.gyp
+++ b/grpc.gyp
@ -1551,6 +1551,7 @@
        'src/cpp/common/secure_channel_arguments.cc',
        'src/cpp/common/secure_create_auth_context.cc',
        'src/cpp/common/tls_credentials_options.cc',
+        'src/cpp/common/tls_credentials_options_util.cc',
        'src/cpp/server/insecure_server_credentials.cc',
        'src/cpp/server/secure_server_credentials.cc',
        'src/cpp/client/channel_cc.cc',
--- a/include/grpcpp/security/tls_credentials_options.h
+++ b/include/grpcpp/security/tls_credentials_options.h
@ -51,32 +51,29 @@ class TlsKeyMaterialsConfig {
  void set_version(int version) { version_ = version; };

 private:
-  int version_;
+  int version_ = 0;
  std::vector<PemKeyCertPair> pem_key_cert_pair_list_;
  grpc::string pem_root_certs_;
 };

-/** The following 2 functions are exposed for testing purposes. **/
-grpc_tls_key_materials_config* c_key_materials(
-    const std::shared_ptr<TlsKeyMaterialsConfig>& config);
-
-std::shared_ptr<TlsKeyMaterialsConfig> tls_key_materials_c_to_cpp(
-    const grpc_tls_key_materials_config* config);
-
 /** TLS credential reload arguments, wraps grpc_tls_credential_reload_arg. **/
 class TlsCredentialReloadArg {
 public:
-  TlsCredentialReloadArg();
+  // TlsCredentialReloadArg();
  TlsCredentialReloadArg(grpc_tls_credential_reload_arg arg);
  ~TlsCredentialReloadArg();

-  /** Getters for member fields. The callback function is not exposed. **/
+  /** Getters for member fields. The callback function is not exposed.
+   * They return the corresponding fields of the underlying C arg. In the case
+   * of the key materials config, it creates a new instance of the C++ key
+   * materials config from the underlying C grpc_tls_key_materials_config. **/
  void* cb_user_data() const;
  std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config() const;
  grpc_ssl_certificate_config_reload_status status() const;
-  std::shared_ptr<grpc::string> error_details() const;
+  grpc::string error_details() const;

-  /** Setters for member fields. **/
+  /** Setters for member fields. They modify the fields of the underlying C arg.
+   * **/
  void set_cb_user_data(void* cb_user_data);
  void set_key_materials_config(
      const std::shared_ptr<TlsKeyMaterialsConfig>& key_materials_config);
@ -84,18 +81,12 @@ class TlsCredentialReloadArg {
  void set_error_details(const grpc::string& error_details);

  /** Calls the C arg's callback function. **/
-  void callback();
+  void OnCredentialReloadDoneCallback();

 private:
  grpc_tls_credential_reload_arg c_arg_;
 };

-// Exposed for testing purposes.
-int tls_credential_reload_config_c_schedule(
-    void* config_user_data, grpc_tls_credential_reload_arg* arg);
-void tls_credential_reload_config_c_cancel(void* config_user_data,
-                                           grpc_tls_credential_reload_arg* arg);
-
 /** TLS credential reloag config, wraps grpc_tls_credential_reload_config. **/
 class TlsCredentialReloadConfig {
 public:
@ -108,6 +99,10 @@ class TlsCredentialReloadConfig {
  ~TlsCredentialReloadConfig();

  int Schedule(TlsCredentialReloadArg* arg) const {
+    if (schedule_ == nullptr) {
+      gpr_log(GPR_ERROR, "schedule API is nullptr");
+      return 1;
+    }
    return schedule_(config_user_data_, arg);
  }

@ -118,10 +113,9 @@ class TlsCredentialReloadConfig {
    }
    cancel_(config_user_data_, arg);
  }
+
  /** Returns a C struct for the credential reload config. **/
-  grpc_tls_credential_reload_config* c_credential_reload() const {
-    return c_config_;
-  }
+  grpc_tls_credential_reload_config* c_config() const { return c_config_; }

 private:
  grpc_tls_credential_reload_config* c_config_;
@ -136,19 +130,21 @@ class TlsCredentialReloadConfig {

 class TlsServerAuthorizationCheckArg {
 public:
-  TlsServerAuthorizationCheckArg();
+  // TlsServerAuthorizationCheckArg();
  TlsServerAuthorizationCheckArg(grpc_tls_server_authorization_check_arg arg);
  ~TlsServerAuthorizationCheckArg();

