aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/core
diff options
context:
space:
mode:
Diffstat (limited to 'src/core')
-rw-r--r--src/core/security/client_auth_filter.c30
-rw-r--r--src/core/security/credentials.c441
-rw-r--r--src/core/security/credentials.h16
-rw-r--r--src/core/security/google_default_credentials.c53
-rw-r--r--src/core/security/security_connector.c29
-rw-r--r--src/core/security/security_connector.h11
-rw-r--r--src/core/security/security_context.c14
-rw-r--r--src/core/security/security_context.h2
-rw-r--r--src/core/surface/secure_channel_create.c8
9 files changed, 229 insertions, 375 deletions
diff --git a/src/core/security/client_auth_filter.c b/src/core/security/client_auth_filter.c
index 635982b252..f257502a98 100644
--- a/src/core/security/client_auth_filter.c
+++ b/src/core/security/client_auth_filter.c
@@ -50,7 +50,7 @@
/* We can have a per-call credentials. */
typedef struct {
- grpc_credentials *creds;
+ grpc_call_credentials *creds;
grpc_mdstr *host;
grpc_mdstr *method;
/* pollset bound to this call; if we need to make external
@@ -146,39 +146,35 @@ static void send_security_metadata(grpc_exec_ctx *exec_ctx,
channel_data *chand = elem->channel_data;
grpc_client_security_context *ctx =
(grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY].value;
- grpc_credentials *channel_creds =
+ grpc_call_credentials *channel_call_creds =
chand->security_connector->request_metadata_creds;
- int channel_creds_has_md =
- (channel_creds != NULL) &&
- grpc_credentials_has_request_metadata(channel_creds);
- int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) &&
- grpc_credentials_has_request_metadata(ctx->creds);
+ int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL);
- if (!channel_creds_has_md && !call_creds_has_md) {
+ if (channel_call_creds == NULL && !call_creds_has_md) {
/* Skip sending metadata altogether. */
grpc_call_next_op(exec_ctx, elem, op);
return;
}
- if (channel_creds_has_md && call_creds_has_md) {
- calld->creds =
- grpc_composite_credentials_create(channel_creds, ctx->creds, NULL);
+ if (channel_call_creds != NULL && call_creds_has_md) {
+ calld->creds = grpc_composite_call_credentials_create(channel_call_creds,
+ ctx->creds, NULL);
if (calld->creds == NULL) {
bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT,
"Incompatible credentials set on channel and call.");
return;
}
} else {
- calld->creds =
- grpc_credentials_ref(call_creds_has_md ? ctx->creds : channel_creds);
+ calld->creds = grpc_call_credentials_ref(
+ call_creds_has_md ? ctx->creds : channel_call_creds);
}
build_service_url(chand->security_connector->base.url_scheme, calld);
calld->op = *op; /* Copy op (originates from the caller's stack). */
GPR_ASSERT(calld->pollset);
- grpc_credentials_get_request_metadata(exec_ctx, calld->creds, calld->pollset,
- calld->service_url,
- on_credentials_metadata, elem);
+ grpc_call_credentials_get_request_metadata(exec_ctx, calld->creds,
+ calld->pollset, calld->service_url,
+ on_credentials_metadata, elem);
}
static void on_host_checked(grpc_exec_ctx *exec_ctx, void *user_data,
@@ -294,7 +290,7 @@ static void init_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
static void destroy_call_elem(grpc_exec_ctx *exec_ctx,
grpc_call_element *elem) {
call_data *calld = elem->call_data;
- grpc_credentials_unref(calld->creds);
+ grpc_call_credentials_unref(calld->creds);
if (calld->host != NULL) {
GRPC_MDSTR_UNREF(calld->host);
}
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c
index 5e155d83b9..a1fa457d1a 100644
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@@ -54,18 +54,18 @@
/* -- Common. -- */
struct grpc_credentials_metadata_request {
- grpc_credentials *creds;
+ grpc_call_credentials *creds;
grpc_credentials_metadata_cb cb;
void *user_data;
};
static grpc_credentials_metadata_request *
-grpc_credentials_metadata_request_create(grpc_credentials *creds,
+grpc_credentials_metadata_request_create(grpc_call_credentials *creds,
grpc_credentials_metadata_cb cb,
void *user_data) {
grpc_credentials_metadata_request *r =
gpr_malloc(sizeof(grpc_credentials_metadata_request));
- r->creds = grpc_credentials_ref(creds);
+ r->creds = grpc_call_credentials_ref(creds);
r->cb = cb;
r->user_data = user_data;
return r;
@@ -73,17 +73,18 @@ grpc_credentials_metadata_request_create(grpc_credentials *creds,
static void grpc_credentials_metadata_request_destroy(
grpc_credentials_metadata_request *r) {
- grpc_credentials_unref(r->creds);
+ grpc_call_credentials_unref(r->creds);
gpr_free(r);
}
-grpc_credentials *grpc_credentials_ref(grpc_credentials *creds) {
+grpc_channel_credentials *grpc_channel_credentials_ref(
+ grpc_channel_credentials *creds) {
if (creds == NULL) return NULL;
gpr_ref(&creds->refcount);
return creds;
}
-void grpc_credentials_unref(grpc_credentials *creds) {
+void grpc_channel_credentials_unref(grpc_channel_credentials *creds) {
if (creds == NULL) return;
if (gpr_unref(&creds->refcount)) {
creds->vtable->destruct(creds);
@@ -91,26 +92,34 @@ void grpc_credentials_unref(grpc_credentials *creds) {
}
}
-void grpc_credentials_release(grpc_credentials *creds) {
- GRPC_API_TRACE("grpc_credentials_release(creds=%p)", 1, (creds));
- grpc_credentials_unref(creds);
