diff options
Diffstat (limited to 'src/core/lib/security/credentials')
23 files changed, 886 insertions, 716 deletions
diff --git a/src/core/lib/security/credentials/composite/composite_credentials.cc b/src/core/lib/security/credentials/composite/composite_credentials.cc index d05a7a1f9c..0e919e09e2 100644 --- a/src/core/lib/security/credentials/composite/composite_credentials.cc +++ b/src/core/lib/security/credentials/composite/composite_credentials.cc @@ -30,30 +30,30 @@ /* -- Composite call credentials. -- */ typedef struct { - grpc_composite_call_credentials *composite_creds; + grpc_composite_call_credentials* composite_creds; size_t creds_index; - grpc_polling_entity *pollent; + grpc_polling_entity* pollent; grpc_auth_metadata_context auth_md_context; - grpc_credentials_mdelem_array *md_array; - grpc_closure *on_request_metadata; + grpc_credentials_mdelem_array* md_array; + grpc_closure* on_request_metadata; grpc_closure internal_on_request_metadata; } grpc_composite_call_credentials_metadata_context; -static void composite_call_destruct(grpc_call_credentials *creds) { - grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; +static void composite_call_destruct(grpc_call_credentials* creds) { + grpc_composite_call_credentials* c = (grpc_composite_call_credentials*)creds; for (size_t i = 0; i < c->inner.num_creds; i++) { grpc_call_credentials_unref(c->inner.creds_array[i]); } gpr_free(c->inner.creds_array); } -static void composite_call_metadata_cb(void *arg, grpc_error *error) { - grpc_composite_call_credentials_metadata_context *ctx = - (grpc_composite_call_credentials_metadata_context *)arg; +static void composite_call_metadata_cb(void* arg, grpc_error* error) { + grpc_composite_call_credentials_metadata_context* ctx = + (grpc_composite_call_credentials_metadata_context*)arg; if (error == GRPC_ERROR_NONE) { /* See if we need to get some more metadata. */ if (ctx->creds_index < ctx->composite_creds->inner.num_creds) { - grpc_call_credentials *inner_creds = + grpc_call_credentials* inner_creds = ctx->composite_creds->inner.creds_array[ctx->creds_index++]; if (grpc_call_credentials_get_request_metadata( inner_creds, ctx->pollent, ctx->auth_md_context, ctx->md_array, @@ -71,13 +71,13 @@ static void composite_call_metadata_cb(void *arg, grpc_error *error) { } static bool composite_call_get_request_metadata( - grpc_call_credentials *creds, grpc_polling_entity *pollent, + grpc_call_credentials* creds, grpc_polling_entity* pollent, grpc_auth_metadata_context auth_md_context, - grpc_credentials_mdelem_array *md_array, grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; - grpc_composite_call_credentials_metadata_context *ctx; - ctx = (grpc_composite_call_credentials_metadata_context *)gpr_zalloc( + grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_composite_call_credentials* c = (grpc_composite_call_credentials*)creds; + grpc_composite_call_credentials_metadata_context* ctx; + ctx = (grpc_composite_call_credentials_metadata_context*)gpr_zalloc( sizeof(grpc_composite_call_credentials_metadata_context)); ctx->composite_creds = c; ctx->pollent = pollent; @@ -88,7 +88,7 @@ static bool composite_call_get_request_metadata( composite_call_metadata_cb, ctx, grpc_schedule_on_exec_ctx); bool synchronous = true; while (ctx->creds_index < ctx->composite_creds->inner.num_creds) { - grpc_call_credentials *inner_creds = + grpc_call_credentials* inner_creds = ctx->composite_creds->inner.creds_array[ctx->creds_index++]; if (grpc_call_credentials_get_request_metadata( inner_creds, ctx->pollent, ctx->auth_md_context, ctx->md_array, @@ -104,9 +104,9 @@ static bool composite_call_get_request_metadata( } static void composite_call_cancel_get_request_metadata( - grpc_call_credentials *creds, grpc_credentials_mdelem_array *md_array, - grpc_error *error) { - grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; + grpc_call_credentials* creds, grpc_credentials_mdelem_array* md_array, + grpc_error* error) { + grpc_composite_call_credentials* c = (grpc_composite_call_credentials*)creds; for (size_t i = 0; i < c->inner.num_creds; ++i) { grpc_call_credentials_cancel_get_request_metadata( c->inner.creds_array[i], md_array, GRPC_ERROR_REF(error)); @@ -119,9 +119,9 @@ static grpc_call_credentials_vtable composite_call_credentials_vtable = { composite_call_cancel_get_request_metadata}; static grpc_call_credentials_array get_creds_array( - grpc_call_credentials **creds_addr) { + grpc_call_credentials** creds_addr) { grpc_call_credentials_array result; - grpc_call_credentials *creds = *creds_addr; + grpc_call_credentials* creds = *creds_addr; result.creds_array = creds_addr; result.num_creds = 1; if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { @@ -130,14 +130,14 @@ static grpc_call_credentials_array get_creds_array( return result; } -grpc_call_credentials *grpc_composite_call_credentials_create( - grpc_call_credentials *creds1, grpc_call_credentials *creds2, - void *reserved) { +grpc_call_credentials* grpc_composite_call_credentials_create( + grpc_call_credentials* creds1, grpc_call_credentials* creds2, + void* reserved) { size_t i; size_t creds_array_byte_size; grpc_call_credentials_array creds1_array; grpc_call_credentials_array creds2_array; - grpc_composite_call_credentials *c; + grpc_composite_call_credentials* c; GRPC_API_TRACE( "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, " "reserved=%p)", @@ -145,7 +145,7 @@ grpc_call_credentials *grpc_composite_call_credentials_create( GPR_ASSERT(reserved == NULL); GPR_ASSERT(creds1 != NULL); GPR_ASSERT(creds2 != NULL); - c = (grpc_composite_call_credentials *)gpr_zalloc( + c = (grpc_composite_call_credentials*)gpr_zalloc( sizeof(grpc_composite_call_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE; c->base.vtable = &composite_call_credentials_vtable; @@ -153,38 +153,38 @@ grpc_call_credentials *grpc_composite_call_credentials_create( creds1_array = get_creds_array(&creds1); creds2_array = get_creds_array(&creds2); c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds; - creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *); + creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials*); c->inner.creds_array = - (grpc_call_credentials **)gpr_zalloc(creds_array_byte_size); + (grpc_call_credentials**)gpr_zalloc(creds_array_byte_size); for (i = 0; i < creds1_array.num_creds; i++) { - grpc_call_credentials *cur_creds = creds1_array.creds_array[i]; + grpc_call_credentials* cur_creds = creds1_array.creds_array[i]; c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds); } for (i = 0; i < creds2_array.num_creds; i++) { - grpc_call_credentials *cur_creds = creds2_array.creds_array[i]; + grpc_call_credentials* cur_creds = creds2_array.creds_array[i]; c->inner.creds_array[i + creds1_array.num_creds] = grpc_call_credentials_ref(cur_creds); } return &c->base; } -const grpc_call_credentials_array * -grpc_composite_call_credentials_get_credentials(grpc_call_credentials *creds) { - const grpc_composite_call_credentials *c = - (const grpc_composite_call_credentials *)creds; +const grpc_call_credentials_array* +grpc_composite_call_credentials_get_credentials(grpc_call_credentials* creds) { + const grpc_composite_call_credentials* c = + (const grpc_composite_call_credentials*)creds; GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0); return &c->inner; } -grpc_call_credentials *grpc_credentials_contains_type( - grpc_call_credentials *creds, const char *type, - grpc_call_credentials **composite_creds) { +grpc_call_credentials* grpc_credentials_contains_type( + grpc_call_credentials* creds, const char* type, + grpc_call_credentials** composite_creds) { size_t i; if (strcmp(creds->type, type) == 0) { if (composite_creds != NULL) *composite_creds = NULL; return creds; } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { - const grpc_call_credentials_array *inner_creds_array = + const grpc_call_credentials_array* inner_creds_array = grpc_composite_call_credentials_get_credentials(creds); for (i = 0; i < inner_creds_array->num_creds; i++) { if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) { @@ -198,19 +198,19 @@ grpc_call_credentials *grpc_credentials_contains_type( /* -- Composite channel credentials. -- */ -static void composite_channel_destruct(grpc_channel_credentials *creds) { - grpc_composite_channel_credentials *c = - (grpc_composite_channel_credentials *)creds; +static void composite_channel_destruct(grpc_channel_credentials* creds) { + grpc_composite_channel_credentials* c = + (grpc_composite_channel_credentials*)creds; grpc_channel_credentials_unref(c->inner_creds); grpc_call_credentials_unref(c->call_creds); } static grpc_security_status composite_channel_create_security_connector( - grpc_channel_credentials *creds, grpc_call_credentials *call_creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args) { - grpc_composite_channel_credentials *c = - (grpc_composite_channel_credentials *)creds; + grpc_channel_credentials* creds, grpc_call_credentials* call_creds, + const char* target, const grpc_channel_args* args, + grpc_channel_security_connector** sc, grpc_channel_args** new_args) { + grpc_composite_channel_credentials* c = + (grpc_composite_channel_credentials*)creds; grpc_security_status status = GRPC_SECURITY_ERROR; GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL && @@ -219,7 +219,7 @@ static grpc_security_status composite_channel_create_security_connector( /* If we are passed a call_creds, create a call composite to pass it downstream. */ if (call_creds != NULL) { - grpc_call_credentials *composite_call_creds = + grpc_call_credentials* composite_call_creds = grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL); status = c->inner_creds->vtable->create_security_connector( c->inner_creds, composite_call_creds, target, args, sc, new_args); @@ -231,11 +231,11 @@ static grpc_security_status composite_channel_create_security_connector( return status; } -static grpc_channel_credentials * +static grpc_channel_credentials* composite_channel_duplicate_without_call_credentials( - grpc_channel_credentials *creds) { - grpc_composite_channel_credentials *c = - (grpc_composite_channel_credentials *)creds; + grpc_channel_credentials* creds) { + grpc_composite_channel_credentials* c = + (grpc_composite_channel_credentials*)creds; return grpc_channel_credentials_ref(c->inner_creds); } @@ -243,11 +243,11 @@ static grpc_channel_credentials_vtable composite_channel_credentials_vtable = { composite_channel_destruct, composite_channel_create_security_connector, composite_channel_duplicate_without_call_credentials}; -grpc_channel_credentials *grpc_composite_channel_credentials_create( - grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, - void *reserved) { - grpc_composite_channel_credentials *c = - (grpc_composite_channel_credentials *)gpr_zalloc(sizeof(*c)); +grpc_channel_credentials* grpc_composite_channel_credentials_create( + grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds, + void* reserved) { + grpc_composite_channel_credentials* c = + (grpc_composite_channel_credentials*)gpr_zalloc(sizeof(*c)); GPR_ASSERT(channel_creds != NULL && call_creds != NULL && reserved == NULL); GRPC_API_TRACE( "grpc_composite_channel_credentials_create(channel_creds=%p, " diff --git a/src/core/lib/security/credentials/composite/composite_credentials.h b/src/core/lib/security/credentials/composite/composite_credentials.h index 6e9f9a8f6f..efb5f4f0c4 100644 --- a/src/core/lib/security/credentials/composite/composite_credentials.h +++ b/src/core/lib/security/credentials/composite/composite_credentials.h @@ -26,28 +26,28 @@ extern "C" { #endif typedef struct { - grpc_call_credentials **creds_array; + grpc_call_credentials** creds_array; size_t num_creds; } grpc_call_credentials_array; -const grpc_call_credentials_array * +const grpc_call_credentials_array* grpc_composite_call_credentials_get_credentials( - grpc_call_credentials *composite_creds); + grpc_call_credentials* composite_creds); /* Returns creds if creds is of the specified type or the inner creds of the specified type (if found), if the creds is of type COMPOSITE. If composite_creds is not NULL, *composite_creds will point to creds if of type COMPOSITE in case of success. */ -grpc_call_credentials *grpc_credentials_contains_type( - grpc_call_credentials *creds, const char *type, - grpc_call_credentials **composite_creds); +grpc_call_credentials* grpc_credentials_contains_type( + grpc_call_credentials* creds, const char* type, + grpc_call_credentials** composite_creds); /* -- Composite channel credentials. -- */ typedef struct { grpc_channel_credentials base; - grpc_channel_credentials *inner_creds; - grpc_call_credentials *call_creds; + grpc_channel_credentials* inner_creds; + grpc_call_credentials* call_creds; } grpc_composite_channel_credentials; /* -- Composite call credentials. -- */ @@ -62,4 +62,4 @@ typedef struct { #endif #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_COMPOSITE_COMPOSITE_CREDENTIALS_H \ - */ + */ diff --git a/src/core/lib/security/credentials/credentials.cc b/src/core/lib/security/credentials/credentials.cc index b12e3dac29..20c4ae70fb 100644 --- a/src/core/lib/security/credentials/credentials.cc +++ b/src/core/lib/security/credentials/credentials.cc @@ -37,30 +37,30 @@ /* -- Common. -- */ -grpc_credentials_metadata_request *grpc_credentials_metadata_request_create( - grpc_call_credentials *creds) { - grpc_credentials_metadata_request *r = - (grpc_credentials_metadata_request *)gpr_zalloc( +grpc_credentials_metadata_request* grpc_credentials_metadata_request_create( + grpc_call_credentials* creds) { + grpc_credentials_metadata_request* r = + (grpc_credentials_metadata_request*)gpr_zalloc( sizeof(grpc_credentials_metadata_request)); r->creds = grpc_call_credentials_ref(creds); return r; } void grpc_credentials_metadata_request_destroy( - grpc_credentials_metadata_request *r) { + grpc_credentials_metadata_request* r) { grpc_call_credentials_unref(r->creds); grpc_http_response_destroy(&r->response); gpr_free(r); } -grpc_channel_credentials *grpc_channel_credentials_ref( - grpc_channel_credentials *creds) { +grpc_channel_credentials* grpc_channel_credentials_ref( + grpc_channel_credentials* creds) { if (creds == NULL) return NULL; gpr_ref(&creds->refcount); return creds; } -void grpc_channel_credentials_unref(grpc_channel_credentials *creds) { +void grpc_channel_credentials_unref(grpc_channel_credentials* creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { if (creds->vtable->destruct != NULL) { @@ -70,20 +70,20 @@ void grpc_channel_credentials_unref(grpc_channel_credentials *creds) { } } -void grpc_channel_credentials_release(grpc_channel_credentials *creds) { +void grpc_channel_credentials_release(grpc_channel_credentials* creds) { GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds)); ExecCtx _local_exec_ctx; grpc_channel_credentials_unref(creds); grpc_exec_ctx_finish(); } -grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) { +grpc_call_credentials* grpc_call_credentials_ref(grpc_call_credentials* creds) { if (creds == NULL) return NULL; gpr_ref(&creds->refcount); return creds; } -void grpc_call_credentials_unref(grpc_call_credentials *creds) { +void grpc_call_credentials_unref(grpc_call_credentials* creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { if (creds->vtable->destruct != NULL) { @@ -93,7 +93,7 @@ void grpc_call_credentials_unref(grpc_call_credentials *creds) { } } -void grpc_call_credentials_release(grpc_call_credentials *creds) { +void grpc_call_credentials_release(grpc_call_credentials* creds) { GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds)); ExecCtx _local_exec_ctx; grpc_call_credentials_unref(creds); @@ -101,9 +101,9 @@ void grpc_call_credentials_release(grpc_call_credentials *creds) { } bool grpc_call_credentials_get_request_metadata( - grpc_call_credentials *creds, grpc_polling_entity *pollent, - grpc_auth_metadata_context context, grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, grpc_error **error) { + grpc_call_credentials* creds, grpc_polling_entity* pollent, + grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, grpc_error** error) { if (creds == NULL || creds->vtable->get_request_metadata == NULL) { return true; } @@ -112,8 +112,8 @@ bool grpc_call_credentials_get_request_metadata( } void grpc_call_credentials_cancel_get_request_metadata( - grpc_call_credentials *creds, grpc_credentials_mdelem_array *md_array, - grpc_error *error) { + grpc_call_credentials* creds, grpc_credentials_mdelem_array* md_array, + grpc_error* error) { if (creds == NULL || creds->vtable->cancel_get_request_metadata == NULL) { return; } @@ -121,9 +121,9 @@ void grpc_call_credentials_cancel_get_request_metadata( } grpc_security_status grpc_channel_credentials_create_security_connector( - grpc_channel_credentials *channel_creds, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args) { + grpc_channel_credentials* channel_creds, const char* target, + const