-  /** Getters for member fields. **/
+  /** Getters for member fields. They return the corresponding fields of the
+   * underlying C arg.**/
  void* cb_user_data() const;
  int success() const;
-  std::shared_ptr<grpc::string> target_name() const;
-  std::shared_ptr<grpc::string> peer_cert() const;
+  grpc::string target_name() const;
+  grpc::string peer_cert() const;
  grpc_status_code status() const;
-  std::shared_ptr<grpc::string> error_details() const;
+  grpc::string error_details() const;

-  /** Setters for member fields. **/
+  /** Setters for member fields. They modify the fields of the underlying C arg.
+   * **/
  void set_cb_user_data(void* cb_user_data);
  void set_success(int success);
  void set_target_name(const grpc::string& target_name);
@ -157,18 +153,12 @@ class TlsServerAuthorizationCheckArg {
  void set_error_details(const grpc::string& error_details);

  /** Calls the C arg's callback function. **/
-  void callback();
+  void OnServerAuthorizationCheckDoneCallback();

 private:
  grpc_tls_server_authorization_check_arg c_arg_;
 };

-// Exposed for testing purposes.
-int tls_server_authorization_check_config_c_schedule(
-    void* config_user_data, grpc_tls_server_authorization_check_arg* arg);
-void tls_server_authorization_check_config_c_cancel(
-    void* config_user_data, grpc_tls_server_authorization_check_arg* arg);
-
 /** TLS server authorization check config, wraps
 *  grps_tls_server_authorization_check_config. **/
 class TlsServerAuthorizationCheckConfig {
@ -194,9 +184,8 @@ class TlsServerAuthorizationCheckConfig {
    cancel_(config_user_data_, arg);
  }

-  /** Creates C struct for the credential reload config. **/
-  grpc_tls_server_authorization_check_config* c_server_authorization_check()
-      const {
+  /** Creates C struct for the server authorization check config. **/
+  grpc_tls_server_authorization_check_config* c_config() const {
    return c_config_;
  }

--- a/src/cpp/common/tls_credentials_options.cc
+++ b/src/cpp/common/tls_credentials_options.cc
@ -19,6 +19,7 @@
 #include <grpcpp/security/tls_credentials_options.h>

 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
+#include "src/cpp/common/tls_credentials_options_util.h"

 namespace grpc_impl {
 namespace experimental {
@ -31,61 +32,7 @@ void TlsKeyMaterialsConfig::set_key_materials(
  pem_root_certs_ = std::move(pem_root_certs);
 }

-/** Creates a new C struct for the key materials. Note that the user must free
- * the underlying pointer to private key and cert chain duplicates; they are not
- * freed when the UniquePtr<char> member variables of PemKeyCertPair are unused.
- * Similarly, the user must free the underlying pointer to c_pem_root_certs. **/
-grpc_tls_key_materials_config* c_key_materials(
-    const std::shared_ptr<TlsKeyMaterialsConfig>& config) {
-  grpc_tls_key_materials_config* c_config =
-      grpc_tls_key_materials_config_create();
-  ::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1>
-      c_pem_key_cert_pair_list;
-  for (auto key_cert_pair = config->pem_key_cert_pair_list().begin();
-       key_cert_pair != config->pem_key_cert_pair_list().end();
-       key_cert_pair++) {
-    grpc_ssl_pem_key_cert_pair* ssl_pair =
-        (grpc_ssl_pem_key_cert_pair*)gpr_malloc(
-            sizeof(grpc_ssl_pem_key_cert_pair));
-    ssl_pair->private_key = gpr_strdup(key_cert_pair->private_key.c_str());
-    ssl_pair->cert_chain = gpr_strdup(key_cert_pair->cert_chain.c_str());
-    ::grpc_core::PemKeyCertPair c_pem_key_cert_pair =
-        ::grpc_core::PemKeyCertPair(ssl_pair);
-    c_pem_key_cert_pair_list.push_back(::std::move(c_pem_key_cert_pair));
-  }
-  ::grpc_core::UniquePtr<char> c_pem_root_certs(
-      gpr_strdup(config->pem_root_certs().c_str()));
-  c_config->set_key_materials(std::move(c_pem_root_certs),
-                              std::move(c_pem_key_cert_pair_list));
-  c_config->set_version(config->version());
-  return c_config;
-}
-
-/** Creates a new TlsKeyMaterialsConfig from a C struct config. **/
-std::shared_ptr<TlsKeyMaterialsConfig> tls_key_materials_c_to_cpp(
-    const grpc_tls_key_materials_config* config) {
-  std::shared_ptr<TlsKeyMaterialsConfig> cpp_config(
-      new TlsKeyMaterialsConfig());
-  std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> cpp_pem_key_cert_pair_list;
-  grpc_tls_key_materials_config::PemKeyCertPairList pem_key_cert_pair_list =
-      config->pem_key_cert_pair_list();
-  for (size_t i = 0; i < pem_key_cert_pair_list.size(); i++) {
-    ::grpc_core::PemKeyCertPair key_cert_pair = pem_key_cert_pair_list[i];
-    TlsKeyMaterialsConfig::PemKeyCertPair p = {
-        //gpr_strdup(key_cert_pair.private_key()),
-        //gpr_strdup(key_cert_pair.cert_chain())};
-        key_cert_pair.private_key(), key_cert_pair.cert_chain()};
-    cpp_pem_key_cert_pair_list.push_back(::std::move(p));
-  }
-  cpp_config->set_key_materials(std::move(config->pem_root_certs()),
-                                std::move(cpp_pem_key_cert_pair_list));
-  cpp_config->set_version(config->version());
-  return cpp_config;
-}
-
 /** TLS credential reload arg API implementation **/
-TlsCredentialReloadArg::TlsCredentialReloadArg() {}
-
 TlsCredentialReloadArg::TlsCredentialReloadArg(
    grpc_tls_credential_reload_arg arg) {
  c_arg_ = arg;
@ -102,7 +49,7 @@ void* TlsCredentialReloadArg::cb_user_data() const {
 * TlsCredentialReloadArg instance. **/
 std::shared_ptr<TlsKeyMaterialsConfig>
 TlsCredentialReloadArg::key_materials_config() const {
-  return tls_key_materials_c_to_cpp(c_arg_.key_materials_config);
+  return ConvertToCppKeyMaterialsConfig(c_arg_.key_materials_config);
 }