+void grpc_channel_credentials_release(grpc_channel_credentials *creds) {
+ GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds));
+ grpc_channel_credentials_unref(creds);
}
-int grpc_credentials_has_request_metadata(grpc_credentials *creds) {
- if (creds == NULL) return 0;
- return creds->vtable->has_request_metadata(creds);
+grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) {
+ if (creds == NULL) return NULL;
+ gpr_ref(&creds->refcount);
+ return creds;
}
-int grpc_credentials_has_request_metadata_only(grpc_credentials *creds) {
- if (creds == NULL) return 0;
- return creds->vtable->has_request_metadata_only(creds);
+void grpc_call_credentials_unref(grpc_call_credentials *creds) {
+ if (creds == NULL) return;
+ if (gpr_unref(&creds->refcount)) {
+ creds->vtable->destruct(creds);
+ gpr_free(creds);
+ }
+}
+
+void grpc_call_credentials_release(grpc_call_credentials *creds) {
+ GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds));
+ grpc_call_credentials_unref(creds);
}
void grpc_credentials_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
- if (creds == NULL || !grpc_credentials_has_request_metadata(creds) ||
- creds->vtable->get_request_metadata == NULL) {
+ if (creds == NULL || creds->vtable->get_request_metadata == NULL) {
if (cb != NULL) {
cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
}
@@ -120,19 +129,19 @@ void grpc_credentials_get_request_metadata(
user_data);
}
-grpc_security_status grpc_credentials_create_security_connector(
- grpc_credentials *creds, const char *target, const grpc_channel_args *args,
- grpc_credentials *request_metadata_creds,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
+grpc_security_status grpc_channel_credentials_create_security_connector(
+ grpc_channel_credentials *channel_creds, const char *target,
+ const grpc_channel_args *args, grpc_channel_security_connector **sc,
+ grpc_channel_args **new_args) {
*new_args = NULL;
- if (creds == NULL || creds->vtable->create_security_connector == NULL ||
- grpc_credentials_has_request_metadata_only(creds)) {
+ if (channel_creds == NULL ||
+ channel_creds->vtable->create_security_connector == NULL) {
gpr_log(GPR_ERROR,
"Invalid credentials for creating a security connector.");
return GRPC_SECURITY_ERROR;
}
- return creds->vtable->create_security_connector(
- creds, target, args, request_metadata_creds, sc, new_args);
+ return channel_creds->vtable->create_security_connector(channel_creds, target,
+ args, sc, new_args);
}
grpc_server_credentials *grpc_server_credentials_ref(
@@ -225,7 +234,7 @@ grpc_server_credentials *grpc_find_server_credentials_in_args(
/* -- Ssl credentials. -- */
-static void ssl_destruct(grpc_credentials *creds) {
+static void ssl_destruct(grpc_channel_credentials *creds) {
grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key);
@@ -254,15 +263,9 @@ static void ssl_server_destruct(grpc_server_credentials *creds) {
if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
}
-static int ssl_has_request_metadata(const grpc_credentials *creds) { return 0; }
-
-static int ssl_has_request_metadata_only(const grpc_credentials *creds) {
- return 0;
-}
-
static grpc_security_status ssl_create_security_connector(
- grpc_credentials *creds, const char *target, const grpc_channel_args *args,
- grpc_credentials *request_metadata_creds,
+ grpc_channel_credentials *creds, const char *target,
+ const grpc_channel_args *args,
grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
grpc_security_status status = GRPC_SECURITY_OK;
@@ -279,7 +282,7 @@ static grpc_security_status ssl_create_security_connector(
}
}
status = grpc_ssl_channel_security_connector_create(
- request_metadata_creds, &c->config, target, overridden_target_name, sc);
+ creds->call_creds, &c->config, target, overridden_target_name, sc);
if (status != GRPC_SECURITY_OK) {
return status;
}
@@ -296,9 +299,8 @@ static grpc_security_status ssl_server_create_security_connector(
return grpc_ssl_server_security_connector_create(&c->config, sc);
}
-static grpc_credentials_vtable ssl_vtable = {
- ssl_destruct, ssl_has_request_metadata, ssl_has_request_metadata_only, NULL,
- ssl_create_security_connector};
+static grpc_channel_credentials_vtable ssl_vtable = {
+ ssl_destruct, ssl_create_security_connector};
static grpc_server_credentials_vtable ssl_server_vtable = {
ssl_server_destruct, ssl_server_create_security_connector};
@@ -363,7 +365,7 @@ static void ssl_build_server_config(
}
}
-grpc_credentials *grpc_ssl_credentials_create(
+grpc_channel_credentials *grpc_ssl_credentials_create(
const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
void *reserved) {
grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials));
@@ -374,7 +376,7 @@ grpc_credentials *grpc_ssl_credentials_create(
3, (pem_root_certs, pem_key_cert_pair, reserved));
GPR_ASSERT(reserved == NULL);
memset(c, 0, sizeof(grpc_ssl_credentials));
- c->base.type = GRPC_CREDENTIALS_TYPE_SSL;
+ c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
c->base.vtable = &ssl_vtable;
gpr_ref_init(&c->base.refcount, 1);
ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config);
@@ -394,7 +396,7 @@ grpc_server_credentials *grpc_ssl_server_credentials_create(
force_client_auth, reserved));
