Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Revert "Introduce empty targets to ease the internal merge of #25586 (#28122)" (#28172)

Browse Source 
This reverts commit 171c64eee2.
pull/28176/head
Craig Tiller 3 years ago committed by GitHub
parent 9b07a81b1a
commit e5d0b95870
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 233 additions and 407 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 499
      BUILD
  2. 11
      src/core/lib/security/credentials/ssl/ssl_credentials.cc
  3. 4
      src/core/lib/security/security_connector/security_connector.cc
  4. 6
      src/core/lib/security/security_connector/security_connector.h
  5. 34
      src/core/lib/security/security_connector/ssl_utils.cc
  6. 17
      src/core/lib/security/security_connector/ssl_utils.h
  7. 1
      src/core/lib/security/security_connector/tls/tls_security_connector.cc
  8. 7
      src/core/lib/security/transport/auth_filters.h
  9. 18
      src/core/lib/security/transport/client_auth_filter.cc
  10. 3
      test/core/security/insecure_security_connector_test.cc
  11. 22
      test/core/security/security_connector_test.cc
  12. 1
      test/core/security/ssl_credentials_test.cc
  13. 1
      test/core/tsi/alts/crypt/BUILD
  14. 6
      test/core/tsi/alts/frame_protector/BUILD
  15. 7
      test/core/tsi/alts/handshaker/BUILD
  16. 3
      test/core/tsi/alts/zero_copy_frame_protector/BUILD