 grpc_ssl_certificate_config_reload_status TlsCredentialReloadArg::status()
@ -110,9 +57,8 @@ grpc_ssl_certificate_config_reload_status TlsCredentialReloadArg::status()
  return c_arg_.status;
 }

-std::shared_ptr<grpc::string> TlsCredentialReloadArg::error_details() const {
-  std::shared_ptr<grpc::string> cpp_error_details(
-      new grpc::string(c_arg_.error_details));
+grpc::string TlsCredentialReloadArg::error_details() const {
+  grpc::string cpp_error_details(c_arg_.error_details);
  return cpp_error_details;
 }

@ -122,7 +68,8 @@ void TlsCredentialReloadArg::set_cb_user_data(void* cb_user_data) {

 void TlsCredentialReloadArg::set_key_materials_config(
    const std::shared_ptr<TlsKeyMaterialsConfig>& key_materials_config) {
-  c_arg_.key_materials_config = c_key_materials(key_materials_config);
+  c_arg_.key_materials_config =
+      ConvertToCKeyMaterialsConfig(key_materials_config);
 }

 void TlsCredentialReloadArg::set_status(
@ -135,32 +82,8 @@ void TlsCredentialReloadArg::set_error_details(
  c_arg_.error_details = gpr_strdup(error_details.c_str());
 }

-void TlsCredentialReloadArg::callback() { c_arg_.cb(&c_arg_); }
-
-/** The C schedule and cancel functions for the credential reload config. **/
-int tls_credential_reload_config_c_schedule(
-    void* config_user_data, grpc_tls_credential_reload_arg* arg) {
-  TlsCredentialReloadConfig* cpp_config =
-      static_cast<TlsCredentialReloadConfig*>(arg->config->context());
-  TlsCredentialReloadArg cpp_arg(*arg);
-  int schedule_output = cpp_config->Schedule(&cpp_arg);
-  arg->cb_user_data = cpp_arg.cb_user_data();
-  arg->key_materials_config = c_key_materials(cpp_arg.key_materials_config());
-  arg->status = cpp_arg.status();
-  arg->error_details = gpr_strdup(cpp_arg.error_details()->c_str());
-  return schedule_output;
-}
-
-void tls_credential_reload_config_c_cancel(
-    void* config_user_data, grpc_tls_credential_reload_arg* arg) {
-  TlsCredentialReloadConfig* cpp_config =
-      static_cast<TlsCredentialReloadConfig*>(arg->config->context());
-  TlsCredentialReloadArg cpp_arg(*arg);
-  cpp_config->Cancel(&cpp_arg);
-  arg->cb_user_data = cpp_arg.cb_user_data();
-  arg->key_materials_config = c_key_materials(cpp_arg.key_materials_config());
-  arg->status = cpp_arg.status();
-  arg->error_details = cpp_arg.error_details()->c_str();
+void TlsCredentialReloadArg::OnCredentialReloadDoneCallback() {
+  c_arg_.cb(&c_arg_);
 }