grpc_channel_args* args, grpc_channel_security_connector** sc, + grpc_channel_args** new_args) { *new_args = NULL; if (channel_creds == NULL) { return GRPC_SECURITY_ERROR; @@ -133,9 +133,9 @@ grpc_security_status grpc_channel_credentials_create_security_connector( channel_creds, NULL, target, args, sc, new_args); } -grpc_channel_credentials * +grpc_channel_credentials* grpc_channel_credentials_duplicate_without_call_credentials( - grpc_channel_credentials *channel_creds) { + grpc_channel_credentials* channel_creds) { if (channel_creds != NULL && channel_creds->vtable != NULL && channel_creds->vtable->duplicate_without_call_credentials != NULL) { return channel_creds->vtable->duplicate_without_call_credentials( @@ -145,58 +145,58 @@ grpc_channel_credentials_duplicate_without_call_credentials( } } -static void credentials_pointer_arg_destroy(void *p) { - grpc_channel_credentials_unref((grpc_channel_credentials *)p); +static void credentials_pointer_arg_destroy(void* p) { + grpc_channel_credentials_unref((grpc_channel_credentials*)p); } -static void *credentials_pointer_arg_copy(void *p) { - return grpc_channel_credentials_ref((grpc_channel_credentials *)p); +static void* credentials_pointer_arg_copy(void* p) { + return grpc_channel_credentials_ref((grpc_channel_credentials*)p); } -static int credentials_pointer_cmp(void *a, void *b) { return GPR_ICMP(a, b); } +static int credentials_pointer_cmp(void* a, void* b) { return GPR_ICMP(a, b); } static const grpc_arg_pointer_vtable credentials_pointer_vtable = { credentials_pointer_arg_copy, credentials_pointer_arg_destroy, credentials_pointer_cmp}; grpc_arg grpc_channel_credentials_to_arg( - grpc_channel_credentials *credentials) { - return grpc_channel_arg_pointer_create((char *)GRPC_ARG_CHANNEL_CREDENTIALS, + grpc_channel_credentials* credentials) { + return grpc_channel_arg_pointer_create((char*)GRPC_ARG_CHANNEL_CREDENTIALS, credentials, &credentials_pointer_vtable); } -grpc_channel_credentials *grpc_channel_credentials_from_arg( - const grpc_arg *arg) { +grpc_channel_credentials* grpc_channel_credentials_from_arg( + const grpc_arg* arg) { if (strcmp(arg->key, GRPC_ARG_CHANNEL_CREDENTIALS)) return NULL; if (arg->type != GRPC_ARG_POINTER) { gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type, GRPC_ARG_CHANNEL_CREDENTIALS); return NULL; } - return (grpc_channel_credentials *)arg->value.pointer.p; + return (grpc_channel_credentials*)arg->value.pointer.p; } -grpc_channel_credentials *grpc_channel_credentials_find_in_args( - const grpc_channel_args *args) { +grpc_channel_credentials* grpc_channel_credentials_find_in_args( + const grpc_channel_args* args) { size_t i; if (args == NULL) return NULL; for (i = 0; i < args->num_args; i++) { - grpc_channel_credentials *credentials = + grpc_channel_credentials* credentials = grpc_channel_credentials_from_arg(&args->args[i]); if (credentials != NULL) return credentials; } return NULL; } -grpc_server_credentials *grpc_server_credentials_ref( - grpc_server_credentials *creds) { +grpc_server_credentials* grpc_server_credentials_ref( + grpc_server_credentials* creds) { if (creds == NULL) return NULL; gpr_ref(&creds->refcount); return creds; } -void grpc_server_credentials_unref(grpc_server_credentials *creds) { +void grpc_server_credentials_unref(grpc_server_credentials* creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { if (creds->vtable->destruct != NULL) { @@ -209,7 +209,7 @@ void grpc_server_credentials_unref(grpc_server_credentials *creds) { } } -void grpc_server_credentials_release(grpc_server_credentials *creds) { +void grpc_server_credentials_release(grpc_server_credentials* creds) { GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds)); ExecCtx _local_exec_ctx; grpc_server_credentials_unref(creds); @@ -217,7 +217,7 @@ void grpc_server_credentials_release(grpc_server_credentials *creds) { } grpc_security_status grpc_server_credentials_create_security_connector( - grpc_server_credentials *creds, grpc_server_security_connector **sc) { + grpc_server_credentials* creds, grpc_server_security_connector** sc) { if (creds == NULL || creds->vtable->create_security_connector == NULL) { gpr_log(GPR_ERROR, "Server credentials cannot create security context."); return GRPC_SECURITY_ERROR; @@ -226,12 +226,12 @@ grpc_security_status grpc_server_credentials_create_security_connector( } void grpc_server_credentials_set_auth_metadata_processor( - grpc_server_credentials *creds, grpc_auth_metadata_processor processor) { + grpc_server_credentials* creds, grpc_auth_metadata_processor processor) { GRPC_API_TRACE( "grpc_server_credentials_set_auth_metadata_processor(" "creds=%p, " "processor=grpc_auth_metadata_processor { process: %p, state: %p })", - 3, (creds, (void *)(intptr_t)processor.process, processor.state)); + 3, (creds, (void*)(intptr_t)processor.process, processor.state)); if (creds == NULL) return; if (creds->processor.destroy != NULL && creds->processor.state != NULL) { creds->processor.destroy(creds->processor.state); @@ -239,15 +239,15 @@ void grpc_server_credentials_set_auth_metadata_processor( creds->processor = processor; } -static void server_credentials_pointer_arg_destroy(void *p) { - grpc_server_credentials_unref((grpc_server_credentials *)p); +static void server_credentials_pointer_arg_destroy(void* p) { + grpc_server_credentials_unref((grpc_server_credentials*)p); } -static void *server_credentials_pointer_arg_copy(void *p) { - return grpc_server_credentials_ref((grpc_server_credentials *)p); +static void* server_credentials_pointer_arg_copy(void* p) { + return grpc_server_credentials_ref((grpc_server_credentials*)p); } -static int server_credentials_pointer_cmp(void *a, void *b) { +static int server_credentials_pointer_cmp(void* a, void* b) { return GPR_ICMP(a, b); } @@ -255,27 +255,27 @@ static const grpc_arg_pointer_vtable cred_ptr_vtable = { server_credentials_pointer_arg_copy, server_credentials_pointer_arg_destroy, server_credentials_pointer_cmp}; -grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials *p) { - return grpc_channel_arg_pointer_create((char *)GRPC_SERVER_CREDENTIALS_ARG, p, +grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials* p) { + return grpc_channel_arg_pointer_create((char*)GRPC_SERVER_CREDENTIALS_ARG, p, &cred_ptr_vtable); } -grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg) { +grpc_server_credentials* grpc_server_credentials_from_arg(const grpc_arg* arg) { if (strcmp(arg->key, GRPC_SERVER_CREDENTIALS_ARG) != 0) return NULL; if (arg->type != GRPC_ARG_POINTER) { gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type, GRPC_SERVER_CREDENTIALS_ARG); return NULL; } - return (grpc_server_credentials *)arg->value.pointer.p; + return (grpc_server_credentials*)arg->value.pointer.p; } -grpc_server_credentials *grpc_find_server_credentials_in_args( - const grpc_channel_args *args) { +grpc_server_credentials* grpc_find_server_credentials_in_args( + const grpc_channel_args* args) { size_t i; if (args == NULL) return NULL; for (i = 0; i < args->num_args; i++) { - grpc_server_credentials *p = + grpc_server_credentials* p = grpc_server_credentials_from_arg(&args->args[i]); if (p != NULL) return p; } diff --git a/src/core/lib/security/credentials/credentials.h b/src/core/lib/security/credentials/credentials.h index 8f4b764544..7d3368857e 100644 --- a/src/core/lib/security/credentials/credentials.h +++ b/src/core/lib/security/credentials/credentials.h @@ -77,13 +77,13 @@ typedef enum { /* --- Google utils --- */ /* It is the caller's responsibility to gpr_free the result if not NULL. */ -char *grpc_get_well_known_google_credentials_file_path(void); +char* grpc_get_well_known_google_credentials_file_path(void); /* Implementation function for the different platforms. */ -char *grpc_get_well_known_google_credentials_file_path_impl(void); +char* grpc_get_well_known_google_credentials_file_path_impl(void); /* Override for testing only. Not thread-safe */ -typedef char *(*grpc_well_known_credentials_path_getter)(void); +typedef char* (*grpc_well_known_credentials_path_getter)(void); void grpc_override_well_known_credentials_path_getter( grpc_well_known_credentials_path_getter getter); @@ -92,158 +92,158 @@ void grpc_override_well_known_credentials_path_getter( #define GRPC_ARG_CHANNEL_CREDENTIALS "grpc.channel_credentials" typedef struct { - void (*destruct)(grpc_channel_credentials *c); + void (*destruct)(grpc_channel_credentials* c); grpc_security_status (*create_security_connector)( - grpc_channel_credentials *c, grpc_call_credentials *call_creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args); + grpc_channel_credentials* c, grpc_call_credentials* call_creds, + const char* target, const grpc_channel_args* args, + grpc_channel_security_connector** sc, grpc_channel_args** new_args); - grpc_channel_credentials *(*duplicate_without_call_credentials)( - grpc_channel_credentials *c); + grpc_channel_credentials* (*duplicate_without_call_credentials)( + grpc_channel_credentials* c); } grpc_channel_credentials_vtable; struct grpc_channel_credentials { - const grpc_channel_credentials_vtable *vtable; - const char *type; + const grpc_channel_credentials_vtable* vtable; + const char* type; gpr_refcount refcount; }; -grpc_channel_credentials *grpc_channel_credentials_ref( - grpc_channel_credentials *creds); -void grpc_channel_credentials_unref(grpc_channel_credentials *creds); +grpc_channel_credentials* grpc_channel_credentials_ref( + grpc_channel_credentials* creds); +void grpc_channel_credentials_unref(grpc_channel_credentials* creds); /* Creates a security connector for the channel. May also create new channel args for the channel to be used in place of the passed in const args if returned non NULL. In that case the caller is responsible for destroying new_args after channel creation. */ grpc_security_status grpc_channel_credentials_create_security_connector( - grpc_channel_credentials *creds, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args); + grpc_channel_credentials* creds, const char* target, + const grpc_channel_args* args, grpc_channel_security_connector** sc, + grpc_channel_args** new_args); /* Creates a version of the channel credentials without any attached call credentials. This can be used in order to open a channel to a non-trusted gRPC load balancer. */ -grpc_channel_credentials * +grpc_channel_credentials* grpc_channel_credentials_duplicate_without_call_credentials( - grpc_channel_credentials *creds); + grpc_channel_credentials* creds); /* Util to encapsulate the channel credentials in a channel arg. */ -grpc_arg grpc_channel_credentials_to_arg(grpc_channel_credentials *credentials); +grpc_arg grpc_channel_credentials_to_arg(grpc_channel_credentials* credentials); /* Util to get the channel credentials from a channel arg. */ -grpc_channel_credentials *grpc_channel_credentials_from_arg( - const grpc_arg *arg); +grpc_channel_credentials* grpc_channel_credentials_from_arg( + const grpc_arg* arg); /* Util to find the channel credentials from channel args. */ -grpc_channel_credentials *grpc_channel_credentials_find_in_args( - const grpc_channel_args *args); +grpc_channel_credentials* grpc_channel_credentials_find_in_args( + const grpc_channel_args* args); /* --- grpc_credentials_mdelem_array. --- */ typedef struct { - grpc_mdelem *md; + grpc_mdelem* md; size_t size; } grpc_credentials_mdelem_array; /// Takes a new ref to \a md. -void grpc_credentials_mdelem_array_add(grpc_credentials_mdelem_array *list, +void grpc_credentials_mdelem_array_add(grpc_credentials_mdelem_array* list, grpc_mdelem md); /// Appends all elements from \a src to \a dst, taking a new ref to each one. -void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array *dst, - grpc_credentials_mdelem_array *src); +void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array* dst, + grpc_credentials_mdelem_array* src); -void grpc_credentials_mdelem_array_destroy(grpc_credentials_mdelem_array *list); +void grpc_credentials_mdelem_array_destroy(grpc_credentials_mdelem_array* list); /* --- grpc_call_credentials. --- */ typedef struct { - void (*destruct)(grpc_call_credentials *c); - bool (*get_request_metadata)(grpc_call_credentials *c, - grpc_polling_entity *pollent, + void (*destruct)(grpc_call_credentials* c); + bool (*get_request_metadata)(grpc_call_credentials* c, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, - grpc_error **error); - void (*cancel_get_request_metadata)(grpc_call_credentials *c, - grpc_credentials_mdelem_array *md_array, - grpc_error *error); + grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, + grpc_error** error); + void (*cancel_get_request_metadata)(grpc_call_credentials* c, + grpc_credentials_mdelem_array* md_array, + grpc_error* error); } grpc_call_credentials_vtable; struct grpc_call_credentials { - const grpc_call_credentials_vtable *vtable; - const char *type; + const grpc_call_credentials_vtable* vtable; + const char* type; gpr_refcount refcount; }; -grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds); -void grpc_call_credentials_unref(grpc_call_credentials *creds); +grpc_call_credentials* grpc_call_credentials_ref(grpc_call_credentials* creds); +void grpc_call_credentials_unref(grpc_call_credentials* creds); /// Returns true if completed synchronously, in which case \a error will /// be set to indicate the result. Otherwise, \a on_request_metadata will /// be invoked asynchronously when complete. \a md_array will be populated /// with the resulting metadata once complete. bool grpc_call_credentials_get_request_metadata( - grpc_call_credentials *creds, grpc_polling_entity *pollent, - grpc_auth_metadata_context context, grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, grpc_error **error); + grpc_call_credentials* creds, grpc_polling_entity* pollent, + grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, grpc_error** error); /// Cancels a pending asynchronous operation started by /// grpc_call_credentials_get_request_metadata() with the corresponding /// value of \a md_array. void grpc_call_credentials_cancel_get_request_metadata( - grpc_call_credentials *c, grpc_credentials_mdelem_array *md_array, - grpc_error *error); + grpc_call_credentials* c, grpc_credentials_mdelem_array* md_array, + grpc_error* error); /* Metadata-only credentials with the specified key and value where asynchronicity can be simulated for testing. */ -grpc_call_credentials *grpc_md_only_test_credentials_create( - const char *md_key, const char *md_value, bool is_async); +grpc_call_credentials* grpc_md_only_test_credentials_create( + const char* md_key, const char* md_value, bool is_async); /* --- grpc_server_credentials. --- */ typedef struct { - void (*destruct)(grpc_server_credentials *c); + void (*destruct)(grpc_server_credentials* c); grpc_security_status (*create_security_connector)( - grpc_server_credentials *c, grpc_server_security_connector **sc); + grpc_server_credentials* c, grpc_server_security_connector** sc); } grpc_server_credentials_vtable; struct grpc_server_credentials { - const grpc_server_credentials_vtable *vtable; - const char *type; + const grpc_server_credentials_vtable* vtable; + const char* type; gpr_refcount refcount; grpc_auth_metadata_processor processor; }; grpc_security_status grpc_server_credentials_create_security_connector( - grpc_server_credentials *creds, grpc_server_security_connector **sc); + grpc_server_credentials* creds, grpc_server_security_connector** sc); -grpc_server_credentials *grpc_server_credentials_ref( - grpc_server_credentials *creds); +grpc_server_credentials* grpc_server_credentials_ref( + grpc_server_credentials* creds); -void grpc_server_credentials_unref(grpc_server_credentials *creds); +void grpc_server_credentials_unref(grpc_server_credentials* creds); #define GRPC_SERVER_CREDENTIALS_ARG "grpc.server_credentials" -grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials *c); -grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg); -grpc_server_credentials *grpc_find_server_credentials_in_args( - const grpc_channel_args *args); +grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials* c); +grpc_server_credentials* grpc_server_credentials_from_arg(const grpc_arg* arg); +grpc_server_credentials* grpc_find_server_credentials_in_args( + const grpc_channel_args* args); /* -- Credentials Metadata Request. -- */ typedef struct { - grpc_call_credentials *creds; + grpc_call_credentials* creds; grpc_http_response response; } grpc_credentials_metadata_request; -grpc_credentials_metadata_request *grpc_credentials_metadata_request_create( - grpc_call_credentials *creds); +grpc_credentials_metadata_request* grpc_credentials_metadata_request_create( + grpc_call_credentials* creds); void grpc_credentials_metadata_request_destroy( - grpc_credentials_metadata_request *r); + grpc_credentials_metadata_request* r); #ifdef __cplusplus } diff --git a/src/core/lib/security/credentials/credentials_metadata.cc b/src/core/lib/security/credentials/credentials_metadata.cc index 29b632376b..9ceaf21139 100644 --- a/src/core/lib/security/credentials/credentials_metadata.cc +++ b/src/core/lib/security/credentials/credentials_metadata.cc @@ -24,7 +24,7 @@ #include "src/core/lib/slice/slice_internal.h" -static void mdelem_list_ensure_capacity(grpc_credentials_mdelem_array *list, +static void mdelem_list_ensure_capacity(grpc_credentials_mdelem_array* list, size_t additional_space_needed) { size_t target_size = list->size + additional_space_needed; // Find the next power of two greater than the target size (i.e., @@ -34,17 +34,17 @@ static void mdelem_list_ensure_capacity(grpc_credentials_mdelem_array *list, new_size *= 2; } list->md = - (grpc_mdelem *)gpr_realloc(list->md, sizeof(grpc_mdelem) * new_size); + (grpc_mdelem*)gpr_realloc(list->md, sizeof(grpc_mdelem) * new_size); } -void grpc_credentials_mdelem_array_add(grpc_credentials_mdelem_array *list, +void grpc_credentials_mdelem_array_add(grpc_credentials_mdelem_array* list, grpc_mdelem md) { mdelem_list_ensure_capacity(list, 1); list->md[list->size++] = GRPC_MDELEM_REF(md); } -void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array *dst, - grpc_credentials_mdelem_array *src) { +void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array* dst, + grpc_credentials_mdelem_array* src) { mdelem_list_ensure_capacity(dst, src->size); for (size_t i = 0; i < src->size; ++i) { dst->md[dst->size++] = GRPC_MDELEM_REF(src->md[i]); @@ -52,7 +52,7 @@ void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array *dst, } void grpc_credentials_mdelem_array_destroy( - grpc_credentials_mdelem_array *list) { + grpc_credentials_mdelem_array* list) { for (size_t i = 0; i < list->size; ++i) { GRPC_MDELEM_UNREF(list->md[i]); } diff --git a/src/core/lib/security/credentials/fake/fake_credentials.cc b/src/core/lib/security/credentials/fake/fake_credentials.cc index 42257c7a13..0922b486a2 100644 --- a/src/core/lib/security/credentials/fake/fake_credentials.cc +++ b/src/core/lib/security/credentials/fake/fake_credentials.cc @@ -34,9 +34,9 @@ "grpc.fake_security.expected_targets" static grpc_security_status fake_transport_security_create_security_connector( - grpc_channel_credentials *c, grpc_call_credentials *call_creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + grpc_channel_credentials* c, grpc_call_credentials* call_creds, + const char* target, const grpc_channel_args* args, + grpc_channel_security_connector** sc, grpc_channel_args** new_args) { *sc = grpc_fake_channel_security_connector_create(c, call_creds, target, args); return GRPC_SECURITY_OK; @@ -44,7 +44,7 @@ static grpc_security_status fake_transport_security_create_security_connector( static grpc_security_status fake_transport_security_server_create_security_connector( - grpc_server_credentials *c, grpc_server_security_connector **sc) { + grpc_server_credentials* c, grpc_server_security_connector** sc) { *sc = grpc_fake_server_security_connector_create(c); return GRPC_SECURITY_OK; } @@ -57,20 +57,20 @@ static grpc_server_credentials_vtable fake_transport_security_server_credentials_vtable = { NULL, fake_transport_security_server_create_security_connector}; -grpc_channel_credentials *grpc_fake_transport_security_credentials_create( +grpc_channel_credentials* grpc_fake_transport_security_credentials_create( void) { - grpc_channel_credentials *c = - (grpc_channel_credentials *)gpr_zalloc(sizeof(grpc_channel_credentials)); + grpc_channel_credentials* c = + (grpc_channel_credentials*)gpr_zalloc(sizeof(grpc_channel_credentials)); c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; c->vtable = &fake_transport_security_credentials_vtable; gpr_ref_init(&c->refcount, 1); return c; } -grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( +grpc_server_credentials* grpc_fake_transport_security_server_credentials_create( void) { - grpc_server_credentials *c = - (grpc_server_credentials *)gpr_malloc(sizeof(grpc_server_credentials)); + grpc_server_credentials* c = + (grpc_server_credentials*)gpr_malloc(sizeof(grpc_server_credentials)); memset(c, 0, sizeof(grpc_server_credentials)); c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; gpr_ref_init(&c->refcount, 1); @@ -78,14 +78,14 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( return c; } -grpc_arg grpc_fake_transport_expected_targets_arg(char *expected_targets) { +grpc_arg grpc_fake_transport_expected_targets_arg(char* expected_targets) { return grpc_channel_arg_string_create( - (char *)GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS, expected_targets); + (char*)GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS, expected_targets); } -const char *grpc_fake_transport_get_expected_targets( - const grpc_channel_args *args) { - const grpc_arg *expected_target_arg = +const char* grpc_fake_transport_get_expected_targets( + const grpc_channel_args* args) { + const grpc_arg* expected_target_arg = grpc_channel_args_find(args, GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS); if (expected_target_arg != NULL && expected_target_arg->type == GRPC_ARG_STRING) { @@ -96,16 +96,16 @@ const char *grpc_fake_transport_get_expected_targets( /* -- Metadata-only test credentials. -- */ -static void md_only_test_destruct(grpc_call_credentials *creds) { - grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; +static void md_only_test_destruct(grpc_call_credentials* creds) { + grpc_md_only_test_credentials* c = (grpc_md_only_test_credentials*)creds; GRPC_MDELEM_UNREF(c->md); } static bool md_only_test_get_request_metadata( - grpc_call_credentials *creds, grpc_polling_entity *pollent, - grpc_auth_metadata_context context, grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, grpc_error **error) { - grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; + grpc_call_credentials* creds, grpc_polling_entity* pollent, + grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, grpc_error** error) { + grpc_md_only_test_credentials* c = (grpc_md_only_test_credentials*)creds; grpc_credentials_mdelem_array_add(md_array, c->md); if (c->is_async) { GRPC_CLOSURE_SCHED(on_request_metadata, GRPC_ERROR_NONE); @@ -115,8 +115,8 @@ static bool md_only_test_get_request_metadata( } static void md_only_test_cancel_get_request_metadata( - grpc_call_credentials *c, grpc_credentials_mdelem_array *md_array, - grpc_error *error) { + grpc_call_credentials* c, grpc_credentials_mdelem_array* md_array, + grpc_error* error) { GRPC_ERROR_UNREF(error); } @@ -124,11 +124,10 @@ static grpc_call_credentials_vtable md_only_test_vtable = { md_only_test_destruct, md_only_test_get_request_metadata, md_only_test_cancel_get_request_metadata}; -grpc_call_credentials *grpc_md_only_test_credentials_create( - const char *md_key, const char *md_value, bool is_async) { - grpc_md_only_test_credentials *c = - (grpc_md_only_test_credentials *)gpr_zalloc( - sizeof(grpc_md_only_test_credentials)); +grpc_call_credentials* grpc_md_only_test_credentials_create( + const char* md_key, const char* md_value, bool is_async) { + grpc_md_only_test_credentials* c = (grpc_md_only_test_credentials*)gpr_zalloc( + sizeof(grpc_md_only_test_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2; c->base.vtable = &md_only_test_vtable; gpr_ref_init(&c->base.refcount, 1); diff --git a/src/core/lib/security/credentials/fake/fake_credentials.h b/src/core/lib/security/credentials/fake/fake_credentials.h index ed3f893c58..b8b58cc8fd 100644 --- a/src/core/lib/security/credentials/fake/fake_credentials.h +++ b/src/core/lib/security/credentials/fake/fake_credentials.h @@ -28,10 +28,10 @@ extern "C" { /* -- Fake transport security credentials. -- */ /* Creates a fake transport security credentials object for testing. */ -grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void); +grpc_channel_credentials* grpc_fake_transport_security_credentials_create(void); /* Creates a fake server transport security credentials object for testing. */ -grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( +grpc_server_credentials* grpc_fake_transport_security_server_credentials_create( void); /* Used to verify the target names given to the fake transport security @@ -46,11 +46,11 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( * That is to say, LB channels have a heading list of LB targets separated from * the list of backend targets by a semicolon. For non-LB channels, only the * latter is present. */ -grpc_arg grpc_fake_transport_expected_targets_arg(char *expected_targets); +grpc_arg grpc_fake_transport_expected_targets_arg(char* expected_targets); /* Return the value associated with the expected targets channel arg or NULL */ -const char *grpc_fake_transport_get_expected_targets( - const grpc_channel_args *args); +const char* grpc_fake_transport_get_expected_targets( + const grpc_channel_args* args); /* -- Metadata-only Test credentials. -- */ diff --git a/src/core/lib/security/credentials/google_default/credentials_generic.cc b/src/core/lib/security/credentials/google_default/credentials_generic.cc index 4f79718f3d..c2a336ff07 100644 --- a/src/core/lib/security/credentials/google_default/credentials_generic.cc +++ b/src/core/lib/security/credentials/google_default/credentials_generic.cc @@ -25,9 +25,9 @@ #include "src/core/lib/support/env.h" #include "src/core/lib/support/string.h" -char *grpc_get_well_known_google_credentials_file_path_impl(void) { - char *result = NULL; - char *base = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_PATH_ENV_VAR); +char* grpc_get_well_known_google_credentials_file_path_impl(void) { + char* result = NULL; + char* base = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_PATH_ENV_VAR); if (base == NULL) { gpr_log(GPR_ERROR, "Could not get " GRPC_GOOGLE_CREDENTIALS_ENV_VAR " environment variable."); diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 719e6d147a..897b9d7520 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -43,10 +43,10 @@ /* -- Default credentials. -- */ -static grpc_channel_credentials *default_credentials = NULL; +static grpc_channel_credentials* default_credentials = NULL; static int compute_engine_detection_done = 0; static gpr_mu g_state_mu; -static gpr_mu *g_polling_mu; +static gpr_mu* g_polling_mu; static gpr_once g_once = GPR_ONCE_INIT; static void init_default_credentials(void) { gpr_mu_init(&g_state_mu); } @@ -58,16 +58,16 @@ typedef struct { grpc_http_response response; } compute_engine_detector; -static void on_compute_engine_detection_http_response(void *user_data, - grpc_error *error) { - compute_engine_detector *detector = (compute_engine_detector *)user_data; +static void on_compute_engine_detection_http_response(void* user_data, + grpc_error* error) { + compute_engine_detector* detector = (compute_engine_detector*)user_data; if (error == GRPC_ERROR_NONE && detector->response.status == 200 && detector->response.hdr_count > 0) { /* Internet providers can return a generic response to all requests, so it is necessary to check that metadata header is present also. */ size_t i; for (i = 0; i < detector->response.hdr_count; i++) { - grpc_http_header *header = &detector->response.hdrs[i]; + grpc_http_header* header = &detector->response.hdrs[i]; if (strcmp(header->key, "Metadata-Flavor") == 0 && strcmp(header->value, "Google") == 0) { detector->success = 1; @@ -83,8 +83,8 @@ static void on_compute_engine_detection_http_response(void *user_data, gpr_mu_unlock(g_polling_mu); } -static void destroy_pollset(void *p, grpc_error *e) { - grpc_pollset_destroy((grpc_pollset *)p); +static void destroy_pollset(void* p, grpc_error* e) { + grpc_pollset_destroy((grpc_pollset*)p); } static int is_stack_running_on_compute_engine() { @@ -97,7 +97,7 @@ static int is_stack_running_on_compute_engine() { on compute engine. */ grpc_millis max_detection_delay = GPR_MS_PER_SEC; - grpc_pollset *pollset = (grpc_pollset *)gpr_zalloc(grpc_pollset_size()); + grpc_pollset* pollset = (grpc_pollset*)gpr_zalloc(grpc_pollset_size()); grpc_pollset_init(pollset, &g_polling_mu); detector.pollent = grpc_polling_entity_create_from_pollset(pollset); detector.is_done = 0; @@ -105,12 +105,12 @@ static int is_stack_running_on_compute_engine() { memset(&detector.response, 0, sizeof(detector.response)); memset(&request, 0, sizeof(grpc_httpcli_request)); - request.host = (char *)GRPC_COMPUTE_ENGINE_DETECTION_HOST; - request.http.path = (char *)"/"; + request.host = (char*)GRPC_COMPUTE_ENGINE_DETECTION_HOST; + request.http.path = (char*)"/"; grpc_httpcli_context_init(&context); - grpc_resource_quota *resource_quota = + grpc_resource_quota* resource_quota = grpc_resource_quota_create("google_default_credentials"); grpc_httpcli_get( &context, &detector.pollent, resource_quota, &request, @@ -126,7 +126,7 @@ static int is_stack_running_on_compute_engine() { called once for the lifetime of the process by the default credentials. */ gpr_mu_lock(g_polling_mu); while (!detector.is_done) { - grpc_pollset_worker *worker = NULL; + grpc_pollset_worker* worker = NULL; if (!GRPC_LOG_IF_ERROR( "pollset_work", grpc_pollset_work(grpc_polling_entity_pollset(&detector.pollent), @@ -153,14 +153,14 @@ static int is_stack_running_on_compute_engine() { } /* Takes ownership of creds_path if not NULL. */ -static grpc_error *create_default_creds_from_path( - char *creds_path, grpc_call_credentials **creds) { - grpc_json *json = NULL; +static grpc_error* create_default_creds_from_path( + char* creds_path, grpc_call_credentials** creds) { + grpc_json* json = NULL; grpc_auth_json_key key; grpc_auth_refresh_token token; - grpc_call_credentials *result = NULL; + grpc_call_credentials* result = NULL; grpc_slice creds_data = grpc_empty_slice(); - grpc_error *error = GRPC_ERROR_NONE; + grpc_error* error = GRPC_ERROR_NONE; if (creds_path == NULL) { error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("creds_path unset"); goto end; @@ -170,7 +170,7 @@ static grpc_error *create_default_creds_from_path( goto end; } json = grpc_json_parse_string_with_len( - (char *)GRPC_SLICE_START_PTR(creds_data), GRPC_SLICE_LENGTH(creds_data)); + (char*)GRPC_SLICE_START_PTR(creds_data), GRPC_SLICE_LENGTH(creds_data)); if (json == NULL) { error = grpc_error_set_str( GRPC_ERROR_CREATE_FROM_STATIC_STRING("Failed to parse JSON"), @@ -214,12 +214,12 @@ end: return error; } -grpc_channel_credentials *grpc_google_default_credentials_create(void) { - grpc_channel_credentials *result = NULL; - grpc_call_credentials *call_creds = NULL; - grpc_error *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( +grpc_channel_credentials* grpc_google_default_credentials_create(void) { + grpc_channel_credentials* result = NULL; + grpc_call_credentials* call_creds = NULL; + grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Failed to create Google credentials"); - grpc_error *err; + grpc_error* err; ExecCtx _local_exec_ctx; GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ()); @@ -266,7 +266,7 @@ end: /* Blend with default ssl credentials and add a global reference so that it can be cached and re-served. */ - grpc_channel_credentials *ssl_creds = + grpc_channel_credentials* ssl_creds = grpc_ssl_credentials_create(NULL, NULL, NULL); default_credentials = grpc_channel_credentials_ref( grpc_composite_channel_credentials_create(ssl_creds, call_creds, @@ -306,7 +306,7 @@ void grpc_flush_cached_google_default_credentials(void) { static grpc_well_known_credentials_path_getter creds_path_getter = NULL; -char *grpc_get_well_known_google_credentials_file_path(void) { +char* grpc_get_well_known_google_credentials_file_path(void) { if (creds_path_getter != NULL) return creds_path_getter(); return grpc_get_well_known_google_credentials_file_path_impl(); } diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h index 66677873ca..a0f8dc954e 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.h +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h @@ -50,4 +50,4 @@ void grpc_flush_cached_google_default_credentials(void); #endif #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_GOOGLE_DEFAULT_CREDENTIALS_H \ - */ + */ diff --git a/src/core/lib/security/credentials/iam/iam_credentials.cc b/src/core/lib/security/credentials/iam/iam_credentials.cc index 3b91e739f1..07938ec67e 100644 --- a/src/core/lib/security/credentials/iam/iam_credentials.cc +++ b/src/core/lib/security/credentials/iam/iam_credentials.cc @@ -27,33 +27,33 @@ #include <grpc/support/string_util.h> #include <grpc/support/sync.h> -static void iam_destruct(grpc_call_credentials *creds) { - grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; +static void iam_destruct(grpc_call_credentials* creds) { + grpc_google_iam_credentials* c = (grpc_google_iam_credentials*)creds; grpc_credentials_mdelem_array_destroy(&c->md_array); } -static bool iam_get_request_metadata(grpc_call_credentials *creds, - grpc_polling_entity *pollent, +static bool iam_get_request_metadata(grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; + grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_google_iam_credentials* c = (grpc_google_iam_credentials*)creds; grpc_credentials_mdelem_array_append(md_array, &c->md_array); return