499
BUILD
Unescape View File

@ -537,9 +537,7 @@ grpc_cc_library(
"grpc++_codegen_proto",
"grpc_base",
"grpc_codegen",
"grpc_credentials_util",
"grpc_secure",
"grpc_security_base",
"json",
"ref_counted_ptr",
"slice",
@ -719,7 +717,6 @@ grpc_cc_library(
"gpr_base",
"grpc++",
"tsi",
"tsi_alts_credentials",
],
)
@ -2499,7 +2496,6 @@ grpc_cc_library(
"grpc_lb_upb",
"grpc_resolver_fake",
"grpc_secure",
"grpc_security_base",
"grpc_transport_chttp2_client_secure",
"orphanable",
"protobuf_duration_upb",
@ -2535,7 +2531,6 @@ grpc_cc_library(
"grpc_client_channel",
"grpc_codegen",
"grpc_secure",
"grpc_security_base",
"json",
"json_util",
"orphanable",
@ -2602,13 +2597,10 @@ grpc_cc_library(
"grpc_base",
"grpc_client_channel",
"grpc_codegen",
"grpc_credentials_util",
"grpc_fault_injection_filter",
"grpc_lb_xds_channel_args",
"grpc_matchers",
"grpc_secure",
"grpc_security_base",
"grpc_tls_credentials",
"grpc_transport_chttp2_client_secure",
"json",
"json_util",
@ -2940,7 +2932,6 @@ grpc_cc_library(
"grpc++_base",
"grpc_base",
"grpc_secure",
"grpc_security_base",
"slice",
],
alwayslink = 1,
@ -3219,31 +3210,18 @@ grpc_cc_library(
],
)
grpc_cc_library(
name = "grpc_httpcli_security_connector",
srcs = [
"src/core/lib/http/httpcli_security_connector.cc",
],
external_deps = [
"absl/strings",
],
language = "c++",
deps = [
"config",
"gpr_base",
"grpc_base",
"grpc_security_base",
"ref_counted_ptr",
"tsi_ssl_credentials",
],
)
grpc_cc_library(
name = "grpc_secure",
srcs = [
"src/core/lib/http/httpcli_security_connector.cc",
"src/core/lib/security/authorization/authorization_policy_provider_vtable.cc",
"src/core/lib/security/authorization/evaluate_args.cc",
"src/core/lib/security/authorization/sdk_server_authz_filter.cc",
"src/core/lib/security/context/security_context.cc",
"src/core/lib/security/credentials/alts/alts_credentials.cc",
"src/core/lib/security/credentials/composite/composite_credentials.cc",
"src/core/lib/security/credentials/credentials.cc",
"src/core/lib/security/credentials/credentials_metadata.cc",
"src/core/lib/security/credentials/external/aws_external_account_credentials.cc",
"src/core/lib/security/credentials/external/aws_request_signer.cc",
"src/core/lib/security/credentials/external/external_account_credentials.cc",
@ -3254,11 +3232,36 @@ grpc_cc_library(
"src/core/lib/security/credentials/google_default/google_default_credentials.cc",
"src/core/lib/security/credentials/iam/iam_credentials.cc",
"src/core/lib/security/credentials/insecure/insecure_credentials.cc",
"src/core/lib/security/credentials/jwt/json_token.cc",
"src/core/lib/security/credentials/jwt/jwt_credentials.cc",
"src/core/lib/security/credentials/jwt/jwt_verifier.cc",
"src/core/lib/security/credentials/local/local_credentials.cc",
"src/core/lib/security/credentials/oauth2/oauth2_credentials.cc",
"src/core/lib/security/credentials/plugin/plugin_credentials.cc",
"src/core/lib/security/credentials/ssl/ssl_credentials.cc",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc",
"src/core/lib/security/credentials/tls/tls_credentials.cc",
"src/core/lib/security/credentials/tls/tls_utils.cc",
"src/core/lib/security/security_connector/alts/alts_security_connector.cc",
"src/core/lib/security/security_connector/fake/fake_security_connector.cc",
"src/core/lib/security/security_connector/insecure/insecure_security_connector.cc",
"src/core/lib/security/security_connector/load_system_roots_fallback.cc",
"src/core/lib/security/security_connector/load_system_roots_linux.cc",
"src/core/lib/security/security_connector/local/local_security_connector.cc",
"src/core/lib/security/security_connector/security_connector.cc",
"src/core/lib/security/security_connector/ssl/ssl_security_connector.cc",
"src/core/lib/security/security_connector/ssl_utils.cc",
"src/core/lib/security/security_connector/ssl_utils_config.cc",
"src/core/lib/security/security_connector/tls/tls_security_connector.cc",
"src/core/lib/security/transport/client_auth_filter.cc",
"src/core/lib/security/transport/secure_endpoint.cc",
"src/core/lib/security/transport/security_handshaker.cc",
"src/core/lib/security/transport/server_auth_filter.cc",
"src/core/lib/security/transport/tsi_error.cc",
"src/core/lib/security/util/json_util.cc",
"src/core/lib/surface/init_secure.cc",
],
hdrs = [
@ -3268,6 +3271,10 @@ grpc_cc_library(
"src/core/lib/security/authorization/authorization_policy_provider.h",
"src/core/lib/security/authorization/evaluate_args.h",
"src/core/lib/security/authorization/sdk_server_authz_filter.h",
"src/core/lib/security/context/security_context.h",
"src/core/lib/security/credentials/alts/alts_credentials.h",
"src/core/lib/security/credentials/composite/composite_credentials.h",