GPR_ASSERT(reserved == NULL);
memset(c, 0, sizeof(grpc_ssl_server_credentials));
- c->base.type = GRPC_CREDENTIALS_TYPE_SSL;
+ c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
gpr_ref_init(&c->base.refcount, 1);
c->base.vtable = &ssl_server_vtable;
ssl_build_server_config(pem_root_certs, pem_key_cert_pairs,
@@ -416,7 +418,7 @@ static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) {
c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
}
-static void jwt_destruct(grpc_credentials *creds) {
+static void jwt_destruct(grpc_call_credentials *creds) {
grpc_service_account_jwt_access_credentials *c =
(grpc_service_account_jwt_access_credentials *)creds;
grpc_auth_json_key_destruct(&c->key);
@@ -424,14 +426,8 @@ static void jwt_destruct(grpc_credentials *creds) {
gpr_mu_destroy(&c->cache_mu);
}
-static int jwt_has_request_metadata(const grpc_credentials *creds) { return 1; }
-
-static int jwt_has_request_metadata_only(const grpc_credentials *creds) {
- return 1;
-}
-
static void jwt_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
grpc_service_account_jwt_access_credentials *c =
(grpc_service_account_jwt_access_credentials *)creds;
@@ -484,11 +480,10 @@ static void jwt_get_request_metadata(
}
}
-static grpc_credentials_vtable jwt_vtable = {
- jwt_destruct, jwt_has_request_metadata, jwt_has_request_metadata_only,
- jwt_get_request_metadata, NULL};
+static grpc_call_credentials_vtable jwt_vtable = {jwt_destruct,
+ jwt_get_request_metadata};
-grpc_credentials *
+grpc_call_credentials *
grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
grpc_auth_json_key key, gpr_timespec token_lifetime) {
grpc_service_account_jwt_access_credentials *c;
@@ -498,7 +493,7 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
}
c = gpr_malloc(sizeof(grpc_service_account_jwt_access_credentials));
memset(c, 0, sizeof(grpc_service_account_jwt_access_credentials));
- c->base.type = GRPC_CREDENTIALS_TYPE_JWT;
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT;
gpr_ref_init(&c->base.refcount, 1);
c->base.vtable = &jwt_vtable;
c->key = key;
@@ -508,7 +503,7 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
return &c->base;
}
-grpc_credentials *grpc_service_account_jwt_access_credentials_create(
+grpc_call_credentials *grpc_service_account_jwt_access_credentials_create(
const char *json_key, gpr_timespec token_lifetime, void *reserved) {
GRPC_API_TRACE(
"grpc_service_account_jwt_access_credentials_create("
@@ -525,7 +520,7 @@ grpc_credentials *grpc_service_account_jwt_access_credentials_create(
/* -- Oauth2TokenFetcher credentials -- */
-static void oauth2_token_fetcher_destruct(grpc_credentials *creds) {
+static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) {
grpc_oauth2_token_fetcher_credentials *c =
(grpc_oauth2_token_fetcher_credentials *)creds;
grpc_credentials_md_store_unref(c->access_token_md);
@@ -533,16 +528,6 @@ static void oauth2_token_fetcher_destruct(grpc_credentials *creds) {
grpc_httpcli_context_destroy(&c->httpcli_context);
}
-static int oauth2_token_fetcher_has_request_metadata(
- const grpc_credentials *creds) {
- return 1;
-}
-
-static int oauth2_token_fetcher_has_request_metadata_only(
- const grpc_credentials *creds) {
- return 1;
-}
-
grpc_credentials_status
grpc_oauth2_token_fetcher_credentials_parse_server_response(
const grpc_httpcli_response *response, grpc_credentials_md_store **token_md,
@@ -660,8 +645,9 @@ static void on_oauth2_token_fetcher_http_response(
}
static void oauth2_token_fetcher_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
- const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, const char *service_url,
+ grpc_credentials_metadata_cb cb, void *user_data) {
grpc_oauth2_token_fetcher_credentials *c =
(grpc_oauth2_token_fetcher_credentials *)creds;
gpr_timespec refresh_threshold = gpr_time_from_seconds(
@@ -694,7 +680,7 @@ static void oauth2_token_fetcher_get_request_metadata(
static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c,
grpc_fetch_oauth2_func fetch_func) {
memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials));
- c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2;
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
gpr_ref_init(&c->base.refcount, 1);
gpr_mu_init(&c->mu);
c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
@@ -704,10 +690,8 @@ static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c,
/* -- GoogleComputeEngine credentials. -- */
-static grpc_credentials_vtable compute_engine_vtable = {
- oauth2_token_fetcher_destruct, oauth2_token_fetcher_has_request_metadata,
- oauth2_token_fetcher_has_request_metadata_only,
- oauth2_token_fetcher_get_request_metadata, NULL};
+static grpc_call_credentials_vtable compute_engine_vtable = {
+ oauth2_token_fetcher_destruct, oauth2_token_fetcher_get_request_metadata};
static void compute_engine_fetch_oauth2(
grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
@@ -724,7 +708,7 @@ static void compute_engine_fetch_oauth2(
response_cb, metadata_req);
}
-grpc_credentials *grpc_google_compute_engine_credentials_create(
+grpc_call_credentials *grpc_google_compute_engine_credentials_create(
void *reserved) {
grpc_oauth2_token_fetcher_credentials *c =
gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials));
@@ -738,17 +722,15 @@ grpc_credentials *grpc_google_compute_engine_credentials_create(
/* -- GoogleRefreshToken credentials. -- */
-static void refresh_token_destruct(grpc_credentials *creds) {
+static void refresh_token_destruct(grpc_call_credentials *creds) {
grpc_google_refresh_token_credentials *c =
(grpc_google_refresh_token_credentials *)creds;
grpc_auth_refresh_token_destruct(&c->refresh_token);
oauth2_token_fetcher_destruct(&c->base.base);
}
-static grpc_credentials_vtable refresh_token_vtable = {
- refresh_token_destruct, oauth2_token_fetcher_has_request_metadata,
- oauth2_token_fetcher_has_request_metadata_only,
- oauth2_token_fetcher_get_request_metadata, NULL};
+static grpc_call_credentials_vtable refresh_token_vtable = {
+ refresh_token_destruct, oauth2_token_fetcher_get_request_metadata};
static void refresh_token_fetch_oauth2(
grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
@@ -774,7 +756,8 @@ static void refresh_token_fetch_oauth2(
gpr_free(body);
}
-grpc_credentials *grpc_refresh_token_credentials_create_from_auth_refresh_token(
+grpc_call_credentials *
+grpc_refresh_token_credentials_create_from_auth_refresh_token(
grpc_auth_refresh_token refresh_token) {
grpc_google_refresh_token_credentials *c;
if (!grpc_auth_refresh_token_is_valid(&refresh_token)) {
@@ -789,7 +772,7 @@ grpc_credentials *grpc_refresh_token_credentials_create_from_auth_refresh_token(
return &c->base.base;
}
-grpc_credentials *grpc_google_refresh_token_credentials_create(
+grpc_call_credentials *grpc_google_refresh_token_credentials_create(
const char *json_refresh_token, void *reserved) {
GRPC_API_TRACE(
"grpc_refresh_token_credentials_create(json_refresh_token=%s, "
@@ -802,20 +785,11 @@ grpc_credentials *grpc_google_refresh_token_credentials_create(
/* -- Metadata-only credentials. -- */
-static void md_only_test_destruct(grpc_credentials *creds) {
+static void md_only_test_destruct(grpc_call_credentials *creds) {
grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
grpc_credentials_md_store_unref(c->md_store);
}
-static int md_only_test_has_request_metadata(const grpc_credentials *creds) {
- return 1;
-}
-
-static int md_only_test_has_request_metadata_only(
- const grpc_credentials *creds) {
- return 1;
-}
-
static void on_simulated_token_fetch_done(void *user_data) {
grpc_credentials_metadata_request *r =
(grpc_credentials_metadata_request *)user_data;
@@ -828,7 +802,7 @@ static void on_simulated_token_fetch_done(void *user_data) {
}
static void md_only_test_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
@@ -842,18 +816,15 @@ static void md_only_test_get_request_metadata(
}
}
-static grpc_credentials_vtable md_only_test_vtable = {
- md_only_test_destruct, md_only_test_has_request_metadata,
- md_only_test_has_request_metadata_only, md_only_test_get_request_metadata,
- NULL};
+static grpc_call_credentials_vtable md_only_test_vtable = {
+ md_only_test_destruct, md_only_test_get_request_metadata};
-grpc_credentials *grpc_md_only_test_credentials_create(const char *md_key,
- const char *md_value,
- int is_async) {
+grpc_call_credentials *grpc_md_only_test_credentials_create(
+ const char *md_key, const char *md_value, int is_async) {
grpc_md_only_test_credentials *c =
gpr_malloc(sizeof(grpc_md_only_test_credentials));
memset(c, 0, sizeof(grpc_md_only_test_credentials));
- c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2;
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
c->base.vtable = &md_only_test_vtable;
gpr_ref_init(&c->base.refcount, 1);
c->md_store = grpc_credentials_md_store_create(1);
@@ -864,34 +835,23 @@ grpc_credentials *grpc_md_only_test_credentials_create(const char *md_key,
/* -- Oauth2 Access Token credentials. -- */
-static void access_token_destruct(grpc_credentials *creds) {
+static void access_token_destruct(grpc_call_credentials *creds) {
grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
grpc_credentials_md_store_unref(c->access_token_md);
}
-static int access_token_has_request_metadata(const grpc_credentials *creds) {
- return 1;
-}
-
-static int access_token_has_request_metadata_only(
- const grpc_credentials *creds) {
- return 1;
-}
-
static void access_token_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
cb(exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK);
}
-static grpc_credentials_vtable access_token_vtable = {
- access_token_destruct, access_token_has_request_metadata,
- access_token_has_request_metadata_only, access_token_get_request_metadata,
- NULL};
+static grpc_call_credentials_vtable access_token_vtable = {
+ access_token_destruct, access_token_get_request_metadata};
-grpc_credentials *grpc_access_token_credentials_create(const char *access_token,
- void *reserved) {
+grpc_call_credentials *grpc_access_token_credentials_create(
+ const char *access_token, void *reserved) {
grpc_access_token_credentials *c =
gpr_malloc(sizeof(grpc_access_token_credentials));
char *token_md_value;
@@ -901,7 +861,7 @@ grpc_credentials *grpc_access_token_credentials_create(const char *access_token,
2, (access_token, reserved));
GPR_ASSERT(reserved == NULL);
memset(c, 0, sizeof(grpc_access_token_credentials));