true; } static void iam_cancel_get_request_metadata( - grpc_call_credentials *c, grpc_credentials_mdelem_array *md_array, - grpc_error *error) { + grpc_call_credentials* c, grpc_credentials_mdelem_array* md_array, + grpc_error* error) { GRPC_ERROR_UNREF(error); } static grpc_call_credentials_vtable iam_vtable = { iam_destruct, iam_get_request_metadata, iam_cancel_get_request_metadata}; -grpc_call_credentials *grpc_google_iam_credentials_create( - const char *token, const char *authority_selector, void *reserved) { +grpc_call_credentials* grpc_google_iam_credentials_create( + const char* token, const char* authority_selector, void* reserved) { ExecCtx _local_exec_ctx; GRPC_API_TRACE( "grpc_iam_credentials_create(token=%s, authority_selector=%s, " @@ -62,8 +62,8 @@ grpc_call_credentials *grpc_google_iam_credentials_create( GPR_ASSERT(reserved == NULL); GPR_ASSERT(token != NULL); GPR_ASSERT(authority_selector != NULL); - grpc_google_iam_credentials *c = - (grpc_google_iam_credentials *)gpr_zalloc(sizeof(*c)); + grpc_google_iam_credentials* c = + (grpc_google_iam_credentials*)gpr_zalloc(sizeof(*c)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_IAM; c->base.vtable = &iam_vtable; gpr_ref_init(&c->base.refcount, 1); diff --git a/src/core/lib/security/credentials/jwt/json_token.cc b/src/core/lib/security/credentials/jwt/json_token.cc index 8c30353470..e195ec7509 100644 --- a/src/core/lib/security/credentials/jwt/json_token.cc +++ b/src/core/lib/security/credentials/jwt/json_token.cc @@ -56,15 +56,15 @@ static grpc_jwt_encode_and_sign_override g_jwt_encode_and_sign_override = NULL; /* --- grpc_auth_json_key. --- */ -int grpc_auth_json_key_is_valid(const grpc_auth_json_key *json_key) { +int grpc_auth_json_key_is_valid(const grpc_auth_json_key* json_key) { return (json_key != NULL) && strcmp(json_key->type, GRPC_AUTH_JSON_TYPE_INVALID); } -grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json *json) { +grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json* json) { grpc_auth_json_key result; - BIO *bio = NULL; - const char *prop_value; + BIO* bio = NULL; + const char* prop_value; int success = 0; memset(&result, 0, sizeof(grpc_auth_json_key)); @@ -99,7 +99,7 @@ grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json *json) { gpr_log(GPR_ERROR, "Could not write into openssl BIO."); goto end; } - result.private_key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, (void *)""); + result.private_key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, (void*)""); if (result.private_key == NULL) { gpr_log(GPR_ERROR, "Could not deserialize private key."); goto end; @@ -113,16 +113,16 @@ end: } grpc_auth_json_key grpc_auth_json_key_create_from_string( - const char *json_string) { - char *scratchpad = gpr_strdup(json_string); - grpc_json *json = grpc_json_parse_string(scratchpad); + const char* json_string) { + char* scratchpad = gpr_strdup(json_string); + grpc_json* json = grpc_json_parse_string(scratchpad); grpc_auth_json_key result = grpc_auth_json_key_create_from_json(json); if (json != NULL) grpc_json_destroy(json); gpr_free(scratchpad); return result; } -void grpc_auth_json_key_destruct(grpc_auth_json_key *json_key) { +void grpc_auth_json_key_destruct(grpc_auth_json_key* json_key) { if (json_key == NULL) return; json_key->type = GRPC_AUTH_JSON_TYPE_INVALID; if (json_key->client_id != NULL) { @@ -145,10 +145,10 @@ void grpc_auth_json_key_destruct(grpc_auth_json_key *json_key) { /* --- jwt encoding and signature. --- */ -static grpc_json *create_child(grpc_json *brother, grpc_json *parent, - const char *key, const char *value, +static grpc_json* create_child(grpc_json* brother, grpc_json* parent, + const char* key, const char* value, grpc_json_type type) { - grpc_json *child = grpc_json_create(type); + grpc_json* child = grpc_json_create(type); if (brother) brother->next = child; if (!parent->child) parent->child = child; child->parent = parent; @@ -157,11 +157,11 @@ static grpc_json *create_child(grpc_json *brother, grpc_json *parent, return child; } -static char *encoded_jwt_header(const char *key_id, const char *algorithm) { - grpc_json *json = grpc_json_create(GRPC_JSON_OBJECT); - grpc_json *child = NULL; - char *json_str = NULL; - char *result = NULL; +static char* encoded_jwt_header(const char* key_id, const char* algorithm) { + grpc_json* json = grpc_json_create(GRPC_JSON_OBJECT); + grpc_json* child = NULL; + char* json_str = NULL; + char* result = NULL; child = create_child(NULL, json, "alg", algorithm, GRPC_JSON_STRING); child = create_child(child, json, "typ", GRPC_JWT_TYPE, GRPC_JSON_STRING); @@ -174,13 +174,13 @@ static char *encoded_jwt_header(const char *key_id, const char *algorithm) { return result; } -static char *encoded_jwt_claim(const grpc_auth_json_key *json_key, - const char *audience, - gpr_timespec token_lifetime, const char *scope) { - grpc_json *json = grpc_json_create(GRPC_JSON_OBJECT); - grpc_json *child = NULL; - char *json_str = NULL; - char *result = NULL; +static char* encoded_jwt_claim(const grpc_auth_json_key* json_key, + const char* audience, + gpr_timespec token_lifetime, const char* scope) { + grpc_json* json = grpc_json_create(GRPC_JSON_OBJECT); + grpc_json* child = NULL; + char* json_str = NULL; + char* result = NULL; gpr_timespec now = gpr_now(GPR_CLOCK_REALTIME); gpr_timespec expiration = gpr_time_add(now, token_lifetime); char now_str[GPR_LTOA_MIN_BUFSIZE]; @@ -213,12 +213,12 @@ static char *encoded_jwt_claim(const grpc_auth_json_key *json_key, return result; } -static char *dot_concat_and_free_strings(char *str1, char *str2) { +static char* dot_concat_and_free_strings(char* str1, char* str2) { size_t str1_len = strlen(str1); size_t str2_len = strlen(str2); size_t result_len = str1_len + 1 /* dot */ + str2_len; - char *result = (char *)gpr_malloc(result_len + 1 /* NULL terminated */); - char *current = result; + char* result = (char*)gpr_malloc(result_len + 1 /* NULL terminated */); + char* current = result; memcpy(current, str1, str1_len); current += str1_len; *(current++) = '.'; @@ -232,7 +232,7 @@ static char *dot_concat_and_free_strings(char *str1, char *str2) { return result; } -const EVP_MD *openssl_digest_from_algorithm(const char *algorithm) { +const EVP_MD* openssl_digest_from_algorithm(const char* algorithm) { if (strcmp(algorithm, GRPC_JWT_RSA_SHA256_ALGORITHM) == 0) { return EVP_sha256(); } else { @@ -241,15 +241,15 @@ const EVP_MD *openssl_digest_from_algorithm(const char *algorithm) { } } -char *compute_and_encode_signature(const grpc_auth_json_key *json_key, - const char *signature_algorithm, - const char *to_sign) { - const EVP_MD *md = openssl_digest_from_algorithm(signature_algorithm); - EVP_MD_CTX *md_ctx = NULL; - EVP_PKEY *key = EVP_PKEY_new(); +char* compute_and_encode_signature(const grpc_auth_json_key* json_key, + const char* signature_algorithm, + const char* to_sign) { + const EVP_MD* md = openssl_digest_from_algorithm(signature_algorithm); + EVP_MD_CTX* md_ctx = NULL; + EVP_PKEY* key = EVP_PKEY_new(); size_t sig_len = 0; - unsigned char *sig = NULL; - char *result = NULL; + unsigned char* sig = NULL; + char* result = NULL; if (md == NULL) return NULL; md_ctx = EVP_MD_CTX_create(); if (md_ctx == NULL) { @@ -269,7 +269,7 @@ char *compute_and_encode_signature(const grpc_auth_json_key *json_key, gpr_log(GPR_ERROR, "DigestFinal (get signature length) failed."); goto end; } - sig = (unsigned char *)gpr_malloc(sig_len); + sig = (unsigned char*)gpr_malloc(sig_len); if (EVP_DigestSignFinal(md_ctx, sig, &sig_len) != 1) { gpr_log(GPR_ERROR, "DigestFinal (signature compute) failed."); goto end; @@ -283,18 +283,18 @@ end: return result; } -char *grpc_jwt_encode_and_sign(const grpc_auth_json_key *json_key, - const char *audience, - gpr_timespec token_lifetime, const char *scope) { +char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key, + const char* audience, + gpr_timespec token_lifetime, const char* scope) { if (g_jwt_encode_and_sign_override != NULL) { return g_jwt_encode_and_sign_override(json_key, audience, token_lifetime, scope); } else { - const char *sig_algo = GRPC_JWT_RSA_SHA256_ALGORITHM; - char *to_sign = dot_concat_and_free_strings( + const char* sig_algo = GRPC_JWT_RSA_SHA256_ALGORITHM; + char* to_sign = dot_concat_and_free_strings( encoded_jwt_header(json_key->private_key_id, sig_algo), encoded_jwt_claim(json_key, audience, token_lifetime, scope)); - char *sig = compute_and_encode_signature(json_key, sig_algo, to_sign); + char* sig = compute_and_encode_signature(json_key, sig_algo, to_sign); if (sig == NULL) { gpr_free(to_sign); return NULL; diff --git a/src/core/lib/security/credentials/jwt/json_token.h b/src/core/lib/security/credentials/jwt/json_token.h index b923b02df6..b2c3c09c25 100644 --- a/src/core/lib/security/credentials/jwt/json_token.h +++ b/src/core/lib/security/credentials/jwt/json_token.h @@ -35,40 +35,40 @@ extern "C" { /* --- auth_json_key parsing. --- */ typedef struct { - const char *type; - char *private_key_id; - char *client_id; - char *client_email; - RSA *private_key; + const char* type; + char* private_key_id; + char* client_id; + char* client_email; + RSA* private_key; } grpc_auth_json_key; /* Returns 1 if the object is valid, 0 otherwise. */ -int grpc_auth_json_key_is_valid(const grpc_auth_json_key *json_key); +int grpc_auth_json_key_is_valid(const grpc_auth_json_key* json_key); /* Creates a json_key object from string. Returns an invalid object if a parsing error has been encountered. */ grpc_auth_json_key grpc_auth_json_key_create_from_string( - const char *json_string); + const char* json_string); /* Creates a json_key object from parsed json. Returns an invalid object if a parsing error has been encountered. */ -grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json *json); +grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json* json); /* Destructs the object. */ -void grpc_auth_json_key_destruct(grpc_auth_json_key *json_key); +void grpc_auth_json_key_destruct(grpc_auth_json_key* json_key); /* --- json token encoding and signing. --- */ /* Caller is responsible for calling gpr_free on the returned value. May return NULL on invalid input. The scope parameter may be NULL. */ -char *grpc_jwt_encode_and_sign(const grpc_auth_json_key *json_key, - const char *audience, - gpr_timespec token_lifetime, const char *scope); +char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key, + const char* audience, + gpr_timespec token_lifetime, const char* scope); /* Override encode_and_sign function for testing. */ -typedef char *(*grpc_jwt_encode_and_sign_override)( - const grpc_auth_json_key *json_key, const char *audience, - gpr_timespec token_lifetime, const char *scope); +typedef char* (*grpc_jwt_encode_and_sign_override)( + const grpc_auth_json_key* json_key, const char* audience, + gpr_timespec token_lifetime, const char* scope); /* Set a custom encode_and_sign override for testing. */ void grpc_jwt_encode_and_sign_set_override( diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.cc b/src/core/lib/security/credentials/jwt/jwt_credentials.cc index 15eeaf6bac..1d43ee6e03 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.cc +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.cc @@ -30,7 +30,7 @@ #include <grpc/support/string_util.h> #include <grpc/support/sync.h> -static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) { +static void jwt_reset_cache(grpc_service_account_jwt_access_credentials* c) { GRPC_MDELEM_UNREF(c->cached.jwt_md); c->cached.jwt_md = GRPC_MDNULL; if (c->cached.service_url != NULL) { @@ -40,22 +40,22 @@ static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) { c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); } -static void jwt_destruct(grpc_call_credentials *creds) { - grpc_service_account_jwt_access_credentials *c = - (grpc_service_account_jwt_access_credentials *)creds; +static void jwt_destruct(grpc_call_credentials* creds) { + grpc_service_account_jwt_access_credentials* c = + (grpc_service_account_jwt_access_credentials*)creds; grpc_auth_json_key_destruct(&c->key); jwt_reset_cache(c); gpr_mu_destroy(&c->cache_mu); } -static bool jwt_get_request_metadata(grpc_call_credentials *creds, - grpc_polling_entity *pollent, +static bool jwt_get_request_metadata(grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_service_account_jwt_access_credentials *c = - (grpc_service_account_jwt_access_credentials *)creds; + grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_service_account_jwt_access_credentials* c = + (grpc_service_account_jwt_access_credentials*)creds; gpr_timespec refresh_threshold = gpr_time_from_seconds( GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN); @@ -75,14 +75,14 @@ static bool jwt_get_request_metadata(grpc_call_credentials *creds, } if (GRPC_MDISNULL(jwt_md)) { - char *jwt = NULL; + char* jwt = NULL; /* Generate a new jwt. */ gpr_mu_lock(&c->cache_mu); jwt_reset_cache(c); jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url, c->jwt_lifetime, NULL); if (jwt != NULL) { - char *md_value; + char* md_value; gpr_asprintf(&md_value, "Bearer %s", jwt); gpr_free(jwt); c->cached.jwt_expiration = @@ -107,23 +107,23 @@ static bool jwt_get_request_metadata(grpc_call_credentials *creds, } static void jwt_cancel_get_request_metadata( - grpc_call_credentials *c, grpc_credentials_mdelem_array *md_array, - grpc_error *error) { + grpc_call_credentials* c, grpc_credentials_mdelem_array* md_array, + grpc_error* error) { GRPC_ERROR_UNREF(error); } static grpc_call_credentials_vtable jwt_vtable = { jwt_destruct, jwt_get_request_metadata, jwt_cancel_get_request_metadata}; -grpc_call_credentials * +grpc_call_credentials* grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_auth_json_key key, gpr_timespec token_lifetime) { - grpc_service_account_jwt_access_credentials *c; + grpc_service_account_jwt_access_credentials* c; if (!grpc_auth_json_key_is_valid(&key)) { gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation"); return NULL; } - c = (grpc_service_account_jwt_access_credentials *)gpr_zalloc( + c = (grpc_service_account_jwt_access_credentials*)gpr_zalloc( sizeof(grpc_service_account_jwt_access_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT; gpr_ref_init(&c->base.refcount, 1); @@ -142,33 +142,33 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( return &c->base; } -static char *redact_private_key(const char *json_key) { - char *json_copy = gpr_strdup(json_key); - grpc_json *json = grpc_json_parse_string(json_copy); +static char* redact_private_key(const char* json_key) { + char* json_copy = gpr_strdup(json_key); + grpc_json* json = grpc_json_parse_string(json_copy); if (!json) { gpr_free(json_copy); return gpr_strdup("<Json failed to parse.