"src/core/lib/security/credentials/credentials.h",
"src/core/lib/security/credentials/external/aws_external_account_credentials.h",
"src/core/lib/security/credentials/external/aws_request_signer.h",
"src/core/lib/security/credentials/external/external_account_credentials.h",
@ -3276,11 +3283,35 @@ grpc_cc_library(
"src/core/lib/security/credentials/fake/fake_credentials.h",
"src/core/lib/security/credentials/google_default/google_default_credentials.h",
"src/core/lib/security/credentials/iam/iam_credentials.h",
"src/core/lib/security/credentials/jwt/json_token.h",
"src/core/lib/security/credentials/jwt/jwt_credentials.h",
"src/core/lib/security/credentials/jwt/jwt_verifier.h",
"src/core/lib/security/credentials/local/local_credentials.h",
"src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h",
"src/core/lib/security/credentials/tls/tls_credentials.h",
"src/core/lib/security/credentials/tls/tls_utils.h",
"src/core/lib/security/security_connector/alts/alts_security_connector.h",
"src/core/lib/security/security_connector/fake/fake_security_connector.h",
"src/core/lib/security/security_connector/insecure/insecure_security_connector.h",
"src/core/lib/security/security_connector/load_system_roots.h",
"src/core/lib/security/security_connector/load_system_roots_linux.h",
"src/core/lib/security/security_connector/local/local_security_connector.h",
"src/core/lib/security/security_connector/security_connector.h",
"src/core/lib/security/security_connector/ssl/ssl_security_connector.h",
"src/core/lib/security/security_connector/ssl_utils.h",
"src/core/lib/security/security_connector/ssl_utils_config.h",
"src/core/lib/security/security_connector/tls/tls_security_connector.h",
"src/core/lib/security/transport/auth_filters.h",
"src/core/lib/security/transport/secure_endpoint.h",
"src/core/lib/security/transport/security_handshaker.h",
"src/core/lib/security/transport/tsi_error.h",
"src/core/lib/security/util/json_util.h",
],
external_deps = [
"absl/container:inlined_vector",
@ -3299,17 +3330,10 @@ grpc_cc_library(
"config",
"error",
"gpr_base",
"grpc_alts_credentials",
"grpc_base",
"grpc_client_channel",
"grpc_codegen",
"grpc_credentials_util",
"grpc_httpcli_security_connector",
"grpc_jwt_credentials",
"grpc_lb_xds_channel_args",
"grpc_security_base",
"grpc_ssl_credentials",
"grpc_tls_credentials",
"grpc_trace",
"grpc_transport_chttp2_alpn",
"json",
@ -3318,331 +3342,11 @@ grpc_cc_library(
"slice",
"slice_refcount",
"tsi",
"tsi_base",
"useful",
],
)
grpc_cc_library(
name = "tsi_ssl_types",
hdrs = [
"src/core/tsi/ssl_types.h",
],
external_deps = [
"libssl",
],
language = "c++",
)
grpc_cc_library(
name = "tsi_base",
srcs = [
"src/core/tsi/transport_security.cc",
"src/core/tsi/transport_security_grpc.cc",
],
hdrs = [
"src/core/tsi/transport_security.h",
"src/core/tsi/transport_security_grpc.h",
"src/core/tsi/transport_security_interface.h",
],
language = "c++",
visibility = ["@grpc:tsi_interface"],
deps = [
"gpr",
"grpc_trace",
],
)
grpc_cc_library(
name = "grpc_security_base",
srcs = [
"src/core/lib/security/context/security_context.cc",
"src/core/lib/security/credentials/composite/composite_credentials.cc",
"src/core/lib/security/credentials/credentials.cc",
"src/core/lib/security/credentials/credentials_metadata.cc",
"src/core/lib/security/credentials/plugin/plugin_credentials.cc",
"src/core/lib/security/security_connector/security_connector.cc",
"src/core/lib/security/transport/client_auth_filter.cc",
"src/core/lib/security/transport/secure_endpoint.cc",
"src/core/lib/security/transport/security_handshaker.cc",
"src/core/lib/security/transport/server_auth_filter.cc",
"src/core/lib/security/transport/tsi_error.cc",
],
hdrs = [
"src/core/lib/security/context/security_context.h",
"src/core/lib/security/credentials/composite/composite_credentials.h",
"src/core/lib/security/credentials/credentials.h",
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/security_connector/security_connector.h",
"src/core/lib/security/transport/auth_filters.h",
"src/core/lib/security/transport/secure_endpoint.h",
"src/core/lib/security/transport/security_handshaker.h",
"src/core/lib/security/transport/tsi_error.h",
],
external_deps = [
"absl/strings",
"absl/strings:str_format",
"absl/time",
],
language = "c++",
public_hdrs = GRPC_SECURE_PUBLIC_HDRS,
visibility = ["@grpc:public"],
deps = [
"config",
"gpr_base",
"grpc_base",
"grpc_trace",
"json",
"ref_counted",
"ref_counted_ptr",
"tsi_base",
],
)
grpc_cc_library(
name = "grpc_credentials_util",
srcs = [
"src/core/lib/security/credentials/tls/tls_utils.cc",
"src/core/lib/security/security_connector/load_system_roots_fallback.cc",
"src/core/lib/security/security_connector/load_system_roots_linux.cc",