- c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2;
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
c->base.vtable = &access_token_vtable;
gpr_ref_init(&c->base.refcount, 1);
c->access_token_md = grpc_credentials_md_store_create(1);
@@ -915,7 +875,7 @@ grpc_credentials *grpc_access_token_credentials_create(const char *access_token,
/* -- Fake transport security credentials. -- */
static void fake_transport_security_credentials_destruct(
- grpc_credentials *creds) {
+ grpc_channel_credentials *creds) {
/* Nothing to do here. */
}
@@ -924,21 +884,11 @@ static void fake_transport_security_server_credentials_destruct(
/* Nothing to do here. */
}
-static int fake_transport_security_has_request_metadata(
- const grpc_credentials *creds) {
- return 0;
-}
-
-static int fake_transport_security_has_request_metadata_only(
- const grpc_credentials *creds) {
- return 0;
-}
-
static grpc_security_status fake_transport_security_create_security_connector(
- grpc_credentials *c, const char *target, const grpc_channel_args *args,
- grpc_credentials *request_metadata_creds,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
- *sc = grpc_fake_channel_security_connector_create(request_metadata_creds, 1);
+ grpc_channel_credentials *c, const char *target,
+ const grpc_channel_args *args, grpc_channel_security_connector **sc,
+ grpc_channel_args **new_args) {
+ *sc = grpc_fake_channel_security_connector_create(c->call_creds, 1);
return GRPC_SECURITY_OK;
}
@@ -949,21 +899,21 @@ fake_transport_security_server_create_security_connector(
return GRPC_SECURITY_OK;
}
-static grpc_credentials_vtable fake_transport_security_credentials_vtable = {
- fake_transport_security_credentials_destruct,
- fake_transport_security_has_request_metadata,
- fake_transport_security_has_request_metadata_only, NULL,
- fake_transport_security_create_security_connector};
+static grpc_channel_credentials_vtable
+ fake_transport_security_credentials_vtable = {
+ fake_transport_security_credentials_destruct,
+ fake_transport_security_create_security_connector};
static grpc_server_credentials_vtable
fake_transport_security_server_credentials_vtable = {
fake_transport_security_server_credentials_destruct,
fake_transport_security_server_create_security_connector};
-grpc_credentials *grpc_fake_transport_security_credentials_create(void) {
- grpc_credentials *c = gpr_malloc(sizeof(grpc_credentials));
- memset(c, 0, sizeof(grpc_credentials));
- c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
+grpc_channel_credentials *grpc_fake_transport_security_credentials_create(
+ void) {
+ grpc_channel_credentials *c = gpr_malloc(sizeof(grpc_channel_credentials));
+ memset(c, 0, sizeof(grpc_channel_credentials));
+ c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
c->vtable = &fake_transport_security_credentials_vtable;
gpr_ref_init(&c->refcount, 1);
return c;
@@ -973,7 +923,7 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
void) {
grpc_server_credentials *c = gpr_malloc(sizeof(grpc_server_credentials));
memset(c, 0, sizeof(grpc_server_credentials));
- c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
+ c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
gpr_ref_init(&c->refcount, 1);
c->vtable = &fake_transport_security_server_credentials_vtable;
return c;
@@ -991,39 +941,15 @@ typedef struct {
grpc_credentials_metadata_cb cb;
} grpc_composite_credentials_metadata_context;
-static void composite_destruct(grpc_credentials *creds) {
+static void composite_destruct(grpc_call_credentials *creds) {
grpc_composite_credentials *c = (grpc_composite_credentials *)creds;
size_t i;
for (i = 0; i < c->inner.num_creds; i++) {
- grpc_credentials_unref(c->inner.creds_array[i]);
+ grpc_call_credentials_unref(c->inner.creds_array[i]);
}
gpr_free(c->inner.creds_array);
}
-static int composite_has_request_metadata(const grpc_credentials *creds) {
- const grpc_composite_credentials *c =
- (const grpc_composite_credentials *)creds;
- size_t i;
- for (i = 0; i < c->inner.num_creds; i++) {
- if (grpc_credentials_has_request_metadata(c->inner.creds_array[i])) {
- return 1;
- }
- }
- return 0;
-}
-
-static int composite_has_request_metadata_only(const grpc_credentials *creds) {
- const grpc_composite_credentials *c =
- (const grpc_composite_credentials *)creds;
- size_t i;
- for (i = 0; i < c->inner.num_creds; i++) {
- if (!grpc_credentials_has_request_metadata_only(c->inner.creds_array[i])) {
- return 0;
- }
- }
- return 1;
-}
-
static void composite_md_context_destroy(
grpc_composite_credentials_metadata_context *ctx) {
grpc_credentials_md_store_unref(ctx->md_elems);
@@ -1051,15 +977,13 @@ static void composite_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data,
}
/* See if we need to get some more metadata. */
- while (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
- grpc_credentials *inner_creds =
+ if (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
+ grpc_call_credentials *inner_creds =
ctx->composite_creds->inner.creds_array[ctx->creds_index++];
- if (grpc_credentials_has_request_metadata(inner_creds)) {
- grpc_credentials_get_request_metadata(exec_ctx, inner_creds, ctx->pollset,
- ctx->service_url,
- composite_metadata_cb, ctx);
- return;
- }
