diff options
author | 2017-04-17 09:49:56 -0700 | |
---|---|---|
committer | 2017-04-17 09:49:56 -0700 | |
commit | d9bc60c87e68e3a828cdad3774b22caf3acbb2b9 (patch) | |
tree | be1bac0f32776349be8e0d9d58d3091291a0860a /src/core/lib/security/credentials | |
parent | e3ec4b2c287b480d61ddaa2b461cf6d468519313 (diff) | |
parent | c5fc2b7112e29c1cc57b335b3611877a297417b2 (diff) |
Merge remote-tracking branch 'upstream/master' into service_config_lb_semantics
Diffstat (limited to 'src/core/lib/security/credentials')
8 files changed, 49 insertions, 24 deletions
diff --git a/src/core/lib/security/credentials/credentials.c b/src/core/lib/security/credentials/credentials.c index 52b80141d1..d89da47fc1 100644 --- a/src/core/lib/security/credentials/credentials.c +++ b/src/core/lib/security/credentials/credentials.c @@ -37,7 +37,6 @@ #include <string.h> #include "src/core/lib/channel/channel_args.h" -#include "src/core/lib/channel/http_client_filter.h" #include "src/core/lib/http/httpcli.h" #include "src/core/lib/http/parser.h" #include "src/core/lib/iomgr/executor.h" diff --git a/src/core/lib/security/credentials/credentials.h b/src/core/lib/security/credentials/credentials.h index 510b79552a..89b8e3c0b3 100644 --- a/src/core/lib/security/credentials/credentials.h +++ b/src/core/lib/security/credentials/credentials.h @@ -71,7 +71,7 @@ typedef enum { #define GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS 60 -#define GRPC_COMPUTE_ENGINE_METADATA_HOST "metadata" +#define GRPC_COMPUTE_ENGINE_METADATA_HOST "metadata.google.internal" #define GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH \ "/computeMetadata/v1/instance/service-accounts/default/token" diff --git a/src/core/lib/security/credentials/fake/fake_credentials.c b/src/core/lib/security/credentials/fake/fake_credentials.c index 68636ba208..3fdb67fb91 100644 --- a/src/core/lib/security/credentials/fake/fake_credentials.c +++ b/src/core/lib/security/credentials/fake/fake_credentials.c @@ -39,11 +39,15 @@ #include <grpc/support/log.h> #include <grpc/support/string_util.h> +#include "src/core/lib/channel/channel_args.h" #include "src/core/lib/iomgr/executor.h" #include "src/core/lib/support/string.h" /* -- Fake transport security credentials. -- */ +#define GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS \ + "grpc.fake_security.expected_targets" + static grpc_security_status fake_transport_security_create_security_connector( grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c, grpc_call_credentials *call_creds, const char *target, @@ -88,6 +92,25 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( return c; } +grpc_arg grpc_fake_transport_expected_targets_arg(char *expected_targets) { + grpc_arg arg; + arg.type = GRPC_ARG_STRING; + arg.key = GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS; + arg.value.string = expected_targets; + return arg; +} + +const char *grpc_fake_transport_get_expected_targets( + const grpc_channel_args *args) { + const grpc_arg *expected_target_arg = + grpc_channel_args_find(args, GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS); + if (expected_target_arg != NULL && + expected_target_arg->type == GRPC_ARG_STRING) { + return expected_target_arg->value.string; + } + return NULL; +} + /* -- Metadata-only test credentials. -- */ static void md_only_test_destruct(grpc_exec_ctx *exec_ctx, diff --git a/src/core/lib/security/credentials/fake/fake_credentials.h b/src/core/lib/security/credentials/fake/fake_credentials.h index 0fe98417c6..a28b545a67 100644 --- a/src/core/lib/security/credentials/fake/fake_credentials.h +++ b/src/core/lib/security/credentials/fake/fake_credentials.h @@ -38,10 +38,17 @@ /* -- Fake transport security credentials. -- */ +/* Creates a fake transport security credentials object for testing. */ +grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void); + +/* Creates a fake server transport security credentials object for testing. */ +grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( + void); + /* Used to verify the target names given to the fake transport security * connector. * - * Its syntax by example: + * The syntax of \a expected_targets by example: * For LB channels: * "backend_target_1,backend_target_2,...;lb_target_1,lb_target_2,..." * For regular channels: @@ -50,15 +57,11 @@ * That is to say, LB channels have a heading list of LB targets separated from * the list of backend targets by a semicolon. For non-LB channels, only the * latter is present. */ -#define GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS \ - "grpc.test_only.fake_security.expected_target" +grpc_arg grpc_fake_transport_expected_targets_arg(char *expected_targets); -/* Creates a fake transport security credentials object for testing. */ -grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void); - -/* Creates a fake