>"); } - const char *redacted = "<redacted>"; - grpc_json *current = json->child; + const char* redacted = "<redacted>"; + grpc_json* current = json->child; while (current) { if (current->type == GRPC_JSON_STRING && strcmp(current->key, "private_key") == 0) { - current->value = (char *)redacted; + current->value = (char*)redacted; break; } current = current->next; } - char *clean_json = grpc_json_dump_to_string(json, 2); + char* clean_json = grpc_json_dump_to_string(json, 2); gpr_free(json_copy); grpc_json_destroy(json); return clean_json; } -grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( - const char *json_key, gpr_timespec token_lifetime, void *reserved) { +grpc_call_credentials* grpc_service_account_jwt_access_credentials_create( + const char* json_key, gpr_timespec token_lifetime, void* reserved) { if (GRPC_TRACER_ON(grpc_api_trace)) { - char *clean_json = redact_private_key(json_key); + char* clean_json = redact_private_key(json_key); gpr_log(GPR_INFO, "grpc_service_account_jwt_access_credentials_create(" "json_key=%s, " @@ -182,7 +182,7 @@ grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( } GPR_ASSERT(reserved == NULL); ExecCtx _local_exec_ctx; - grpc_call_credentials *creds = + grpc_call_credentials* creds = grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_auth_json_key_create_from_string(json_key), token_lifetime); grpc_exec_ctx_finish(); diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.h b/src/core/lib/security/credentials/jwt/jwt_credentials.h index 12b39c30f2..4e7b756b20 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.h +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.h @@ -34,7 +34,7 @@ typedef struct { gpr_mu cache_mu; struct { grpc_mdelem jwt_md; - char *service_url; + char* service_url; gpr_timespec jwt_expiration; } cached; @@ -44,7 +44,7 @@ typedef struct { // Private constructor for jwt credentials from an already parsed json key. // Takes ownership of the key. -grpc_call_credentials * +grpc_call_credentials* grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_auth_json_key key, gpr_timespec token_lifetime); diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.cc b/src/core/lib/security/credentials/jwt/jwt_verifier.cc index 7e12d15717..eaa2078787 100644 --- a/src/core/lib/security/credentials/jwt/jwt_verifier.cc +++ b/src/core/lib/security/credentials/jwt/jwt_verifier.cc @@ -40,7 +40,7 @@ extern "C" { /* --- Utils. --- */ -const char *grpc_jwt_verifier_status_to_string( +const char* grpc_jwt_verifier_status_to_string( grpc_jwt_verifier_status status) { switch (status) { case GRPC_JWT_VERIFIER_OK: @@ -62,7 +62,7 @@ const char *grpc_jwt_verifier_status_to_string( } } -static const EVP_MD *evp_md_from_alg(const char *alg) { +static const EVP_MD* evp_md_from_alg(const char* alg) { if (strcmp(alg, "RS256") == 0) { return EVP_sha256(); } else if (strcmp(alg, "RS384") == 0) { @@ -74,16 +74,16 @@ static const EVP_MD *evp_md_from_alg(const char *alg) { } } -static grpc_json *parse_json_part_from_jwt(const char *str, size_t len, - grpc_slice *buffer) { - grpc_json *json; +static grpc_json* parse_json_part_from_jwt(const char* str, size_t len, + grpc_slice* buffer) { + grpc_json* json; *buffer = grpc_base64_decode_with_len(str, len, 1); if (GRPC_SLICE_IS_EMPTY(*buffer)) { gpr_log(GPR_ERROR, "Invalid base64."); return NULL; } - json = grpc_json_parse_string_with_len((char *)GRPC_SLICE_START_PTR(*buffer), + json = grpc_json_parse_string_with_len((char*)GRPC_SLICE_START_PTR(*buffer), GRPC_SLICE_LENGTH(*buffer)); if (json == NULL) { grpc_slice_unref_internal(*buffer); @@ -92,8 +92,8 @@ static grpc_json *parse_json_part_from_jwt(const char *str, size_t len, return json; } -static const char *validate_string_field(const grpc_json *json, - const char *key) { +static const char* validate_string_field(const grpc_json* json, + const char* key) { if (json->type != GRPC_JSON_STRING) { gpr_log(GPR_ERROR, "Invalid %s field [%s]", key, json->value); return NULL; @@ -101,8 +101,8 @@ static const char *validate_string_field(const grpc_json *json, return json->value; } -static gpr_timespec validate_time_field(const grpc_json *json, - const char *key) { +static gpr_timespec validate_time_field(const grpc_json* json, + const char* key) { gpr_timespec result = gpr_time_0(GPR_CLOCK_REALTIME); if (json->type != GRPC_JSON_NUMBER) { gpr_log(GPR_ERROR, "Invalid %s field [%s]", key, json->value); @@ -115,22 +115,22 @@ static gpr_timespec validate_time_field(const grpc_json *json, /* --- JOSE header. see http://tools.ietf.org/html/rfc7515#section-4 --- */ typedef struct { - const char *alg; - const char *kid; - const char *typ; + const char* alg; + const char* kid; + const char* typ; /* TODO(jboeuf): Add others as needed (jku, jwk, x5u, x5c and so on...). */ grpc_slice buffer; } jose_header; -static void jose_header_destroy(jose_header *h) { +static void jose_header_destroy(jose_header* h) { grpc_slice_unref_internal(h->buffer); gpr_free(h); } /* Takes ownership of json and buffer. */ -static jose_header *jose_header_from_json(grpc_json *json, grpc_slice buffer) { - grpc_json *cur; - jose_header *h = (jose_header *)gpr_zalloc(sizeof(jose_header)); +static jose_header* jose_header_from_json(grpc_json* json, grpc_slice buffer) { + grpc_json* cur; + jose_header* h = (jose_header*)gpr_zalloc(sizeof(jose_header)); h->buffer = buffer; for (cur = json->child; cur != NULL; cur = cur->next) { if (strcmp(cur->key, "alg") == 0) { @@ -170,69 +170,69 @@ error: struct grpc_jwt_claims { /* Well known properties already parsed. */ - const char *sub; - const char *iss; - const char *aud; - const char *jti; + const char* sub; + const char* iss; + const char* aud; + const char* jti; gpr_timespec iat; gpr_timespec exp; gpr_timespec nbf; - grpc_json *json; + grpc_json* json; grpc_slice buffer; }; -void grpc_jwt_claims_destroy(grpc_jwt_claims *claims) { +void grpc_jwt_claims_destroy(grpc_jwt_claims* claims) { grpc_json_destroy(claims->json); grpc_slice_unref_internal(claims->buffer); gpr_free(claims); } -const grpc_json *grpc_jwt_claims_json(const grpc_jwt_claims *claims) { +const grpc_json* grpc_jwt_claims_json(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->json; } -const char *grpc_jwt_claims_subject(const grpc_jwt_claims *claims) { +const char* grpc_jwt_claims_subject(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->sub; } -const char *grpc_jwt_claims_issuer(const grpc_jwt_claims *claims) { +const char* grpc_jwt_claims_issuer(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->iss; } -const char *grpc_jwt_claims_id(const grpc_jwt_claims *claims) { +const char* grpc_jwt_claims_id(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->jti; } -const char *grpc_jwt_claims_audience(const grpc_jwt_claims *claims) { +const char* grpc_jwt_claims_audience(const grpc_jwt_claims* claims) { if (claims == NULL) return NULL; return claims->aud; } -gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims *claims) { +gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims* claims) { if (claims == NULL) return gpr_inf_past(GPR_CLOCK_REALTIME); return claims->iat; } -gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims *claims) { +gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims* claims) { if (claims == NULL) return gpr_inf_future(GPR_CLOCK_REALTIME); return claims->exp; } -gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims *claims) { +gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims* claims) { if (claims == NULL) return gpr_inf_past(GPR_CLOCK_REALTIME); return claims->nbf; } /* Takes ownership of json and buffer even in case of failure. */ -grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, grpc_slice buffer) { - grpc_json *cur; - grpc_jwt_claims *claims = - (grpc_jwt_claims *)gpr_malloc(sizeof(grpc_jwt_claims)); +grpc_jwt_claims* grpc_jwt_claims_from_json(grpc_json* json, grpc_slice buffer) { + grpc_json* cur; + grpc_jwt_claims* claims = + (grpc_jwt_claims*)gpr_malloc(sizeof(grpc_jwt_claims)); memset(claims, 0, sizeof(grpc_jwt_claims)); claims->json = json; claims->buffer = buffer; @@ -275,8 +275,8 @@ error: return NULL; } -grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims, - const char *audience) { +grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims* claims, + const char* audience) { gpr_timespec skewed_now; int audience_ok; @@ -329,26 +329,26 @@ typedef enum { } http_response_index; typedef struct { - grpc_jwt_verifier *verifier; + grpc_jwt_verifier* verifier; grpc_polling_entity pollent; - jose_header *header; - grpc_jwt_claims *claims; - char *audience; + jose_header* header; + grpc_jwt_claims* claims; + char* audience; grpc_slice signature; grpc_slice signed_data; - void *user_data; + void* user_data; grpc_jwt_verification_done_cb user_cb; grpc_http_response responses[HTTP_RESPONSE_COUNT]; } verifier_cb_ctx; /* Takes ownership of the header, claims and signature. */ -static verifier_cb_ctx *verifier_cb_ctx_create( - grpc_jwt_verifier *verifier, grpc_pollset *pollset, jose_header *header, - grpc_jwt_claims *claims, const char *audience, grpc_slice signature, - const char *signed_jwt, size_t signed_jwt_len, void *user_data, +static verifier_cb_ctx* verifier_cb_ctx_create( + grpc_jwt_verifier* verifier, grpc_pollset* pollset, jose_header* header, + grpc_jwt_claims* claims, const char* audience, grpc_slice signature, + const char* signed_jwt, size_t signed_jwt_len, void* user_data, grpc_jwt_verification_done_cb cb) { ExecCtx _local_exec_ctx; - verifier_cb_ctx *ctx = (verifier_cb_ctx *)gpr_zalloc(sizeof(verifier_cb_ctx)); + verifier_cb_ctx* ctx = (verifier_cb_ctx*)gpr_zalloc(sizeof(verifier_cb_ctx)); ctx->verifier = verifier; ctx->pollent = grpc_polling_entity_create_from_pollset(pollset); ctx->header = header; @@ -362,7 +362,7 @@ static verifier_cb_ctx *verifier_cb_ctx_create( return ctx; } -void verifier_cb_ctx_destroy(verifier_cb_ctx *ctx) { +void verifier_cb_ctx_destroy(verifier_cb_ctx* ctx) { if (ctx->audience != NULL) gpr_free(ctx->audience); if (ctx->claims != NULL) grpc_jwt_claims_destroy(ctx->claims); grpc_slice_unref_internal(ctx->signature); @@ -384,19 +384,19 @@ gpr_timespec grpc_jwt_verifier_clock_skew = {60, 0, GPR_TIMESPAN}; grpc_millis grpc_jwt_verifier_max_delay = 60 * GPR_MS_PER_SEC; typedef struct { - char *email_domain; - char *key_url_prefix; + char* email_domain; + char* key_url_prefix; } email_key_mapping; struct grpc_jwt_verifier { - email_key_mapping *mappings; + email_key_mapping* mappings; size_t num_mappings; /* Should be very few, linear search ok. */ size_t allocated_mappings; grpc_httpcli_context http_ctx; }; -static grpc_json *json_from_http(const grpc_httpcli_response *response) { - grpc_json *json = NULL; +static grpc_json* json_from_http(const grpc_httpcli_response* response) { + grpc_json* json = NULL; if (response == NULL) { gpr_log(GPR_ERROR, "HTTP response is NULL."); @@ -415,19 +415,19 @@ static grpc_json *json_from_http(const grpc_httpcli_response *response) { return json; } -static const grpc_json *find_property_by_name(const grpc_json *json, - const char *name) { - const grpc_json *cur; +static const grpc_json* find_property_by_name(const grpc_json* json, + const char* name) { + const grpc_json* cur; for (cur = json->child; cur != NULL; cur = cur->next) { if (strcmp(cur->key, name) == 0) return cur; } return NULL; } -static EVP_PKEY *extract_pkey_from_x509(const char *x509_str) { - X509 *x509 = NULL; - EVP_PKEY *result = NULL; - BIO *bio = BIO_new(BIO_s_mem()); +static EVP_PKEY* extract_pkey_from_x509(const char* x509_str) { + X509* x509 = NULL; + EVP_PKEY* result = NULL; + BIO* bio = BIO_new(BIO_s_mem()); size_t len = strlen(x509_str); GPR_ASSERT(len < INT_MAX); BIO_write(bio, x509_str, (int)len); @@ -447,8 +447,8 @@ end: return result; } -static BIGNUM *bignum_from_base64(const char *b64) { - BIGNUM *result = NULL; +static BIGNUM* bignum_from_base64(const char* b64) { + BIGNUM* result = NULL; grpc_slice bin; if (b64 == NULL) return NULL; @@ -466,7 +466,7 @@ static BIGNUM *bignum_from_base64(const char *b64) { #if OPENSSL_VERSION_NUMBER < 0x10100000L // Provide compatibility across OpenSSL 1.02 and 1.1. -static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { +static int RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d) { /* If the fields n and e in r are NULL, the corresponding input * parameters MUST be non-NULL for n and e. d may be * left NULL (in case only the public key is used). @@ -492,12 +492,12 @@ static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { } #endif // OPENSSL_VERSION_NUMBER < 0x10100000L -static EVP_PKEY *pkey_from_jwk(const grpc_json *json, const char *kty) { - const grpc_json *key_prop; - RSA *rsa = NULL; - EVP_PKEY *result = NULL; - BIGNUM *tmp_n = NULL; - BIGNUM *tmp_e = NULL; +static EVP_PKEY* pkey_from_jwk(const grpc_json* json, const char* kty) { + const grpc_json* key_prop; + RSA* rsa = NULL; + EVP_PKEY* result = NULL; + BIGNUM* tmp_n = NULL; + BIGNUM* tmp_e = NULL; GPR_ASSERT(kty != NULL && json != NULL); if (strcmp(kty, "RSA") != 0) { @@ -539,18 +539,18 @@ end: return result; } -static EVP_PKEY *find_verification_key(const grpc_json *json, - const char *header_alg, - const char *header_kid) { - const grpc_json *jkey; - const grpc_json *jwk_keys; +static EVP_PKEY* find_verification_key(const grpc_json* json, + const char* header_alg, + const char* header_kid) { + const grpc_json* jkey; + const grpc_json* jwk_keys; /* Try to parse the json as a JWK set: https://tools.ietf.org/html/rfc7517#section-5. */ jwk_keys = find_property_by_name(json, "keys"); if (jwk_keys == NULL) { /* Use the google proprietary format which is: { <kid1>: <x5091>, <kid2>: <x5092>, ... } */ - const grpc_json *cur = find_property_by_name(json, header_kid); + const grpc_json* cur = find_property_by_name(json, header_kid); if (cur == NULL) return NULL; return extract_pkey_from_x509(cur->value); } @@ -563,10 +563,10 @@ static EVP_PKEY *find_verification_key(const grpc_json *json, /* Key format is specified in: https://tools.ietf.org/html/rfc7518#section-6. */ for (jkey = jwk_keys->child; jkey != NULL; jkey = jkey->next) { - grpc_json *key_prop; - const char *alg = NULL; - const char *kid = NULL; - const char *kty = NULL; + grpc_json* key_prop; + const char* alg = NULL; + const char* kid = NULL; + const char* kty = NULL; if (jkey->type != GRPC_JSON_OBJECT) continue; for (key_prop = jkey->child; key_prop != NULL; key_prop = key_prop->next) { @@ -592,10 +592,10 @@ static EVP_PKEY *find_verification_key(const grpc_json *json, return NULL; } -static int verify_jwt_signature(EVP_PKEY *key, const char *alg, +static int verify_jwt_signature(EVP_PKEY* key, const char* alg, grpc_slice signature, grpc_slice signed_data) { - EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); - const EVP_MD *md = evp_md_from_alg(alg); + EVP_MD_CTX* md_ctx = EVP_MD_CTX_create(); + const EVP_MD* md = evp_md_from_alg(alg); int result = 0; GPR_ASSERT(md != NULL); /* Checked before. */ @@ -624,12 +624,12 @@ end: return result; } -static void on_keys_retrieved(void *user_data, grpc_error *error) { - verifier_cb_ctx *ctx = (verifier_cb_ctx *)user_data; - grpc_json *json = json_from_http(&ctx->responses[HTTP_RESPONSE_KEYS]); - EVP_PKEY *verification_key = NULL; +static void on_keys_retrieved(void* user_data, grpc_error* error) { + verifier_cb_ctx* ctx = (verifier_cb_ctx*)user_data; + grpc_json* json = json_from_http(&ctx->responses[HTTP_RESPONSE_KEYS]); + EVP_PKEY* verification_key = NULL; grpc_jwt_verifier_status status = GRPC_JWT_VERIFIER_GENERIC_ERROR; - grpc_jwt_claims *claims = NULL; + grpc_jwt_claims* claims = NULL; if (json == NULL) { status = GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR; @@ -664,14 +664,14 @@ end: verifier_cb_ctx_destroy(ctx); } -static void on_openid_config_retrieved(void *user_data, grpc_error *error) { - const grpc_json *cur; - verifier_cb_ctx *ctx = (verifier_cb_ctx *)user_data; - const grpc_http_response *response = &ctx->responses[HTTP_RESPONSE_OPENID]; - grpc_json *json = json_from_http(response); +static void on_openid_config_retrieved(void* user_data, grpc_error* error) { + const grpc_json* cur; + verifier_cb_ctx* ctx = (verifier_cb_ctx*)user_data; + const grpc_http_response* response = &ctx->responses[HTTP_RESPONSE_OPENID]; + grpc_json* json = json_from_http(response); grpc_httpcli_request req; - const char *jwks_uri; - grpc_resource_quota *resource_quota = NULL; + const char* jwks_uri; + grpc_resource_quota* resource_quota = NULL; /* TODO(jboeuf): Cache the jwks_uri in order to avoid this hop next time. */ if (json == NULL) goto error; @@ -689,9 +689,9 @@ static void on_openid_config_retrieved(void *user_data, grpc_error *error) { jwks_uri += 8; req.handshaker = &grpc_httpcli_ssl; req.host = gpr_strdup(jwks_uri); - req.http.path = (char *)strchr(jwks_uri, '/'); + req.http.path = (char*)strchr(jwks_uri, '/'); if (req.http.path == NULL) { - req.http.path = (char *)""; + req.http.path = (char*)""; } else { *(req.host + (req.http.path - jwks_uri)) = '\0'; } @@ -716,8 +716,8 @@ error: verifier_cb_ctx_destroy(ctx); } -static email_key_mapping *verifier_get_mapping(grpc_jwt_verifier *v, - const char *email_domain) { +static email_key_mapping* verifier_get_mapping(grpc_jwt_verifier* v, + const char* email_domain) { size_t i; if (v->mappings == NULL) return NULL; for (i = 0; i < v->num_mappings; i++) { @@ -728,9 +728,9 @@ static email_key_mapping *verifier_get_mapping(grpc_jwt_verifier *v, return NULL; } -static void verifier_put_mapping(grpc_jwt_verifier *v, const char *email_domain, - const char *key_url_prefix) { - email_key_mapping *mapping = verifier_get_mapping(v, email_domain); +static void verifier_put_mapping(grpc_jwt_verifier* v, const char* email_domain, + const char* key_url_prefix) { + email_key_mapping* mapping = verifier_get_mapping(v, email_domain); GPR_ASSERT(v->num_mappings < v->allocated_mappings); if (mapping != NULL) { gpr_free(mapping->key_url_prefix); @@ -745,29 +745,29 @@ static void verifier_put_mapping(grpc_jwt_verifier *v, const char *email_domain, /* Very non-sophisticated way to detect an email address. Should be good enough for now... */ -const char *grpc_jwt_issuer_email_domain(const char *issuer) { - const char *at_sign = strchr(issuer, '@'); +const char* grpc_jwt_issuer_email_domain(const char* issuer) { + const char* at_sign = strchr(issuer, '@'); if (at_sign == NULL) return NULL; - const char *email_domain = at_sign + 1; + const char* email_domain = at_sign + 1; if (*email_domain == '\0') return NULL; - const char *dot = strrchr(email_domain, '.'); + const char* dot = strrchr(email_domain, '.'); if (dot == NULL || dot == email_domain) return email_domain; GPR_ASSERT(dot > email_domain); /* There may be a subdomain, we just want the domain. */ - dot = (const char *)gpr_memrchr((void *)email_domain, '.', - (size_t)(dot - email_domain)); + dot = (const char*)gpr_memrchr((void*)email_domain, '.', + (size_t)(dot - email_domain)); if (dot == NULL) return email_domain; return dot + 1; } /* Takes ownership of ctx. */ -static void retrieve_key_and_verify(verifier_cb_ctx *ctx) { - const char *email_domain; - grpc_closure *http_cb; - char *path_prefix = NULL; - const char *iss; +static void retrieve_key_and_verify(verifier_cb_ctx* ctx) { + const