 /** gRPC TLS credential reload config API implementation **/
@ -182,15 +105,12 @@ TlsCredentialReloadConfig::TlsCredentialReloadConfig(
 TlsCredentialReloadConfig::~TlsCredentialReloadConfig() {}

 /** gRPC TLS server authorization check arg API implementation **/
-TlsServerAuthorizationCheckArg::TlsServerAuthorizationCheckArg() {}
-
 TlsServerAuthorizationCheckArg::TlsServerAuthorizationCheckArg(
    grpc_tls_server_authorization_check_arg arg) {
  c_arg_ = arg;
 }

-TlsServerAuthorizationCheckArg::~TlsServerAuthorizationCheckArg() {
-}
+TlsServerAuthorizationCheckArg::~TlsServerAuthorizationCheckArg() {}

 void* TlsServerAuthorizationCheckArg::cb_user_data() const {
  return c_arg_.cb_user_data;
@ -198,17 +118,13 @@ void* TlsServerAuthorizationCheckArg::cb_user_data() const {

 int TlsServerAuthorizationCheckArg::success() const { return c_arg_.success; }

-std::shared_ptr<grpc::string> TlsServerAuthorizationCheckArg::target_name()
-    const {
-  std::shared_ptr<grpc::string> cpp_target_name(
-      new grpc::string(c_arg_.target_name));
+grpc::string TlsServerAuthorizationCheckArg::target_name() const {
+  grpc::string cpp_target_name(c_arg_.target_name);
  return cpp_target_name;
 }

-std::shared_ptr<grpc::string> TlsServerAuthorizationCheckArg::peer_cert()
-    const {
-  std::shared_ptr<grpc::string> cpp_peer_cert(
-      new grpc::string(c_arg_.peer_cert));
+grpc::string TlsServerAuthorizationCheckArg::peer_cert() const {
+  grpc::string cpp_peer_cert(c_arg_.peer_cert);
  return cpp_peer_cert;
 }

@ -216,10 +132,8 @@ grpc_status_code TlsServerAuthorizationCheckArg::status() const {
  return c_arg_.status;
 }

-std::shared_ptr<grpc::string> TlsServerAuthorizationCheckArg::error_details()
-    const {
-  std::shared_ptr<grpc::string> cpp_error_details(
-      new grpc::string(c_arg_.error_details));
+grpc::string TlsServerAuthorizationCheckArg::error_details() const {
+  grpc::string cpp_error_details(c_arg_.error_details);
  return cpp_error_details;
 }

@ -250,36 +164,8 @@ void TlsServerAuthorizationCheckArg::set_error_details(
  c_arg_.error_details = gpr_strdup(error_details.c_str());
 }

-void TlsServerAuthorizationCheckArg::callback() { c_arg_.cb(&c_arg_); }
-
-/** The C schedule and cancel functions for the credential reload config. **/
-int tls_server_authorization_check_config_c_schedule(
-    void* config_user_data, grpc_tls_server_authorization_check_arg* arg) {
-  TlsServerAuthorizationCheckConfig* cpp_config =
-      static_cast<TlsServerAuthorizationCheckConfig*>(arg->config->context());
-  TlsServerAuthorizationCheckArg cpp_arg(*arg);
-  int schedule_output = cpp_config->Schedule(&cpp_arg);
-  arg->cb_user_data = cpp_arg.cb_user_data();
-  arg->success = cpp_arg.success();
-  arg->target_name = gpr_strdup(cpp_arg.target_name()->c_str());
-  arg->peer_cert = gpr_strdup(cpp_arg.peer_cert()->c_str());
-  arg->status = cpp_arg.status();
-  arg->error_details = gpr_strdup(cpp_arg.error_details()->c_str());
-  return schedule_output;
-}
-
-void tls_server_authorization_check_config_c_cancel(
-    void* config_user_data, grpc_tls_server_authorization_check_arg* arg) {
-  TlsServerAuthorizationCheckConfig* cpp_config =
-      static_cast<TlsServerAuthorizationCheckConfig*>(arg->config->context());
-  TlsServerAuthorizationCheckArg cpp_arg(*arg);
-  cpp_config->Cancel(&cpp_arg);
-  arg->cb_user_data = cpp_arg.cb_user_data();
-  arg->success = cpp_arg.success();
-  arg->target_name = gpr_strdup(cpp_arg.target_name()->c_str());
-  arg->peer_cert = gpr_strdup(cpp_arg.peer_cert()->c_str());
-  arg->status = cpp_arg.status();
-  arg->error_details = gpr_strdup(cpp_arg.error_details()->c_str());
+void TlsServerAuthorizationCheckArg::OnServerAuthorizationCheckDoneCallback() {
+  c_arg_.cb(&c_arg_);
 }