"src/core/lib/security/util/json_util.cc",
],
hdrs = [
"src/core/lib/security/credentials/tls/tls_utils.h",
"src/core/lib/security/security_connector/load_system_roots.h",
"src/core/lib/security/security_connector/load_system_roots_linux.h",
"src/core/lib/security/util/json_util.h",
],
external_deps = [
"absl/container:inlined_vector",
"absl/strings",
],
language = "c++",
visibility = ["@grpc:public"],
deps = [
"gpr_base",
"grpc_base",
"grpc_security_base",
"tsi_interface",
"useful",
],
)
grpc_cc_library(
name = "tsi_alts_credentials",
srcs = [
"src/core/tsi/alts/crypt/aes_gcm.cc",
"src/core/tsi/alts/crypt/gsec.cc",
"src/core/tsi/alts/frame_protector/alts_counter.cc",
"src/core/tsi/alts/frame_protector/alts_crypter.cc",
"src/core/tsi/alts/frame_protector/alts_frame_protector.cc",
"src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc",
"src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc",
"src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc",
"src/core/tsi/alts/frame_protector/frame_handler.cc",
"src/core/tsi/alts/handshaker/alts_handshaker_client.cc",
"src/core/tsi/alts/handshaker/alts_shared_resource.cc",
"src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc",
"src/core/tsi/alts/handshaker/alts_tsi_utils.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc",
],
hdrs = [
"src/core/tsi/alts/crypt/gsec.h",
"src/core/tsi/alts/frame_protector/alts_counter.h",
"src/core/tsi/alts/frame_protector/alts_crypter.h",
"src/core/tsi/alts/frame_protector/alts_frame_protector.h",
"src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h",
"src/core/tsi/alts/frame_protector/frame_handler.h",
"src/core/tsi/alts/handshaker/alts_handshaker_client.h",
"src/core/tsi/alts/handshaker/alts_shared_resource.h",
"src/core/tsi/alts/handshaker/alts_tsi_handshaker.h",
"src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h",
"src/core/tsi/alts/handshaker/alts_tsi_utils.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h",
],
external_deps = [
"libssl",
"libcrypto",
"upb_lib",
],
language = "c++",
visibility = ["@grpc:public"],
deps = [
"alts_util",
"config",
"error",
"gpr_base",
"grpc_base",
"tsi_base",
"useful",
],
)
grpc_cc_library(
name = "tsi_ssl_credentials",
srcs = [
"src/core/lib/security/security_connector/ssl_utils.cc",
"src/core/lib/security/security_connector/ssl_utils_config.cc",
"src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc",
"src/core/tsi/ssl/session_cache/ssl_session_cache.cc",
"src/core/tsi/ssl/session_cache/ssl_session_openssl.cc",
"src/core/tsi/ssl_transport_security.cc",
],
hdrs = [
"src/core/lib/security/security_connector/ssl_utils.h",
"src/core/lib/security/security_connector/ssl_utils_config.h",
"src/core/tsi/ssl/session_cache/ssl_session.h",
"src/core/tsi/ssl/session_cache/ssl_session_cache.h",
"src/core/tsi/ssl_transport_security.h",
],
external_deps = [
"absl/strings",
"libssl",
"libcrypto",
],
language = "c++",
visibility = ["@grpc:public"],
deps = [
"gpr_base",
"grpc_base",
"grpc_credentials_util",
"grpc_security_base",
"grpc_transport_chttp2_alpn",
"ref_counted_ptr",
"tsi_base",
"tsi_ssl_types",
"useful",
],
)
grpc_cc_library(
name = "grpc_jwt_credentials",
srcs = [
"src/core/lib/security/credentials/jwt/json_token.cc",
"src/core/lib/security/credentials/jwt/jwt_credentials.cc",
"src/core/lib/security/credentials/jwt/jwt_verifier.cc",
],
hdrs = [
"src/core/lib/security/credentials/jwt/json_token.h",
"src/core/lib/security/credentials/jwt/jwt_credentials.h",
"src/core/lib/security/credentials/jwt/jwt_verifier.h",
],
external_deps = [
"absl/strings",
"libcrypto",
"libssl",
],
language = "c++",
visibility = ["@grpc:public"],
deps = [
"gpr_base",
"grpc_base",
"grpc_credentials_util",
"grpc_security_base",
"json",
"ref_counted",
"ref_counted_ptr",
"tsi_ssl_types",
],
)
grpc_cc_library(
name = "grpc_alts_credentials",
srcs = [
"src/core/lib/security/credentials/alts/alts_credentials.cc",
"src/core/lib/security/security_connector/alts/alts_security_connector.cc",
],
hdrs = [
"src/core/lib/security/credentials/alts/alts_credentials.h",
"src/core/lib/security/security_connector/alts/alts_security_connector.h",
],
external_deps = [
"libssl",
"upb_lib",
"upb_lib_descriptor",
],
language = "c++",
visibility = ["@grpc:public"],
deps = [
"alts_util",
"gpr_base",
"grpc_base",
"grpc_security_base",
"ref_counted_ptr",
"tsi_alts_credentials",
"tsi_base",
],
)
grpc_cc_library(
name = "grpc_ssl_credentials",
srcs = [
"src/core/lib/security/credentials/ssl/ssl_credentials.cc",
"src/core/lib/security/security_connector/ssl/ssl_security_connector.cc",
],
hdrs = [
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/security_connector/ssl/ssl_security_connector.h",