+ grpc_credentials_get_request_metadata(exec_ctx, inner_creds, ctx->pollset,
+ ctx->service_url,
+ composite_metadata_cb, ctx);
+ return;
}
/* We're done!. */
@@ -1069,14 +993,11 @@ static void composite_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data,
}
static void composite_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset,
const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
grpc_composite_credentials *c = (grpc_composite_credentials *)creds;
grpc_composite_credentials_metadata_context *ctx;
- if (!grpc_credentials_has_request_metadata(creds)) {
- cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
- return;
- }
+
ctx = gpr_malloc(sizeof(grpc_composite_credentials_metadata_context));
memset(ctx, 0, sizeof(grpc_composite_credentials_metadata_context));
ctx->service_url = gpr_strdup(service_url);
@@ -1085,55 +1006,33 @@ static void composite_get_request_metadata(
ctx->composite_creds = c;
ctx->pollset = pollset;
ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds);
- while (ctx->creds_index < c->inner.num_creds) {
- grpc_credentials *inner_creds = c->inner.creds_array[ctx->creds_index++];
- if (grpc_credentials_has_request_metadata(inner_creds)) {
- grpc_credentials_get_request_metadata(exec_ctx, inner_creds, pollset,
- service_url, composite_metadata_cb,
- ctx);
- return;
- }
- }
- GPR_ASSERT(0); /* Should have exited before. */
+ grpc_credentials_get_request_metadata(
+ exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset, service_url,
+ composite_metadata_cb, ctx);
}
-static grpc_security_status composite_create_security_connector(
- grpc_credentials *creds, const char *target, const grpc_channel_args *args,
- grpc_credentials *request_metadata_creds,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
- grpc_composite_credentials *c = (grpc_composite_credentials *)creds;
- if (c->connector_creds == NULL) {
- gpr_log(GPR_ERROR,
- "Cannot create security connector, missing connector credentials.");
- return GRPC_SECURITY_ERROR;
- }
- return grpc_credentials_create_security_connector(c->connector_creds, target,
- args, creds, sc, new_args);
-}
+static grpc_call_credentials_vtable composite_credentials_vtable = {
+ composite_destruct, composite_get_request_metadata};
-static grpc_credentials_vtable composite_credentials_vtable = {
- composite_destruct, composite_has_request_metadata,
- composite_has_request_metadata_only, composite_get_request_metadata,
- composite_create_security_connector};
-
-static grpc_credentials_array get_creds_array(grpc_credentials **creds_addr) {
- grpc_credentials_array result;
- grpc_credentials *creds = *creds_addr;
+static grpc_call_credentials_array get_creds_array(
+ grpc_call_credentials **creds_addr) {
+ grpc_call_credentials_array result;
+ grpc_call_credentials *creds = *creds_addr;
result.creds_array = creds_addr;
result.num_creds = 1;
- if (strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) {
+ if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
result = *grpc_composite_credentials_get_credentials(creds);
}
return result;
}
-grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1,
- grpc_credentials *creds2,
- void *reserved) {
+grpc_call_credentials *grpc_composite_call_credentials_create(
+ grpc_call_credentials *creds1, grpc_call_credentials *creds2,
+ void *reserved) {
size_t i;
size_t creds_array_byte_size;
- grpc_credentials_array creds1_array;
- grpc_credentials_array creds2_array;
+ grpc_call_credentials_array creds1_array;
+ grpc_call_credentials_array creds2_array;
grpc_composite_credentials *c;
GRPC_API_TRACE(
"grpc_composite_credentials_create(creds1=%p, creds2=%p, "
@@ -1144,64 +1043,44 @@ grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1,
GPR_ASSERT(creds2 != NULL);
c = gpr_malloc(sizeof(grpc_composite_credentials));
memset(c, 0, sizeof(grpc_composite_credentials));
- c->base.type = GRPC_CREDENTIALS_TYPE_COMPOSITE;
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE;
c->base.vtable = &composite_credentials_vtable;
gpr_ref_init(&c->base.refcount, 1);
creds1_array = get_creds_array(&creds1);
creds2_array = get_creds_array(&creds2);
c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds;
- creds_array_byte_size = c->inner.num_creds * sizeof(grpc_credentials *);
+ creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *);
c->inner.creds_array = gpr_malloc(creds_array_byte_size);
memset(c->inner.creds_array, 0, creds_array_byte_size);
for (i = 0; i < creds1_array.num_creds; i++) {
- grpc_credentials *cur_creds = creds1_array.creds_array[i];
- if (!grpc_credentials_has_request_metadata_only(cur_creds)) {
- if (c->connector_creds == NULL) {
- c->connector_creds = cur_creds;
- } else {
- gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials.");
- goto fail;
- }
- }
- c->inner.creds_array[i] = grpc_credentials_ref(cur_creds);
+ grpc_call_credentials *cur_creds = creds1_array.creds_array[i];
+ c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds);
}
for (i = 0; i < creds2_array.num_creds; i++) {
- grpc_credentials *cur_creds = creds2_array.creds_array[i];
- if (!grpc_credentials_has_request_metadata_only(cur_creds)) {
- if (c->connector_creds == NULL) {
- c->connector_creds = cur_creds;
- } else {
- gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials.");
- goto fail;
- }
- }
+ grpc_call_credentials *cur_creds = creds2_array.creds_array[i];
c->inner.creds_array[i + creds1_array.num_creds] =
- grpc_credentials_ref(cur_creds);
+ grpc_call_credentials_ref(cur_creds);
}
return &c->base;
-
-fail:
- grpc_credentials_unref(&c->base);
- return NULL;
}
-const grpc_credentials_array *grpc_composite_credentials_get_credentials(
- grpc_credentials *creds) {
+const grpc_call_credentials_array *grpc_composite_credentials_get_credentials(
+ grpc_call_credentials *creds) {
const grpc_composite_credentials *c =
(const grpc_composite_credentials *)creds;
- GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0);
+ GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0);
return &c->inner;
}
-grpc_credentials *grpc_credentials_contains_type(
- grpc_credentials *creds, const char *type,
- grpc_credentials **composite_creds) {
+grpc_call_credentials *grpc_credentials_contains_type(
+ grpc_call_credentials *creds, const char *type,
+ grpc_call_credentials **composite_creds) {
size_t i;
if (strcmp(creds->type, type) == 0) {
if (composite_creds != NULL) *composite_creds = NULL;
return creds;
- } else if (strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) {
- const grpc_credentials_array *inner_creds_array =
+ } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
+ const grpc_call_credentials_array *inner_creds_array =
grpc_composite_credentials_get_credentials(creds);
for (i = 0; i < inner_creds_array->num_creds; i++) {
if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) {
@@ -1215,30 +1094,26 @@ grpc_credentials *grpc_credentials_contains_type(
/* -- IAM credentials. -- */
-static void iam_destruct(grpc_credentials *creds) {
+static void iam_destruct(grpc_call_credentials *creds) {
grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
grpc_credentials_md_store_unref(c->iam_md);
}
-static int iam_has_request_metadata(const grpc_credentials *creds) { return 1; }
-
-static int iam_has_request_metadata_only(const grpc_credentials *creds) {
- return 1;
-}
-
-static void iam_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
- const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
+static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx,
+ grpc_call_credentials *creds,
+ grpc_pollset *pollset,
+ const char *service_url,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
cb(exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries,
GRPC_CREDENTIALS_OK);
}
-static grpc_credentials_vtable iam_vtable = {
- iam_destruct, iam_has_request_metadata, iam_has_request_metadata_only,
- iam_get_request_metadata, NULL};
+static grpc_call_credentials_vtable iam_vtable = {iam_destruct,
+ iam_get_request_metadata};
-grpc_credentials *grpc_google_iam_credentials_create(
+grpc_call_credentials *grpc_google_iam_credentials_create(
const char *token, const char *authority_selector, void *reserved) {
grpc_google_iam_credentials *c;
GRPC_API_TRACE(
@@ -1250,7 +1125,7 @@ grpc_credentials *grpc_google_iam_credentials_create(
GPR_ASSERT(authority_selector != NULL);
c = gpr_malloc(sizeof(grpc_google_iam_credentials));
memset(c, 0, sizeof(grpc_google_iam_credentials));
- c->base.type = GRPC_CREDENTIALS_TYPE_IAM;
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_IAM;
c->base.vtable = &iam_vtable;
gpr_ref_init(&c->base.refcount, 1);
c->iam_md = grpc_credentials_md_store_create(2);
@@ -1268,21 +1143,13 @@ typedef struct {
grpc_credentials_metadata_cb cb;
} grpc_metadata_plugin_request;
-static void plugin_destruct(grpc_credentials *creds) {
+static void plugin_destruct(grpc_call_credentials *creds) {
grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
if (c->plugin.state != NULL && c->plugin.destroy != NULL) {
c->plugin.destroy(c->plugin.state);
}
}
-static int plugin_has_request_metadata(const grpc_credentials *creds) {
- return 1;
-}
-
-static int plugin_has_request_metadata_only(const grpc_credentials *creds) {
- return 1;
-}
-
static void plugin_md_request_metadata_ready(void *request,
const grpc_metadata *md,
size_t num_md,
@@ -1321,9 +1188,12 @@ static void plugin_md_request_metadata_ready(void *request,
grpc_exec_ctx_finish(&exec_ctx);
}
-static void plugin_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset,
- const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) {
+static void plugin_get_request_metadata(grpc_exec_ctx *exec_ctx,
+ grpc_call_credentials *creds,
+ grpc_pollset *pollset,
+ const char *service_url,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
if (c->plugin.get_metadata != NULL) {
grpc_metadata_plugin_request *request = gpr_malloc(sizeof(*request));
@@ -1337,16 +1207,15 @@ static void plugin_get_request_metadata(
}
}
-static grpc_credentials_vtable plugin_vtable = {
- plugin_destruct, plugin_has_request_metadata,
- plugin_has_request_metadata_only, plugin_get_request_metadata, NULL};
+static grpc_call_credentials_vtable plugin_vtable = {
+ plugin_destruct, plugin_get_request_metadata};
-grpc_credentials *grpc_metadata_credentials_create_from_plugin(
+grpc_call_credentials *grpc_metadata_credentials_create_from_plugin(
grpc_metadata_credentials_plugin plugin, void *reserved) {