 /** gRPC TLS server authorization check config API implementation **/
@ -309,13 +195,13 @@ grpc_tls_credentials_options* TlsCredentialsOptions::c_credentials_options()
  c_options->set_cert_request_type(cert_request_type_);
  c_options->set_key_materials_config(
      ::grpc_core::RefCountedPtr<grpc_tls_key_materials_config>(
-          c_key_materials(key_materials_config_)));
+          ConvertToCKeyMaterialsConfig(key_materials_config_)));
  c_options->set_credential_reload_config(
      ::grpc_core::RefCountedPtr<grpc_tls_credential_reload_config>(
-          credential_reload_config_->c_credential_reload()));
+          credential_reload_config_->c_config()));
  c_options->set_server_authorization_check_config(
      ::grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>(
-          server_authorization_check_config_->c_server_authorization_check()));
+          server_authorization_check_config_->c_config()));
  return c_options;
 }

--- a/src/cpp/common/tls_credentials_options_util.cc
+++ b/src/cpp/common/tls_credentials_options_util.cc
@ -0,0 +1,137 @@
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include "src/cpp/common/tls_credentials_options_util.h"
+#include <grpcpp/security/tls_credentials_options.h>
+
+namespace grpc_impl {
+namespace experimental {
+
+/** Creates a new C struct for the key materials. Note that the user must free
+ * the underlying pointer to private key and cert chain duplicates; they are not
+ * freed when the UniquePtr<char> member variables of PemKeyCertPair are unused.
+ * Similarly, the user must free the underlying pointer to c_pem_root_certs. **/
+grpc_tls_key_materials_config* ConvertToCKeyMaterialsConfig(
+    const std::shared_ptr<TlsKeyMaterialsConfig>& config) {
+  grpc_tls_key_materials_config* c_config =
+      grpc_tls_key_materials_config_create();
+  ::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1>
+      c_pem_key_cert_pair_list;
+  for (auto key_cert_pair = config->pem_key_cert_pair_list().begin();
+       key_cert_pair != config->pem_key_cert_pair_list().end();
+       key_cert_pair++) {
+    grpc_ssl_pem_key_cert_pair* ssl_pair =
+        (grpc_ssl_pem_key_cert_pair*)gpr_malloc(
+            sizeof(grpc_ssl_pem_key_cert_pair));
+    ssl_pair->private_key = gpr_strdup(key_cert_pair->private_key.c_str());
+    ssl_pair->cert_chain = gpr_strdup(key_cert_pair->cert_chain.c_str());
+    ::grpc_core::PemKeyCertPair c_pem_key_cert_pair =
+        ::grpc_core::PemKeyCertPair(ssl_pair);
+    c_pem_key_cert_pair_list.push_back(::std::move(c_pem_key_cert_pair));
+  }
+  ::grpc_core::UniquePtr<char> c_pem_root_certs(
+      gpr_strdup(config->pem_root_certs().c_str()));
+  c_config->set_key_materials(std::move(c_pem_root_certs),
+                              std::move(c_pem_key_cert_pair_list));
+  c_config->set_version(config->version());
+  return c_config;
+}
+
+/** Creates a new TlsKeyMaterialsConfig from a C struct config. **/
+std::shared_ptr<TlsKeyMaterialsConfig> ConvertToCppKeyMaterialsConfig(
+    const grpc_tls_key_materials_config* config) {
+  std::shared_ptr<TlsKeyMaterialsConfig> cpp_config(
+      new TlsKeyMaterialsConfig());
+  std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> cpp_pem_key_cert_pair_list;
+  grpc_tls_key_materials_config::PemKeyCertPairList pem_key_cert_pair_list =
+      config->pem_key_cert_pair_list();
+  for (size_t i = 0; i < pem_key_cert_pair_list.size(); i++) {
+    ::grpc_core::PemKeyCertPair key_cert_pair = pem_key_cert_pair_list[i];
+    TlsKeyMaterialsConfig::PemKeyCertPair p = {
+        // gpr_strdup(key_cert_pair.private_key()),
+        // gpr_strdup(key_cert_pair.cert_chain())};
+        key_cert_pair.private_key(), key_cert_pair.cert_chain()};
+    cpp_pem_key_cert_pair_list.push_back(::std::move(p));
+  }
+  cpp_config->set_key_materials(std::move(config->pem_root_certs()),
+                                std::move(cpp_pem_key_cert_pair_list));
+  cpp_config->set_version(config->version());
+  return cpp_config;
+}
+
+/** The C schedule and cancel functions for the credential reload config. **/
+int tls_credential_reload_config_c_schedule(
+    void* config_user_data, grpc_tls_credential_reload_arg* arg) {
+  TlsCredentialReloadConfig* cpp_config =
+      static_cast<TlsCredentialReloadConfig*>(arg->config->context());
+  TlsCredentialReloadArg cpp_arg(*arg);
