diff options
Diffstat (limited to 'src/core/lib/security/transport/security_connector.cc')
-rw-r--r-- | src/core/lib/security/transport/security_connector.cc | 497 |
1 files changed, 249 insertions, 248 deletions
diff --git a/src/core/lib/security/transport/security_connector.cc b/src/core/lib/security/transport/security_connector.cc index 06160d0caa..b5822d7454 100644 --- a/src/core/lib/security/transport/security_connector.cc +++ b/src/core/lib/security/transport/security_connector.cc @@ -52,9 +52,9 @@ grpc_tracer_flag grpc_trace_security_connector_refcount = /* -- Constants. -- */ #ifndef INSTALL_PREFIX -static const char *installed_roots_path = "/usr/share/grpc/roots.pem"; +static const char* installed_roots_path = "/usr/share/grpc/roots.pem"; #else -static const char *installed_roots_path = +static const char* installed_roots_path = INSTALL_PREFIX "/share/grpc/roots.pem"; #endif @@ -74,14 +74,14 @@ void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb) { "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384" static gpr_once cipher_suites_once = GPR_ONCE_INIT; -static const char *cipher_suites = NULL; +static const char* cipher_suites = NULL; static void init_cipher_suites(void) { - char *overridden = gpr_getenv("GRPC_SSL_CIPHER_SUITES"); + char* overridden = gpr_getenv("GRPC_SSL_CIPHER_SUITES"); cipher_suites = overridden != NULL ? overridden : GRPC_SSL_CIPHER_SUITES; } -static const char *ssl_cipher_suites(void) { +static const char* ssl_cipher_suites(void) { gpr_once_init(&cipher_suites_once, init_cipher_suites); return cipher_suites; } @@ -89,12 +89,12 @@ static const char *ssl_cipher_suites(void) { /* -- Common methods. -- */ /* Returns the first property with that name. */ -const tsi_peer_property *tsi_peer_get_property_by_name(const tsi_peer *peer, - const char *name) { +const tsi_peer_property* tsi_peer_get_property_by_name(const tsi_peer* peer, + const char* name) { size_t i; if (peer == NULL) return NULL; for (i = 0; i < peer->property_count; i++) { - const tsi_peer_property *property = &peer->properties[i]; + const tsi_peer_property* property = &peer->properties[i]; if (name == NULL && property->name == NULL) { return property; } @@ -107,26 +107,26 @@ const tsi_peer_property *tsi_peer_get_property_by_name(const tsi_peer *peer, } void grpc_channel_security_connector_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *connector, - grpc_handshake_manager *handshake_mgr) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* connector, + grpc_handshake_manager* handshake_mgr) { if (connector != NULL) { connector->add_handshakers(exec_ctx, connector, handshake_mgr); } } void grpc_server_security_connector_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_server_security_connector *connector, - grpc_handshake_manager *handshake_mgr) { + grpc_exec_ctx* exec_ctx, grpc_server_security_connector* connector, + grpc_handshake_manager* handshake_mgr) { if (connector != NULL) { connector->add_handshakers(exec_ctx, connector, handshake_mgr); } } -void grpc_security_connector_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, +void grpc_security_connector_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { if (sc == NULL) { GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked, GRPC_ERROR_CREATE_FROM_STATIC_STRING( @@ -137,43 +137,43 @@ void grpc_security_connector_check_peer(grpc_exec_ctx *exec_ctx, } } -int grpc_security_connector_cmp(grpc_security_connector *sc, - grpc_security_connector *other) { +int grpc_security_connector_cmp(grpc_security_connector* sc, + grpc_security_connector* other) { if (sc == NULL || other == NULL) return GPR_ICMP(sc, other); int c = GPR_ICMP(sc->vtable, other->vtable); if (c != 0) return c; return sc->vtable->cmp(sc, other); } -int grpc_channel_security_connector_cmp(grpc_channel_security_connector *sc1, - grpc_channel_security_connector *sc2) { +int grpc_channel_security_connector_cmp(grpc_channel_security_connector* sc1, + grpc_channel_security_connector* sc2) { GPR_ASSERT(sc1->channel_creds != NULL); GPR_ASSERT(sc2->channel_creds != NULL); int c = GPR_ICMP(sc1->channel_creds, sc2->channel_creds); if (c != 0) return c; c = GPR_ICMP(sc1->request_metadata_creds, sc2->request_metadata_creds); if (c != 0) return c; - c = GPR_ICMP((void *)sc1->check_call_host, (void *)sc2->check_call_host); + c = GPR_ICMP((void*)sc1->check_call_host, (void*)sc2->check_call_host); if (c != 0) return c; - c = GPR_ICMP((void *)sc1->cancel_check_call_host, - (void *)sc2->cancel_check_call_host); + c = GPR_ICMP((void*)sc1->cancel_check_call_host, + (void*)sc2->cancel_check_call_host); if (c != 0) return c; - return GPR_ICMP((void *)sc1->add_handshakers, (void *)sc2->add_handshakers); + return GPR_ICMP((void*)sc1->add_handshakers, (void*)sc2->add_handshakers); } -int grpc_server_security_connector_cmp(grpc_server_security_connector *sc1, - grpc_server_security_connector *sc2) { +int