char* email_domain; + grpc_closure* http_cb; + char* path_prefix = NULL; + const char* iss; grpc_httpcli_request req; - grpc_resource_quota *resource_quota = NULL; + grpc_resource_quota* resource_quota = NULL; memset(&req, 0, sizeof(grpc_httpcli_request)); req.handshaker = &grpc_httpcli_ssl; http_response_index rsp_idx; @@ -790,7 +790,7 @@ static void retrieve_key_and_verify(verifier_cb_ctx *ctx) { Part 4, on the other hand is implemented by both google and salesforce. */ email_domain = grpc_jwt_issuer_email_domain(iss); if (email_domain != NULL) { - email_key_mapping *mapping; + email_key_mapping* mapping; GPR_ASSERT(ctx->verifier != NULL); mapping = verifier_get_mapping(ctx->verifier, email_domain); if (mapping == NULL) { @@ -840,20 +840,20 @@ error: verifier_cb_ctx_destroy(ctx); } -void grpc_jwt_verifier_verify(grpc_jwt_verifier *verifier, - grpc_pollset *pollset, const char *jwt, - const char *audience, +void grpc_jwt_verifier_verify(grpc_jwt_verifier* verifier, + grpc_pollset* pollset, const char* jwt, + const char* audience, grpc_jwt_verification_done_cb cb, - void *user_data) { - const char *dot = NULL; - grpc_json *json; - jose_header *header = NULL; - grpc_jwt_claims *claims = NULL; + void* user_data) { + const char* dot = NULL; + grpc_json* json; + jose_header* header = NULL; + grpc_jwt_claims* claims = NULL; grpc_slice header_buffer; grpc_slice claims_buffer; grpc_slice signature; size_t signed_jwt_len; - const char *cur = jwt; + const char* cur = jwt; GPR_ASSERT(verifier != NULL && jwt != NULL && audience != NULL && cb != NULL); dot = strchr(cur, '.'); @@ -886,17 +886,17 @@ error: cb(user_data, GRPC_JWT_VERIFIER_BAD_FORMAT, NULL); } -grpc_jwt_verifier *grpc_jwt_verifier_create( - const grpc_jwt_verifier_email_domain_key_url_mapping *mappings, +grpc_jwt_verifier* grpc_jwt_verifier_create( + const grpc_jwt_verifier_email_domain_key_url_mapping* mappings, size_t num_mappings) { - grpc_jwt_verifier *v = - (grpc_jwt_verifier *)gpr_zalloc(sizeof(grpc_jwt_verifier)); + grpc_jwt_verifier* v = + (grpc_jwt_verifier*)gpr_zalloc(sizeof(grpc_jwt_verifier)); grpc_httpcli_context_init(&v->http_ctx); /* We know at least of one mapping. */ v->allocated_mappings = 1 + num_mappings; - v->mappings = (email_key_mapping *)gpr_malloc(v->allocated_mappings * - sizeof(email_key_mapping)); + v->mappings = (email_key_mapping*)gpr_malloc(v->allocated_mappings * + sizeof(email_key_mapping)); verifier_put_mapping(v, GRPC_GOOGLE_SERVICE_ACCOUNTS_EMAIL_DOMAIN, GRPC_GOOGLE_SERVICE_ACCOUNTS_KEY_URL_PREFIX); /* User-Provided mappings. */ @@ -910,7 +910,7 @@ grpc_jwt_verifier *grpc_jwt_verifier_create( return v; } -void grpc_jwt_verifier_destroy(grpc_jwt_verifier *v) { +void grpc_jwt_verifier_destroy(grpc_jwt_verifier* v) { size_t i; if (v == NULL) return; grpc_httpcli_context_destroy(&v->http_ctx); diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.h b/src/core/lib/security/credentials/jwt/jwt_verifier.h index 671a52d739..545be71923 100644 --- a/src/core/lib/security/credentials/jwt/jwt_verifier.h +++ b/src/core/lib/security/credentials/jwt/jwt_verifier.h @@ -49,25 +49,25 @@ typedef enum { GRPC_JWT_VERIFIER_GENERIC_ERROR } grpc_jwt_verifier_status; -const char *grpc_jwt_verifier_status_to_string(grpc_jwt_verifier_status status); +const char* grpc_jwt_verifier_status_to_string(grpc_jwt_verifier_status status); /* --- grpc_jwt_claims. --- */ typedef struct grpc_jwt_claims grpc_jwt_claims; -void grpc_jwt_claims_destroy(grpc_jwt_claims *claims); +void grpc_jwt_claims_destroy(grpc_jwt_claims* claims); /* Returns the whole JSON tree of the claims. */ -const grpc_json *grpc_jwt_claims_json(const grpc_jwt_claims *claims); +const grpc_json* grpc_jwt_claims_json(const grpc_jwt_claims* claims); /* Access to registered claims in https://tools.ietf.org/html/rfc7519#page-9 */ -const char *grpc_jwt_claims_subject(const grpc_jwt_claims *claims); -const char *grpc_jwt_claims_issuer(const grpc_jwt_claims *claims); -const char *grpc_jwt_claims_id(const grpc_jwt_claims *claims); -const char *grpc_jwt_claims_audience(const grpc_jwt_claims *claims); -gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims *claims); -gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims *claims); -gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims *claims); +const char* grpc_jwt_claims_subject(const grpc_jwt_claims* claims); +const char* grpc_jwt_claims_issuer(const grpc_jwt_claims* claims); +const char* grpc_jwt_claims_id(const grpc_jwt_claims* claims); +const char* grpc_jwt_claims_audience(const grpc_jwt_claims* claims); +gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims* claims); +gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims* claims); +gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims* claims); /* --- grpc_jwt_verifier. --- */ @@ -75,12 +75,12 @@ typedef struct grpc_jwt_verifier grpc_jwt_verifier; typedef struct { /* The email domain is the part after the @ sign. */ - const char *email_domain; + const char* email_domain; /* The key url prefix will be used to get the public key from the issuer: https://<key_url_prefix>/<issuer_email> Therefore the key_url_prefix must NOT contain https://. */ - const char *key_url_prefix; + const char* key_url_prefix; } grpc_jwt_verifier_email_domain_key_url_mapping; /* Globals to control the verifier. Not thread-safe. */ @@ -93,34 +93,34 @@ extern grpc_millis grpc_jwt_verifier_max_delay; A verifier object has one built-in mapping (unless overridden): GRPC_GOOGLE_SERVICE_ACCOUNTS_EMAIL_DOMAIN -> GRPC_GOOGLE_SERVICE_ACCOUNTS_KEY_URL_PREFIX.*/ -grpc_jwt_verifier *grpc_jwt_verifier_create( - const grpc_jwt_verifier_email_domain_key_url_mapping *mappings, +grpc_jwt_verifier* grpc_jwt_verifier_create( + const grpc_jwt_verifier_email_domain_key_url_mapping* mappings, size_t num_mappings); /*The verifier must not be destroyed if there are still outstanding callbacks.*/ -void grpc_jwt_verifier_destroy(grpc_jwt_verifier *verifier); +void grpc_jwt_verifier_destroy(grpc_jwt_verifier* verifier); /* User provided callback that will be called when the verification of the JWT is done (maybe in another thread). It is the responsibility of the callee to call grpc_jwt_claims_destroy on the claims. */ -typedef void (*grpc_jwt_verification_done_cb)(void *user_data, +typedef void (*grpc_jwt_verification_done_cb)(void* user_data, grpc_jwt_verifier_status status, - grpc_jwt_claims *claims); + grpc_jwt_claims* claims); /* Verifies for the JWT for the given expected audience. */ -void grpc_jwt_verifier_verify(grpc_jwt_verifier *verifier, - grpc_pollset *pollset, const char *jwt, - const char *audience, +void grpc_jwt_verifier_verify(grpc_jwt_verifier* verifier, + grpc_pollset* pollset, const char* jwt, + const char* audience, grpc_jwt_verification_done_cb cb, - void *user_data); + void* user_data); /* --- TESTING ONLY exposed functions. --- */ -grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, grpc_slice buffer); -grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims, - const char *audience); -const char *grpc_jwt_issuer_email_domain(const char *issuer); +grpc_jwt_claims* grpc_jwt_claims_from_json(grpc_json* json, grpc_slice buffer); +grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims* claims, + const char* audience); +const char* grpc_jwt_issuer_email_domain(const char* issuer); #ifdef __cplusplus } diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc b/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc index 7dd75ed4e3..bae9692938 100644 --- a/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc @@ -32,15 +32,15 @@ // int grpc_auth_refresh_token_is_valid( - const grpc_auth_refresh_token *refresh_token) { + const grpc_auth_refresh_token* refresh_token) { return (refresh_token != NULL) && strcmp(refresh_token->type, GRPC_AUTH_JSON_TYPE_INVALID); } grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json( - const grpc_json *json) { + const grpc_json* json) { grpc_auth_refresh_token result; - const char *prop_value; + const char* prop_value; int success = 0; memset(&result, 0, sizeof(grpc_auth_refresh_token)); @@ -72,9 +72,9 @@ end: } grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string( - const char *json_string) { - char *scratchpad = gpr_strdup(json_string); - grpc_json *json = grpc_json_parse_string(scratchpad); + const char* json_string) { + char* scratchpad = gpr_strdup(json_string); + grpc_json* json = grpc_json_parse_string(scratchpad); grpc_auth_refresh_token result = grpc_auth_refresh_token_create_from_json(json); if (json != NULL) grpc_json_destroy(json); @@ -82,7 +82,7 @@ grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string( return result; } -void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) { +void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token* refresh_token) { if (refresh_token == NULL) return; refresh_token->type = GRPC_AUTH_JSON_TYPE_INVALID; if (refresh_token->client_id != NULL) { @@ -103,9 +103,9 @@ void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) { // Oauth2 Token Fetcher credentials. // -static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) { - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)creds; +static void oauth2_token_fetcher_destruct(grpc_call_credentials* creds) { + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)creds; GRPC_MDELEM_UNREF(c->access_token_md); gpr_mu_destroy(&c->mu); grpc_pollset_set_destroy(grpc_polling_entity_pollset_set(&c->pollent)); @@ -114,12 +114,12 @@ static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) { grpc_credentials_status grpc_oauth2_token_fetcher_credentials_parse_server_response( - const grpc_http_response *response, grpc_mdelem *token_md, - grpc_millis *token_lifetime) { - char *null_terminated_body = NULL; - char *new_access_token = NULL; + const grpc_http_response* response, grpc_mdelem* token_md, + grpc_millis* token_lifetime) { + char* null_terminated_body = NULL; + char* new_access_token = NULL; grpc_credentials_status status = GRPC_CREDENTIALS_OK; - grpc_json *json = NULL; + grpc_json* json = NULL; if (response == NULL) { gpr_log(GPR_ERROR, "Received NULL response."); @@ -128,7 +128,7 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response( } if (response->body_length > 0) { - null_terminated_body = (char *)gpr_malloc(response->body_length + 1); + null_terminated_body = (char*)gpr_malloc(response->body_length + 1); null_terminated_body[response->body_length] = '\0'; memcpy(null_terminated_body, response->body, response->body_length); } @@ -140,10 +140,10 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response( status = GRPC_CREDENTIALS_ERROR; goto end; } else { - grpc_json *access_token = NULL; - grpc_json *token_type = NULL; - grpc_json *expires_in = NULL; - grpc_json *ptr; + grpc_json* access_token = NULL; + grpc_json* token_type = NULL; + grpc_json* expires_in = NULL; + grpc_json* ptr; json = grpc_json_parse_string(null_terminated_body); if (json == NULL) { gpr_log(GPR_ERROR, "Could not parse JSON from %s", null_terminated_body); @@ -200,13 +200,13 @@ end: return status; } -static void on_oauth2_token_fetcher_http_response(void *user_data, - grpc_error *error) { +static void on_oauth2_token_fetcher_http_response(void* user_data, + grpc_error* error) { GRPC_LOG_IF_ERROR("oauth_fetch", GRPC_ERROR_REF(error)); - grpc_credentials_metadata_request *r = - (grpc_credentials_metadata_request *)user_data; - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)r->creds; + grpc_credentials_metadata_request* r = + (grpc_credentials_metadata_request*)user_data; + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)r->creds; grpc_mdelem access_token_md = GRPC_MDNULL; grpc_millis token_lifetime; grpc_credentials_status status = @@ -218,7 +218,7 @@ static void on_oauth2_token_fetcher_http_response(void *user_data, c->access_token_md = GRPC_MDELEM_REF(access_token_md); c->token_expiration = status == GRPC_CREDENTIALS_OK ? grpc_exec_ctx_now() + token_lifetime : 0; - grpc_oauth2_pending_get_request_metadata *pending_request = + grpc_oauth2_pending_get_request_metadata* pending_request = c->pending_requests; c->pending_requests = NULL; gpr_mu_unlock(&c->mu); @@ -234,7 +234,7 @@ static void on_oauth2_token_fetcher_http_response(void *user_data, GRPC_CLOSURE_SCHED(pending_request->on_request_metadata, error); grpc_polling_entity_del_from_pollset_set( pending_request->pollent, grpc_polling_entity_pollset_set(&c->pollent)); - grpc_oauth2_pending_get_request_metadata *prev = pending_request; + grpc_oauth2_pending_get_request_metadata* prev = pending_request; pending_request = pending_request->next; gpr_free(prev); } @@ -244,18 +244,18 @@ static void on_oauth2_token_fetcher_http_response(void *user_data, } static bool oauth2_token_fetcher_get_request_metadata( - grpc_call_credentials *creds, grpc_polling_entity *pollent, - grpc_auth_metadata_context context, grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, grpc_error **error) { - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)creds; + grpc_call_credentials* creds, grpc_polling_entity* pollent, + grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, grpc_error** error) { + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)creds; // Check if we can use the cached token. grpc_millis refresh_threshold = GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS * GPR_MS_PER_SEC; grpc_mdelem cached_access_token_md = GRPC_MDNULL; gpr_mu_lock(&c->mu); if (!GRPC_MDISNULL(c->access_token_md) && - (c->token_expiration + grpc_exec_ctx_now() > refresh_threshold)) { + (c->token_expiration - grpc_exec_ctx_now() > refresh_threshold)) { cached_access_token_md = GRPC_MDELEM_REF(c->access_token_md); } if (!GRPC_MDISNULL(cached_access_token_md)) { @@ -266,8 +266,8 @@ static bool oauth2_token_fetcher_get_request_metadata( } // Couldn't get the token from the cache. // Add request to c->pending_requests and start a new fetch if needed. - grpc_oauth2_pending_get_request_metadata *pending_request = - (grpc_oauth2_pending_get_request_metadata *)gpr_malloc( + grpc_oauth2_pending_get_request_metadata* pending_request = + (grpc_oauth2_pending_get_request_metadata*)gpr_malloc( sizeof(*pending_request)); pending_request->md_array = md_array; pending_request->on_request_metadata = on_request_metadata; @@ -293,13 +293,13 @@ static bool oauth2_token_fetcher_get_request_metadata( } static void oauth2_token_fetcher_cancel_get_request_metadata( - grpc_call_credentials *creds, grpc_credentials_mdelem_array *md_array, - grpc_error *error) { - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)creds; + grpc_call_credentials* creds, grpc_credentials_mdelem_array* md_array, + grpc_error* error) { + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)creds; gpr_mu_lock(&c->mu); - grpc_oauth2_pending_get_request_metadata *prev = NULL; - grpc_oauth2_pending_get_request_metadata *pending_request = + grpc_oauth2_pending_get_request_metadata* prev = NULL; + grpc_oauth2_pending_get_request_metadata* pending_request = c->pending_requests; while (pending_request != NULL) { if (pending_request->md_array == md_array) { @@ -322,7 +322,7 @@ static void oauth2_token_fetcher_cancel_get_request_metadata( GRPC_ERROR_UNREF(error); } -static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c, +static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials* c, grpc_fetch_oauth2_func fetch_func) { memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2; @@ -344,20 +344,20 @@ static grpc_call_credentials_vtable compute_engine_vtable = { oauth2_token_fetcher_cancel_get_request_metadata}; static void compute_engine_fetch_oauth2( - grpc_credentials_metadata_request *metadata_req, - grpc_httpcli_context *httpcli_context, grpc_polling_entity *pollent, + grpc_credentials_metadata_request* metadata_req, + grpc_httpcli_context* httpcli_context, grpc_polling_entity* pollent, grpc_iomgr_cb_func response_cb, grpc_millis deadline) { - grpc_http_header header = {(char *)"Metadata-Flavor", (char *)"Google"}; + grpc_http_header header = {(char*)"Metadata-Flavor", (char*)"Google"}; grpc_httpcli_request request; memset(&request, 0, sizeof(grpc_httpcli_request)); - request.host = (char *)GRPC_COMPUTE_ENGINE_METADATA_HOST; - request.http.path = (char *)GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH; + request.host = (char*)GRPC_COMPUTE_ENGINE_METADATA_HOST; + request.http.path = (char*)GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH; request.http.hdr_count = 1; request.http.hdrs = &header; /* TODO(ctiller): Carry the resource_quota in ctx and share it with the host channel. This would allow us to cancel an authentication query when under extreme memory pressure. */ - grpc_resource_quota *resource_quota = + grpc_resource_quota* resource_quota = grpc_resource_quota_create("oauth2_credentials"); grpc_httpcli_get( httpcli_context, pollent, resource_quota, &request, deadline, @@ -366,10 +366,10 @@ static void compute_engine_fetch_oauth2( grpc_resource_quota_unref_internal(resource_quota); } -grpc_call_credentials *grpc_google_compute_engine_credentials_create( - void *reserved) { - grpc_oauth2_token_fetcher_credentials *c = - (grpc_oauth2_token_fetcher_credentials *)gpr_malloc( +grpc_call_credentials* grpc_google_compute_engine_credentials_create( + void* reserved) { + grpc_oauth2_token_fetcher_credentials* c = + (grpc_oauth2_token_fetcher_credentials*)gpr_malloc( sizeof(grpc_oauth2_token_fetcher_credentials)); GRPC_API_TRACE("grpc_compute_engine_credentials_create(reserved=%p)", 1, (reserved)); @@ -383,9 +383,9 @@ grpc_call_credentials *grpc_google_compute_engine_credentials_create( // Google Refresh Token credentials. // -static void refresh_token_destruct(grpc_call_credentials *creds) { - grpc_google_refresh_token_credentials *c = - (grpc_google_refresh_token_credentials *)creds; +static void refresh_token_destruct(grpc_call_credentials* creds) { + grpc_google_refresh_token_credentials* c = + (grpc_google_refresh_token_credentials*)creds; grpc_auth_refresh_token_destruct(&c->refresh_token); oauth2_token_fetcher_destruct(&c->base.base); } @@ -395,28 +395,28 @@ static grpc_call_credentials_vtable refresh_token_vtable = { oauth2_token_fetcher_cancel_get_request_metadata}; static void refresh_token_fetch_oauth2( - grpc_credentials_metadata_request *metadata_req, - grpc_httpcli_context *httpcli_context, grpc_polling_entity *pollent, + grpc_credentials_metadata_request* metadata_req, + grpc_httpcli_context* httpcli_context, grpc_polling_entity* pollent, grpc_iomgr_cb_func response_cb, grpc_millis deadline) { - grpc_google_refresh_token_credentials *c = - (grpc_google_refresh_token_credentials *)metadata_req->creds; - grpc_http_header header = {(char *)"Content-Type", - (char *)"application/x-www-form-urlencoded"}; + grpc_google_refresh_token_credentials* c = + (grpc_google_refresh_token_credentials*)metadata_req->creds; + grpc_http_header header = {(char*)"Content-Type", + (char*)"application/x-www-form-urlencoded"}; grpc_httpcli_request request; - char *body = NULL; + char* body = NULL; gpr_asprintf(&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING, c->refresh_token.client_id, c->refresh_token.client_secret, c->refresh_token.refresh_token); memset(&request, 0, sizeof(grpc_httpcli_request)); - request.host = (char *)GRPC_GOOGLE_OAUTH2_SERVICE_HOST; - request.http.path = (char *)GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH; + request.host = (char*)GRPC_GOOGLE_OAUTH2_SERVICE_HOST; + request.http.path = (char*)GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH; request.http.hdr_count = 1; request.http.hdrs = &header; request.handshaker = &grpc_httpcli_ssl; /* TODO(ctiller): Carry the resource_quota in ctx and share it with the host channel. This would allow us to cancel an authentication query when under extreme memory pressure. */ - grpc_resource_quota *resource_quota = + grpc_resource_quota* resource_quota = grpc_resource_quota_create("oauth2_credentials_refresh"); grpc_httpcli_post( httpcli_context, pollent, resource_quota, &request, body, strlen(body), @@ -427,15 +427,15 @@ static void refresh_token_fetch_oauth2( gpr_free(body); } -grpc_call_credentials * +grpc_call_credentials* grpc_refresh_token_credentials_create_from_auth_refresh_token( grpc_auth_refresh_token refresh_token) { - grpc_google_refresh_token_credentials *c; + grpc_google_refresh_token_credentials* c; if (!grpc_auth_refresh_token_is_valid(&refresh_token)) { gpr_log(GPR_ERROR, "Invalid input for refresh token credentials creation"); return NULL; } - c = (grpc_google_refresh_token_credentials *)gpr_zalloc( + c = (grpc_google_refresh_token_credentials*)gpr_zalloc( sizeof(grpc_google_refresh_token_credentials)); init_oauth2_token_fetcher(&c->base, refresh_token_fetch_oauth2); c->base.base.vtable = &refresh_token_vtable; @@ -443,11 +443,11 @@ grpc_refresh_token_credentials_create_from_auth_refresh_token( return &c->base.base; } -static char *create_loggable_refresh_token(grpc_auth_refresh_token *token) { +static char* create_loggable_refresh_token(grpc_auth_refresh_token* token) { if (strcmp(token->type, GRPC_AUTH_JSON_TYPE_INVALID) == 0) { return gpr_strdup("<Invalid json token>"); } - char *loggable_token = NULL; + char* loggable_token = NULL; gpr_asprintf(&loggable_token, "{\n type: %s\n client_id: %s\n client_secret: " "<redacted>\n refresh_token: <redacted>\n}", @@ -455,12 +455,12 @@ static char *create_loggable_refresh_token(grpc_auth_refresh_token *token) { return loggable_token; } -grpc_call_credentials *grpc_google_refresh_token_credentials_create( - const char *json_refresh_token, void *reserved) { +grpc_call_credentials* grpc_google_refresh_token_credentials_create( + const char* json_refresh_token, void* reserved) { grpc_auth_refresh_token token = grpc_auth_refresh_token_create_from_string(json_refresh_token); if (GRPC_TRACER_ON(grpc_api_trace)) { - char *loggable_token = create_loggable_refresh_token(&token); + char* loggable_token = create_loggable_refresh_token(&token); gpr_log(GPR_INFO, "grpc_refresh_token_credentials_create(json_refresh_token=%s, " "reserved=%p)", @@ -475,23 +475,23 @@ grpc_call_credentials *grpc_google_refresh_token_credentials_create( // Oauth2 Access Token credentials. // -static void access_token_destruct(grpc_call_credentials *creds) { - grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; +static void access_token_destruct(grpc_call_credentials* creds) { + grpc_access_token_credentials* c = (grpc_access_token_credentials*)creds; GRPC_MDELEM_UNREF(c->access_token_md); } static bool access_token_get_request_metadata( - grpc_call_credentials *creds, grpc_polling_entity *pollent, - grpc_auth_metadata_context context, grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, grpc_error **error) { - grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; + grpc_call_credentials* creds, grpc_polling_entity* pollent, + grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, grpc_error** error) { + grpc_access_token_credentials* c = (grpc_access_token_credentials*)creds; grpc_credentials_mdelem_array_add(md_array, c->access_token_md); return true; } static void access_token_cancel_get_request_metadata( - grpc_call_credentials *c, grpc_credentials_mdelem_array *md_array, - grpc_error *error) { + grpc_call_credentials* c, grpc_credentials_mdelem_array* md_array, + grpc_error* error) { GRPC_ERROR_UNREF(error); } @@ -499,11 +499,10 @@ static grpc_call_credentials_vtable access_token_vtable = { access_token_destruct, access_token_get_request_metadata, access_token_cancel_get_request_metadata}; -grpc_call_credentials *grpc_access_token_credentials_create( - const char *access_token, void *reserved) { - grpc_access_token_credentials *c = - (grpc_access_token_credentials *)gpr_zalloc( - sizeof(grpc_access_token_credentials)); +grpc_call_credentials* grpc_access_token_credentials_create( + const char* access_token, void* reserved) { + grpc_access_token_credentials* c = (grpc_access_token_credentials*)gpr_zalloc( + sizeof(grpc_access_token_credentials)); GRPC_API_TRACE( "grpc_access_token_credentials_create(access_token=<redacted>, " "reserved=%p)", @@ -512,7 +511,7 @@ grpc_call_credentials *grpc_access_token_credentials_create( c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2; c->base.vtable = &access_token_vtable; gpr_ref_init(&c->base.refcount, 1); - char *token_md_value; + char* token_md_value; gpr_asprintf(&token_md_value, "Bearer %s", access_token); ExecCtx _local_exec_ctx; c->access_token_md = grpc_mdelem_from_slices( diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.h b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h index b7b5f58746..0f897d9f86 100644 --- a/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h @@ -28,45 +28,45 @@ extern "C" { // auth_refresh_token parsing. typedef struct { - const char *type; - char *client_id; - char *client_secret; - char *refresh_token; + const char* type; + char* client_id; + char* client_secret; + char* refresh_token; } grpc_auth_refresh_token; /// Returns 1 if the object is valid, 0 otherwise. int grpc_auth_refresh_token_is_valid( - const grpc_auth_refresh_token *refresh_token); + const grpc_auth_refresh_token* refresh_token); /// Creates a refresh token object from string. Returns an invalid object if a /// parsing error has been encountered. grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string( - const char *json_string); + const char* json_string); /// Creates a refresh token object from parsed json. Returns an invalid object /// if a parsing error has been encountered. grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json( - const grpc_json *json); + const grpc_json* json); /// Destructs the object. -void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token); +void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token* refresh_token); // -- Oauth2 Token Fetcher credentials -- // // This object is a base for credentials that need to acquire an oauth2 token // from an http service. -typedef void (*grpc_fetch_oauth2_func)(grpc_credentials_metadata_request *req, - grpc_httpcli_context *http_context, - grpc_polling_entity *pollent, +typedef void (*grpc_fetch_oauth2_func)(grpc_credentials_metadata_request* req, + grpc_httpcli_context* http_context, + grpc_polling_entity* pollent, grpc_iomgr_cb_func cb, grpc_millis deadline); typedef struct grpc_oauth2_pending_get_request_metadata { - grpc_credentials_mdelem_array *md_array; - grpc_closure *on_request_metadata; - grpc_polling_entity *pollent; - struct grpc_oauth2_pending_get_request_metadata *next; + grpc_credentials_mdelem_array* md_array; + grpc_closure* on_request_metadata; + grpc_polling_entity* pollent; + struct grpc_oauth2_pending_get_request_metadata* next; } grpc_oauth2_pending_get_request_metadata; typedef struct { @@ -75,7 +75,7 @@ typedef struct { grpc_mdelem access_token_md; grpc_millis token_expiration; bool token_fetch_pending; - grpc_oauth2_pending_get_request_metadata *pending_requests; + grpc_oauth2_pending_get_request_metadata* pending_requests; grpc_httpcli_context httpcli_context; grpc_fetch_oauth2_func fetch_func; grpc_polling_entity pollent; @@ -95,15 +95,15 @@ typedef struct { // Private constructor for refresh token credentials from an already parsed // refresh token. Takes ownership of the refresh token. -grpc_call_credentials * +grpc_call_credentials* grpc_refresh_token_credentials_create_from_auth_refresh_token( grpc_auth_refresh_token token); // Exposed for testing only. grpc_credentials_status grpc_oauth2_token_fetcher_credentials_parse_server_response( - const struct grpc_http_response *response, grpc_mdelem *token_md, - grpc_millis *token_lifetime); + const struct grpc_http_response* response, grpc_mdelem* token_md, + grpc_millis* token_lifetime); #ifdef __cplusplus } diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.cc b/src/core/lib/security/credentials/plugin/plugin_credentials.cc index c91d147ea5..064666a7d0 100644 --- a/src/core/lib/security/credentials/plugin/plugin_credentials.cc +++ b/src/core/lib/security/credentials/plugin/plugin_credentials.cc @@ -34,8 +34,8 @@ grpc_tracer_flag grpc_plugin_credentials_trace = GRPC_TRACER_INITIALIZER(false, "plugin_credentials"); -static void plugin_destruct(grpc_call_credentials *creds) { - grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; +static void plugin_destruct(grpc_call_credentials* creds) { + grpc_plugin_credentials* c = (grpc_plugin_credentials*)creds; gpr_mu_destroy(&c->mu); if (c->plugin.state != NULL && c->plugin.destroy != NULL) { c->plugin.destroy(c->plugin.state); @@ -43,8 +43,8 @@ static void plugin_destruct(grpc_call_credentials *creds) { } static void pending_request_remove_locked( - grpc_plugin_credentials *c, - grpc_plugin_credentials_pending_request *pending_request) { + grpc_plugin_credentials* c, + grpc_plugin_credentials_pending_request* pending_request) { if (pending_request->prev == NULL) { c->pending_requests = pending_request->next; } else { @@ -61,7 +61,7 @@ static void pending_request_remove_locked( // When this returns, r->cancelled indicates whether the request was // cancelled before completion. static void pending_request_complete( - grpc_plugin_credentials_pending_request *r) { + grpc_plugin_credentials_pending_request* r) { gpr_mu_lock(&r->creds->mu); if (!r->cancelled) pending_request_remove_locked(r->creds, r); gpr_mu_unlock(&r->creds->mu); @@ -69,12 +69,12 @@ static void pending_request_complete( grpc_call_credentials_unref(&r->creds->base); } -static grpc_error *process_plugin_result( - grpc_plugin_credentials_pending_request *r, const grpc_metadata *md, - size_t num_md, grpc_status_code status, const char *error_details) { - grpc_error *error = GRPC_ERROR_NONE; +static grpc_error* process_plugin_result( + grpc_plugin_credentials_pending_request* r, const grpc_metadata* md, + size_t num_md, grpc_status_code status, const char* error_details) { + grpc_error* error = GRPC_ERROR_NONE; if (status != GRPC_STATUS_OK) { - char *msg; + char* msg; gpr_asprintf(&msg, "Getting metadata from plugin failed with error: %s", error_details); error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg); @@ -110,17 +110,17 @@ static grpc_error *process_plugin_result( return error; } -static void plugin_md_request_metadata_ready(void *request, - const grpc_metadata *md, +static void plugin_md_request_metadata_ready(void* request, + const grpc_metadata* md, size_t num_md, grpc_status_code status, - const char *error_details) { + const char* error_details) { /* called from application code */ ExecCtx _local_exec_ctx( GRPC_EXEC_CTX_FLAG_IS_FINISHED | GRPC_EXEC_CTX_FLAG_THREAD_RESOURCE_LOOP, NULL, NULL); - grpc_plugin_credentials_pending_request *r = - (grpc_plugin_credentials_pending_request *)request; + grpc_plugin_credentials_pending_request* r = + (grpc_plugin_credentials_pending_request*)request; if (GRPC_TRACER_ON(grpc_plugin_credentials_trace)) { gpr_log(GPR_INFO, "plugin_credentials[%p]: request %p: plugin returned " @@ -131,7 +131,7 @@ static void plugin_md_request_metadata_ready(void *request, pending_request_complete(r); // If it has not been cancelled, process it. if (!r->cancelled) { - grpc_error *error = + grpc_error* error = process_plugin_result(r, md, num_md, status, error_details); GRPC_CLOSURE_SCHED(r->on_request_metadata, error); } else if (GRPC_TRACER_ON(grpc_plugin_credentials_trace)) { @@ -144,18 +144,18 @@ static void plugin_md_request_metadata_ready(void *request, grpc_exec_ctx_finish(); } -static bool plugin_get_request_metadata(grpc_call_credentials *creds, - grpc_polling_entity *pollent, +static bool plugin_get_request_metadata(grpc_call_credentials* creds, + grpc_polling_entity* pollent, grpc_auth_metadata_context context, - grpc_credentials_mdelem_array *md_array, - grpc_closure *on_request_metadata, - grpc_error **error) { - grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; + grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_plugin_credentials* c = (grpc_plugin_credentials*)creds; bool retval = true; // Synchronous return. if (c->plugin.get_metadata != NULL) { // Create pending_request object. - grpc_plugin_credentials_pending_request *pending_request = - (grpc_plugin_credentials_pending_request *)gpr_zalloc( + grpc_plugin_credentials_pending_request* pending_request = + (grpc_plugin_credentials_pending_request*)gpr_zalloc( sizeof(*pending_request)); pending_request->creds = c; pending_request->md_array = md_array; @@ -177,7 +177,7 @@ static bool plugin_get_request_metadata(grpc_call_credentials *creds, grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX]; size_t num_creds_md = 0; grpc_status_code status = GRPC_STATUS_OK; - const char *error_details = NULL; + const char* error_details = NULL; if (!c->plugin.get_metadata(c->plugin.state, context, plugin_md_request_metadata_ready, pending_request, creds_md, &num_creds_md, @@ -219,18 +219,18 @@ static bool plugin_get_request_metadata(grpc_call_credentials *creds, grpc_slice_unref_internal(creds_md[i].key); grpc_slice_unref_internal(creds_md[i].value); } - gpr_free((void *)error_details); + gpr_free((void*)error_details); gpr_free(pending_request); } return retval; } static void plugin_cancel_get_request_metadata( - grpc_call_credentials *creds, grpc_credentials_mdelem_array *md_array, - grpc_error *error) { - grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; + grpc_call_credentials* creds, grpc_credentials_mdelem_array* md_array, + grpc_error* error) { + grpc_plugin_credentials* c = (grpc_plugin_credentials*)creds; gpr_mu_lock(&c->mu); - for (grpc_plugin_credentials_pending_request *pending_request = + for (grpc_plugin_credentials_pending_request* pending_request = c->pending_requests; pending_request != NULL; pending_request = pending_request->next) { if (pending_request->md_array == md_array) { @@ -253,10 +253,9 @@ static grpc_call_credentials_vtable plugin_vtable = { plugin_destruct, plugin_get_request_metadata, plugin_cancel_get_request_metadata}; -grpc_call_credentials *grpc_metadata_credentials_create_from_plugin( - grpc_metadata_credentials_plugin plugin, void *reserved) { - grpc_plugin_credentials *c = - (grpc_plugin_credentials *)gpr_zalloc(sizeof(*c)); +grpc_call_credentials* grpc_metadata_credentials_create_from_plugin( + grpc_metadata_credentials_plugin plugin, void* reserved) { + grpc_plugin_credentials* c = (grpc_plugin_credentials*)gpr_zalloc(sizeof(*c)); GRPC_API_TRACE("grpc_metadata_credentials_create_from_plugin(reserved=%p)", 1, (reserved)); GPR_ASSERT(reserved == NULL); diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.h b/src/core/lib/security/credentials/plugin/plugin_credentials.h index f56df9eac5..fc0955c695 100644 --- a/src/core/lib/security/credentials/plugin/plugin_credentials.h +++ b/src/core/lib/security/credentials/plugin/plugin_credentials.h @@ -27,18 +27,18 @@ struct grpc_plugin_credentials; typedef struct grpc_plugin_credentials_pending_request { bool cancelled; - struct grpc_plugin_credentials *creds; - grpc_credentials_mdelem_array *md_array; - grpc_closure *on_request_metadata; - struct grpc_plugin_credentials_pending_request *prev; - struct grpc_plugin_credentials_pending_request *next; + struct grpc_plugin_credentials* creds; + grpc_credentials_mdelem_array* md_array; + grpc_closure* on_request_metadata; + struct grpc_plugin_credentials_pending_request* prev; + struct grpc_plugin_credentials_pending_request* next; } grpc_plugin_credentials_pending_request; typedef struct grpc_plugin_credentials { grpc_call_credentials base; grpc_metadata_credentials_plugin plugin; gpr_mu mu; - grpc_plugin_credentials_pending_request *pending_requests; + grpc_plugin_credentials_pending_request* pending_requests; } grpc_plugin_credentials; #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_PLUGIN_PLUGIN_CREDENTIALS_H */ diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.cc b/src/core/lib/security/credentials/ssl/ssl_credentials.cc index e78c20d34a..e6ea757ce8 100644 --- a/src/core/lib/security/credentials/ssl/ssl_credentials.cc +++ b/src/core/lib/security/credentials/ssl/ssl_credentials.cc @@ -31,28 +31,31 @@ // SSL Channel Credentials. // -static void ssl_config_pem_key_cert_pair_destroy( - tsi_ssl_pem_key_cert_pair *kp) { +void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair* kp, + size_t num_key_cert_pairs) { if (kp == NULL) return; - gpr_free((void *)kp->private_key); - gpr_free((void *)kp->cert_chain); + for (size_t i = 0; i < num_key_cert_pairs; i++) { + gpr_free((void*)kp[i].private_key); + gpr_free((void*)kp[i].cert_chain); + } + gpr_free(kp); } -static void ssl_destruct(grpc_channel_credentials *creds) { - grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; +static void ssl_destruct(grpc_channel_credentials* creds) { + grpc_ssl_credentials* c = (grpc_ssl_credentials*)creds; gpr_free(c->config.pem_root_certs); - ssl_config_pem_key_cert_pair_destroy(&c->config.pem_key_cert_pair); + grpc_tsi_ssl_pem_key_cert_pairs_destroy(c->config.pem_key_cert_pair, 1); } static grpc_security_status ssl_create_security_connector( - grpc_channel_credentials *creds, grpc_call_credentials *call_creds, - const char *target, const grpc_channel_args *args, - grpc_channel_security_connector **sc, grpc_channel_args **new_args) { - grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; + grpc_channel_credentials* creds, grpc_call_credentials* call_creds, + const char* target, const grpc_channel_args* args, + grpc_channel_security_connector** sc, grpc_channel_args** new_args) { + grpc_ssl_credentials* c = (grpc_ssl_credentials*)creds; grpc_security_status status = GRPC_SECURITY_OK; - const char *overridden_target_name = NULL; + const char* overridden_target_name = NULL; for (size_t i = 0; args && i < args->num_args; i++) { - grpc_arg *arg = &args->args[i]; + grpc_arg* arg = &args->args[i]; if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 && arg->type == GRPC_ARG_STRING) { overridden_target_name = arg->value.string; @@ -60,14 +63,12 @@ static grpc_security_status ssl_create_security_connector( } } status = grpc_ssl_channel_security_connector_create( - creds, call_creds, &c->config, target, overridden_target_name, - - sc); + creds, call_creds, &c->config, target, overridden_target_name, sc); if (status != GRPC_SECURITY_OK) { return status; } grpc_arg new_arg = grpc_channel_arg_string_create( - (char *)GRPC_ARG_HTTP2_SCHEME, (char *)"https"); + (char*)GRPC_ARG_HTTP2_SCHEME, (char*)"https"); *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1); return status; } @@ -75,27 +76,29 @@ static grpc_security_status ssl_create_security_connector( static grpc_channel_credentials_vtable ssl_vtable = { ssl_destruct, ssl_create_security_connector, NULL}; -static void ssl_build_config(const char *pem_root_certs, - grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, - grpc_ssl_config *config) { +static void ssl_build_config(const char* pem_root_certs, + grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, + grpc_ssl_config* config) { if (pem_root_certs != NULL) { config->pem_root_certs = gpr_strdup(pem_root_certs); } if (pem_key_cert_pair != NULL) { GPR_ASSERT(pem_key_cert_pair->private_key != NULL); GPR_ASSERT(pem_key_cert_pair->cert_chain != NULL); - config->pem_key_cert_pair.cert_chain = + config->pem_key_cert_pair = (tsi_ssl_pem_key_cert_pair*)gpr_zalloc( + sizeof(tsi_ssl_pem_key_cert_pair)); + config->pem_key_cert_pair->cert_chain = gpr_strdup(pem_key_cert_pair->cert_chain); - config->pem_key_cert_pair.private_key = + config->pem_key_cert_pair->private_key = gpr_strdup(pem_key_cert_pair->private_key); } } -grpc_channel_credentials *grpc_ssl_credentials_create( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, - void *reserved) { - grpc_ssl_credentials *c = - (grpc_ssl_credentials *)gpr_zalloc(sizeof(grpc_ssl_credentials)); +grpc_channel_credentials* grpc_ssl_credentials_create( + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, + void* reserved) { + grpc_ssl_credentials* c = + (grpc_ssl_credentials*)gpr_zalloc(sizeof(grpc_ssl_credentials)); GRPC_API_TRACE( "grpc_ssl_credentials_create(pem_root_certs=%s, " "pem_key_cert_pair=%p, " @@ -113,42 +116,76 @@ grpc_channel_credentials *grpc_ssl_credentials_create( // SSL Server Credentials. // -static void ssl_server_destruct(grpc_server_credentials *creds) { - grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; - size_t i; - for (i = 0; i < c->config.num_key_cert_pairs; i++) { - ssl_config_pem_key_cert_pair_destroy(&c->config.pem_key_cert_pairs[i]); - } - gpr_free(c->config.pem_key_cert_pairs); +struct grpc_ssl_server_credentials_options { + grpc_ssl_client_certificate_request_type client_certificate_request; + grpc_ssl_server_certificate_config* certificate_config; + grpc_ssl_server_certificate_config_fetcher* certificate_config_fetcher; +}; + +static void ssl_server_destruct(grpc_server_credentials* creds) { + grpc_ssl_server_credentials* c = (grpc_ssl_server_credentials*)creds; + grpc_tsi_ssl_pem_key_cert_pairs_destroy(c->config.pem_key_cert_pairs, + c->config.num_key_cert_pairs); gpr_free(c->config.pem_root_certs); } static grpc_security_status ssl_server_create_security_connector( - grpc_server_credentials *creds, grpc_server_security_connector **sc) { - grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; - return grpc_ssl_server_security_connector_create(creds, &c->config, sc); + grpc_server_credentials* creds, grpc_server_security_connector** sc) { + return grpc_ssl_server_security_connector_create(creds, sc); } static grpc_server_credentials_vtable ssl_server_vtable = { ssl_server_destruct, ssl_server_create_security_connector}; +tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs( + const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, + size_t num_key_cert_pairs) { + tsi_ssl_pem_key_cert_pair* tsi_pairs = NULL; + if (num_key_cert_pairs > 0) { + GPR_ASSERT(pem_key_cert_pairs != NULL); + tsi_pairs = (tsi_ssl_pem_key_cert_pair*)gpr_zalloc( + num_key_cert_pairs * sizeof(tsi_ssl_pem_key_cert_pair)); + } + for (size_t i = 0; i < num_key_cert_pairs; i++) { + GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL); + GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL); + tsi_pairs[i].cert_chain = gpr_strdup(pem_key_cert_pairs[i].cert_chain); + tsi_pairs[i].private_key = gpr_strdup(pem_key_cert_pairs[i].private_key); + } + return tsi_pairs; +} + static void ssl_build_server_config( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, - grpc_ssl_server_config *config) { - size_t i; + grpc_ssl_server_config* config) { config->client_certificate_request = client_certificate_request; if (pem_root_certs != NULL) { config->pem_root_certs = gpr_strdup(pem_root_certs); } + config->pem_key_cert_pairs = grpc_convert_grpc_to_tsi_cert_pairs( + pem_key_cert_pairs, num_key_cert_pairs); + config->num_key_cert_pairs = num_key_cert_pairs; +} + +grpc_ssl_server_certificate_config* grpc_ssl_server_certificate_config_create( + const char* pem_root_certs, + const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, + size_t num_key_cert_pairs) { + grpc_ssl_server_certificate_config* config = + (grpc_ssl_server_certificate_config*)gpr_zalloc( + sizeof(grpc_ssl_server_certificate_config)); + if (pem_root_certs != NULL) { + config->pem_root_certs = gpr_strdup(pem_root_certs); + } if (num_key_cert_pairs > 0) { GPR_ASSERT(pem_key_cert_pairs != NULL); - config->pem_key_cert_pairs = (tsi_ssl_pem_key_cert_pair *)gpr_zalloc( - num_key_cert_pairs * sizeof(tsi_ssl_pem_key_cert_pair)); + config->pem_key_cert_pairs = (grpc_ssl_pem_key_cert_pair*)gpr_zalloc( + num_key_cert_pairs * sizeof(grpc_ssl_pem_key_cert_pair)); } config->num_key_cert_pairs = num_key_cert_pairs; - for (i = 0; i < num_key_cert_pairs; i++) { + for (size_t i = 0; i < num_key_cert_pairs; i++) { GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL); GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL); config->pem_key_cert_pairs[i].cert_chain = @@ -156,11 +193,65 @@ static void ssl_build_server_config( config->pem_key_cert_pairs[i].private_key = gpr_strdup(pem_key_cert_pairs[i].private_key); } + return config; +} + +void grpc_ssl_server_certificate_config_destroy( + grpc_ssl_server_certificate_config* config) { + if (config == NULL) return; + for (size_t i = 0; i < config->num_key_cert_pairs; i++) { + gpr_free((void*)config->pem_key_cert_pairs[i].private_key); + gpr_free((void*)config->pem_key_cert_pairs[i].cert_chain); + } + gpr_free(config->pem_key_cert_pairs); + gpr_free(config->pem_root_certs); + gpr_free(config); +} + +grpc_ssl_server_credentials_options* +grpc_ssl_server_credentials_create_options_using_config( + grpc_ssl_client_certificate_request_type client_certificate_request, + grpc_ssl_server_certificate_config* config) { + grpc_ssl_server_credentials_options* options = NULL; + if (config == NULL) { + gpr_log(GPR_ERROR, "Certificate config must not be NULL."); + goto done; + } + options = (grpc_ssl_server_credentials_options*)gpr_zalloc( + sizeof(grpc_ssl_server_credentials_options)); + options->client_certificate_request = client_certificate_request; + options->certificate_config = config; +done: + return options; } -grpc_server_credentials *grpc_ssl_server_credentials_create( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, - size_t num_key_cert_pairs, int force_client_auth, void *reserved) { +grpc_ssl_server_credentials_options* +grpc_ssl_server_credentials_create_options_using_config_fetcher( + grpc_ssl_client_certificate_request_type client_certificate_request, + grpc_ssl_server_certificate_config_callback cb, void* user_data) { + if (cb == NULL) { + gpr_log(GPR_ERROR, "Invalid certificate config callback parameter."); + return NULL; + } + + grpc_ssl_server_certificate_config_fetcher* fetcher = + (grpc_ssl_server_certificate_config_fetcher*)gpr_zalloc( + sizeof(grpc_ssl_server_certificate_config_fetcher)); + fetcher->cb = cb; + fetcher->user_data = user_data; + + grpc_ssl_server_credentials_options* options = + (grpc_ssl_server_credentials_options*)gpr_zalloc( + sizeof(grpc_ssl_server_credentials_options)); + options->client_certificate_request = client_certificate_request; + options->certificate_config_fetcher = fetcher; + + return options; +} + +grpc_server_credentials* grpc_ssl_server_credentials_create( + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, + size_t num_key_cert_pairs, int force_client_auth, void* reserved) { return grpc_ssl_server_credentials_create_ex( pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs, force_client_auth @@ -169,25 +260,80 @@ grpc_server_credentials *grpc_ssl_server_credentials_create( reserved); } -grpc_server_credentials *grpc_ssl_server_credentials_create_ex( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, +grpc_server_credentials* grpc_ssl_server_credentials_create_ex( + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, - void *reserved) { - grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)gpr_zalloc( - sizeof(grpc_ssl_server_credentials)); + void* reserved) { GRPC_API_TRACE( "grpc_ssl_server_credentials_create_ex(" "pem_root_certs=%s, pem_key_cert_pairs=%p, num_key_cert_pairs=%lu, " "client_certificate_request=%d, reserved=%p)", - 5, (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs, - client_certificate_request, reserved)); + 5, + (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs, + client_certificate_request, reserved)); GPR_ASSERT(reserved == NULL); + + grpc_ssl_server_certificate_config* cert_config = + grpc_ssl_server_certificate_config_create( + pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs); + grpc_ssl_server_credentials_options* options = + grpc_ssl_server_credentials_create_options_using_config( + client_certificate_request, cert_config); + + return grpc_ssl_server_credentials_create_with_options(options); +} + +grpc_server_credentials* grpc_ssl_server_credentials_create_with_options( + grpc_ssl_server_credentials_options* options) { + grpc_server_credentials* retval = NULL; + grpc_ssl_server_credentials* c = NULL; + + if (options == NULL) { + gpr_log(GPR_ERROR, + "Invalid options trying to create SSL server credentials."); + goto done; + } + + if (options->certificate_config == NULL && + options->certificate_config_fetcher == NULL) { + gpr_log(GPR_ERROR, + "SSL server credentials options must specify either " + "certificate config or fetcher."); + goto done; + } else if (options->certificate_config_fetcher != NULL && + options->certificate_config_fetcher->cb == NULL) { + gpr_log(GPR_ERROR, "Certificate config fetcher callback must not be NULL."); + goto done; + } + + c = (grpc_ssl_server_credentials*)gpr_zalloc( + sizeof(grpc_ssl_server_credentials)); c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL; gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &ssl_server_vtable; - ssl_build_server_config(pem_root_certs, pem_key_cert_pairs, - num_key_cert_pairs, client_certificate_request, - &c->config); - return &c->base; + + if (options->certificate_config_fetcher != NULL) { + c->config.client_certificate_request = options->client_certificate_request; + c->certificate_config_fetcher = *options->certificate_config_fetcher; + } else { + ssl_build_server_config(options->certificate_config->pem_root_certs, + options->certificate_config->pem_key_cert_pairs, + options->certificate_config->num_key_cert_pairs, + options->client_certificate_request, &c->config); + } + + retval = &c->base; + +done: + grpc_ssl_server_credentials_options_destroy(options); + return retval; +} + +void grpc_ssl_server_credentials_options_destroy( + grpc_ssl_server_credentials_options* o) { + if (o == NULL) return; + gpr_free(o->certificate_config_fetcher); + grpc_ssl_server_certificate_config_destroy(o->certificate_config); + gpr_free(o); } diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.h b/src/core/lib/security/credentials/ssl/ssl_credentials.h index b43c656cd7..82b9ce11f6 100644 --- a/src/core/lib/security/credentials/ssl/ssl_credentials.h +++ b/src/core/lib/security/credentials/ssl/ssl_credentials.h @@ -20,14 +20,41 @@ #include "src/core/lib/security/credentials/credentials.h" +#ifdef __cplusplus +extern "C" { +#endif + typedef struct { grpc_channel_credentials base; grpc_ssl_config config; } grpc_ssl_credentials; +struct grpc_ssl_server_certificate_config { + grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs; + size_t num_key_cert_pairs; + char* pem_root_certs; +}; + +typedef struct { + grpc_ssl_server_certificate_config_callback cb; + void* user_data; +} grpc_ssl_server_certificate_config_fetcher; + typedef struct { grpc_server_credentials base; grpc_ssl_server_config config; + grpc_ssl_server_certificate_config_fetcher certificate_config_fetcher; } grpc_ssl_server_credentials; +tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs( + const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, + size_t num_key_cert_pairs); + +void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair* kp, + size_t num_key_cert_pairs); + +#ifdef __cplusplus +} +#endif + #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H */ |