+  int schedule_output = cpp_config->Schedule(&cpp_arg);
+  arg->cb_user_data = cpp_arg.cb_user_data();
+  arg->key_materials_config =
+      ConvertToCKeyMaterialsConfig(cpp_arg.key_materials_config());
+  arg->status = cpp_arg.status();
+  arg->error_details = gpr_strdup(cpp_arg.error_details().c_str());
+  return schedule_output;
+}
+
+void tls_credential_reload_config_c_cancel(
+    void* config_user_data, grpc_tls_credential_reload_arg* arg) {
+  TlsCredentialReloadConfig* cpp_config =
+      static_cast<TlsCredentialReloadConfig*>(arg->config->context());
+  TlsCredentialReloadArg cpp_arg(*arg);
+  cpp_config->Cancel(&cpp_arg);
+  arg->cb_user_data = cpp_arg.cb_user_data();
+  arg->key_materials_config =
+      ConvertToCKeyMaterialsConfig(cpp_arg.key_materials_config());
+  arg->status = cpp_arg.status();
+  arg->error_details = gpr_strdup(cpp_arg.error_details().c_str());
+}
+
+/** The C schedule and cancel functions for the server authorization check
+ * config. **/
+int tls_server_authorization_check_config_c_schedule(
+    void* config_user_data, grpc_tls_server_authorization_check_arg* arg) {
+  TlsServerAuthorizationCheckConfig* cpp_config =
+      static_cast<TlsServerAuthorizationCheckConfig*>(arg->config->context());
+  TlsServerAuthorizationCheckArg cpp_arg(*arg);
+  int schedule_output = cpp_config->Schedule(&cpp_arg);
+  arg->cb_user_data = cpp_arg.cb_user_data();
+  arg->success = cpp_arg.success();
+  arg->target_name = gpr_strdup(cpp_arg.target_name().c_str());
+  arg->peer_cert = gpr_strdup(cpp_arg.peer_cert().c_str());
+  arg->status = cpp_arg.status();
+  arg->error_details = gpr_strdup(cpp_arg.error_details().c_str());
+  return schedule_output;
+}
+
+void tls_server_authorization_check_config_c_cancel(
+    void* config_user_data, grpc_tls_server_authorization_check_arg* arg) {
+  TlsServerAuthorizationCheckConfig* cpp_config =
+      static_cast<TlsServerAuthorizationCheckConfig*>(arg->config->context());
+  TlsServerAuthorizationCheckArg cpp_arg(*arg);
+  cpp_config->Cancel(&cpp_arg);
+  arg->cb_user_data = cpp_arg.cb_user_data();
+  arg->success = cpp_arg.success();
+  arg->target_name = gpr_strdup(cpp_arg.target_name().c_str());
+  arg->peer_cert = gpr_strdup(cpp_arg.peer_cert().c_str());
+  arg->status = cpp_arg.status();
+  arg->error_details = gpr_strdup(cpp_arg.error_details().c_str());
+}
+
+}  // namespace experimental
+}  // namespace grpc_impl
--- a/src/cpp/common/tls_credentials_options_util.h
+++ b/src/cpp/common/tls_credentials_options_util.h
@ -0,0 +1,54 @@
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef GRPC_INTERNAL_CPP_COMMON_TLS_CREDENTIALS_OPTIONS_UTIL_H
+#define GRPC_INTERNAL_CPP_COMMON_TLS_CREDENTIALS_OPTIONS_UTIL_H
+
+#include <grpc/grpc_security.h>
+#include <grpcpp/security/tls_credentials_options.h>
+
+#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
+
+namespace grpc_impl {
+namespace experimental {
+
+/** The following 2 functions are exposed for testing purposes. **/
+grpc_tls_key_materials_config* ConvertToCKeyMaterialsConfig(
+    const std::shared_ptr<TlsKeyMaterialsConfig>& config);
+
+std::shared_ptr<TlsKeyMaterialsConfig> ConvertToCppKeyMaterialsConfig(
+    const grpc_tls_key_materials_config* config);
+
+/** The following 4 functions convert the user-provided schedule or cancel
+ * functions into C style schedule or cancel functions. **/
+int tls_credential_reload_config_c_schedule(
+    void* config_user_data, grpc_tls_credential_reload_arg* arg);
+
+void tls_credential_reload_config_c_cancel(void* config_user_data,
+                                           grpc_tls_credential_reload_arg* arg);
+
+int tls_server_authorization_check_config_c_schedule(
+    void* config_user_data, grpc_tls_server_authorization_check_arg* arg);
+
+void tls_server_authorization_check_config_c_cancel(
+    void* config_user_data, grpc_tls_server_authorization_check_arg* arg);
+
+}  //  namespace experimental
+}  // namespace grpc_impl
+
+#endif  // GRPC_INTERNAL_CPP_COMMON_TLS_CREDENTIALS_OPTIONS_UTIL_H
--- a/test/cpp/client/credentials_test.cc
+++ b/test/cpp/client/credentials_test.cc
@ -29,6 +29,7 @@
 #include "src/core/lib/gpr/tmpfile.h"
 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
 #include "src/cpp/client/secure_credentials.h"
+#include "src/cpp/common/tls_credentials_options_util.h"