],
external_deps = [
"absl/strings",
"absl/strings:str_format",
],
language = "c++",
deps = [
"gpr_base",
"grpc_base",
"grpc_credentials_util",
"grpc_security_base",
"grpc_transport_chttp2_alpn",
"ref_counted_ptr",
"tsi_base",
"tsi_ssl_credentials",
],
)
grpc_cc_library(
name = "grpc_tls_credentials",
srcs = [
"src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc",
"src/core/lib/security/credentials/tls/tls_credentials.cc",
"src/core/lib/security/security_connector/tls/tls_security_connector.cc",
],
hdrs = [
"src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h",
"src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h",
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h",
"src/core/lib/security/credentials/tls/tls_credentials.h",
"src/core/lib/security/security_connector/tls/tls_security_connector.h",
],
external_deps = [
"absl/functional:bind_front",
"absl/strings",
"libssl",
],
language = "c++",
deps = [
"gpr_base",
"grpc_base",
"grpc_credentials_util",
"grpc_security_base",
"tsi_base",
"tsi_ssl_credentials",
],
)
grpc_cc_library(
name = "grpc_mock_cel",
hdrs = [
@ -3970,7 +3674,6 @@ grpc_cc_library(
"grpc_base",
"grpc_client_channel",
"grpc_secure",
"grpc_security_base",
"grpc_transport_chttp2",
"grpc_transport_chttp2_client_connector",
"slice",
@ -4035,7 +3738,6 @@ grpc_cc_library(
"gpr_base",
"grpc_base",
"grpc_secure",
"grpc_security_base",
"grpc_transport_chttp2",
"grpc_transport_chttp2_server",
"ref_counted_ptr",
@ -4062,12 +3764,66 @@ grpc_cc_library(
grpc_cc_library(
name = "tsi_interface",
srcs = [
"src/core/tsi/transport_security.cc",
],
hdrs = [
"src/core/tsi/transport_security.h",
"src/core/tsi/transport_security_interface.h",
],
language = "c++",
visibility = ["@grpc:tsi_interface"],
deps = [
"gpr",
"grpc_trace",
"tsi_base",
],
)
grpc_cc_library(
name = "alts_frame_protector",
srcs = [
"src/core/tsi/alts/crypt/aes_gcm.cc",
"src/core/tsi/alts/crypt/gsec.cc",
"src/core/tsi/alts/frame_protector/alts_counter.cc",
"src/core/tsi/alts/frame_protector/alts_crypter.cc",
"src/core/tsi/alts/frame_protector/alts_frame_protector.cc",
"src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc",
"src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc",
"src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc",
"src/core/tsi/alts/frame_protector/frame_handler.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc",
"src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc",
],
hdrs = [
"src/core/tsi/alts/crypt/gsec.h",
"src/core/tsi/alts/frame_protector/alts_counter.h",
"src/core/tsi/alts/frame_protector/alts_crypter.h",
"src/core/tsi/alts/frame_protector/alts_frame_protector.h",
"src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h",
"src/core/tsi/alts/frame_protector/frame_handler.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h",
"src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h",
"src/core/tsi/transport_security_grpc.h",
],
external_deps = [
"libssl",
"libcrypto",
],
language = "c++",
visibility = ["@grpc:alts_frame_protector"],
deps = [
"gpr_base",
"grpc_base",
"slice",
"tsi_interface",
"useful",
],
)
@ -4104,12 +3860,31 @@ grpc_cc_library(
grpc_cc_library(
name = "tsi",
srcs = [
"src/core/tsi/alts/handshaker/alts_handshaker_client.cc",
"src/core/tsi/alts/handshaker/alts_shared_resource.cc",
"src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc",
"src/core/tsi/alts/handshaker/alts_tsi_utils.cc",
"src/core/tsi/fake_transport_security.cc",
"src/core/tsi/local_transport_security.cc",
"src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc",
"src/core/tsi/ssl/session_cache/ssl_session_cache.cc",
"src/core/tsi/ssl/session_cache/ssl_session_openssl.cc",
"src/core/tsi/ssl_transport_security.cc",
"src/core/tsi/transport_security_grpc.cc",
],
hdrs = [
"src/core/tsi/alts/handshaker/alts_handshaker_client.h",
"src/core/tsi/alts/handshaker/alts_shared_resource.h",
"src/core/tsi/alts/handshaker/alts_tsi_handshaker.h",
"src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h",
"src/core/tsi/alts/handshaker/alts_tsi_utils.h",
"src/core/tsi/fake_transport_security.h",
"src/core/tsi/local_transport_security.h",
"src/core/tsi/ssl/session_cache/ssl_session.h",
"src/core/tsi/ssl/session_cache/ssl_session_cache.h",
"src/core/tsi/ssl_transport_security.h",
"src/core/tsi/ssl_types.h",
"src/core/tsi/transport_security_grpc.h",
],
external_deps = [
"libssl",
@ -4120,15 +3895,13 @@ grpc_cc_library(
language = "c++",
visibility = ["@grpc:tsi"],
deps = [
"alts_frame_protector",
"alts_util",
"gpr_base",
"grpc_base",
"grpc_transport_chttp2_client_insecure",
"slice",
"tsi_alts_credentials",
"tsi_base",
"tsi_ssl_credentials",
"tsi_ssl_types",
"tsi_interface",
"useful",
],
)