grpc_server_security_connector_cmp(grpc_server_security_connector* sc1, + grpc_server_security_connector* sc2) { GPR_ASSERT(sc1->server_creds != NULL); GPR_ASSERT(sc2->server_creds != NULL); int c = GPR_ICMP(sc1->server_creds, sc2->server_creds); if (c != 0) return c; - return GPR_ICMP((void *)sc1->add_handshakers, (void *)sc2->add_handshakers); + return GPR_ICMP((void*)sc1->add_handshakers, (void*)sc2->add_handshakers); } bool grpc_channel_security_connector_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - const char *host, grpc_auth_context *auth_context, - grpc_closure *on_call_host_checked, grpc_error **error) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + const char* host, grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, grpc_error** error) { if (sc == NULL || sc->check_call_host == NULL) { *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( "cannot check call host -- no security connector"); @@ -184,8 +184,8 @@ bool grpc_channel_security_connector_check_call_host( } void grpc_channel_security_connector_cancel_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - grpc_closure *on_call_host_checked, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, grpc_error* error) { if (sc == NULL || sc->cancel_check_call_host == NULL) { GRPC_ERROR_UNREF(error); return; @@ -194,9 +194,9 @@ void grpc_channel_security_connector_cancel_check_call_host( } #ifndef NDEBUG -grpc_security_connector *grpc_security_connector_ref( - grpc_security_connector *sc, const char *file, int line, - const char *reason) { +grpc_security_connector* grpc_security_connector_ref( + grpc_security_connector* sc, const char* file, int line, + const char* reason) { if (sc == NULL) return NULL; if (GRPC_TRACER_ON(grpc_trace_security_connector_refcount)) { gpr_atm val = gpr_atm_no_barrier_load(&sc->refcount.count); @@ -205,8 +205,8 @@ grpc_security_connector *grpc_security_connector_ref( val, val + 1, reason); } #else -grpc_security_connector *grpc_security_connector_ref( - grpc_security_connector *sc) { +grpc_security_connector* grpc_security_connector_ref( + grpc_security_connector* sc) { if (sc == NULL) return NULL; #endif gpr_ref(&sc->refcount); @@ -214,10 +214,10 @@ grpc_security_connector *grpc_security_connector_ref( } #ifndef NDEBUG -void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, - const char *file, int line, - const char *reason) { +void grpc_security_connector_unref(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, + const char* file, int line, + const char* reason) { if (sc == NULL) return; if (GRPC_TRACER_ON(grpc_trace_security_connector_refcount)) { gpr_atm val = gpr_atm_no_barrier_load(&sc->refcount.count); @@ -226,52 +226,52 @@ void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx, val, val - 1, reason); } #else -void grpc_security_connector_unref(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { +void grpc_security_connector_unref(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { if (sc == NULL) return; #endif if (gpr_unref(&sc->refcount)) sc->vtable->destroy(exec_ctx, sc); } -static void connector_arg_destroy(grpc_exec_ctx *exec_ctx, void *p) { - GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, (grpc_security_connector *)p, +static void connector_arg_destroy(grpc_exec_ctx* exec_ctx, void* p) { + GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, (grpc_security_connector*)p, "connector_arg_destroy"); } -static void *connector_arg_copy(void *p) { - return GRPC_SECURITY_CONNECTOR_REF((grpc_security_connector *)p, +static void* connector_arg_copy(void* p) { + return GRPC_SECURITY_CONNECTOR_REF((grpc_security_connector*)p, "connector_arg_copy"); } -static int connector_cmp(void *a, void *b) { - return grpc_security_connector_cmp((grpc_security_connector *)a, - (grpc_security_connector *)b); +static int connector_cmp(void* a, void* b) { + return grpc_security_connector_cmp((grpc_security_connector*)a, + (grpc_security_connector*)b); } static const grpc_arg_pointer_vtable connector_arg_vtable = { connector_arg_copy, connector_arg_destroy, connector_cmp}; -grpc_arg grpc_security_connector_to_arg(grpc_security_connector *sc) { - return grpc_channel_arg_pointer_create((char *)GRPC_ARG_SECURITY_CONNECTOR, - sc, &connector_arg_vtable); +grpc_arg grpc_security_connector_to_arg(grpc_security_connector* sc) { + return grpc_channel_arg_pointer_create((char*)GRPC_ARG_SECURITY_CONNECTOR, sc, + &connector_arg_vtable); } -grpc_security_connector *grpc_security_connector_from_arg(const grpc_arg *arg) { +grpc_security_connector* grpc_security_connector_from_arg(const grpc_arg* arg) { if (strcmp(arg->key, GRPC_ARG_SECURITY_CONNECTOR)) return NULL; if (arg->type != GRPC_ARG_POINTER) { gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type, GRPC_ARG_SECURITY_CONNECTOR); return NULL; } - return (grpc_security_connector *)arg->value.pointer.p; + return (grpc_security_connector*)arg->value.pointer.p; } -grpc_security_connector *grpc_security_connector_find_in_args( - const grpc_channel_args *args) { +grpc_security_connector* grpc_security_connector_find_in_args( + const grpc_channel_args* args) { size_t i; if (args == NULL) return NULL; for (i = 0; i < args->num_args; i++) { - grpc_security_connector *sc = + grpc_security_connector* sc = grpc_security_connector_from_arg(&args->args[i]); if (sc != NULL) return sc; } @@ -306,31 +306,31 @@ get_tsi_client_certificate_request_type( typedef struct { grpc_channel_security_connector base; - char *target; - char *expected_targets; + char* target; + char* expected_targets; bool is_lb_channel; } grpc_fake_channel_security_connector; -static void fake_channel_destroy(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { - grpc_fake_channel_security_connector *c = - (grpc_fake_channel_security_connector *)sc; +static void fake_channel_destroy(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { + grpc_fake_channel_security_connector* c = + (grpc_fake_channel_security_connector*)sc; grpc_call_credentials_unref(exec_ctx, c->base.request_metadata_creds); gpr_free(c->target); gpr_free(c->expected_targets); gpr_free(c); } -static void fake_server_destroy(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { +static void fake_server_destroy(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { gpr_free(sc); } -static bool fake_check_target(const char *target_type, const char *target, - const char *set_str) { +static bool fake_check_target(const char* target_type, const char* target, + const char* set_str) { GPR_ASSERT(target_type != NULL); GPR_ASSERT(target != NULL); - char **set = NULL; + char** set = NULL; size_t set_size = 0; gpr_string_split(set_str, ",", &set, &set_size); bool found = false; @@ -344,11 +344,11 @@ static bool fake_check_target(const char *target_type, const char *target, return found; } -static void fake_secure_name_check(const char *target, - const char *expected_targets, +static void fake_secure_name_check(const char* target, + const char* expected_targets, bool is_lb_channel) { if (expected_targets == NULL) return; - char **lbs_and_backends = NULL; + char** lbs_and_backends = NULL; size_t lbs_and_backends_size = 0; bool success = false; gpr_string_split(expected_targets, ";", &lbs_and_backends, @@ -388,12 +388,12 @@ done: if (!success) abort(); } -static void fake_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { - const char *prop_name; - grpc_error *error = GRPC_ERROR_NONE; +static void fake_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { + const char* prop_name; + grpc_error* error = GRPC_ERROR_NONE; *auth_context = NULL; if (peer.property_count != 1) { error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( @@ -403,7 +403,7 @@ static void fake_check_peer(grpc_exec_ctx *exec_ctx, prop_name = peer.properties[0].name; if (prop_name == NULL || strcmp(prop_name, TSI_CERTIFICATE_TYPE_PEER_PROPERTY)) { - char *msg; + char* msg; gpr_asprintf(&msg, "Unexpected property in fake peer: %s.", prop_name == NULL ? "<EMPTY>" : prop_name); error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg); @@ -425,29 +425,29 @@ end: tsi_peer_destruct(&peer); } -static void fake_channel_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { +static void fake_channel_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { fake_check_peer(exec_ctx, sc, peer, auth_context, on_peer_checked); - grpc_fake_channel_security_connector *c = - (grpc_fake_channel_security_connector *)sc; + grpc_fake_channel_security_connector* c = + (grpc_fake_channel_security_connector*)sc; fake_secure_name_check(c->target, c->expected_targets, c->is_lb_channel); } -static void fake_server_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { +static void fake_server_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { fake_check_peer(exec_ctx, sc, peer, auth_context, on_peer_checked); } -static int fake_channel_cmp(grpc_security_connector *sc1, - grpc_security_connector *sc2) { - grpc_fake_channel_security_connector *c1 = - (grpc_fake_channel_security_connector *)sc1; - grpc_fake_channel_security_connector *c2 = - (grpc_fake_channel_security_connector *)sc2; +static int fake_channel_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { + grpc_fake_channel_security_connector* c1 = + (grpc_fake_channel_security_connector*)sc1; + grpc_fake_channel_security_connector* c2 = + (grpc_fake_channel_security_connector*)sc2; int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base); if (c != 0) return c; c = strcmp(c1->target, c2->target); @@ -461,31 +461,31 @@ static int fake_channel_cmp(grpc_security_connector *sc1, return GPR_ICMP(c1->is_lb_channel, c2->is_lb_channel); } -static int fake_server_cmp(grpc_security_connector *sc1, - grpc_security_connector *sc2) { +static int fake_server_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { return grpc_server_security_connector_cmp( - (grpc_server_security_connector *)sc1, - (grpc_server_security_connector *)sc2); + (grpc_server_security_connector*)sc1, + (grpc_server_security_connector*)sc2); } -static bool fake_channel_check_call_host(grpc_exec_ctx *exec_ctx, - grpc_channel_security_connector *sc, - const char *host, - grpc_auth_context *auth_context, - grpc_closure *on_call_host_checked, - grpc_error **error) { +static bool fake_channel_check_call_host(grpc_exec_ctx* exec_ctx, + grpc_channel_security_connector* sc, + const char* host, + grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, + grpc_error** error) { return true; } static void fake_channel_cancel_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - grpc_closure *on_call_host_checked, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, grpc_error* error) { GRPC_ERROR_UNREF(error); } static void fake_channel_add_handshakers( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - grpc_handshake_manager *handshake_mgr) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + grpc_handshake_manager* handshake_mgr) { grpc_handshake_manager_add( handshake_mgr, grpc_security_handshaker_create( @@ -493,9 +493,9 @@ static void fake_channel_add_handshakers( &sc->base)); } -static void fake_server_add_handshakers(grpc_exec_ctx *exec_ctx, - grpc_server_security_connector *sc, - grpc_handshake_manager *handshake_mgr) { +static void fake_server_add_handshakers(grpc_exec_ctx* exec_ctx, + grpc_server_security_connector* sc, + grpc_handshake_manager* handshake_mgr) { grpc_handshake_manager_add( handshake_mgr, grpc_security_handshaker_create( @@ -509,12 +509,12 @@ static grpc_security_connector_vtable fake_channel_vtable = { static grpc_security_connector_vtable fake_server_vtable = { fake_server_destroy, fake_server_check_peer, fake_server_cmp}; -grpc_channel_security_connector *grpc_fake_channel_security_connector_create( - grpc_channel_credentials *channel_creds, - grpc_call_credentials *request_metadata_creds, const char *target, - const grpc_channel_args *args) { - grpc_fake_channel_security_connector *c = - (grpc_fake_channel_security_connector *)gpr_zalloc(sizeof(*c)); +grpc_channel_security_connector* grpc_fake_channel_security_connector_create( + grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, const char* target, + const grpc_channel_args* args) { + grpc_fake_channel_security_connector* c = + (grpc_fake_channel_security_connector*)gpr_zalloc(sizeof(*c)); gpr_ref_init(&c->base.base.refcount, 1); c->base.base.url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME; c->base.base.vtable = &fake_channel_vtable; @@ -525,16 +525,16 @@ grpc_channel_security_connector *grpc_fake_channel_security_connector_create( c->base.cancel_check_call_host = fake_channel_cancel_check_call_host; c->base.add_handshakers = fake_channel_add_handshakers; c->target = gpr_strdup(target); - const char *expected_targets = grpc_fake_transport_get_expected_targets(args); + const char* expected_targets = grpc_fake_transport_get_expected_targets(args); c->expected_targets = gpr_strdup(expected_targets); c->is_lb_channel = (grpc_lb_targets_info_find_in_args(args) != NULL); return &c->base; } -grpc_server_security_connector *grpc_fake_server_security_connector_create( - grpc_server_credentials *server_creds) { - grpc_server_security_connector *c = - (grpc_server_security_connector *)gpr_zalloc( +grpc_server_security_connector* grpc_fake_server_security_connector_create( + grpc_server_credentials* server_creds) { + grpc_server_security_connector* c = + (grpc_server_security_connector*)gpr_zalloc( sizeof(grpc_server_security_connector)); gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &fake_server_vtable; @@ -548,29 +548,29 @@ grpc_server_security_connector *grpc_fake_server_security_connector_create( typedef struct { grpc_channel_security_connector base; - tsi_ssl_client_handshaker_factory *client_handshaker_factory; - char *target_name; - char *overridden_target_name; + tsi_ssl_client_handshaker_factory* client_handshaker_factory; + char* target_name; + char* overridden_target_name; } grpc_ssl_channel_security_connector; typedef struct { grpc_server_security_connector base; - tsi_ssl_server_handshaker_factory *server_handshaker_factory; + tsi_ssl_server_handshaker_factory* server_handshaker_factory; } grpc_ssl_server_security_connector; static bool server_connector_has_cert_config_fetcher( - grpc_ssl_server_security_connector *c) { + grpc_ssl_server_security_connector* c) { GPR_ASSERT(c != NULL); - grpc_ssl_server_credentials *server_creds = - (grpc_ssl_server_credentials *)c->base.server_creds; + grpc_ssl_server_credentials* server_creds = + (grpc_ssl_server_credentials*)c->base.server_creds; GPR_ASSERT(server_creds != NULL); return server_creds->certificate_config_fetcher.cb != NULL; } -static void ssl_channel_destroy(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { - grpc_ssl_channel_security_connector *c = - (grpc_ssl_channel_security_connector *)sc; +static void ssl_channel_destroy(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { + grpc_ssl_channel_security_connector* c = + (grpc_ssl_channel_security_connector*)sc; grpc_channel_credentials_unref(exec_ctx, c->base.channel_creds); grpc_call_credentials_unref(exec_ctx, c->base.request_metadata_creds); tsi_ssl_client_handshaker_factory_unref(c->client_handshaker_factory); @@ -580,23 +580,23 @@ static void ssl_channel_destroy(grpc_exec_ctx *exec_ctx, gpr_free(sc); } -static void ssl_server_destroy(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc) { - grpc_ssl_server_security_connector *c = - (grpc_ssl_server_security_connector *)sc; +static void ssl_server_destroy(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc) { + grpc_ssl_server_security_connector* c = + (grpc_ssl_server_security_connector*)sc; grpc_server_credentials_unref(exec_ctx, c->base.server_creds); tsi_ssl_server_handshaker_factory_unref(c->server_handshaker_factory); c->server_handshaker_factory = NULL; gpr_free(sc); } -static void ssl_channel_add_handshakers(grpc_exec_ctx *exec_ctx, - grpc_channel_security_connector *sc, - grpc_handshake_manager *handshake_mgr) { - grpc_ssl_channel_security_connector *c = - (grpc_ssl_channel_security_connector *)sc; +static void ssl_channel_add_handshakers(grpc_exec_ctx* exec_ctx, + grpc_channel_security_connector* sc, + grpc_handshake_manager* handshake_mgr) { + grpc_ssl_channel_security_connector* c = + (grpc_ssl_channel_security_connector*)sc; // Instantiate TSI handshaker. - tsi_handshaker *tsi_hs = NULL; + tsi_handshaker* tsi_hs = NULL; tsi_result result = tsi_ssl_client_handshaker_factory_create_handshaker( c->client_handshaker_factory, c->overridden_target_name != NULL ? c->overridden_target_name @@ -614,11 +614,11 @@ static void ssl_channel_add_handshakers(grpc_exec_ctx *exec_ctx, exec_ctx, tsi_create_adapter_handshaker(tsi_hs), &sc->base)); } -static const char **fill_alpn_protocol_strings(size_t *num_alpn_protocols) { +static const char** fill_alpn_protocol_strings(size_t* num_alpn_protocols) { GPR_ASSERT(num_alpn_protocols != NULL); *num_alpn_protocols = grpc_chttp2_num_alpn_versions(); - const char **alpn_protocol_strings = - (const char **)gpr_malloc(sizeof(const char *) * (*num_alpn_protocols)); + const char** alpn_protocol_strings = + (const char**)gpr_malloc(sizeof(const char*) * (*num_alpn_protocols)); for (size_t i = 0; i < *num_alpn_protocols; i++) { alpn_protocol_strings[i] = grpc_chttp2_get_alpn_version_index(i); } @@ -630,8 +630,8 @@ static const char **fill_alpn_protocol_strings(size_t *num_alpn_protocols) { * fail, the existing factory will not be replaced. Returns true on success (new * factory created). */ static bool try_replace_server_handshaker_factory( - grpc_ssl_server_security_connector *sc, - const grpc_ssl_server_certificate_config *config) { + grpc_ssl_server_security_connector* sc, + const grpc_ssl_server_certificate_config* config) { if (config == NULL) { gpr_log(GPR_ERROR, "Server certificate config callback returned invalid (NULL) " @@ -641,13 +641,13 @@ static bool try_replace_server_handshaker_factory( gpr_log(GPR_DEBUG, "Using new server certificate config (%p).", config); size_t num_alpn_protocols = 0; - const char **alpn_protocol_strings = + const char** alpn_protocol_strings = fill_alpn_protocol_strings(&num_alpn_protocols); - tsi_ssl_pem_key_cert_pair *cert_pairs = grpc_convert_grpc_to_tsi_cert_pairs( + tsi_ssl_pem_key_cert_pair* cert_pairs = grpc_convert_grpc_to_tsi_cert_pairs( config->pem_key_cert_pairs, config->num_key_cert_pairs); - tsi_ssl_server_handshaker_factory *new_handshaker_factory = NULL; - grpc_ssl_server_credentials *server_creds = - (grpc_ssl_server_credentials *)sc->base.server_creds; + tsi_ssl_server_handshaker_factory* new_handshaker_factory = NULL; + grpc_ssl_server_credentials* server_creds = + (grpc_ssl_server_credentials*)sc->base.server_creds; tsi_result result = tsi_create_ssl_server_handshaker_factory_ex( cert_pairs, config->num_key_cert_pairs, config->pem_root_certs, get_tsi_client_certificate_request_type( @@ -655,7 +655,7 @@ static bool try_replace_server_handshaker_factory( ssl_cipher_suites(), alpn_protocol_strings, (uint16_t)num_alpn_protocols, &new_handshaker_factory); gpr_free(cert_pairs); - gpr_free((void *)alpn_protocol_strings); + gpr_free((void*)alpn_protocol_strings); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", @@ -671,15 +671,15 @@ static bool try_replace_server_handshaker_factory( * Current certificate config will continue to be used if the callback returns * an error. Returns true if new credentials were sucessfully loaded. */ static bool try_fetch_ssl_server_credentials( - grpc_ssl_server_security_connector *sc) { - grpc_ssl_server_certificate_config *certificate_config = NULL; + grpc_ssl_server_security_connector* sc) { + grpc_ssl_server_certificate_config* certificate_config = NULL; bool status; GPR_ASSERT(sc != NULL); if (!server_connector_has_cert_config_fetcher(sc)) return false; - grpc_ssl_server_credentials *server_creds = - (grpc_ssl_server_credentials *)sc->base.server_creds; + grpc_ssl_server_credentials* server_creds = + (grpc_ssl_server_credentials*)sc->base.server_creds; grpc_ssl_certificate_config_reload_status cb_result = server_creds->certificate_config_fetcher.cb( server_creds->certificate_config_fetcher.user_data, @@ -703,14 +703,14 @@ static bool try_fetch_ssl_server_credentials( return status; } -static void ssl_server_add_handshakers(grpc_exec_ctx *exec_ctx, - grpc_server_security_connector *sc, - grpc_handshake_manager *handshake_mgr) { - grpc_ssl_server_security_connector *c = - (grpc_ssl_server_security_connector *)sc; +static void ssl_server_add_handshakers(grpc_exec_ctx* exec_ctx, + grpc_server_security_connector* sc, + grpc_handshake_manager* handshake_mgr) { + grpc_ssl_server_security_connector* c = + (grpc_ssl_server_security_connector*)sc; // Instantiate TSI handshaker. try_fetch_ssl_server_credentials(c); - tsi_handshaker *tsi_hs = NULL; + tsi_handshaker* tsi_hs = NULL; tsi_result result = tsi_ssl_server_handshaker_factory_create_handshaker( c->server_handshaker_factory, &tsi_hs); if (result != TSI_OK) { @@ -725,12 +725,12 @@ static void ssl_server_add_handshakers(grpc_exec_ctx *exec_ctx, exec_ctx, tsi_create_adapter_handshaker(tsi_hs), &sc->base)); } -static int ssl_host_matches_name(const tsi_peer *peer, const char *peer_name) { - char *allocated_name = NULL; +static int ssl_host_matches_name(const tsi_peer* peer, const char* peer_name) { + char* allocated_name = NULL; int r; if (strchr(peer_name, ':') != NULL) { - char *ignored_port; + char* ignored_port; gpr_split_host_port(peer_name, &allocated_name, &ignored_port); gpr_free(ignored_port); peer_name = allocated_name; @@ -741,10 +741,10 @@ static int ssl_host_matches_name(const tsi_peer *peer, const char *peer_name) { return r; } -grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer) { +grpc_auth_context* tsi_ssl_peer_to_auth_context(const tsi_peer* peer) { size_t i; - grpc_auth_context *ctx = NULL; - const char *peer_identity_property_name = NULL; + grpc_auth_context* ctx = NULL; + const char* peer_identity_property_name = NULL; /* The caller has checked the certificate type property. */ GPR_ASSERT(peer->property_count >= 1); @@ -753,7 +753,7 @@ grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer) { ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, GRPC_SSL_TRANSPORT_SECURITY_TYPE); for (i = 0; i < peer->property_count; i++) { - const tsi_peer_property *prop = &peer->properties[i]; + const tsi_peer_property* prop = &peer->properties[i]; if (prop->name == NULL) continue; if (strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) { /* If there is no subject alt name, have the CN as the identity. */ @@ -779,11 +779,11 @@ grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer) { return ctx; } -static grpc_error *ssl_check_peer(grpc_security_connector *sc, - const char *peer_name, const tsi_peer *peer, - grpc_auth_context **auth_context) { +static grpc_error* ssl_check_peer(grpc_security_connector* sc, + const char* peer_name, const tsi_peer* peer, + grpc_auth_context** auth_context) { /* Check the ALPN. */ - const tsi_peer_property *p = + const tsi_peer_property* p = tsi_peer_get_property_by_name(peer, TSI_SSL_ALPN_SELECTED_PROTOCOL); if (p == NULL) { return GRPC_ERROR_CREATE_FROM_STATIC_STRING( @@ -796,9 +796,9 @@ static grpc_error *ssl_check_peer(grpc_security_connector *sc, /* Check the peer name if specified. */ if (peer_name != NULL && !ssl_host_matches_name(peer, peer_name)) { - char *msg; + char* msg; gpr_asprintf(&msg, "Peer name %s is not in peer certificate", peer_name); - grpc_error *error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg); + grpc_error* error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg); gpr_free(msg); return error; } @@ -806,35 +806,36 @@ static grpc_error *ssl_check_peer(grpc_security_connector *sc, return GRPC_ERROR_NONE; } -static void ssl_channel_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { - grpc_ssl_channel_security_connector *c = - (grpc_ssl_channel_security_connector *)sc; - grpc_error *error = ssl_check_peer(sc, c->overridden_target_name != NULL - ? c->overridden_target_name - : c->target_name, +static void ssl_channel_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { + grpc_ssl_channel_security_connector* c = + (grpc_ssl_channel_security_connector*)sc; + grpc_error* error = ssl_check_peer(sc, + c->overridden_target_name != NULL + ? c->overridden_target_name + : c->target_name, &peer, auth_context); GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked, error); tsi_peer_destruct(&peer); } -static void ssl_server_check_peer(grpc_exec_ctx *exec_ctx, - grpc_security_connector *sc, tsi_peer peer, - grpc_auth_context **auth_context, - grpc_closure *on_peer_checked) { - grpc_error *error = ssl_check_peer(sc, NULL, &peer, auth_context); +static void ssl_server_check_peer(grpc_exec_ctx* exec_ctx, + grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { + grpc_error* error = ssl_check_peer(sc, NULL, &peer, auth_context); tsi_peer_destruct(&peer); GRPC_CLOSURE_SCHED(exec_ctx, on_peer_checked, error); } -static int ssl_channel_cmp(grpc_security_connector *sc1, - grpc_security_connector *sc2) { - grpc_ssl_channel_security_connector *c1 = - (grpc_ssl_channel_security_connector *)sc1; - grpc_ssl_channel_security_connector *c2 = - (grpc_ssl_channel_security_connector *)sc2; +static int ssl_channel_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { + grpc_ssl_channel_security_connector* c1 = + (grpc_ssl_channel_security_connector*)sc1; + grpc_ssl_channel_security_connector* c2 = + (grpc_ssl_channel_security_connector*)sc2; int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base); if (c != 0) return c; c = strcmp(c1->target_name, c2->target_name); @@ -845,27 +846,27 @@ static int ssl_channel_cmp(grpc_security_connector *sc1, : strcmp(c1->overridden_target_name, c2->overridden_target_name); } -static int ssl_server_cmp(grpc_security_connector *sc1, - grpc_security_connector *sc2) { +static int ssl_server_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { return grpc_server_security_connector_cmp( - (grpc_server_security_connector *)sc1, - (grpc_server_security_connector *)sc2); + (grpc_server_security_connector*)sc1, + (grpc_server_security_connector*)sc2); } -static void add_shallow_auth_property_to_peer(tsi_peer *peer, - const grpc_auth_property *prop, - const char *tsi_prop_name) { - tsi_peer_property *tsi_prop = &peer->properties[peer->property_count++]; - tsi_prop->name = (char *)tsi_prop_name; +static void add_shallow_auth_property_to_peer(tsi_peer* peer, + const grpc_auth_property* prop, + const char* tsi_prop_name) { + tsi_peer_property* tsi_prop = &peer->properties[peer->property_count++]; + tsi_prop->name = (char*)tsi_prop_name; tsi_prop->value.data = prop->value; tsi_prop->value.length = prop->value_length; } tsi_peer tsi_shallow_peer_from_ssl_auth_context( - const grpc_auth_context *auth_context) { + const grpc_auth_context* auth_context) { size_t max_num_props = 0; grpc_auth_property_iterator it; - const grpc_auth_property *prop; + const grpc_auth_property* prop; tsi_peer peer; memset(&peer, 0, sizeof(peer)); @@ -873,8 +874,8 @@ tsi_peer tsi_shallow_peer_from_ssl_auth_context( while (grpc_auth_property_iterator_next(&it) != NULL) max_num_props++; if (max_num_props > 0) { - peer.properties = (tsi_peer_property *)gpr_malloc( - max_num_props * sizeof(tsi_peer_property)); + peer.properties = (tsi_peer_property*)gpr_malloc(max_num_props * + sizeof(tsi_peer_property)); it = grpc_auth_context_property_iterator(auth_context); while ((prop = grpc_auth_property_iterator_next(&it)) != NULL) { if (strcmp(prop->name, GRPC_X509_SAN_PROPERTY_NAME) == 0) { @@ -892,18 +893,18 @@ tsi_peer tsi_shallow_peer_from_ssl_auth_context( return peer; } -void tsi_shallow_peer_destruct(tsi_peer *peer) { +void tsi_shallow_peer_destruct(tsi_peer* peer) { if (peer->properties != NULL) gpr_free(peer->properties); } -static bool ssl_channel_check_call_host(grpc_exec_ctx *exec_ctx, - grpc_channel_security_connector *sc, - const char *host, - grpc_auth_context *auth_context, - grpc_closure *on_call_host_checked, - grpc_error **error) { - grpc_ssl_channel_security_connector *c = - (grpc_ssl_channel_security_connector *)sc; +static bool ssl_channel_check_call_host(grpc_exec_ctx* exec_ctx, + grpc_channel_security_connector* sc, + const char* host, + grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, + grpc_error** error) { + grpc_ssl_channel_security_connector* c = + (grpc_ssl_channel_security_connector*)sc; grpc_security_status status = GRPC_SECURITY_ERROR; tsi_peer peer = tsi_shallow_peer_from_ssl_auth_context(auth_context); if (ssl_host_matches_name(&peer, host)) status = GRPC_SECURITY_OK; @@ -922,8 +923,8 @@ static bool ssl_channel_check_call_host(grpc_exec_ctx *exec_ctx, } static void ssl_channel_cancel_check_call_host( - grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, - grpc_closure *on_call_host_checked, grpc_error *error) { + grpc_exec_ctx* exec_ctx, grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, grpc_error* error) { GRPC_ERROR_UNREF(error); } @@ -938,7 +939,7 @@ static grpc_slice compute_default_pem_root_certs_once(void) { grpc_slice result = grpc_empty_slice(); /* First try to load the roots from the environment. */ - char *default_root_certs_path = + char* default_root_certs_path = gpr_getenv(GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR); if (default_root_certs_path != NULL) { GRPC_LOG_IF_ERROR("load_file", @@ -949,7 +950,7 @@ static grpc_slice