 namespace {

@ -281,7 +282,8 @@ TEST_F(CredentialsTest, TlsKeyMaterialsConfigCppToC) {
                                                       "cert_chain"};
  std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pair_list = {pair};
  config->set_key_materials("pem_root_certs", pair_list);
-  grpc_tls_key_materials_config* c_config = c_key_materials(config);
+  grpc_tls_key_materials_config* c_config =
+      ConvertToCKeyMaterialsConfig(config);
  EXPECT_STREQ("pem_root_certs", c_config->pem_root_certs());
  EXPECT_EQ(1, static_cast<int>(c_config->pem_key_cert_pair_list().size()));
  EXPECT_STREQ(pair.private_key.c_str(),
@ -312,7 +314,7 @@ TEST_F(CredentialsTest, TlsKeyMaterialsCtoCpp) {
      ::grpc_core::UniquePtr<char>(gpr_strdup("pem_root_certs")),
      pem_key_cert_pair_list);
  std::shared_ptr<TlsKeyMaterialsConfig> cpp_config =
-      ::grpc_impl::experimental::tls_key_materials_c_to_cpp(&c_config);
+      ::grpc_impl::experimental::ConvertToCppKeyMaterialsConfig(&c_config);
  EXPECT_STREQ("pem_root_certs", cpp_config->pem_root_certs().c_str());
  std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> cpp_pair_list =
      cpp_config->pem_key_cert_pair_list();
@ -331,14 +333,15 @@ TEST_F(CredentialsTest, TlsCredentialReloadArgCallback) {
  c_arg.cb = tls_credential_reload_callback;
  TlsCredentialReloadArg arg = TlsCredentialReloadArg(c_arg);
  arg.set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
-  arg.callback();
+  arg.OnCredentialReloadDoneCallback();
  EXPECT_EQ(arg.status(), GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED);
 }

 TEST_F(CredentialsTest, TlsCredentialReloadConfigSchedule) {
  TlsCredentialReloadConfig config(nullptr, &tls_credential_reload_sync,
                                   nullptr, nullptr);
-  TlsCredentialReloadArg arg;
+  grpc_tls_credential_reload_arg c_arg;
+  TlsCredentialReloadArg arg(c_arg);
  arg.set_cb_user_data(static_cast<void*>(nullptr));
  std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config(
      new TlsKeyMaterialsConfig());
@ -365,7 +368,7 @@ TEST_F(CredentialsTest, TlsCredentialReloadConfigSchedule) {
  EXPECT_STREQ(pair_list[2].private_key.c_str(), "private_key3");
  EXPECT_STREQ(pair_list[2].cert_chain.c_str(), "cert_chain3");
  EXPECT_EQ(arg.status(), GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
-  EXPECT_STREQ(arg.error_details()->c_str(), "error_details");
+  EXPECT_STREQ(arg.error_details().c_str(), "error_details");
 }

 TEST_F(CredentialsTest, TlsCredentialReloadConfigCppToC) {
@ -396,7 +399,7 @@ TEST_F(CredentialsTest, TlsCredentialReloadConfigCppToC) {
  grpc::string test_error_details = "error_details";
  c_arg.error_details = test_error_details.c_str();