11
src/core/lib/security/credentials/ssl/ssl_credentials.cc
Unescape View File

@ -27,7 +27,6 @@
#include <grpc/support/string_util.h>
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/security/security_connector/ssl_utils.h"
#include "src/core/lib/surface/api_trace.h"
#include "src/core/tsi/ssl_transport_security.h"
@ -35,6 +34,16 @@
// SSL Channel Credentials.
//
void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair* kp,
size_t num_key_cert_pairs) {
if (kp == nullptr) return;
for (size_t i = 0; i < num_key_cert_pairs; i++) {
gpr_free(const_cast<char*>(kp[i].private_key));
gpr_free(const_cast<char*>(kp[i].cert_chain));
}
gpr_free(kp);
}
grpc_ssl_credentials::grpc_ssl_credentials(
const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
const grpc_ssl_verify_peer_options* verify_options)

4
src/core/lib/security/security_connector/security_connector.cc
Unescape View File

@ -25,11 +25,15 @@
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/channel/handshaker.h"
#include "src/core/lib/gpr/string.h"
#include "src/core/lib/gprpp/host_port.h"
#include "src/core/lib/iomgr/load_file.h"
#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/security_connector/load_system_roots.h"
#include "src/core/lib/security/security_connector/security_connector.h"
#include "src/core/lib/security/transport/security_handshaker.h"

6
src/core/lib/security/security_connector/security_connector.h
Unescape View File

@ -30,15 +30,11 @@
#include "src/core/lib/iomgr/endpoint.h"
#include "src/core/lib/iomgr/pollset.h"
#include "src/core/lib/iomgr/tcp_server.h"
#include "src/core/tsi/ssl_transport_security.h"
#include "src/core/tsi/transport_security_interface.h"
extern grpc_core::DebugOnlyTraceFlag grpc_trace_security_connector_refcount;
/* --- URL schemes. --- */
#define GRPC_SSL_URL_SCHEME "https"
#define GRPC_FAKE_SECURITY_URL_SCHEME "http+fake_security"
typedef enum { GRPC_SECURITY_OK = 0, GRPC_SECURITY_ERROR } grpc_security_status;
/* --- security_connector object. ---

34
src/core/lib/security/security_connector/ssl_utils.cc
Unescape View File

@ -92,6 +92,30 @@ const char* grpc_get_ssl_cipher_suites(void) {
return cipher_suites;
}
grpc_security_level grpc_tsi_security_level_string_to_enum(
const char* security_level) {
if (strcmp(security_level, "TSI_INTEGRITY_ONLY") == 0) {
return GRPC_INTEGRITY_ONLY;
} else if (strcmp(security_level, "TSI_PRIVACY_AND_INTEGRITY") == 0) {
return GRPC_PRIVACY_AND_INTEGRITY;
}
return GRPC_SECURITY_NONE;
}
const char* grpc_security_level_to_string(grpc_security_level security_level) {
if (security_level == GRPC_PRIVACY_AND_INTEGRITY) {
return "GRPC_PRIVACY_AND_INTEGRITY";
} else if (security_level == GRPC_INTEGRITY_ONLY) {
return "GRPC_INTEGRITY_ONLY";
}
return "GRPC_SECURITY_NONE";
}
bool grpc_check_security_level(grpc_security_level channel_level,
grpc_security_level call_cred_level) {
return static_cast<int>(channel_level) >= static_cast<int>(call_cred_level);
}
tsi_client_certificate_request_type
grpc_get_tsi_client_certificate_request_type(
grpc_ssl_client_certificate_request_type grpc_request_type) {
@ -155,16 +179,6 @@ grpc_error_handle grpc_ssl_check_peer_name(absl::string_view peer_name,
return GRPC_ERROR_NONE;
}
void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair* kp,
size_t num_key_cert_pairs) {
if (kp == nullptr) return;
for (size_t i = 0; i < num_key_cert_pairs; i++) {
gpr_free(const_cast<char*>(kp[i].private_key));
gpr_free(const_cast<char*>(kp[i].cert_chain));
}
gpr_free(kp);
}
bool grpc_ssl_check_call_host(absl::string_view host,
absl::string_view target_name,
absl::string_view overridden_target_name,

17
src/core/lib/security/security_connector/ssl_utils.h
Unescape View File

@ -40,6 +40,9 @@
/* --- Util --- */
/* --- URL schemes. --- */
#define GRPC_SSL_URL_SCHEME "https"
/* Check ALPN information returned from SSL handshakes. */
grpc_error_handle grpc_ssl_check_alpn(const tsi_peer* peer);
@ -66,9 +69,20 @@ tsi_client_certificate_request_type
grpc_get_tsi_client_certificate_request_type(
grpc_ssl_client_certificate_request_type grpc_request_type);
/* Map tsi_security_level string to grpc_security_level enum. */
grpc_security_level grpc_tsi_security_level_string_to_enum(
const char* security_level);
/* Map grpc_tls_version to tsi_tls_version. */
tsi_tls_version grpc_get_tsi_tls_version(grpc_tls_version tls_version);
/* Map grpc_security_level enum to a string. */
const char* grpc_security_level_to_string(grpc_security_level security_level);
/* Check security level of channel and call credential.*/
bool grpc_check_security_level(grpc_security_level channel_level,
grpc_security_level call_cred_level);
/* Return an array of strings containing alpn protocols. */
const char** grpc_fill_alpn_protocol_strings(size_t* num_alpn_protocols);
@ -86,9 +100,6 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
tsi_tls_version min_tls_version, tsi_tls_version max_tls_version,
tsi_ssl_server_handshaker_factory** handshaker_factory);
/* Free the memory occupied by key cert pairs. */
void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair* kp,
size_t num_key_cert_pairs);
/* Exposed for testing only. */
grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context(
const tsi_peer* peer, const char* transport_security_type);

1
src/core/lib/security/security_connector/tls/tls_security_connector.cc
Unescape View File