compute_default_pem_root_certs_once(void) { /* Try overridden roots if needed. */ grpc_ssl_roots_override_result ovrd_res = GRPC_SSL_ROOTS_OVERRIDE_FAIL; if (GRPC_SLICE_IS_EMPTY(result) && ssl_roots_override_cb != NULL) { - char *pem_root_certs = NULL; + char* pem_root_certs = NULL; ovrd_res = ssl_roots_override_cb(&pem_root_certs); if (ovrd_res == GRPC_SSL_ROOTS_OVERRIDE_OK) { GPR_ASSERT(pem_root_certs != NULL); @@ -979,28 +980,28 @@ grpc_slice grpc_get_default_ssl_roots_for_testing(void) { return compute_default_pem_root_certs_once(); } -const char *grpc_get_default_ssl_roots(void) { +const char* grpc_get_default_ssl_roots(void) { /* TODO(jboeuf@google.com): Maybe revisit the approach which consists in loading all the roots once for the lifetime of the process. */ static gpr_once once = GPR_ONCE_INIT; gpr_once_init(&once, init_default_pem_root_certs); return GRPC_SLICE_IS_EMPTY(default_pem_root_certs) ? NULL - : (const char *)GRPC_SLICE_START_PTR(default_pem_root_certs); + : (const char*)GRPC_SLICE_START_PTR(default_pem_root_certs); } grpc_security_status grpc_ssl_channel_security_connector_create( - grpc_exec_ctx *exec_ctx, grpc_channel_credentials *channel_creds, - grpc_call_credentials *request_metadata_creds, - const grpc_ssl_config *config, const char *target_name, - const char *overridden_target_name, grpc_channel_security_connector **sc) { + grpc_exec_ctx* exec_ctx, grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, + const grpc_ssl_config* config, const char* target_name, + const char* overridden_target_name, grpc_channel_security_connector** sc) { size_t num_alpn_protocols = 0; - const char **alpn_protocol_strings = + const char** alpn_protocol_strings = fill_alpn_protocol_strings(&num_alpn_protocols); tsi_result result = TSI_OK; - grpc_ssl_channel_security_connector *c; - const char *pem_root_certs; - char *port; + grpc_ssl_channel_security_connector* c; + const char* pem_root_certs; + char* port; bool has_key_cert_pair; if (config == NULL || target_name == NULL) { @@ -1017,7 +1018,7 @@ grpc_security_status grpc_ssl_channel_security_connector_create( pem_root_certs = config->pem_root_certs; } - c = (grpc_ssl_channel_security_connector *)gpr_zalloc( + c = (grpc_ssl_channel_security_connector*)gpr_zalloc( sizeof(grpc_ssl_channel_security_connector)); gpr_ref_init(&c->base.base.refcount, 1); @@ -1050,19 +1051,19 @@ grpc_security_status grpc_ssl_channel_security_connector_create( goto error; } *sc = &c->base; - gpr_free((void *)alpn_protocol_strings); + gpr_free((void*)alpn_protocol_strings); return GRPC_SECURITY_OK; error: - gpr_free((void *)alpn_protocol_strings); + gpr_free((void*)alpn_protocol_strings); return GRPC_SECURITY_ERROR; } -static grpc_ssl_server_security_connector * +static grpc_ssl_server_security_connector* grpc_ssl_server_security_connector_initialize( - grpc_server_credentials *server_creds) { - grpc_ssl_server_security_connector *c = - (grpc_ssl_server_security_connector *)gpr_zalloc( + grpc_server_credentials* server_creds) { + grpc_ssl_server_security_connector* c = + (grpc_ssl_server_security_connector*)gpr_zalloc( sizeof(grpc_ssl_server_security_connector)); gpr_ref_init(&c->base.base.refcount, 1); c->base.base.url_scheme = GRPC_SSL_URL_SCHEME; @@ -1073,17 +1074,17 @@ grpc_ssl_server_security_connector_initialize( } grpc_security_status grpc_ssl_server_security_connector_create( - grpc_exec_ctx *exec_ctx, grpc_server_credentials *gsc, - grpc_server_security_connector **sc) { + grpc_exec_ctx* exec_ctx, grpc_server_credentials* gsc, + grpc_server_security_connector** sc) { tsi_result result = TSI_OK; - grpc_ssl_server_credentials *server_credentials = - (grpc_ssl_server_credentials *)gsc; + grpc_ssl_server_credentials* server_credentials = + (grpc_ssl_server_credentials*)gsc; grpc_security_status retval = GRPC_SECURITY_OK; GPR_ASSERT(server_credentials != NULL); GPR_ASSERT(sc != NULL); - grpc_ssl_server_security_connector *c = + grpc_ssl_server_security_connector* c = grpc_ssl_server_security_connector_initialize(gsc); if (server_connector_has_cert_config_fetcher(c)) { // Load initial credentials from certificate_config_fetcher: @@ -1093,7 +1094,7 @@ grpc_security_status grpc_ssl_server_security_connector_create( } } else { size_t num_alpn_protocols = 0; - const char **alpn_protocol_strings = + const char** alpn_protocol_strings = fill_alpn_protocol_strings(&num_alpn_protocols); result = tsi_create_ssl_server_handshaker_factory_ex( server_credentials->config.pem_key_cert_pairs, @@ -1103,7 +1104,7 @@ grpc_security_status grpc_ssl_server_security_connector_create( server_credentials->config.client_certificate_request), ssl_cipher_suites(), alpn_protocol_strings, (uint16_t)num_alpn_protocols, &c->server_handshaker_factory); - gpr_free((void *)alpn_protocol_strings); + gpr_free((void*)alpn_protocol_strings); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", tsi_result_to_string(result)); |