server transport security credentials object for testing. */ -grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( - void); +/* Return the value associated with the expected targets channel arg or NULL */ +const char *grpc_fake_transport_get_expected_targets( + const grpc_channel_args *args); /* -- Metadata-only Test credentials. -- */ diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.c b/src/core/lib/security/credentials/google_default/google_default_credentials.c index dd44621347..97501e6788 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.c +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.c @@ -180,7 +180,7 @@ static grpc_error *create_default_creds_from_path( grpc_slice creds_data = grpc_empty_slice(); grpc_error *error = GRPC_ERROR_NONE; if (creds_path == NULL) { - error = GRPC_ERROR_CREATE("creds_path unset"); + error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("creds_path unset"); goto end; } error = grpc_load_file(creds_path, 0, &creds_data); @@ -190,10 +190,9 @@ static grpc_error *create_default_creds_from_path( json = grpc_json_parse_string_with_len( (char *)GRPC_SLICE_START_PTR(creds_data), GRPC_SLICE_LENGTH(creds_data)); if (json == NULL) { - char *dump = grpc_dump_slice(creds_data, GPR_DUMP_HEX | GPR_DUMP_ASCII); - error = grpc_error_set_str(GRPC_ERROR_CREATE("Failed to parse JSON"), - GRPC_ERROR_STR_RAW_BYTES, dump); - gpr_free(dump); + error = grpc_error_set_str( + GRPC_ERROR_CREATE_FROM_STATIC_STRING("Failed to parse JSON"), + GRPC_ERROR_STR_RAW_BYTES, grpc_slice_ref_internal(creds_data)); goto end; } @@ -204,7 +203,7 @@ static grpc_error *create_default_creds_from_path( grpc_service_account_jwt_access_credentials_create_from_auth_json_key( exec_ctx, key, grpc_max_auth_token_lifetime()); if (result == NULL) { - error = GRPC_ERROR_CREATE( + error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( "grpc_service_account_jwt_access_credentials_create_from_auth_json_" "key failed"); } @@ -217,7 +216,7 @@ static grpc_error *create_default_creds_from_path( result = grpc_refresh_token_credentials_create_from_auth_refresh_token(token); if (result == NULL) { - error = GRPC_ERROR_CREATE( + error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( "grpc_refresh_token_credentials_create_from_auth_refresh_token " "failed"); } @@ -236,7 +235,8 @@ end: grpc_channel_credentials *grpc_google_default_credentials_create(void) { grpc_channel_credentials *result = NULL; grpc_call_credentials *call_creds = NULL; - grpc_error *error = GRPC_ERROR_CREATE("Failed to create Google credentials"); + grpc_error *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "Failed to create Google credentials"); grpc_error *err; grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; @@ -274,7 +274,8 @@ grpc_channel_credentials *grpc_google_default_credentials_create(void) { call_creds = grpc_google_compute_engine_credentials_create(NULL); if (call_creds == NULL) { error = grpc_error_add_child( - error, GRPC_ERROR_CREATE("Failed to get credentials from network")); + error, GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "Failed to get credentials from network")); } } } diff --git a/src/core/lib/security/credentials/jwt/json_token.c b/src/core/lib/security/credentials/jwt/json_token.c index 192a5f47ed..aa905725fc 100644 --- a/src/core/lib/security/credentials/jwt/json_token.c +++ b/src/core/lib/security/credentials/jwt/json_token.c @@ -40,8 +40,8 @@ #include <grpc/support/string_util.h> #include <grpc/support/time.h> -#include "src/core/lib/security/util/b64.h" #include "src/core/lib/security/util/json_util.h" +#include "src/core/lib/slice/b64.h" #include "src/core/lib/support/string.h" #include <openssl/bio.h> diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.c b/src/core/lib/security/credentials/jwt/jwt_verifier.c index 5c59cf0f4a..0e2a264371 100644 --- a/src/core/lib/security/credentials/jwt/jwt_verifier.c +++ b/src/core/lib/security/credentials/jwt/jwt_verifier.c @@ -45,10 +45,10 @@ #include "src/core/lib/http/httpcli.h" #include "src/core/lib/iomgr/polling_entity.h" -#include "src/core/lib/security/util/b64.h" +#include "src/core/lib/slice/b64.h" #include "src/core/lib/slice/slice_internal.h" #include "src/core/lib/support/string.h" -#include "src/core/lib/tsi/ssl_types.h" +#include "src/core/tsi/ssl_types.h" /* --- Utils. --- */ diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.c b/src/core/lib/security/credentials/ssl/ssl_credentials.c index 4b17ac8098..b63bb6b6e9 100644 --- a/src/core/lib/security/credentials/ssl/ssl_credentials.c +++ b/src/core/lib/security/credentials/ssl/ssl_credentials.c @@ -36,7 +36,6 @@ #include <string.h> #include "src/core/lib/channel/channel_args.h" -#include "src/core/lib/channel/http_client_filter.h" #include "src/core/lib/surface/api_trace.h" #include <grpc/support/alloc.h> |