@ -34,6 +34,7 @@
#include <grpc/support/string_util.h>
#include "src/core/lib/gprpp/host_port.h"
#include "src/core/lib/security/credentials/ssl/ssl_credentials.h"
#include "src/core/lib/security/credentials/tls/tls_credentials.h"
#include "src/core/lib/security/security_connector/ssl_utils.h"
#include "src/core/lib/security/transport/security_handshaker.h"

7
src/core/lib/security/transport/auth_filters.h
Unescape View File

@ -33,11 +33,4 @@ void grpc_auth_metadata_context_build(
const grpc_slice& call_method, grpc_auth_context* auth_context,
grpc_auth_metadata_context* auth_md_context);
// Exposed for testing purposes only.
// Check if the channel's security level is higher or equal to
// that of call credentials to make a decision whether the transfer
// of call credentials should be allowed or not.
bool grpc_check_security_level(grpc_security_level channel_level,
grpc_security_level call_cred_level);
#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H */

18
src/core/lib/security/transport/client_auth_filter.cc
Unescape View File

@ -34,6 +34,7 @@
#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/security_connector/security_connector.h"
#include "src/core/lib/security/security_connector/ssl_utils.h"
#include "src/core/lib/security/transport/auth_filters.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/slice/slice_string_helpers.h"
@ -233,21 +234,6 @@ static void cancel_get_request_metadata(void* arg, grpc_error_handle error) {
GRPC_CALL_STACK_UNREF(calld->owning_call, "cancel_get_request_metadata");
}
static grpc_security_level convert_security_level_string_to_enum(
const char* security_level) {
if (strcmp(security_level, "TSI_INTEGRITY_ONLY") == 0) {
return GRPC_INTEGRITY_ONLY;
} else if (strcmp(security_level, "TSI_PRIVACY_AND_INTEGRITY") == 0) {
return GRPC_PRIVACY_AND_INTEGRITY;
}
return GRPC_SECURITY_NONE;
}
bool grpc_check_security_level(grpc_security_level channel_level,
grpc_security_level call_cred_level) {
return static_cast<int>(channel_level) >= static_cast<int>(call_cred_level);
}
static void send_security_metadata(grpc_call_element* elem,
grpc_transport_stream_op_batch* batch) {
call_data* calld = static_cast<call_data*>(elem->call_data);
@ -303,7 +289,7 @@ static void send_security_metadata(grpc_call_element* elem,
grpc_security_level call_cred_security_level =
calld->creds->min_security_level();
int is_security_level_ok = grpc_check_security_level(
convert_security_level_string_to_enum(prop->value),
grpc_tsi_security_level_string_to_enum(prop->value),
call_cred_security_level);
if (!is_security_level_ok) {
grpc_transport_stream_op_batch_finish_with_failure(

3
test/core/security/insecure_security_connector_test.cc
Unescape View File

@ -47,7 +47,8 @@ TEST(InsecureSecurityConnector, MakeAuthContextTest) {
auth_context.get(), GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME);
prop = grpc_auth_property_iterator_next(&it);
ASSERT_NE(prop, nullptr);
EXPECT_STREQ(prop->value, tsi_security_level_to_string(TSI_SECURITY_NONE));
EXPECT_EQ(grpc_tsi_security_level_string_to_enum(prop->value),
GRPC_SECURITY_NONE);
}
} // namespace

22
test/core/security/security_connector_test.cc
Unescape View File

@ -85,6 +85,27 @@ static int check_ssl_peer_equivalence(const tsi_peer* original,
return 1;
}
static void test_check_security_level() {
GPR_ASSERT(grpc_check_security_level(GRPC_PRIVACY_AND_INTEGRITY,
GRPC_PRIVACY_AND_INTEGRITY) == true);
GPR_ASSERT(grpc_check_security_level(GRPC_PRIVACY_AND_INTEGRITY,
GRPC_INTEGRITY_ONLY) == true);
GPR_ASSERT(grpc_check_security_level(GRPC_PRIVACY_AND_INTEGRITY,
GRPC_SECURITY_NONE) == true);
GPR_ASSERT(grpc_check_security_level(GRPC_INTEGRITY_ONLY,
GRPC_PRIVACY_AND_INTEGRITY) == false);
GPR_ASSERT(grpc_check_security_level(GRPC_INTEGRITY_ONLY,
GRPC_INTEGRITY_ONLY) == true);
GPR_ASSERT(grpc_check_security_level(GRPC_INTEGRITY_ONLY,
GRPC_SECURITY_NONE) == true);
GPR_ASSERT(grpc_check_security_level(GRPC_SECURITY_NONE,
GRPC_PRIVACY_AND_INTEGRITY) == false);
GPR_ASSERT(grpc_check_security_level(GRPC_SECURITY_NONE,
GRPC_INTEGRITY_ONLY) == false);
GPR_ASSERT(grpc_check_security_level(GRPC_SECURITY_NONE,
GRPC_SECURITY_NONE) == true);
}
static void test_unauthenticated_ssl_peer(void) {
tsi_peer peer;
tsi_peer rpeer;
@ -757,6 +778,7 @@ int main(int argc, char** argv) {
test_ipv6_address_san();
test_default_ssl_roots();
test_peer_alpn_check();
test_check_security_level();
grpc_shutdown();
return 0;
}

