mirror of https://github.com/grpc/grpc.git
[security] Reland: Refactor credentials types to remove special handling for insecure creds (#36242)
See #36176. The only difference is a temporary shim for Secure credentials types, which was already discussed and approved separately.
Closes #36242
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36242 from drfloob:reland/36176 f07bebe289
PiperOrigin-RevId: 621879911
pull/36249/head
parent
9dea752699
commit
f238e5399c
37 changed files with 558 additions and 585 deletions
@ -0,0 +1,39 @@ |
||||
// Copyright 2024 The gRPC Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include "absl/strings/str_cat.h" |
||||
|
||||
#include <grpcpp/security/credentials.h> |
||||
|
||||
#include "src/core/lib/security/credentials/credentials.h" |
||||
|
||||
namespace grpc { |
||||
|
||||
CallCredentials::CallCredentials(grpc_call_credentials* c_creds) |
||||
: c_creds_(c_creds) { |
||||
GPR_ASSERT(c_creds != nullptr); |
||||
} |
||||
|
||||
CallCredentials::~CallCredentials() { grpc_call_credentials_release(c_creds_); } |
||||
|
||||
grpc::string CallCredentials::DebugString() { |
||||
return absl::StrCat("CallCredentials{", c_creds_->debug_string(), "}"); |
||||
} |
||||
|
||||
bool CallCredentials::ApplyToCall(grpc_call* call) { |
||||
return grpc_call_set_credentials(call, c_creds_) == GRPC_CALL_OK; |
||||
} |
||||
|
||||
} // namespace grpc
|
@ -0,0 +1,47 @@ |
||||
// Copyright 2024 The gRPC Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include <memory> |
||||
#include <string> |
||||
#include <vector> |
||||
|
||||
#include <grpc/grpc.h> |
||||
#include <grpc/grpc_security.h> |
||||
#include <grpcpp/security/credentials.h> |
||||
#include <grpcpp/support/channel_arguments.h> |
||||
|
||||
namespace grpc { |
||||
|
||||
ChannelCredentials::ChannelCredentials(grpc_channel_credentials* c_creds) |
||||
: c_creds_(c_creds) {} |
||||
|
||||
ChannelCredentials::~ChannelCredentials() { |
||||
grpc_channel_credentials_release(c_creds_); |
||||
} |
||||
|
||||
std::shared_ptr<Channel> ChannelCredentials::CreateChannelWithInterceptors( |
||||
const std::string& target, const ChannelArguments& args, |
||||
std::vector< |
||||
std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>> |
||||
interceptor_creators) { |
||||
grpc_channel_args channel_args; |
||||
args.SetChannelArgs(&channel_args); |
||||
return grpc::CreateChannelInternal( |
||||
args.GetSslTargetNameOverride(), |
||||
grpc_channel_create(target.c_str(), c_creds_, &channel_args), |
||||
std::move(interceptor_creators)); |
||||
} |
||||
|
||||
} // namespace grpc
|
@ -1,41 +0,0 @@ |
||||
//
|
||||
//
|
||||
// Copyright 2015 gRPC authors.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
//
|
||||
//
|
||||
|
||||
#include <string> |
||||
#include <vector> |
||||
|
||||
#include <grpc/grpc.h> |
||||
#include <grpc/impl/channel_arg_names.h> |
||||
#include <grpcpp/support/channel_arguments.h> |
||||
|
||||
namespace grpc { |
||||
|
||||
void ChannelArguments::SetSslTargetNameOverride(const std::string& name) { |
||||
SetString(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, name); |
||||
} |
||||
|
||||
std::string ChannelArguments::GetSslTargetNameOverride() const { |
||||
for (unsigned int i = 0; i < args_.size(); i++) { |
||||
if (std::string(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == args_[i].key) { |
||||
return args_[i].value.string; |
||||
} |
||||
} |
||||
return ""; |
||||
} |
||||
|
||||
} // namespace grpc
|
@ -0,0 +1,39 @@ |
||||
// Copyright 2024 The gRPC Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include <grpcpp/security/server_credentials.h> |
||||
|
||||
#include "src/core/lib/gprpp/crash.h" |
||||
|
||||
namespace grpc { |
||||
|
||||
ServerCredentials::ServerCredentials(grpc_server_credentials* creds) |
||||
: c_creds_(creds) {} |
||||
|
||||
ServerCredentials::~ServerCredentials() { |
||||
grpc_server_credentials_release(c_creds_); |
||||
} |
||||
|
||||
void ServerCredentials::SetAuthMetadataProcessor( |
||||
const std::shared_ptr<grpc::AuthMetadataProcessor>& /* processor */) { |
||||
grpc_core::Crash("Not Supported"); |
||||
} |
||||
|
||||
int ServerCredentials::AddPortToServer(const std::string& addr, |
||||
grpc_server* server) { |
||||
return grpc_server_add_http2_port(server, addr.c_str(), c_creds_); |
||||
} |
||||
|
||||
} // namespace grpc
|
@ -0,0 +1,41 @@ |
||||
// Copyright 2024 The gRPC Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
#ifndef GRPC_TEST_CPP_UTIL_CREDENTIALS_H |
||||
#define GRPC_TEST_CPP_UTIL_CREDENTIALS_H |
||||
|
||||
#include <grpcpp/security/credentials.h> |
||||
|
||||
#include "src/core/lib/security/credentials/fake/fake_credentials.h" |
||||
|
||||
namespace grpc { |
||||
namespace testing { |
||||
|
||||
class FakeTransportSecurityChannelCredentials : public ChannelCredentials { |
||||
public: |
||||
FakeTransportSecurityChannelCredentials() |
||||
: ChannelCredentials(grpc_fake_transport_security_credentials_create()) {} |
||||
}; |
||||
|
||||
class TestCompositeChannelCredentials : public ChannelCredentials { |
||||
public: |
||||
TestCompositeChannelCredentials(grpc_channel_credentials* channel_creds, |
||||
grpc_call_credentials* call_creds) |
||||
: ChannelCredentials(grpc_composite_channel_credentials_create( |
||||
channel_creds, call_creds, nullptr)) {} |
||||
}; |
||||
|
||||
} // namespace testing
|
||||
} // namespace grpc
|
||||
|
||||
#endif // GRPC_TEST_CPP_UTIL_CREDENTIALS_H
|
Loading…
Reference in new issue