1 files changed, 81 insertions, 66 deletions

diff --git a/src/core/lib/security/transport/security_handshaker.cc b/src/core/lib/security/transport/security_handshaker.cc
index 854a1c4af9..48d6901e88 100644
--- a/src/core/lib/security/transport/security_handshaker.cc
+++ b/src/core/lib/security/transport/security_handshaker.cc
@@ -30,6 +30,7 @@
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/channel/handshaker.h"
 #include "src/core/lib/channel/handshaker_registry.h"
+#include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/security/context/security_context.h"
 #include "src/core/lib/security/transport/secure_endpoint.h"
 #include "src/core/lib/security/transport/tsi_error.h"
@@ -38,34 +39,62 @@
 
 #define GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE 256
 
-typedef struct {
+namespace {
+struct security_handshaker {
+  security_handshaker(tsi_handshaker* handshaker,
+                      grpc_security_connector* connector);
+  ~security_handshaker() {
+    gpr_mu_destroy(&mu);
+    tsi_handshaker_destroy(handshaker);
+    tsi_handshaker_result_destroy(handshaker_result);
+    if (endpoint_to_destroy != nullptr) {
+      grpc_endpoint_destroy(endpoint_to_destroy);
+    }
+    if (read_buffer_to_destroy != nullptr) {
+      grpc_slice_buffer_destroy_internal(read_buffer_to_destroy);
+      gpr_free(read_buffer_to_destroy);
+    }
+    gpr_free(handshake_buffer);
+    grpc_slice_buffer_destroy_internal(&outgoing);
+    auth_context.reset(DEBUG_LOCATION, "handshake");
+    connector.reset(DEBUG_LOCATION, "handshake");
+  }
+
+  void Ref() { refs.Ref(); }
+  void Unref() {
+    if (refs.Unref()) {
+      grpc_core::Delete(this);
+    }
+  }
+
   grpc_handshaker base;
 
   // State set at creation time.
   tsi_handshaker* handshaker;
-  grpc_security_connector* connector;
+  grpc_core::RefCountedPtr<grpc_security_connector> connector;
 
   gpr_mu mu;
-  gpr_refcount refs;
+  grpc_core::RefCount refs;
 
-  bool shutdown;
+  bool shutdown = false;
   // Endpoint and read buffer to destroy after a shutdown.
-  grpc_endpoint* endpoint_to_destroy;
-  grpc_slice_buffer* read_buffer_to_destroy;
+  grpc_endpoint* endpoint_to_destroy = nullptr;
+  grpc_slice_buffer* read_buffer_to_destroy = nullptr;
 
   // State saved while performing the handshake.
-  grpc_handshaker_args* args;
-  grpc_closure* on_handshake_done;
+  grpc_handshaker_args* args = nullptr;
+  grpc_closure* on_handshake_done = nullptr;
 
-  unsigned char* handshake_buffer;
   size_t handshake_buffer_size;
+  unsigned char* handshake_buffer;
   grpc_slice_buffer outgoing;
   grpc_closure on_handshake_data_sent_to_peer;
   grpc_closure on_handshake_data_received_from_peer;
   grpc_closure on_peer_checked;
-  grpc_auth_context* auth_context;
-  tsi_handshaker_result* handshaker_result;
-} security_handshaker;
+  grpc_core::RefCountedPtr<grpc_auth_context> auth_context;
+  tsi_handshaker_result* handshaker_result = nullptr;
+};
+}  // namespace
 
 static size_t move_read_buffer_into_handshake_buffer(security_handshaker* h) {
   size_t bytes_in_read_buffer = h->args->read_buffer->length;
@@ -85,26 +114,6 @@ static size_t move_read_buffer_into_handshake_buffer(security_handshaker* h) {
   return bytes_in_read_buffer;
 }
 