1
test/core/security/ssl_credentials_test.cc
Unescape View File

@ -25,7 +25,6 @@
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include "src/core/lib/security/security_connector/ssl_utils.h"
#include "src/core/tsi/ssl_transport_security.h"
#include "test/core/util/test_config.h"

1
test/core/tsi/alts/crypt/BUILD
Unescape View File

@ -27,6 +27,7 @@ grpc_cc_test(
language = "C++",
deps = [
":alts_crypt_test_util",
"//:alts_frame_protector",
"//:gpr",
"//:grpc",
"//test/core/util:grpc_test_util",

6
test/core/tsi/alts/frame_protector/BUILD
Unescape View File

@ -23,6 +23,7 @@ grpc_cc_test(
srcs = ["alts_counter_test.cc"],
language = "C++",
deps = [
"//:alts_frame_protector",
"//:gpr",
"//:grpc",
"//test/core/tsi/alts/crypt:alts_crypt_test_util",
@ -35,6 +36,7 @@ grpc_cc_test(
srcs = ["alts_crypter_test.cc"],
language = "C++",
deps = [
"//:alts_frame_protector",
"//:gpr",
"//:grpc",
"//test/core/tsi/alts/crypt:alts_crypt_test_util",
@ -47,8 +49,11 @@ grpc_cc_test(
srcs = ["alts_frame_protector_test.cc"],
language = "C++",
deps = [
"//:alts_frame_protector",
"//:gpr",
"//:grpc",
"//:tsi",
"//:tsi_interface",
"//test/core/tsi:transport_security_test_lib",
"//test/core/tsi/alts/crypt:alts_crypt_test_util",
"//test/core/util:grpc_test_util",
@ -60,6 +65,7 @@ grpc_cc_test(
srcs = ["frame_handler_test.cc"],
language = "C++",
deps = [
"//:alts_frame_protector",
"//:gpr",
"//:gpr_base",
"//:grpc",

7
test/core/tsi/alts/handshaker/BUILD
Unescape View File

@ -23,6 +23,7 @@ grpc_cc_library(
srcs = ["alts_handshaker_service_api_test_lib.cc"],
hdrs = ["alts_handshaker_service_api_test_lib.h"],
deps = [
"//:alts_util",
"//:grpc",
],
)
@ -34,6 +35,8 @@ grpc_cc_test(
deps = [
":alts_handshaker_service_api_test_lib",
"//:grpc",
"//:tsi",
"//:tsi_interface",
"//test/core/util:grpc_test_util",
],
)
@ -47,6 +50,7 @@ grpc_cc_test(
"//:gpr",
"//:gpr_base",
"//:grpc",
"//:tsi",
"//test/core/util:grpc_test_util",
],
)
@ -58,6 +62,7 @@ grpc_cc_test(
deps = [
":alts_handshaker_service_api_test_lib",
"//:grpc",
"//:tsi",
"//test/core/util:grpc_test_util",
],
)
@ -67,6 +72,7 @@ grpc_cc_test(
srcs = ["transport_security_common_api_test.cc"],
language = "C++",
deps = [
"//:alts_util",
"//:grpc",
"//test/core/util:grpc_test_util",
],
@ -86,6 +92,7 @@ grpc_cc_test(
"no_windows",
],
deps = [
"//:alts_util",
"//:grpc",
"//test/core/end2end:cq_verifier",
"//test/core/tsi/alts/fake_handshaker:fake_handshaker_lib",

3
test/core/tsi/alts/zero_copy_frame_protector/BUILD
Unescape View File

@ -23,6 +23,7 @@ grpc_cc_test(
srcs = ["alts_grpc_record_protocol_test.cc"],
language = "C++",
deps = [
"//:alts_frame_protector",
"//:gpr",
"//:grpc",
"//:grpc_base",
@ -36,6 +37,7 @@ grpc_cc_test(
srcs = ["alts_iovec_record_protocol_test.cc"],
language = "C++",
deps = [
"//:alts_frame_protector",
"//:gpr",
"//:grpc",
"//test/core/tsi/alts/crypt:alts_crypt_test_util",
@ -48,6 +50,7 @@ grpc_cc_test(
srcs = ["alts_zero_copy_grpc_protector_test.cc"],
language = "C++",
deps = [
"//:alts_frame_protector",
"//:gpr",
"//:grpc",
"//:grpc_base",

Write Preview
Loading…
Cancel
Save