diff options
Diffstat (limited to 'src/core/security/credentials.c')
| -rw-r--r-- | src/core/security/credentials.c | 1761 |
1 files changed, 816 insertions, 945 deletions
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c index 71dfb25825..48cfed7476 100644 --- a/src/core/security/credentials.c +++ b/src/core/security/credentials.c @@ -52,935 +52,857 @@ /* -- Common. -- */ -struct grpc_credentials_metadata_request -{ +struct grpc_credentials_metadata_request { grpc_credentials *creds; grpc_credentials_metadata_cb cb; void *user_data; }; static grpc_credentials_metadata_request * -grpc_credentials_metadata_request_create (grpc_credentials * creds, grpc_credentials_metadata_cb cb, void *user_data) -{ - grpc_credentials_metadata_request *r = gpr_malloc (sizeof (grpc_credentials_metadata_request)); - r->creds = grpc_credentials_ref (creds); +grpc_credentials_metadata_request_create(grpc_credentials *creds, + grpc_credentials_metadata_cb cb, + void *user_data) { + grpc_credentials_metadata_request *r = + gpr_malloc(sizeof(grpc_credentials_metadata_request)); + r->creds = grpc_credentials_ref(creds); r->cb = cb; r->user_data = user_data; return r; } -static void -grpc_credentials_metadata_request_destroy (grpc_credentials_metadata_request * r) -{ - grpc_credentials_unref (r->creds); - gpr_free (r); +static void grpc_credentials_metadata_request_destroy( + grpc_credentials_metadata_request *r) { + grpc_credentials_unref(r->creds); + gpr_free(r); } -grpc_credentials * -grpc_credentials_ref (grpc_credentials * creds) -{ - if (creds == NULL) - return NULL; - gpr_ref (&creds->refcount); +grpc_credentials *grpc_credentials_ref(grpc_credentials *creds) { + if (creds == NULL) return NULL; + gpr_ref(&creds->refcount); return creds; } -void -grpc_credentials_unref (grpc_credentials * creds) -{ - if (creds == NULL) - return; - if (gpr_unref (&creds->refcount)) - { - creds->vtable->destruct (creds); - gpr_free (creds); - } +void grpc_credentials_unref(grpc_credentials *creds) { + if (creds == NULL) return; + if (gpr_unref(&creds->refcount)) { + creds->vtable->destruct(creds); + gpr_free(creds); + } } -void -grpc_credentials_release (grpc_credentials * creds) -{ - grpc_credentials_unref (creds); +void grpc_credentials_release(grpc_credentials *creds) { + grpc_credentials_unref(creds); } -int -grpc_credentials_has_request_metadata (grpc_credentials * creds) -{ - if (creds == NULL) - return 0; - return creds->vtable->has_request_metadata (creds); +int grpc_credentials_has_request_metadata(grpc_credentials *creds) { + if (creds == NULL) return 0; + return creds->vtable->has_request_metadata(creds); } -int -grpc_credentials_has_request_metadata_only (grpc_credentials * creds) -{ - if (creds == NULL) - return 0; - return creds->vtable->has_request_metadata_only (creds); +int grpc_credentials_has_request_metadata_only(grpc_credentials *creds) { + if (creds == NULL) return 0; + return creds->vtable->has_request_metadata_only(creds); } -void -grpc_credentials_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) -{ - if (creds == NULL || !grpc_credentials_has_request_metadata (creds) || creds->vtable->get_request_metadata == NULL) - { - if (cb != NULL) - { - cb (exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); - } - return; +void grpc_credentials_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + if (creds == NULL || !grpc_credentials_has_request_metadata(creds) || + creds->vtable->get_request_metadata == NULL) { + if (cb != NULL) { + cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); } - creds->vtable->get_request_metadata (exec_ctx, creds, pollset, service_url, cb, user_data); + return; + } + creds->vtable->get_request_metadata(exec_ctx, creds, pollset, service_url, cb, + user_data); } -grpc_security_status -grpc_credentials_create_security_connector (grpc_credentials * creds, const char *target, const grpc_channel_args * args, grpc_credentials * request_metadata_creds, grpc_channel_security_connector ** sc, grpc_channel_args ** new_args) -{ +grpc_security_status grpc_credentials_create_security_connector( + grpc_credentials *creds, const char *target, const grpc_channel_args *args, + grpc_credentials *request_metadata_creds, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { *new_args = NULL; - if (creds == NULL || creds->vtable->create_security_connector == NULL || grpc_credentials_has_request_metadata_only (creds)) - { - gpr_log (GPR_ERROR, "Invalid credentials for creating a security connector."); - return GRPC_SECURITY_ERROR; - } - return creds->vtable->create_security_connector (creds, target, args, request_metadata_creds, sc, new_args); + if (creds == NULL || creds->vtable->create_security_connector == NULL || + grpc_credentials_has_request_metadata_only(creds)) { + gpr_log(GPR_ERROR, + "Invalid credentials for creating a security connector."); + return GRPC_SECURITY_ERROR; + } + return creds->vtable->create_security_connector( + creds, target, args, request_metadata_creds, sc, new_args); } -grpc_server_credentials * -grpc_server_credentials_ref (grpc_server_credentials * creds) -{ - if (creds == NULL) - return NULL; - gpr_ref (&creds->refcount); +grpc_server_credentials *grpc_server_credentials_ref( + grpc_server_credentials *creds) { + if (creds == NULL) return NULL; + gpr_ref(&creds->refcount); return creds; } -void -grpc_server_credentials_unref (grpc_server_credentials * creds) -{ - if (creds == NULL) - return; - if (gpr_unref (&creds->refcount)) - { - creds->vtable->destruct (creds); - if (creds->processor.destroy != NULL && creds->processor.state != NULL) - { - creds->processor.destroy (creds->processor.state); - } - gpr_free (creds); +void grpc_server_credentials_unref(grpc_server_credentials *creds) { + if (creds == NULL) return; + if (gpr_unref(&creds->refcount)) { + creds->vtable->destruct(creds); + if (creds->processor.destroy != NULL && creds->processor.state != NULL) { + creds->processor.destroy(creds->processor.state); } + gpr_free(creds); + } } -void -grpc_server_credentials_release (grpc_server_credentials * creds) -{ - grpc_server_credentials_unref (creds); +void grpc_server_credentials_release(grpc_server_credentials *creds) { + grpc_server_credentials_unref(creds); } -grpc_security_status -grpc_server_credentials_create_security_connector (grpc_server_credentials * creds, grpc_security_connector ** sc) -{ - if (creds == NULL || creds->vtable->create_security_connector == NULL) - { - gpr_log (GPR_ERROR, "Server credentials cannot create security context."); - return GRPC_SECURITY_ERROR; - } - return creds->vtable->create_security_connector (creds, sc); +grpc_security_status grpc_server_credentials_create_security_connector( + grpc_server_credentials *creds, grpc_security_connector **sc) { + if (creds == NULL || creds->vtable->create_security_connector == NULL) { + gpr_log(GPR_ERROR, "Server credentials cannot create security context."); + return GRPC_SECURITY_ERROR; + } + return creds->vtable->create_security_connector(creds, sc); } -void -grpc_server_credentials_set_auth_metadata_processor (grpc_server_credentials * creds, grpc_auth_metadata_processor processor) -{ - if (creds == NULL) - return; - if (creds->processor.destroy != NULL && creds->processor.state != NULL) - { - creds->processor.destroy (creds->processor.state); - } +void grpc_server_credentials_set_auth_metadata_processor( + grpc_server_credentials *creds, grpc_auth_metadata_processor processor) { + if (creds == NULL) return; + if (creds->processor.destroy != NULL && creds->processor.state != NULL) { + creds->processor.destroy(creds->processor.state); + } creds->processor = processor; } /* -- Ssl credentials. -- */ -static void -ssl_destruct (grpc_credentials * creds) -{ - grpc_ssl_credentials *c = (grpc_ssl_credentials *) creds; - if (c->config.pem_root_certs != NULL) - gpr_free (c->config.pem_root_certs); - if (c->config.pem_private_key != NULL) - gpr_free (c->config.pem_private_key); - if (c->config.pem_cert_chain != NULL) - gpr_free (c->config.pem_cert_chain); -} - -static void -ssl_server_destruct (grpc_server_credentials * creds) -{ - grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *) creds; +static void ssl_destruct(grpc_credentials *creds) { + grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; + if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs); + if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key); + if (c->config.pem_cert_chain != NULL) gpr_free(c->config.pem_cert_chain); +} + +static void ssl_server_destruct(grpc_server_credentials *creds) { + grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; size_t i; - for (i = 0; i < c->config.num_key_cert_pairs; i++) - { - if (c->config.pem_private_keys[i] != NULL) - { - gpr_free (c->config.pem_private_keys[i]); - } - if (c->config.pem_cert_chains[i] != NULL) - { - gpr_free (c->config.pem_cert_chains[i]); - } - } - if (c->config.pem_private_keys != NULL) - gpr_free (c->config.pem_private_keys); - if (c->config.pem_private_keys_sizes != NULL) - { - gpr_free (c->config.pem_private_keys_sizes); + for (i = 0; i < c->config.num_key_cert_pairs; i++) { + if (c->config.pem_private_keys[i] != NULL) { + gpr_free(c->config.pem_private_keys[i]); } - if (c->config.pem_cert_chains != NULL) - gpr_free (c->config.pem_cert_chains); - if (c->config.pem_cert_chains_sizes != NULL) - { - gpr_free (c->config.pem_cert_chains_sizes); + if (c->config.pem_cert_chains[i] != NULL) { + gpr_free(c->config.pem_cert_chains[i]); } - if (c->config.pem_root_certs != NULL) - gpr_free (c->config.pem_root_certs); + } + if (c->config.pem_private_keys != NULL) gpr_free(c->config.pem_private_keys); + if (c->config.pem_private_keys_sizes != NULL) { + gpr_free(c->config.pem_private_keys_sizes); + } + if (c->config.pem_cert_chains != NULL) gpr_free(c->config.pem_cert_chains); + if (c->config.pem_cert_chains_sizes != NULL) { + gpr_free(c->config.pem_cert_chains_sizes); + } + if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs); } -static int -ssl_has_request_metadata (const grpc_credentials * creds) -{ - return 0; -} +static int ssl_has_request_metadata(const grpc_credentials *creds) { return 0; } -static int -ssl_has_request_metadata_only (const grpc_credentials * creds) -{ +static int ssl_has_request_metadata_only(const grpc_credentials *creds) { return 0; } -static grpc_security_status -ssl_create_security_connector (grpc_credentials * creds, const char *target, const grpc_channel_args * args, grpc_credentials * request_metadata_creds, grpc_channel_security_connector ** sc, grpc_channel_args ** new_args) -{ - grpc_ssl_credentials *c = (grpc_ssl_credentials *) creds; +static grpc_security_status ssl_create_security_connector( + grpc_credentials *creds, const char *target, const grpc_channel_args *args, + grpc_credentials *request_metadata_creds, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; grpc_security_status status = GRPC_SECURITY_OK; size_t i = 0; const char *overridden_target_name = NULL; grpc_arg arg; - for (i = 0; args && i < args->num_args; i++) - { - grpc_arg *arg = &args->args[i]; - if (strcmp (arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 && arg->type == GRPC_ARG_STRING) - { - overridden_target_name = arg->value.string; - break; - } - } - status = grpc_ssl_channel_security_connector_create (request_metadata_creds, &c->config, target, overridden_target_name, sc); - if (status != GRPC_SECURITY_OK) - { - return status; + for (i = 0; args && i < args->num_args; i++) { + grpc_arg *arg = &args->args[i]; + if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 && + arg->type == GRPC_ARG_STRING) { + overridden_target_name = arg->value.string; + break; } + } + status = grpc_ssl_channel_security_connector_create( + request_metadata_creds, &c->config, target, overridden_target_name, sc); + if (status != GRPC_SECURITY_OK) { + return status; + } arg.type = GRPC_ARG_STRING; arg.key = GRPC_ARG_HTTP2_SCHEME; arg.value.string = "https"; - *new_args = grpc_channel_args_copy_and_add (args, &arg, 1); + *new_args = grpc_channel_args_copy_and_add(args, &arg, 1); return status; } -static grpc_security_status -ssl_server_create_security_connector (grpc_server_credentials * creds, grpc_security_connector ** sc) -{ - grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *) creds; - return grpc_ssl_server_security_connector_create (&c->config, sc); +static grpc_security_status ssl_server_create_security_connector( + grpc_server_credentials *creds, grpc_security_connector **sc) { + grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds; + return grpc_ssl_server_security_connector_create(&c->config, sc); } static grpc_credentials_vtable ssl_vtable = { - ssl_destruct, ssl_has_request_metadata, ssl_has_request_metadata_only, NULL, - ssl_create_security_connector -}; + ssl_destruct, ssl_has_request_metadata, ssl_has_request_metadata_only, NULL, + ssl_create_security_connector}; static grpc_server_credentials_vtable ssl_server_vtable = { - ssl_server_destruct, ssl_server_create_security_connector -}; + ssl_server_destruct, ssl_server_create_security_connector}; -static void -ssl_copy_key_material (const char *input, unsigned char **output, size_t * output_size) -{ - *output_size = strlen (input); - *output = gpr_malloc (*output_size); - memcpy (*output, input, *output_size); +static void ssl_copy_key_material(const char *input, unsigned char **output, + size_t *output_size) { + *output_size = strlen(input); + *output = gpr_malloc(*output_size); + memcpy(*output, input, *output_size); } -static void -ssl_build_config (const char *pem_root_certs, grpc_ssl_pem_key_cert_pair * pem_key_cert_pair, grpc_ssl_config * config) -{ - if (pem_root_certs != NULL) - { - ssl_copy_key_material (pem_root_certs, &config->pem_root_certs, &config->pem_root_certs_size); - } - if (pem_key_cert_pair != NULL) - { - GPR_ASSERT (pem_key_cert_pair->private_key != NULL); - GPR_ASSERT (pem_key_cert_pair->cert_chain != NULL); - ssl_copy_key_material (pem_key_cert_pair->private_key, &config->pem_private_key, &config->pem_private_key_size); - ssl_copy_key_material (pem_key_cert_pair->cert_chain, &config->pem_cert_chain, &config->pem_cert_chain_size); - } +static void ssl_build_config(const char *pem_root_certs, + grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, + grpc_ssl_config *config) { + if (pem_root_certs != NULL) { + ssl_copy_key_material(pem_root_certs, &config->pem_root_certs, + &config->pem_root_certs_size); + } + if (pem_key_cert_pair != NULL) { + GPR_ASSERT(pem_key_cert_pair->private_key != NULL); + GPR_ASSERT(pem_key_cert_pair->cert_chain != NULL); + ssl_copy_key_material(pem_key_cert_pair->private_key, + &config->pem_private_key, + &config->pem_private_key_size); + ssl_copy_key_material(pem_key_cert_pair->cert_chain, + &config->pem_cert_chain, + &config->pem_cert_chain_size); + } } -static void -ssl_build_server_config (const char *pem_root_certs, grpc_ssl_pem_key_cert_pair * pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, grpc_ssl_server_config * config) -{ +static void ssl_build_server_config( + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, + size_t num_key_cert_pairs, int force_client_auth, + grpc_ssl_server_config *config) { size_t i; config->force_client_auth = force_client_auth; - if (pem_root_certs != NULL) - { - ssl_copy_key_material (pem_root_certs, &config->pem_root_certs, &config->pem_root_certs_size); - } - if (num_key_cert_pairs > 0) - { - GPR_ASSERT (pem_key_cert_pairs != NULL); - config->pem_private_keys = gpr_malloc (num_key_cert_pairs * sizeof (unsigned char *)); - config->pem_cert_chains = gpr_malloc (num_key_cert_pairs * sizeof (unsigned char *)); - config->pem_private_keys_sizes = gpr_malloc (num_key_cert_pairs * sizeof (size_t)); - config->pem_cert_chains_sizes = gpr_malloc (num_key_cert_pairs * sizeof (size_t)); - } + if (pem_root_certs != NULL) { + ssl_copy_key_material(pem_root_certs, &config->pem_root_certs, + &config->pem_root_certs_size); + } + if (num_key_cert_pairs > 0) { + GPR_ASSERT(pem_key_cert_pairs != NULL); + config->pem_private_keys = + gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *)); + config->pem_cert_chains = + gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *)); + config->pem_private_keys_sizes = + gpr_malloc(num_key_cert_pairs * sizeof(size_t)); + config->pem_cert_chains_sizes = + gpr_malloc(num_key_cert_pairs * sizeof(size_t)); + } config->num_key_cert_pairs = num_key_cert_pairs; - for (i = 0; i < num_key_cert_pairs; i++) - { - GPR_ASSERT (pem_key_cert_pairs[i].private_key != NULL); - GPR_ASSERT (pem_key_cert_pairs[i].cert_chain != NULL); - ssl_copy_key_material (pem_key_cert_pairs[i].private_key, &config->pem_private_keys[i], &config->pem_private_keys_sizes[i]); - ssl_copy_key_material (pem_key_cert_pairs[i].cert_chain, &config->pem_cert_chains[i], &config->pem_cert_chains_sizes[i]); - } + for (i = 0; i < num_key_cert_pairs; i++) { + GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL); + GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL); + ssl_copy_key_material(pem_key_cert_pairs[i].private_key, + &config->pem_private_keys[i], + &config->pem_private_keys_sizes[i]); + ssl_copy_key_material(pem_key_cert_pairs[i].cert_chain, + &config->pem_cert_chains[i], + &config->pem_cert_chains_sizes[i]); + } } -grpc_credentials * -grpc_ssl_credentials_create (const char *pem_root_certs, grpc_ssl_pem_key_cert_pair * pem_key_cert_pair, void *reserved) -{ - grpc_ssl_credentials *c = gpr_malloc (sizeof (grpc_ssl_credentials)); - GPR_ASSERT (reserved == NULL); - memset (c, 0, sizeof (grpc_ssl_credentials)); +grpc_credentials *grpc_ssl_credentials_create( + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, + void *reserved) { + grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials)); + GPR_ASSERT(reserved == NULL); + memset(c, 0, sizeof(grpc_ssl_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_SSL; c->base.vtable = &ssl_vtable; - gpr_ref_init (&c->base.refcount, 1); - ssl_build_config (pem_root_certs, pem_key_cert_pair, &c->config); + gpr_ref_init(&c->base.refcount, 1); + ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config); return &c->base; } -grpc_server_credentials * -grpc_ssl_server_credentials_create (const char *pem_root_certs, grpc_ssl_pem_key_cert_pair * pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved) -{ - grpc_ssl_server_credentials *c = gpr_malloc (sizeof (grpc_ssl_server_credentials)); - GPR_ASSERT (reserved == NULL); - memset (c, 0, sizeof (grpc_ssl_server_credentials)); +grpc_server_credentials *grpc_ssl_server_credentials_create( + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, + size_t num_key_cert_pairs, int force_client_auth, void *reserved) { + grpc_ssl_server_credentials *c = + gpr_malloc(sizeof(grpc_ssl_server_credentials)); + GPR_ASSERT(reserved == NULL); + memset(c, 0, sizeof(grpc_ssl_server_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_SSL; - gpr_ref_init (&c->base.refcount, 1); + gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &ssl_server_vtable; - ssl_build_server_config (pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs, force_client_auth, &c->config); + ssl_build_server_config(pem_root_certs, pem_key_cert_pairs, + num_key_cert_pairs, force_client_auth, &c->config); return &c->base; } /* -- Jwt credentials -- */ -static void -jwt_reset_cache (grpc_service_account_jwt_access_credentials * c) -{ - if (c->cached.jwt_md != NULL) - { - grpc_credentials_md_store_unref (c->cached.jwt_md); - c->cached.jwt_md = NULL; - } - if (c->cached.service_url != NULL) - { - gpr_free (c->cached.service_url); - c->cached.service_url = NULL; - } - c->cached.jwt_expiration = gpr_inf_past (GPR_CLOCK_REALTIME); +static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) { + if (c->cached.jwt_md != NULL) { + grpc_credentials_md_store_unref(c->cached.jwt_md); + c->cached.jwt_md = NULL; + } + if (c->cached.service_url != NULL) { + gpr_free(c->cached.service_url); + c->cached.service_url = NULL; + } + c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); } -static void -jwt_destruct (grpc_credentials * creds) -{ - grpc_service_account_jwt_access_credentials *c = (grpc_service_account_jwt_access_credentials *) creds; - grpc_auth_json_key_destruct (&c->key); - jwt_reset_cache (c); - gpr_mu_destroy (&c->cache_mu); +static void jwt_destruct(grpc_credentials *creds) { + grpc_service_account_jwt_access_credentials *c = + (grpc_service_account_jwt_access_credentials *)creds; + grpc_auth_json_key_destruct(&c->key); + jwt_reset_cache(c); + gpr_mu_destroy(&c->cache_mu); } -static int -jwt_has_request_metadata (const grpc_credentials * creds) -{ - return 1; -} +static int jwt_has_request_metadata(const grpc_credentials *creds) { return 1; } -static int -jwt_has_request_metadata_only (const grpc_credentials * creds) -{ +static int jwt_has_request_metadata_only(const grpc_credentials *creds) { return 1; } -static void -jwt_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) -{ - grpc_service_account_jwt_access_credentials *c = (grpc_service_account_jwt_access_credentials *) creds; - gpr_timespec refresh_threshold = gpr_time_from_seconds (GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN); +static void jwt_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_service_account_jwt_access_credentials *c = + (grpc_service_account_jwt_access_credentials *)creds; + gpr_timespec refresh_threshold = gpr_time_from_seconds( + GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN); /* See if we can return a cached jwt. */ grpc_credentials_md_store *jwt_md = NULL; { - gpr_mu_lock (&c->cache_mu); - if (c->cached.service_url != NULL && strcmp (c->cached.service_url, service_url) == 0 && c->cached.jwt_md != NULL && (gpr_time_cmp (gpr_time_sub (c->cached.jwt_expiration, gpr_now (GPR_CLOCK_REALTIME)), refresh_threshold) > 0)) - { - jwt_md = grpc_credentials_md_store_ref (c->cached.jwt_md); - } - gpr_mu_unlock (&c->cache_mu); + gpr_mu_lock(&c->cache_mu); + if (c->cached.service_url != NULL && + strcmp(c->cached.service_url, service_url) == 0 && + c->cached.jwt_md != NULL && + (gpr_time_cmp(gpr_time_sub(c->cached.jwt_expiration, + gpr_now(GPR_CLOCK_REALTIME)), + refresh_threshold) > 0)) { + jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md); + } + gpr_mu_unlock(&c->cache_mu); } - if (jwt_md == NULL) - { - char *jwt = NULL; - /* Generate a new jwt. */ - gpr_mu_lock (&c->cache_mu); - jwt_reset_cache (c); - jwt = grpc_jwt_encode_and_sign (&c->key, service_url, c->jwt_lifetime, NULL); - if (jwt != NULL) - { - char *md_value; - gpr_asprintf (&md_value, "Bearer %s", jwt); - gpr_free (jwt); - c->cached.jwt_expiration = gpr_time_add (gpr_now (GPR_CLOCK_REALTIME), c->jwt_lifetime); - c->cached.service_url = gpr_strdup (service_url); - c->cached.jwt_md = grpc_credentials_md_store_create (1); - grpc_credentials_md_store_add_cstrings (c->cached.jwt_md, GRPC_AUTHORIZATION_METADATA_KEY, md_value); - gpr_free (md_value); - jwt_md = grpc_credentials_md_store_ref (c->cached.jwt_md); - } - gpr_mu_unlock (&c->cache_mu); + if (jwt_md == NULL) { + char *jwt = NULL; + /* Generate a new jwt. */ + gpr_mu_lock(&c->cache_mu); + jwt_reset_cache(c); + jwt = grpc_jwt_encode_and_sign(&c->key, service_url, c->jwt_lifetime, NULL); + if (jwt != NULL) { + char *md_value; + gpr_asprintf(&md_value, "Bearer %s", jwt); + gpr_free(jwt); + c->cached.jwt_expiration = + gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), c->jwt_lifetime); + c->cached.service_url = gpr_strdup(service_url); + c->cached.jwt_md = grpc_credentials_md_store_create(1); + grpc_credentials_md_store_add_cstrings( + c->cached.jwt_md, GRPC_AUTHORIZATION_METADATA_KEY, md_value); + gpr_free(md_value); + jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md); } + gpr_mu_unlock(&c->cache_mu); + } - if (jwt_md != NULL) - { - cb (exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries, GRPC_CREDENTIALS_OK); - grpc_credentials_md_store_unref (jwt_md); - } - else - { - cb (exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR); - } + if (jwt_md != NULL) { + cb(exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries, + GRPC_CREDENTIALS_OK); + grpc_credentials_md_store_unref(jwt_md); + } else { + cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR); + } } static grpc_credentials_vtable jwt_vtable = { - jwt_destruct, jwt_has_request_metadata, jwt_has_request_metadata_only, - jwt_get_request_metadata, NULL -}; + jwt_destruct, jwt_has_request_metadata, jwt_has_request_metadata_only, + jwt_get_request_metadata, NULL}; grpc_credentials * -grpc_service_account_jwt_access_credentials_create_from_auth_json_key (grpc_auth_json_key key, gpr_timespec token_lifetime) -{ +grpc_service_account_jwt_access_credentials_create_from_auth_json_key( + grpc_auth_json_key key, gpr_timespec token_lifetime) { grpc_service_account_jwt_access_credentials *c; - if (!grpc_auth_json_key_is_valid (&key)) - { - gpr_log (GPR_ERROR, "Invalid input for jwt credentials creation"); - return NULL; - } - c = gpr_malloc (sizeof (grpc_service_account_jwt_access_credentials)); - memset (c, 0, sizeof (grpc_service_account_jwt_access_credentials)); + if (!grpc_auth_json_key_is_valid(&key)) { + gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation"); + return NULL; + } + c = gpr_malloc(sizeof(grpc_service_account_jwt_access_credentials)); + memset(c, 0, sizeof(grpc_service_account_jwt_access_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_JWT; - gpr_ref_init (&c->base.refcount, 1); + gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &jwt_vtable; c->key = key; c->jwt_lifetime = token_lifetime; - gpr_mu_init (&c->cache_mu); - jwt_reset_cache (c); + gpr_mu_init(&c->cache_mu); + jwt_reset_cache(c); return &c->base; } -grpc_credentials * -grpc_service_account_jwt_access_credentials_create (const char *json_key, gpr_timespec token_lifetime, void *reserved) -{ - GPR_ASSERT (reserved == NULL); - return grpc_service_account_jwt_access_credentials_create_from_auth_json_key (grpc_auth_json_key_create_from_string (json_key), token_lifetime); +grpc_credentials *grpc_service_account_jwt_access_credentials_create( + const char *json_key, gpr_timespec token_lifetime, void *reserved) { + GPR_ASSERT(reserved == NULL); + return grpc_service_account_jwt_access_credentials_create_from_auth_json_key( + grpc_auth_json_key_create_from_string(json_key), token_lifetime); } /* -- Oauth2TokenFetcher credentials -- */ -static void -oauth2_token_fetcher_destruct (grpc_credentials * creds) -{ - grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *) creds; - grpc_credentials_md_store_unref (c->access_token_md); - gpr_mu_destroy (&c->mu); - grpc_httpcli_context_destroy (&c->httpcli_context); +static void oauth2_token_fetcher_destruct(grpc_credentials *creds) { + grpc_oauth2_token_fetcher_credentials *c = + (grpc_oauth2_token_fetcher_credentials *)creds; + grpc_credentials_md_store_unref(c->access_token_md); + gpr_mu_destroy(&c->mu); + grpc_httpcli_context_destroy(&c->httpcli_context); } -static int -oauth2_token_fetcher_has_request_metadata (const grpc_credentials * creds) -{ +static int oauth2_token_fetcher_has_request_metadata( + const grpc_credentials *creds) { return 1; } -static int -oauth2_token_fetcher_has_request_metadata_only (const grpc_credentials * creds) -{ +static int oauth2_token_fetcher_has_request_metadata_only( + const grpc_credentials *creds) { return 1; } grpc_credentials_status -grpc_oauth2_token_fetcher_credentials_parse_server_response (const grpc_httpcli_response * response, grpc_credentials_md_store ** token_md, gpr_timespec * token_lifetime) -{ +grpc_oauth2_token_fetcher_credentials_parse_server_response( + const grpc_httpcli_response *response, grpc_credentials_md_store **token_md, + gpr_timespec *token_lifetime) { char *null_terminated_body = NULL; char *new_access_token = NULL; grpc_credentials_status status = GRPC_CREDENTIALS_OK; grpc_json *json = NULL; - if (response == NULL) - { - gpr_log (GPR_ERROR, "Received NULL response."); + if (response == NULL) { + gpr_log(GPR_ERROR, "Received NULL response."); + status = GRPC_CREDENTIALS_ERROR; + goto end; + } + + if (response->body_length > 0) { + null_terminated_body = gpr_malloc(response->body_length + 1); + null_terminated_body[response->body_length] = '\0'; + memcpy(null_terminated_body, response->body, response->body_length); + } + + if (response->status != 200) { + gpr_log(GPR_ERROR, "Call to http server ended with error %d [%s].", + response->status, + null_terminated_body != NULL ? null_terminated_body : ""); + status = GRPC_CREDENTIALS_ERROR; + goto end; + } else { + grpc_json *access_token = NULL; + grpc_json *token_type = NULL; + grpc_json *expires_in = NULL; + grpc_json *ptr; + json = grpc_json_parse_string(null_terminated_body); + if (json == NULL) { + gpr_log(GPR_ERROR, "Could not parse JSON from %s", null_terminated_body); status = GRPC_CREDENTIALS_ERROR; goto end; } - - if (response->body_length > 0) - { - null_terminated_body = gpr_malloc (response->body_length + 1); - null_terminated_body[response->body_length] = '\0'; - memcpy (null_terminated_body, response->body, response->body_length); + if (json->type != GRPC_JSON_OBJECT) { + gpr_log(GPR_ERROR, "Response should be a JSON object"); + status = GRPC_CREDENTIALS_ERROR; + goto end; } - - if (response->status != 200) - { - gpr_log (GPR_ERROR, "Call to http server ended with error %d [%s].", response->status, null_terminated_body != NULL ? null_terminated_body : ""); + for (ptr = json->child; ptr; ptr = ptr->next) { + if (strcmp(ptr->key, "access_token") == 0) { + access_token = ptr; + } else if (strcmp(ptr->key, "token_type") == 0) { + token_type = ptr; + } else if (strcmp(ptr->key, "expires_in") == 0) { + expires_in = ptr; + } + } + if (access_token == NULL || access_token->type != GRPC_JSON_STRING) { + gpr_log(GPR_ERROR, "Missing or invalid access_token in JSON."); + status = GRPC_CREDENTIALS_ERROR; + goto end; + } + if (token_type == NULL || token_type->type != GRPC_JSON_STRING) { + gpr_log(GPR_ERROR, "Missing or invalid token_type in JSON."); status = GRPC_CREDENTIALS_ERROR; goto end; } - else - { - grpc_json *access_token = NULL; - grpc_json *token_type = NULL; - grpc_json *expires_in = NULL; - grpc_json *ptr; - json = grpc_json_parse_string (null_terminated_body); - if (json == NULL) - { - gpr_log (GPR_ERROR, "Could not parse JSON from %s", null_terminated_body); - status = GRPC_CREDENTIALS_ERROR; - goto end; - } - if (json->type != GRPC_JSON_OBJECT) - { - gpr_log (GPR_ERROR, "Response should be a JSON object"); - status = GRPC_CREDENTIALS_ERROR; - goto end; - } - for (ptr = json->child; ptr; ptr = ptr->next) - { - if (strcmp (ptr->key, "access_token") == 0) - { - access_token = ptr; - } - else if (strcmp (ptr->key, "token_type") == 0) - { - token_type = ptr; - } - else if (strcmp (ptr->key, "expires_in") == 0) - { - expires_in = ptr; - } - } - if (access_token == NULL || access_token->type != GRPC_JSON_STRING) - { - gpr_log (GPR_ERROR, "Missing or invalid access_token in JSON."); - status = GRPC_CREDENTIALS_ERROR; - goto end; - } - if (token_type == NULL || token_type->type != GRPC_JSON_STRING) - { - gpr_log (GPR_ERROR, "Missing or invalid token_type in JSON."); - status = GRPC_CREDENTIALS_ERROR; - goto end; - } - if (expires_in == NULL || expires_in->type != GRPC_JSON_NUMBER) - { - gpr_log (GPR_ERROR, "Missing or invalid expires_in in JSON."); - status = GRPC_CREDENTIALS_ERROR; - goto end; - } - gpr_asprintf (&new_access_token, "%s %s", token_type->value, access_token->value); - token_lifetime->tv_sec = strtol (expires_in->value, NULL, 10); - token_lifetime->tv_nsec = 0; - token_lifetime->clock_type = GPR_TIMESPAN; - if (*token_md != NULL) - grpc_credentials_md_store_unref (*token_md); - *token_md = grpc_credentials_md_store_create (1); - grpc_credentials_md_store_add_cstrings (*token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token); - status = GRPC_CREDENTIALS_OK; + if (expires_in == NULL || expires_in->type != GRPC_JSON_NUMBER) { + gpr_log(GPR_ERROR, "Missing or invalid expires_in in JSON."); + status = GRPC_CREDENTIALS_ERROR; + goto end; } + gpr_asprintf(&new_access_token, "%s %s", token_type->value, + access_token->value); + token_lifetime->tv_sec = strtol(expires_in->value, NULL, 10); + token_lifetime->tv_nsec = 0; + token_lifetime->clock_type = GPR_TIMESPAN; + if (*token_md != NULL) grpc_credentials_md_store_unref(*token_md); + *token_md = grpc_credentials_md_store_create(1); + grpc_credentials_md_store_add_cstrings( + *token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token); + status = GRPC_CREDENTIALS_OK; + } end: - if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) - { - grpc_credentials_md_store_unref (*token_md); - *token_md = NULL; - } - if (null_terminated_body != NULL) - gpr_free (null_terminated_body); - if (new_access_token != NULL) - gpr_free (new_access_token); - if (json != NULL) - grpc_json_destroy (json); + if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) { + grpc_credentials_md_store_unref(*token_md); + *token_md = NULL; + } + if (null_terminated_body != NULL) gpr_free(null_terminated_body); + if (new_access_token != NULL) gpr_free(new_access_token); + if (json != NULL) grpc_json_destroy(json); return status; } -static void -on_oauth2_token_fetcher_http_response (grpc_exec_ctx * exec_ctx, void *user_data, const grpc_httpcli_response * response) -{ - grpc_credentials_metadata_request *r = (grpc_credentials_metadata_request *) user_data; - grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *) r->creds; +static void on_oauth2_token_fetcher_http_response( + grpc_exec_ctx *exec_ctx, void *user_data, + const grpc_httpcli_response *response) { + grpc_credentials_metadata_request *r = + (grpc_credentials_metadata_request *)user_data; + grpc_oauth2_token_fetcher_credentials *c = + (grpc_oauth2_token_fetcher_credentials *)r->creds; gpr_timespec token_lifetime; grpc_credentials_status status; - gpr_mu_lock (&c->mu); - status = grpc_oauth2_token_fetcher_credentials_parse_server_response (response, &c->access_token_md, &token_lifetime); - if (status == GRPC_CREDENTIALS_OK) - { - c->token_expiration = gpr_time_add (gpr_now (GPR_CLOCK_REALTIME), token_lifetime); - r->cb (exec_ctx, r->user_data, c->access_token_md->entries, c->access_token_md->num_entries, status); - } - else - { - c->token_expiration = gpr_inf_past (GPR_CLOCK_REALTIME); - r->cb (exec_ctx, r->user_data, NULL, 0, status); - } - gpr_mu_unlock (&c->mu); - grpc_credentials_metadata_request_destroy (r); + gpr_mu_lock(&c->mu); + status = grpc_oauth2_token_fetcher_credentials_parse_server_response( + response, &c->access_token_md, &token_lifetime); + if (status == GRPC_CREDENTIALS_OK) { + c->token_expiration = + gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), token_lifetime); + r->cb(exec_ctx, r->user_data, c->access_token_md->entries, + c->access_token_md->num_entries, status); + } else { + c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); + r->cb(exec_ctx, r->user_data, NULL, 0, status); + } + gpr_mu_unlock(&c->mu); + grpc_credentials_metadata_request_destroy(r); } -static void -oauth2_token_fetcher_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) -{ - grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *) creds; - gpr_timespec refresh_threshold = gpr_time_from_seconds (GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN); +static void oauth2_token_fetcher_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_oauth2_token_fetcher_credentials *c = + (grpc_oauth2_token_fetcher_credentials *)creds; + gpr_timespec refresh_threshold = gpr_time_from_seconds( + GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN); grpc_credentials_md_store *cached_access_token_md = NULL; { - gpr_mu_lock (&c->mu); - if (c->access_token_md != NULL && (gpr_time_cmp (gpr_time_sub (c->token_expiration, gpr_now (GPR_CLOCK_REALTIME)), refresh_threshold) > 0)) - { - cached_access_token_md = grpc_credentials_md_store_ref (c->access_token_md); - } - gpr_mu_unlock (&c->mu); - } - if (cached_access_token_md != NULL) - { - cb (exec_ctx, user_data, cached_access_token_md->entries, cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK); - grpc_credentials_md_store_unref (cached_access_token_md); - } - else - { - c->fetch_func (exec_ctx, grpc_credentials_metadata_request_create (creds, cb, user_data), &c->httpcli_context, pollset, on_oauth2_token_fetcher_http_response, gpr_time_add (gpr_now (GPR_CLOCK_REALTIME), refresh_threshold)); + gpr_mu_lock(&c->mu); + if (c->access_token_md != NULL && + (gpr_time_cmp( + gpr_time_sub(c->token_expiration, gpr_now(GPR_CLOCK_REALTIME)), + refresh_threshold) > 0)) { + cached_access_token_md = + grpc_credentials_md_store_ref(c->access_token_md); } + gpr_mu_unlock(&c->mu); + } + if (cached_access_token_md != NULL) { + cb(exec_ctx, user_data, cached_access_token_md->entries, + cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK); + grpc_credentials_md_store_unref(cached_access_token_md); + } else { + c->fetch_func( + exec_ctx, + grpc_credentials_metadata_request_create(creds, cb, user_data), + &c->httpcli_context, pollset, on_oauth2_token_fetcher_http_response, + gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), refresh_threshold)); + } } -static void -init_oauth2_token_fetcher (grpc_oauth2_token_fetcher_credentials * c, grpc_fetch_oauth2_func fetch_func) -{ - memset (c, 0, sizeof (grpc_oauth2_token_fetcher_credentials)); +static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c, + grpc_fetch_oauth2_func fetch_func) { + memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; - gpr_ref_init (&c->base.refcount, 1); - gpr_mu_init (&c->mu); - c->token_expiration = gpr_inf_past (GPR_CLOCK_REALTIME); + gpr_ref_init(&c->base.refcount, 1); + gpr_mu_init(&c->mu); + c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); c->fetch_func = fetch_func; - grpc_httpcli_context_init (&c->httpcli_context); + grpc_httpcli_context_init(&c->httpcli_context); } /* -- GoogleComputeEngine credentials. -- */ static grpc_credentials_vtable compute_engine_vtable = { - oauth2_token_fetcher_destruct, oauth2_token_fetcher_has_request_metadata, - oauth2_token_fetcher_has_request_metadata_only, - oauth2_token_fetcher_get_request_metadata, NULL -}; - -static void -compute_engine_fetch_oauth2 (grpc_exec_ctx * exec_ctx, grpc_credentials_metadata_request * metadata_req, grpc_httpcli_context * httpcli_context, grpc_pollset * pollset, grpc_httpcli_response_cb response_cb, gpr_timespec deadline) -{ - grpc_httpcli_header header = { "Metadata-Flavor", "Google" }; + oauth2_token_fetcher_destruct, oauth2_token_fetcher_has_request_metadata, + oauth2_token_fetcher_has_request_metadata_only, + oauth2_token_fetcher_get_request_metadata, NULL}; + +static void compute_engine_fetch_oauth2( + grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req, + grpc_httpcli_context *httpcli_context, grpc_pollset *pollset, + grpc_httpcli_response_cb response_cb, gpr_timespec deadline) { + grpc_httpcli_header header = {"Metadata-Flavor", "Google"}; grpc_httpcli_request request; - memset (&request, 0, sizeof (grpc_httpcli_request)); + memset(&request, 0, sizeof(grpc_httpcli_request)); request.host = GRPC_COMPUTE_ENGINE_METADATA_HOST; request.path = GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH; request.hdr_count = 1; request.hdrs = &header; - grpc_httpcli_get (exec_ctx, httpcli_context, pollset, &request, deadline, response_cb, metadata_req); + grpc_httpcli_get(exec_ctx, httpcli_context, pollset, &request, deadline, + response_cb, metadata_req); } -grpc_credentials * -grpc_google_compute_engine_credentials_create (void *reserved) -{ - grpc_oauth2_token_fetcher_credentials *c = gpr_malloc (sizeof (grpc_oauth2_token_fetcher_credentials)); - GPR_ASSERT (reserved == NULL); - init_oauth2_token_fetcher (c, compute_engine_fetch_oauth2); +grpc_credentials *grpc_google_compute_engine_credentials_create( + void *reserved) { + grpc_oauth2_token_fetcher_credentials *c = + gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials)); + GPR_ASSERT(reserved == NULL); + init_oauth2_token_fetcher(c, compute_engine_fetch_oauth2); c->base.vtable = &compute_engine_vtable; return &c->base; } /* -- GoogleRefreshToken credentials. -- */ -static void -refresh_token_destruct (grpc_credentials * creds) -{ - grpc_google_refresh_token_credentials *c = (grpc_google_refresh_token_credentials *) creds; - grpc_auth_refresh_token_destruct (&c->refresh_token); - oauth2_token_fetcher_destruct (&c->base.base); +static void refresh_token_destruct(grpc_credentials *creds) { + grpc_google_refresh_token_credentials *c = + (grpc_google_refresh_token_credentials *)creds; + grpc_auth_refresh_token_destruct(&c->refresh_token); + oauth2_token_fetcher_destruct(&c->base.base); } static grpc_credentials_vtable refresh_token_vtable = { - refresh_token_destruct, oauth2_token_fetcher_has_request_metadata, - oauth2_token_fetcher_has_request_metadata_only, - oauth2_token_fetcher_get_request_metadata, NULL -}; - -static void -refresh_token_fetch_oauth2 (grpc_exec_ctx * exec_ctx, grpc_credentials_metadata_request * metadata_req, grpc_httpcli_context * httpcli_context, grpc_pollset * pollset, grpc_httpcli_response_cb response_cb, gpr_timespec deadline) -{ - grpc_google_refresh_token_credentials *c = (grpc_google_refresh_token_credentials *) metadata_req->creds; - grpc_httpcli_header header = { "Content-Type", - "application/x-www-form-urlencoded" - }; + refresh_token_destruct, oauth2_token_fetcher_has_request_metadata, + oauth2_token_fetcher_has_request_metadata_only, + oauth2_token_fetcher_get_request_metadata, NULL}; + +static void refresh_token_fetch_oauth2( + grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req, + grpc_httpcli_context *httpcli_context, grpc_pollset *pollset, + grpc_httpcli_response_cb response_cb, gpr_timespec deadline) { + grpc_google_refresh_token_credentials *c = + (grpc_google_refresh_token_credentials *)metadata_req->creds; + grpc_httpcli_header header = {"Content-Type", + "application/x-www-form-urlencoded"}; grpc_httpcli_request request; char *body = NULL; - gpr_asprintf (&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING, c->refresh_token.client_id, c->refresh_token.client_secret, c->refresh_token.refresh_token); - memset (&request, 0, sizeof (grpc_httpcli_request)); + gpr_asprintf(&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING, + c->refresh_token.client_id, c->refresh_token.client_secret, + c->refresh_token.refresh_token); + memset(&request, 0, sizeof(grpc_httpcli_request)); request.host = GRPC_GOOGLE_OAUTH2_SERVICE_HOST; request.path = GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH; request.hdr_count = 1; request.hdrs = &header; request.handshaker = &grpc_httpcli_ssl; - grpc_httpcli_post (exec_ctx,httpcli_context, pollset, &request, body, strlen ( body), deadline, response_cb, metadata_req); - gpr_free (body); + grpc_httpcli_post(exec_ctx, httpcli_context, pollset, &request, body, + strlen(body), deadline, response_cb, metadata_req); + gpr_free(body); } -grpc_credentials * -grpc_refresh_token_credentials_create_from_auth_refresh_token (grpc_auth_refresh_token refresh_token) -{ +grpc_credentials *grpc_refresh_token_credentials_create_from_auth_refresh_token( + grpc_auth_refresh_token refresh_token) { grpc_google_refresh_token_credentials *c; - if (!grpc_auth_refresh_token_is_valid (&refresh_token)) - { - gpr_log (GPR_ERROR, "Invalid input for refresh token credentials creation"); - return NULL; - } - c = gpr_malloc (sizeof (grpc_google_refresh_token_credentials)); - memset (c, 0, sizeof (grpc_google_refresh_token_credentials)); - init_oauth2_token_fetcher (&c->base, refresh_token_fetch_oauth2); + if (!grpc_auth_refresh_token_is_valid(&refresh_token)) { + gpr_log(GPR_ERROR, "Invalid input for refresh token credentials creation"); + return NULL; + } + c = gpr_malloc(sizeof(grpc_google_refresh_token_credentials)); + memset(c, 0, sizeof(grpc_google_refresh_token_credentials)); + init_oauth2_token_fetcher(&c->base, refresh_token_fetch_oauth2); c->base.base.vtable = &refresh_token_vtable; c->refresh_token = refresh_token; return &c->base.base; } -grpc_credentials * -grpc_google_refresh_token_credentials_create (const char *json_refresh_token, void *reserved) -{ - GPR_ASSERT (reserved == NULL); - return grpc_refresh_token_credentials_create_from_auth_refresh_token (grpc_auth_refresh_token_create_from_string (json_refresh_token)); +grpc_credentials *grpc_google_refresh_token_credentials_create( + const char *json_refresh_token, void *reserved) { + GPR_ASSERT(reserved == NULL); + return grpc_refresh_token_credentials_create_from_auth_refresh_token( + grpc_auth_refresh_token_create_from_string(json_refresh_token)); } /* -- Metadata-only credentials. -- */ -static void -md_only_test_destruct (grpc_credentials * creds) -{ - grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *) creds; - grpc_credentials_md_store_unref (c->md_store); +static void md_only_test_destruct(grpc_credentials *creds) { + grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; + grpc_credentials_md_store_unref(c->md_store); } -static int -md_only_test_has_request_metadata (const grpc_credentials * creds) -{ +static int md_only_test_has_request_metadata(const grpc_credentials *creds) { return 1; } -static int -md_only_test_has_request_metadata_only (const grpc_credentials * creds) -{ +static int md_only_test_has_request_metadata_only( + const grpc_credentials *creds) { return 1; } -static void -on_simulated_token_fetch_done (void *user_data) -{ - grpc_credentials_metadata_request *r = (grpc_credentials_metadata_request *) user_data; - grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *) r->creds; +static void on_simulated_token_fetch_done(void *user_data) { + grpc_credentials_metadata_request *r = + (grpc_credentials_metadata_request *)user_data; + grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)r->creds; grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; - r->cb (&exec_ctx, r->user_data, c->md_store->entries, c->md_store->num_entries, GRPC_CREDENTIALS_OK); - grpc_credentials_metadata_request_destroy (r); - grpc_exec_ctx_finish (&exec_ctx); -} - -static void -md_only_test_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) -{ - grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *) creds; - - if (c->is_async) - { - gpr_thd_id thd_id; - grpc_credentials_metadata_request *cb_arg = grpc_credentials_metadata_request_create (creds, cb, user_data); - gpr_thd_new (&thd_id, on_simulated_token_fetch_done, cb_arg, NULL); - } - else - { - cb (exec_ctx, user_data, c->md_store->entries, 1, GRPC_CREDENTIALS_OK); - } + r->cb(&exec_ctx, r->user_data, c->md_store->entries, c->md_store->num_entries, + GRPC_CREDENTIALS_OK); + grpc_credentials_metadata_request_destroy(r); + grpc_exec_ctx_finish(&exec_ctx); +} + +static void md_only_test_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; + + if (c->is_async) { + gpr_thd_id thd_id; + grpc_credentials_metadata_request *cb_arg = + grpc_credentials_metadata_request_create(creds, cb, user_data); + gpr_thd_new(&thd_id, on_simulated_token_fetch_done, cb_arg, NULL); + } else { + cb(exec_ctx, user_data, c->md_store->entries, 1, GRPC_CREDENTIALS_OK); + } } static grpc_credentials_vtable md_only_test_vtable = { - md_only_test_destruct, md_only_test_has_request_metadata, - md_only_test_has_request_metadata_only, md_only_test_get_request_metadata, - NULL -}; - -grpc_credentials * -grpc_md_only_test_credentials_create (const char *md_key, const char *md_value, int is_async) -{ - grpc_md_only_test_credentials *c = gpr_malloc (sizeof (grpc_md_only_test_credentials)); - memset (c, 0, sizeof (grpc_md_only_test_credentials)); + md_only_test_destruct, md_only_test_has_request_metadata, + md_only_test_has_request_metadata_only, md_only_test_get_request_metadata, + NULL}; + +grpc_credentials *grpc_md_only_test_credentials_create(const char *md_key, + const char *md_value, + int is_async) { + grpc_md_only_test_credentials *c = + gpr_malloc(sizeof(grpc_md_only_test_credentials)); + memset(c, 0, sizeof(grpc_md_only_test_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; c->base.vtable = &md_only_test_vtable; - gpr_ref_init (&c->base.refcount, 1); - c->md_store = grpc_credentials_md_store_create (1); - grpc_credentials_md_store_add_cstrings (c->md_store, md_key, md_value); + gpr_ref_init(&c->base.refcount, 1); + c->md_store = grpc_credentials_md_store_create(1); + grpc_credentials_md_store_add_cstrings(c->md_store, md_key, md_value); c->is_async = is_async; return &c->base; } /* -- Oauth2 Access Token credentials. -- */ -static void -access_token_destruct (grpc_credentials * creds) -{ - grpc_access_token_credentials *c = (grpc_access_token_credentials *) creds; - grpc_credentials_md_store_unref (c->access_token_md); +static void access_token_destruct(grpc_credentials *creds) { + grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; + grpc_credentials_md_store_unref(c->access_token_md); } -static int -access_token_has_request_metadata (const grpc_credentials * creds) -{ +static int access_token_has_request_metadata(const grpc_credentials *creds) { return 1; } -static int -access_token_has_request_metadata_only (const grpc_credentials * creds) -{ +static int access_token_has_request_metadata_only( + const grpc_credentials *creds) { return 1; } -static void -access_token_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) -{ - grpc_access_token_credentials *c = (grpc_access_token_credentials *) creds; - cb (exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK); +static void access_token_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; + cb(exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK); } static grpc_credentials_vtable access_token_vtable = { - access_token_destruct, access_token_has_request_metadata, - access_token_has_request_metadata_only, access_token_get_request_metadata, - NULL -}; - -grpc_credentials * -grpc_access_token_credentials_create (const char *access_token, void *reserved) -{ - grpc_access_token_credentials *c = gpr_malloc (sizeof (grpc_access_token_credentials)); + access_token_destruct, access_token_has_request_metadata, + access_token_has_request_metadata_only, access_token_get_request_metadata, + NULL}; + +grpc_credentials *grpc_access_token_credentials_create(const char *access_token, + void *reserved) { + grpc_access_token_credentials *c = + gpr_malloc(sizeof(grpc_access_token_credentials)); char *token_md_value; - GPR_ASSERT (reserved == NULL); - memset (c, 0, sizeof (grpc_access_token_credentials)); + GPR_ASSERT(reserved == NULL); + memset(c, 0, sizeof(grpc_access_token_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; c->base.vtable = &access_token_vtable; - gpr_ref_init (&c->base.refcount, 1); - c->access_token_md = grpc_credentials_md_store_create (1); - gpr_asprintf (&token_md_value, "Bearer %s", access_token); - grpc_credentials_md_store_add_cstrings (c->access_token_md, GRPC_AUTHORIZATION_METADATA_KEY, token_md_value); - gpr_free (token_md_value); + gpr_ref_init(&c->base.refcount, 1); + c->access_token_md = grpc_credentials_md_store_create(1); + gpr_asprintf(&token_md_value, "Bearer %s", access_token); + grpc_credentials_md_store_add_cstrings( + c->access_token_md, GRPC_AUTHORIZATION_METADATA_KEY, token_md_value); + gpr_free(token_md_value); return &c->base; } /* -- Fake transport security credentials. -- */ -static void -fake_transport_security_credentials_destruct (grpc_credentials * creds) -{ +static void fake_transport_security_credentials_destruct( + grpc_credentials *creds) { /* Nothing to do here. */ } -static void -fake_transport_security_server_credentials_destruct (grpc_server_credentials * creds) -{ +static void fake_transport_security_server_credentials_destruct( + grpc_server_credentials *creds) { /* Nothing to do here. */ } -static int -fake_transport_security_has_request_metadata (const grpc_credentials * creds) -{ +static int fake_transport_security_has_request_metadata( + const grpc_credentials *creds) { return 0; } -static int -fake_transport_security_has_request_metadata_only (const grpc_credentials * creds) -{ +static int fake_transport_security_has_request_metadata_only( + const grpc_credentials *creds) { return 0; } -static grpc_security_status -fake_transport_security_create_security_connector (grpc_credentials * c, const char *target, const grpc_channel_args * args, grpc_credentials * request_metadata_creds, grpc_channel_security_connector ** sc, grpc_channel_args ** new_args) -{ - *sc = grpc_fake_channel_security_connector_create (request_metadata_creds, 1); +static grpc_security_status fake_transport_security_create_security_connector( + grpc_credentials *c, const char *target, const grpc_channel_args *args, + grpc_credentials *request_metadata_creds, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + *sc = grpc_fake_channel_security_connector_create(request_metadata_creds, 1); return GRPC_SECURITY_OK; } static grpc_security_status -fake_transport_security_server_create_security_connector (grpc_server_credentials * c, grpc_security_connector ** sc) -{ - *sc = grpc_fake_server_security_connector_create (); +fake_transport_security_server_create_security_connector( + grpc_server_credentials *c, grpc_security_connector **sc) { + *sc = grpc_fake_server_security_connector_create(); return GRPC_SECURITY_OK; } static grpc_credentials_vtable fake_transport_security_credentials_vtable = { - fake_transport_security_credentials_destruct, - fake_transport_security_has_request_metadata, - fake_transport_security_has_request_metadata_only, NULL, - fake_transport_security_create_security_connector -}; - -static grpc_server_credentials_vtable fake_transport_security_server_credentials_vtable = { - fake_transport_security_server_credentials_destruct, - fake_transport_security_server_create_security_connector -}; - -grpc_credentials * -grpc_fake_transport_security_credentials_create (void) -{ - grpc_credentials *c = gpr_malloc (sizeof (grpc_credentials)); - memset (c, 0, sizeof (grpc_credentials)); + fake_transport_security_credentials_destruct, + fake_transport_security_has_request_metadata, + fake_transport_security_has_request_metadata_only, NULL, + fake_transport_security_create_security_connector}; + +static grpc_server_credentials_vtable + fake_transport_security_server_credentials_vtable = { + fake_transport_security_server_credentials_destruct, + fake_transport_security_server_create_security_connector}; + +grpc_credentials *grpc_fake_transport_security_credentials_create(void) { + grpc_credentials *c = gpr_malloc(sizeof(grpc_credentials)); + memset(c, 0, sizeof(grpc_credentials)); c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; c->vtable = &fake_transport_security_credentials_vtable; - gpr_ref_init (&c->refcount, 1); + gpr_ref_init(&c->refcount, 1); return c; } -grpc_server_credentials * -grpc_fake_transport_security_server_credentials_create (void) -{ - grpc_server_credentials *c = gpr_malloc (sizeof (grpc_server_credentials)); - memset (c, 0, sizeof (grpc_server_credentials)); +grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( + void) { + grpc_server_credentials *c = gpr_malloc(sizeof(grpc_server_credentials)); + memset(c, 0, sizeof(grpc_server_credentials)); c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; - gpr_ref_init (&c->refcount, 1); + gpr_ref_init(&c->refcount, 1); c->vtable = &fake_transport_security_server_credentials_vtable; return c; } /* -- Composite credentials. -- */ -typedef struct -{ +typedef struct { grpc_composite_credentials *composite_creds; size_t creds_index; grpc_credentials_md_store *md_elems; @@ -990,406 +912,355 @@ typedef struct grpc_credentials_metadata_cb cb; } grpc_composite_credentials_metadata_context; -static void -composite_destruct (grpc_credentials * creds) -{ - grpc_composite_credentials *c = (grpc_composite_credentials *) creds; +static void composite_destruct(grpc_credentials *creds) { + grpc_composite_credentials *c = (grpc_composite_credentials *)creds; size_t i; - for (i = 0; i < c->inner.num_creds; i++) - { - grpc_credentials_unref (c->inner.creds_array[i]); - } - gpr_free (c->inner.creds_array); + for (i = 0; i < c->inner.num_creds; i++) { + grpc_credentials_unref(c->inner.creds_array[i]); + } + gpr_free(c->inner.creds_array); } -static int -composite_has_request_metadata (const grpc_credentials * creds) -{ - const grpc_composite_credentials *c = (const grpc_composite_credentials *) creds; +static int composite_has_request_metadata(const grpc_credentials *creds) { + const grpc_composite_credentials *c = + (const grpc_composite_credentials *)creds; size_t i; - for (i = 0; i < c->inner.num_creds; i++) - { - if (grpc_credentials_has_request_metadata (c->inner.creds_array[i])) - { - return 1; - } + for (i = 0; i < c->inner.num_creds; i++) { + if (grpc_credentials_has_request_metadata(c->inner.creds_array[i])) { + return 1; } + } return 0; } -static int -composite_has_request_metadata_only (const grpc_credentials * creds) -{ - const grpc_composite_credentials *c = (const grpc_composite_credentials *) creds; +static int composite_has_request_metadata_only(const grpc_credentials *creds) { + const grpc_composite_credentials *c = + (const grpc_composite_credentials *)creds; size_t i; - for (i = 0; i < c->inner.num_creds; i++) - { - if (!grpc_credentials_has_request_metadata_only (c->inner.creds_array[i])) - { - return 0; - } + for (i = 0; i < c->inner.num_creds; i++) { + if (!grpc_credentials_has_request_metadata_only(c->inner.creds_array[i])) { + return 0; } + } return 1; } -static void -composite_md_context_destroy (grpc_composite_credentials_metadata_context * ctx) -{ - grpc_credentials_md_store_unref (ctx->md_elems); - if (ctx->service_url != NULL) - gpr_free (ctx->service_url); - gpr_free (ctx); +static void composite_md_context_destroy( + grpc_composite_credentials_metadata_context *ctx) { + grpc_credentials_md_store_unref(ctx->md_elems); + if (ctx->service_url != NULL) gpr_free(ctx->service_url); + gpr_free(ctx); } -static void -composite_metadata_cb (grpc_exec_ctx * exec_ctx, void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status) -{ - grpc_composite_credentials_metadata_context *ctx = (grpc_composite_credentials_metadata_context *) user_data; - if (status != GRPC_CREDENTIALS_OK) - { - ctx->cb (exec_ctx, ctx->user_data, NULL, 0, status); - return; - } +static void composite_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, + grpc_credentials_md *md_elems, size_t num_md, + grpc_credentials_status status) { + grpc_composite_credentials_metadata_context *ctx = + (grpc_composite_credentials_metadata_context *)user_data; + if (status != GRPC_CREDENTIALS_OK) { + ctx->cb(exec_ctx, ctx->user_data, NULL, 0, status); + return; + } /* Copy the metadata in the context. */ - if (num_md > 0) - { - size_t i; - for (i = 0; i < num_md; i++) - { - grpc_credentials_md_store_add (ctx->md_elems, md_elems[i].key, md_elems[i].value); - } + if (num_md > 0) { + size_t i; + for (i = 0; i < num_md; i++) { + grpc_credentials_md_store_add(ctx->md_elems, md_elems[i].key, + md_elems[i].value); } + } /* See if we need to get some more metadata. */ - while (ctx->creds_index < ctx->composite_creds->inner.num_creds) - { - grpc_credentials *inner_creds = ctx->composite_creds->inner.creds_array[ctx->creds_index++]; - if (grpc_credentials_has_request_metadata (inner_creds)) - { - grpc_credentials_get_request_metadata (exec_ctx, inner_creds, ctx->pollset, ctx->service_url, composite_metadata_cb, ctx); - return; - } + while (ctx->creds_index < ctx->composite_creds->inner.num_creds) { + grpc_credentials *inner_creds = + ctx->composite_creds->inner.creds_array[ctx->creds_index++]; + if (grpc_credentials_has_request_metadata(inner_creds)) { + grpc_credentials_get_request_metadata(exec_ctx, inner_creds, ctx->pollset, + ctx->service_url, + composite_metadata_cb, ctx); + return; } + } /* We're done!. */ - ctx->cb (exec_ctx, ctx->user_data, ctx->md_elems->entries, ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK); - composite_md_context_destroy (ctx); + ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries, + ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK); + composite_md_context_destroy(ctx); } -static void -composite_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) -{ - grpc_composite_credentials *c = (grpc_composite_credentials *) creds; +static void composite_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_composite_credentials *c = (grpc_composite_credentials *)creds; grpc_composite_credentials_metadata_context *ctx; - if (!grpc_credentials_has_request_metadata (creds)) - { - cb (exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); - return; - } - ctx = gpr_malloc (sizeof (grpc_composite_credentials_metadata_context)); - memset (ctx, 0, sizeof (grpc_composite_credentials_metadata_context)); - ctx->service_url = gpr_strdup (service_url); + if (!grpc_credentials_has_request_metadata(creds)) { + cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); + return; + } + ctx = gpr_malloc(sizeof(grpc_composite_credentials_metadata_context)); + memset(ctx, 0, sizeof(grpc_composite_credentials_metadata_context)); + ctx->service_url = gpr_strdup(service_url); ctx->user_data = user_data; ctx->cb = cb; ctx->composite_creds = c; ctx->pollset = pollset; - ctx->md_elems = grpc_credentials_md_store_create (c->inner.num_creds); - while (ctx->creds_index < c->inner.num_creds) - { - grpc_credentials *inner_creds = c->inner.creds_array[ctx->creds_index++]; - if (grpc_credentials_has_request_metadata (inner_creds)) - { - grpc_credentials_get_request_metadata (exec_ctx, inner_creds, pollset, service_url, composite_metadata_cb, ctx); - return; - } - } - GPR_ASSERT (0); /* Should have exited before. */ -} - -static grpc_security_status -composite_create_security_connector (grpc_credentials * creds, const char *target, const grpc_channel_args * args, grpc_credentials * request_metadata_creds, grpc_channel_security_connector ** sc, grpc_channel_args ** new_args) -{ - grpc_composite_credentials *c = (grpc_composite_credentials *) creds; - if (c->connector_creds == NULL) - { - gpr_log (GPR_ERROR, "Cannot create security connector, missing connector credentials."); - return GRPC_SECURITY_ERROR; + ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds); + while (ctx->creds_index < c->inner.num_creds) { + grpc_credentials *inner_creds = c->inner.creds_array[ctx->creds_index++]; + if (grpc_credentials_has_request_metadata(inner_creds)) { + grpc_credentials_get_request_metadata(exec_ctx, inner_creds, pollset, + service_url, composite_metadata_cb, + ctx); + return; } - return grpc_credentials_create_security_connector (c->connector_creds, target, args, creds, sc, new_args); + } + GPR_ASSERT(0); /* Should have exited before. */ +} + +static grpc_security_status composite_create_security_connector( + grpc_credentials *creds, const char *target, const grpc_channel_args *args, + grpc_credentials *request_metadata_creds, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + grpc_composite_credentials *c = (grpc_composite_credentials *)creds; + if (c->connector_creds == NULL) { + gpr_log(GPR_ERROR, + "Cannot create security connector, missing connector credentials."); + return GRPC_SECURITY_ERROR; + } + return grpc_credentials_create_security_connector(c->connector_creds, target, + args, creds, sc, new_args); } static grpc_credentials_vtable composite_credentials_vtable = { - composite_destruct, composite_has_request_metadata, - composite_has_request_metadata_only, composite_get_request_metadata, - composite_create_security_connector -}; + composite_destruct, composite_has_request_metadata, + composite_has_request_metadata_only, composite_get_request_metadata, + composite_create_security_connector}; -static grpc_credentials_array -get_creds_array (grpc_credentials ** creds_addr) -{ +static grpc_credentials_array get_creds_array(grpc_credentials **creds_addr) { grpc_credentials_array result; grpc_credentials *creds = *creds_addr; result.creds_array = creds_addr; result.num_creds = 1; - if (strcmp (creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) - { - result = *grpc_composite_credentials_get_credentials (creds); - } + if (strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) { + result = *grpc_composite_credentials_get_credentials(creds); + } return result; } -grpc_credentials * -grpc_composite_credentials_create (grpc_credentials * creds1, grpc_credentials * creds2, void *reserved) -{ +grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1, + grpc_credentials *creds2, + void *reserved) { size_t i; size_t creds_array_byte_size; grpc_credentials_array creds1_array; grpc_credentials_array creds2_array; grpc_composite_credentials *c; - GPR_ASSERT (reserved == NULL); - GPR_ASSERT (creds1 != NULL); - GPR_ASSERT (creds2 != NULL); - c = gpr_malloc (sizeof (grpc_composite_credentials)); - memset (c, 0, sizeof (grpc_composite_credentials)); + GPR_ASSERT(reserved == NULL); + GPR_ASSERT(creds1 != NULL); + GPR_ASSERT(creds2 != NULL); + c = gpr_malloc(sizeof(grpc_composite_credentials)); + memset(c, 0, sizeof(grpc_composite_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_COMPOSITE; c->base.vtable = &composite_credentials_vtable; - gpr_ref_init (&c->base.refcount, 1); - creds1_array = get_creds_array (&creds1); - creds2_array = get_creds_array (&creds2); + gpr_ref_init(&c->base.refcount, 1); + creds1_array = get_creds_array(&creds1); + creds2_array = get_creds_array(&creds2); c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds; - creds_array_byte_size = c->inner.num_creds * sizeof (grpc_credentials *); - c->inner.creds_array = gpr_malloc (creds_array_byte_size); - memset (c->inner.creds_array, 0, creds_array_byte_size); - for (i = 0; i < creds1_array.num_creds; i++) - { - grpc_credentials *cur_creds = creds1_array.creds_array[i]; - if (!grpc_credentials_has_request_metadata_only (cur_creds)) - { - if (c->connector_creds == NULL) - { - c->connector_creds = cur_creds; - } - else - { - gpr_log (GPR_ERROR, "Cannot compose multiple connector credentials."); - goto fail; - } - } - c->inner.creds_array[i] = grpc_credentials_ref (cur_creds); + creds_array_byte_size = c->inner.num_creds * sizeof(grpc_credentials *); + c->inner.creds_array = gpr_malloc(creds_array_byte_size); + memset(c->inner.creds_array, 0, creds_array_byte_size); + for (i = 0; i < creds1_array.num_creds; i++) { + grpc_credentials *cur_creds = creds1_array.creds_array[i]; + if (!grpc_credentials_has_request_metadata_only(cur_creds)) { + if (c->connector_creds == NULL) { + c->connector_creds = cur_creds; + } else { + gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials."); + goto fail; + } } - for (i = 0; i < creds2_array.num_creds; i++) - { - grpc_credentials *cur_creds = creds2_array.creds_array[i]; - if (!grpc_credentials_has_request_metadata_only (cur_creds)) - { - if (c->connector_creds == NULL) - { - c->connector_creds = cur_creds; - } - else - { - gpr_log (GPR_ERROR, "Cannot compose multiple connector credentials."); - goto fail; - } - } - c->inner.creds_array[i + creds1_array.num_creds] = grpc_credentials_ref (cur_creds); + c->inner.creds_array[i] = grpc_credentials_ref(cur_creds); + } + for (i = 0; i < creds2_array.num_creds; i++) { + grpc_credentials *cur_creds = creds2_array.creds_array[i]; + if (!grpc_credentials_has_request_metadata_only(cur_creds)) { + if (c->connector_creds == NULL) { + c->connector_creds = cur_creds; + } else { + gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials."); + goto fail; + } } + c->inner.creds_array[i + creds1_array.num_creds] = + grpc_credentials_ref(cur_creds); + } return &c->base; fail: - grpc_credentials_unref (&c->base); + grpc_credentials_unref(&c->base); return NULL; } -const grpc_credentials_array * -grpc_composite_credentials_get_credentials (grpc_credentials * creds) -{ - const grpc_composite_credentials *c = (const grpc_composite_credentials *) creds; - GPR_ASSERT (strcmp (creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); +const grpc_credentials_array *grpc_composite_credentials_get_credentials( + grpc_credentials *creds) { + const grpc_composite_credentials *c = + (const grpc_composite_credentials *)creds; + GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); return &c->inner; } -grpc_credentials * -grpc_credentials_contains_type (grpc_credentials * creds, const char *type, grpc_credentials ** composite_creds) -{ +grpc_credentials *grpc_credentials_contains_type( + grpc_credentials *creds, const char *type, + grpc_credentials **composite_creds) { size_t i; - if (strcmp (creds->type, type) == 0) - { - if (composite_creds != NULL) - *composite_creds = NULL; - return creds; - } - else if (strcmp (creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) - { - const grpc_credentials_array *inner_creds_array = grpc_composite_credentials_get_credentials (creds); - for (i = 0; i < inner_creds_array->num_creds; i++) - { - if (strcmp (type, inner_creds_array->creds_array[i]->type) == 0) - { - if (composite_creds != NULL) - *composite_creds = creds; - return inner_creds_array->creds_array[i]; - } - } + if (strcmp(creds->type, type) == 0) { + if (composite_creds != NULL) *composite_creds = NULL; + return creds; + } else if (strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) { + const grpc_credentials_array *inner_creds_array = + grpc_composite_credentials_get_credentials(creds); + for (i = 0; i < inner_creds_array->num_creds; i++) { + if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) { + if (composite_creds != NULL) *composite_creds = creds; + return inner_creds_array->creds_array[i]; + } } + } return NULL; } /* -- IAM credentials. -- */ -static void -iam_destruct (grpc_credentials * creds) -{ - grpc_google_iam_credentials *c = (grpc_google_iam_credentials *) creds; - grpc_credentials_md_store_unref (c->iam_md); +static void iam_destruct(grpc_credentials *creds) { + grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; + grpc_credentials_md_store_unref(c->iam_md); } -static int -iam_has_request_metadata (const grpc_credentials * creds) -{ - return 1; -} +static int iam_has_request_metadata(const grpc_credentials *creds) { return 1; } -static int -iam_has_request_metadata_only (const grpc_credentials * creds) -{ +static int iam_has_request_metadata_only(const grpc_credentials *creds) { return 1; } -static void -iam_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) -{ - grpc_google_iam_credentials *c = (grpc_google_iam_credentials *) creds; - cb (exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries, GRPC_CREDENTIALS_OK); +static void iam_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; + cb(exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries, + GRPC_CREDENTIALS_OK); } static grpc_credentials_vtable iam_vtable = { - iam_destruct, iam_has_request_metadata, iam_has_request_metadata_only, - iam_get_request_metadata, NULL -}; + iam_destruct, iam_has_request_metadata, iam_has_request_metadata_only, + iam_get_request_metadata, NULL}; -grpc_credentials * -grpc_google_iam_credentials_create (const char *token, const char *authority_selector, void *reserved) -{ +grpc_credentials *grpc_google_iam_credentials_create( + const char *token, const char *authority_selector, void *reserved) { grpc_google_iam_credentials *c; - GPR_ASSERT (reserved == NULL); - GPR_ASSERT (token != NULL); - GPR_ASSERT (authority_selector != NULL); - c = gpr_malloc (sizeof (grpc_google_iam_credentials)); - memset (c, 0, sizeof (grpc_google_iam_credentials)); + GPR_ASSERT(reserved == NULL); + GPR_ASSERT(token != NULL); + GPR_ASSERT(authority_selector != NULL); + c = gpr_malloc(sizeof(grpc_google_iam_credentials)); + memset(c, 0, sizeof(grpc_google_iam_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_IAM; c->base.vtable = &iam_vtable; - gpr_ref_init (&c->base.refcount, 1); - c->iam_md = grpc_credentials_md_store_create (2); - grpc_credentials_md_store_add_cstrings (c->iam_md, GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, token); - grpc_credentials_md_store_add_cstrings (c->iam_md, GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, authority_selector); + gpr_ref_init(&c->base.refcount, 1); + c->iam_md = grpc_credentials_md_store_create(2); + grpc_credentials_md_store_add_cstrings( + c->iam_md, GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, token); + grpc_credentials_md_store_add_cstrings( + c->iam_md, GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, authority_selector); return &c->base; } /* -- Plugin credentials. -- */ -typedef struct -{ +typedef struct { void *user_data; grpc_credentials_metadata_cb cb; } grpc_metadata_plugin_request; -static void -plugin_destruct (grpc_credentials * creds) -{ - grpc_plugin_credentials *c = (grpc_plugin_credentials *) creds; - if (c->plugin.state != NULL && c->plugin.destroy != NULL) - { - c->plugin.destroy (c->plugin.state); - } +static void plugin_destruct(grpc_credentials *creds) { + grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; + if (c->plugin.state != NULL && c->plugin.destroy != NULL) { + c->plugin.destroy(c->plugin.state); + } } -static int -plugin_has_request_metadata (const grpc_credentials * creds) -{ +static int plugin_has_request_metadata(const grpc_credentials *creds) { return 1; } -static int -plugin_has_request_metadata_only (const grpc_credentials * creds) -{ +static int plugin_has_request_metadata_only(const grpc_credentials *creds) { return 1; } -static void -plugin_md_request_metadata_ready (void *request, const grpc_metadata * md, size_t num_md, grpc_status_code status, const char *error_details) -{ +static void plugin_md_request_metadata_ready(void *request, + const grpc_metadata *md, + size_t num_md, + grpc_status_code status, + const char *error_details) { /* called from application code */ grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; - grpc_metadata_plugin_request *r = (grpc_metadata_plugin_request *) request; - if (status != GRPC_STATUS_OK) - { - if (error_details != NULL) - { - gpr_log (GPR_ERROR, "Getting metadata from plugin failed with error: %s", error_details); - } - r->cb (&exec_ctx, r->user_data, NULL, 0, GRPC_CREDENTIALS_ERROR); - } - else - { - size_t i; - grpc_credentials_md *md_array = NULL; - if (num_md > 0) - { - md_array = gpr_malloc (num_md * sizeof (grpc_credentials_md)); - for (i = 0; i < num_md; i++) - { - md_array[i].key = gpr_slice_from_copied_string (md[i].key); - md_array[i].value = gpr_slice_from_copied_buffer (md[i].value, md[i].value_length); - } - } - r->cb (&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK); - if (md_array != NULL) - { - for (i = 0; i < num_md; i++) - { - gpr_slice_unref (md_array[i].key); - gpr_slice_unref (md_array[i].value); - } - gpr_free (md_array); - } + grpc_metadata_plugin_request *r = (grpc_metadata_plugin_request *)request; + if (status != GRPC_STATUS_OK) { + if (error_details != NULL) { + gpr_log(GPR_ERROR, "Getting metadata from plugin failed with error: %s", + error_details); } - gpr_free (r); -} - -static void -plugin_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) -{ - grpc_plugin_credentials *c = (grpc_plugin_credentials *) creds; - if (c->plugin.get_metadata != NULL) - { - grpc_metadata_plugin_request *request = gpr_malloc (sizeof (*request)); - memset (request, 0, sizeof (*request)); - request->user_data = user_data; - request->cb = cb; - c->plugin.get_metadata (c->plugin.state, service_url, plugin_md_request_metadata_ready, request); + r->cb(&exec_ctx, r->user_data, NULL, 0, GRPC_CREDENTIALS_ERROR); + } else { + size_t i; + grpc_credentials_md *md_array = NULL; + if (num_md > 0) { + md_array = gpr_malloc(num_md * sizeof(grpc_credentials_md)); + for (i = 0; i < num_md; i++) { + md_array[i].key = gpr_slice_from_copied_string(md[i].key); + md_array[i].value = + gpr_slice_from_copied_buffer(md[i].value, md[i].value_length); + } } - else - { - cb (exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); + r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK); + if (md_array != NULL) { + for (i = 0; i < num_md; i++) { + gpr_slice_unref(md_array[i].key); + gpr_slice_unref(md_array[i].value); + } + gpr_free(md_array); } + } + gpr_free(r); +} + +static void plugin_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; + if (c->plugin.get_metadata != NULL) { + grpc_metadata_plugin_request *request = gpr_malloc(sizeof(*request)); + memset(request, 0, sizeof(*request)); + request->user_data = user_data; + request->cb = cb; + c->plugin.get_metadata(c->plugin.state, service_url, + plugin_md_request_metadata_ready, request); + } else { + cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); + } } static grpc_credentials_vtable plugin_vtable = { - plugin_destruct, plugin_has_request_metadata, - plugin_has_request_metadata_only, plugin_get_request_metadata, NULL -}; - -grpc_credentials * -grpc_metadata_credentials_create_from_plugin (grpc_metadata_credentials_plugin plugin, void *reserved) -{ - grpc_plugin_credentials *c = gpr_malloc (sizeof (*c)); - GPR_ASSERT (reserved == NULL); - memset (c, 0, sizeof (*c)); + plugin_destruct, plugin_has_request_metadata, + plugin_has_request_metadata_only, plugin_get_request_metadata, NULL}; + +grpc_credentials *grpc_metadata_credentials_create_from_plugin( + grpc_metadata_credentials_plugin plugin, void *reserved) { + grpc_plugin_credentials *c = gpr_malloc(sizeof(*c)); + GPR_ASSERT(reserved == NULL); + memset(c, 0, sizeof(*c)); c->base.type = GRPC_CREDENTIALS_TYPE_METADATA_PLUGIN; c->base.vtable = &plugin_vtable; - gpr_ref_init (&c->base.refcount, 1); + gpr_ref_init(&c->base.refcount, 1); c->plugin = plugin; return &c->base; } |