-static void security_handshaker_unref(security_handshaker* h) {
-  if (gpr_unref(&h->refs)) {
-    gpr_mu_destroy(&h->mu);
-    tsi_handshaker_destroy(h->handshaker);
-    tsi_handshaker_result_destroy(h->handshaker_result);
-    if (h->endpoint_to_destroy != nullptr) {
-      grpc_endpoint_destroy(h->endpoint_to_destroy);
-    }
-    if (h->read_buffer_to_destroy != nullptr) {
-      grpc_slice_buffer_destroy_internal(h->read_buffer_to_destroy);
-      gpr_free(h->read_buffer_to_destroy);
-    }
-    gpr_free(h->handshake_buffer);
-    grpc_slice_buffer_destroy_internal(&h->outgoing);
-    GRPC_AUTH_CONTEXT_UNREF(h->auth_context, "handshake");
-    GRPC_SECURITY_CONNECTOR_UNREF(h->connector, "handshake");
-    gpr_free(h);
-  }
-}
-
 // Set args fields to NULL, saving the endpoint and read buffer for
 // later destruction.
 static void cleanup_args_for_failure_locked(security_handshaker* h) {
@@ -194,7 +203,7 @@ static void on_peer_checked_inner(security_handshaker* h, grpc_error* error) {
   tsi_handshaker_result_destroy(h->handshaker_result);
   h->handshaker_result = nullptr;
   // Add auth context to channel args.
-  grpc_arg auth_context_arg = grpc_auth_context_to_arg(h->auth_context);
+  grpc_arg auth_context_arg = grpc_auth_context_to_arg(h->auth_context.get());
   grpc_channel_args* tmp_args = h->args->args;
   h->args->args =
       grpc_channel_args_copy_and_add(tmp_args, &auth_context_arg, 1);
@@ -211,7 +220,7 @@ static void on_peer_checked(void* arg, grpc_error* error) {
   gpr_mu_lock(&h->mu);
   on_peer_checked_inner(h, error);
   gpr_mu_unlock(&h->mu);
-  security_handshaker_unref(h);
+  h->Unref();
 }
 
 static grpc_error* check_peer_locked(security_handshaker* h) {
@@ -222,8 +231,7 @@ static grpc_error* check_peer_locked(security_handshaker* h) {
     return grpc_set_tsi_error_result(
         GRPC_ERROR_CREATE_FROM_STATIC_STRING("Peer extraction failed"), result);
   }
-  grpc_security_connector_check_peer(h->connector, peer, &h->auth_context,
-                                     &h->on_peer_checked);
+  h->connector->check_peer(peer, &h->auth_context, &h->on_peer_checked);
   return GRPC_ERROR_NONE;
 }
 
@@ -281,7 +289,7 @@ static void on_handshake_next_done_grpc_wrapper(
   if (error != GRPC_ERROR_NONE) {
     security_handshake_failed_locked(h, error);
     gpr_mu_unlock(&h->mu);
-    security_handshaker_unref(h);
+    h->Unref();
   } else {
     gpr_mu_unlock(&h->mu);
   }
@@ -317,7 +325,7 @@ static void on_handshake_data_received_from_peer(void* arg, grpc_error* error) {
         h, GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING(
                "Handshake read failed", &error, 1));
     gpr_mu_unlock(&h->mu);
-    security_handshaker_unref(h);
+    h->Unref();
     return;
   }
   // Copy all slices received.
@@ -329,7 +337,7 @@ static void on_handshake_data_received_from_peer(void* arg, grpc_error* error) {
   if (error != GRPC_ERROR_NONE) {
     security_handshake_failed_locked(h, error);
     gpr_mu_unlock(&h->mu);
-    security_handshaker_unref(h);
+    h->Unref();
   } else {
     gpr_mu_unlock(&h->mu);
   }
@@ -343,7 +351,7 @@ static void on_handshake_data_sent_to_peer(void* arg, grpc_error* error) {
         h, GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING(
                "Handshake write failed", &error, 1));
     gpr_mu_unlock(&h->mu);
-    security_handshaker_unref(h);
+    h->Unref();
     return;
   }
   // We may be done.
@@ -355,7 +363,7 @@ static void on_handshake_data_sent_to_peer(void* arg, grpc_error* error) {
     if (error != GRPC_ERROR_NONE) {
       security_handshake_failed_locked(h, error);
       gpr_mu_unlock(&h->mu);
-      security_handshaker_unref(h);
+      h->Unref();
       return;
     }
   }
@@ -368,7 +376,7 @@ static void on_handshake_data_sent_to_peer(void* arg, grpc_error* error) {
 
 static void security_handshaker_destroy(grpc_handshaker* handshaker) {
   security_handshaker* h = reinterpret_cast<security_handshaker*>(handshaker);
-  security_handshaker_unref(h);
+  h->Unref();
 }
 