-  grpc_tls_credential_reload_config* c_config = config.c_credential_reload();
+  grpc_tls_credential_reload_config* c_config = config.c_config();
  c_arg.config = c_config;
  int c_schedule_output = c_config->Schedule(&c_arg);
  EXPECT_EQ(c_schedule_output, 0);
@ -428,12 +431,6 @@ typedef class ::grpc_impl::experimental::TlsServerAuthorizationCheckConfig
 TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCallback) {
  grpc_tls_server_authorization_check_arg c_arg;
  c_arg.cb = tls_server_authorization_check_callback;
-  //c_arg.cb_user_data = nullptr;
-  //c_arg.success = 0;
-  //c_arg.target_name = "target_name";
-  //c_arg.peer_cert = "peer_cert";
-  //c_arg.status = GRPC_STATUS_UNAUTHENTICATED;
-  //c_arg.error_details = "error_details";
  TlsServerAuthorizationCheckArg arg(c_arg);
  arg.set_cb_user_data(nullptr);
  arg.set_success(0);
@ -441,20 +438,21 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCallback) {
  arg.set_peer_cert("peer_cert");
  arg.set_status(GRPC_STATUS_UNAUTHENTICATED);
  arg.set_error_details("error_details");
-  arg.callback();
+  arg.OnServerAuthorizationCheckDoneCallback();
  EXPECT_STREQ(static_cast<char*>(arg.cb_user_data()), "cb_user_data");
  gpr_free(arg.cb_user_data());
  EXPECT_EQ(arg.success(), 1);
-  EXPECT_STREQ(arg.target_name()->c_str(), "callback_target_name");
-  EXPECT_STREQ(arg.peer_cert()->c_str(), "callback_peer_cert");
+  EXPECT_STREQ(arg.target_name().c_str(), "callback_target_name");
+  EXPECT_STREQ(arg.peer_cert().c_str(), "callback_peer_cert");
  EXPECT_EQ(arg.status(), GRPC_STATUS_OK);
-  EXPECT_STREQ(arg.error_details()->c_str(), "callback_error_details");
+  EXPECT_STREQ(arg.error_details().c_str(), "callback_error_details");
 }

 TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigSchedule) {
  TlsServerAuthorizationCheckConfig config = TlsServerAuthorizationCheckConfig(
      nullptr, &tls_server_authorization_check_sync, nullptr, nullptr);
-  TlsServerAuthorizationCheckArg arg;
+  grpc_tls_server_authorization_check_arg c_arg;
+  TlsServerAuthorizationCheckArg arg(c_arg);
  arg.set_cb_user_data(nullptr);
  arg.set_success(0);
  arg.set_target_name("target_name");
@ -466,10 +464,10 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigSchedule) {
  EXPECT_STREQ(static_cast<char*>(arg.cb_user_data()), "cb_user_data");
  gpr_free(arg.cb_user_data());
  EXPECT_EQ(arg.success(), 1);
-  EXPECT_STREQ(arg.target_name()->c_str(), "sync_target_name");
-  EXPECT_STREQ(arg.peer_cert()->c_str(), "sync_peer_cert");
+  EXPECT_STREQ(arg.target_name().c_str(), "sync_target_name");
+  EXPECT_STREQ(arg.peer_cert().c_str(), "sync_peer_cert");
  EXPECT_EQ(arg.status(), GRPC_STATUS_OK);
-  EXPECT_STREQ(arg.error_details()->c_str(), "sync_error_details");
+  EXPECT_STREQ(arg.error_details().c_str(), "sync_error_details");
 }

 TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigCppToC) {
@ -485,8 +483,7 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigCppToC) {
  c_arg.status = GRPC_STATUS_UNAUTHENTICATED;
  c_arg.error_details = "error_details";

-  grpc_tls_server_authorization_check_config* c_config =
-      config.c_server_authorization_check();
+  grpc_tls_server_authorization_check_config* c_config = config.c_config();
  c_arg.config = c_config;
  int c_schedule_output = c_config->Schedule(&c_arg);
  EXPECT_EQ(c_schedule_output, 1);
--- a/tools/doxygen/Doxyfile.c++.internal
+++ b/tools/doxygen/Doxyfile.c++.internal
@ -1266,6 +1266,8 @@ src/cpp/common/secure_auth_context.h \
 src/cpp/common/secure_channel_arguments.cc \
 src/cpp/common/secure_create_auth_context.cc \
 src/cpp/common/tls_credentials_options.cc \
+src/cpp/common/tls_credentials_options_util.cc \
+src/cpp/common/tls_credentials_options_util.h \
 src/cpp/common/validate_service_config.cc \
 src/cpp/common/version_cc.cc \
 src/cpp/server/async_generic_service.cc \