 static void security_handshaker_shutdown(grpc_handshaker* handshaker,
@@ -393,14 +401,14 @@ static void security_handshaker_do_handshake(grpc_handshaker* handshaker,
   gpr_mu_lock(&h->mu);
   h->args = args;
   h->on_handshake_done = on_handshake_done;
-  gpr_ref(&h->refs);
+  h->Ref();
   size_t bytes_received_size = move_read_buffer_into_handshake_buffer(h);
   grpc_error* error =
       do_handshaker_next_locked(h, h->handshake_buffer, bytes_received_size);
   if (error != GRPC_ERROR_NONE) {
     security_handshake_failed_locked(h, error);
     gpr_mu_unlock(&h->mu);
-    security_handshaker_unref(h);
+    h->Unref();
     return;
   }
   gpr_mu_unlock(&h->mu);
@@ -410,27 +418,32 @@ static const grpc_handshaker_vtable security_handshaker_vtable = {
     security_handshaker_destroy, security_handshaker_shutdown,
     security_handshaker_do_handshake, "security"};
 
-static grpc_handshaker* security_handshaker_create(
-    tsi_handshaker* handshaker, grpc_security_connector* connector) {
-  security_handshaker* h = static_cast<security_handshaker*>(
-      gpr_zalloc(sizeof(security_handshaker)));
-  grpc_handshaker_init(&security_handshaker_vtable, &h->base);
-  h->handshaker = handshaker;
-  h->connector = GRPC_SECURITY_CONNECTOR_REF(connector, "handshake");
-  gpr_mu_init(&h->mu);
-  gpr_ref_init(&h->refs, 1);
-  h->handshake_buffer_size = GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE;
-  h->handshake_buffer =
-      static_cast<uint8_t*>(gpr_malloc(h->handshake_buffer_size));
-  GRPC_CLOSURE_INIT(&h->on_handshake_data_sent_to_peer,
-                    on_handshake_data_sent_to_peer, h,
+namespace {
+security_handshaker::security_handshaker(tsi_handshaker* handshaker,
+                                         grpc_security_connector* connector)
+    : handshaker(handshaker),
+      connector(connector->Ref(DEBUG_LOCATION, "handshake")),
+      handshake_buffer_size(GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE),
+      handshake_buffer(
+          static_cast<uint8_t*>(gpr_malloc(handshake_buffer_size))) {
+  grpc_handshaker_init(&security_handshaker_vtable, &base);
+  gpr_mu_init(&mu);
+  grpc_slice_buffer_init(&outgoing);
+  GRPC_CLOSURE_INIT(&on_handshake_data_sent_to_peer,
+                    ::on_handshake_data_sent_to_peer, this,
                     grpc_schedule_on_exec_ctx);
-  GRPC_CLOSURE_INIT(&h->on_handshake_data_received_from_peer,
-                    on_handshake_data_received_from_peer, h,
+  GRPC_CLOSURE_INIT(&on_handshake_data_received_from_peer,
+                    ::on_handshake_data_received_from_peer, this,
                     grpc_schedule_on_exec_ctx);
-  GRPC_CLOSURE_INIT(&h->on_peer_checked, on_peer_checked, h,
+  GRPC_CLOSURE_INIT(&on_peer_checked, ::on_peer_checked, this,
                     grpc_schedule_on_exec_ctx);
-  grpc_slice_buffer_init(&h->outgoing);
+}
+}  // namespace
+
+static grpc_handshaker* security_handshaker_create(
+    tsi_handshaker* handshaker, grpc_security_connector* connector) {
+  security_handshaker* h =
+      grpc_core::New<security_handshaker>(handshaker, connector);
   return &h->base;
 }
 
@@ -477,8 +490,9 @@ static void client_handshaker_factory_add_handshakers(
   grpc_channel_security_connector* security_connector =
       reinterpret_cast<grpc_channel_security_connector*>(
           grpc_security_connector_find_in_args(args));
-  grpc_channel_security_connector_add_handshakers(
-      security_connector, interested_parties, handshake_mgr);
+  if (security_connector) {
+    security_connector->add_handshakers(interested_parties, handshake_mgr);
+  }
 }
 
 static void server_handshaker_factory_add_handshakers(
@@ -488,8 +502,9 @@ static void server_handshaker_factory_add_handshakers(
   grpc_server_security_connector* security_connector =
       reinterpret_cast<grpc_server_security_connector*>(
           grpc_security_connector_find_in_args(args));
-  grpc_server_security_connector_add_handshakers(
-      security_connector, interested_parties, handshake_mgr);
+  if (security_connector) {
+    security_connector->add_handshakers(interested_parties, handshake_mgr);
+  }
 }
 
 static void handshaker_factory_destroy(