grpc_plugin_credentials *c = gpr_malloc(sizeof(*c));
GPR_ASSERT(reserved == NULL);
memset(c, 0, sizeof(*c));
- c->base.type = GRPC_CREDENTIALS_TYPE_METADATA_PLUGIN;
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_METADATA_PLUGIN;
c->base.vtable = &plugin_vtable;
gpr_ref_init(&c->base.refcount, 1);
c->plugin = plugin;
diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h
index 81fa2ea10b..1218983e7b 100644
--- a/src/core/security/credentials.h
+++ b/src/core/security/credentials.h
@@ -98,10 +98,11 @@ char *grpc_get_well_known_google_credentials_file_path(void);
typedef struct {
void (*destruct)(grpc_channel_credentials *c);
+
grpc_security_status (*create_security_connector)(
- grpc_channel_credentials *c, const char *target, const grpc_channel_args *args,
- grpc_call_credentials *call_creds,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args);
+ grpc_channel_credentials *c, const char *target,
+ const grpc_channel_args *args, grpc_channel_security_connector **sc,
+ grpc_channel_args **new_args);
} grpc_channel_credentials_vtable;
struct grpc_channel_credentials {
@@ -121,8 +122,8 @@ void grpc_channel_credentials_unref(grpc_channel_credentials *creds);
new_args after channel creation. */
grpc_security_status grpc_channel_credentials_create_security_connector(
grpc_channel_credentials *creds, const char *target,
- const grpc_channel_args *args, grpc_call_credentials *call_creds,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args);
+ const grpc_channel_args *args, grpc_channel_security_connector **sc,
+ grpc_channel_args **new_args);
/* --- grpc_credentials_md. --- */
@@ -160,7 +161,6 @@ typedef void (*grpc_credentials_metadata_cb)(grpc_exec_ctx *exec_ctx,
typedef struct {
void (*destruct)(grpc_call_credentials *c);
- int (*has_request_metadata)(const grpc_call_credentials *c);
void (*get_request_metadata)(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *c, grpc_pollset *pollset,
const char *service_url,
@@ -174,9 +174,8 @@ struct grpc_call_credentials {
gpr_refcount refcount;
};
-grpc_call_credentials *grpc_credentials_ref(grpc_call_credentials *creds);
+grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds);
void grpc_call_credentials_unref(grpc_call_credentials *creds);
-int grpc_call_credentials_has_request_metadata(grpc_call_credentials *creds);
void grpc_call_credentials_get_request_metadata(grpc_exec_ctx *exec_ctx,
grpc_call_credentials *creds,
grpc_pollset *pollset,
@@ -184,7 +183,6 @@ void grpc_call_credentials_get_request_metadata(grpc_exec_ctx *exec_ctx,
grpc_credentials_metadata_cb cb,
void *user_data);
-
typedef struct {
grpc_call_credentials **creds_array;
size_t num_creds;
diff --git a/src/core/security/google_default_credentials.c b/src/core/security/google_default_credentials.c
index 45135305b2..e5a810f23c 100644
--- a/src/core/security/google_default_credentials.c
+++ b/src/core/security/google_default_credentials.c
@@ -50,7 +50,7 @@
/* -- Default credentials. -- */
-static grpc_credentials *default_credentials = NULL;
+static grpc_channel_credentials *default_credentials = NULL;
static int compute_engine_detection_done = 0;
static gpr_mu g_mu;
static gpr_once g_once = GPR_ONCE_INIT;
@@ -138,11 +138,11 @@ static int is_stack_running_on_compute_engine(void) {
}
/* Takes ownership of creds_path if not NULL. */
-static grpc_credentials *create_default_creds_from_path(char *creds_path) {
+static grpc_call_credentials *create_default_creds_from_path(char *creds_path) {
grpc_json *json = NULL;
grpc_auth_json_key key;
grpc_auth_refresh_token token;
- grpc_credentials *result = NULL;
+ grpc_call_credentials *result = NULL;
gpr_slice creds_data = gpr_empty_slice();
int file_ok = 0;
if (creds_path == NULL) goto end;
@@ -176,9 +176,9 @@ end:
return result;
}
-grpc_credentials *grpc_google_default_credentials_create(void) {
- grpc_credentials *result = NULL;
- int serving_cached_credentials = 0;
+grpc_channel_credentials *grpc_google_default_credentials_create(void) {
+ grpc_channel_credentials *result = NULL;
+ grpc_call_credentials *call_creds = NULL;
GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ());
@@ -187,20 +187,19 @@ grpc_credentials *grpc_google_default_credentials_create(void) {
gpr_mu_lock(&g_mu);
if (default_credentials != NULL) {
- result = grpc_credentials_ref(default_credentials);
- serving_cached_credentials = 1;
+ result = grpc_channel_credentials_ref(default_credentials);
goto end;
}
/* First, try the environment variable. */
- result = create_default_creds_from_path(
+ call_creds = create_default_creds_from_path(
gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR));
- if (result != NULL) goto end;
+ if (call_creds != NULL) goto end;
/* Then the well-known file. */
- result = create_default_creds_from_path(
+ call_creds = create_default_creds_from_path(
grpc_get_well_known_google_credentials_file_path());
- if (result != NULL) goto end;
+ if (call_creds != NULL) goto end;
/* At last try to see if we're on compute engine (do the detection only once
since it requires a network test). */
@@ -208,21 +207,27 @@ grpc_credentials *grpc_google_default_credentials_create(void) {
int need_compute_engine_creds = is_stack_running_on_compute_engine();
compute_engine_detection_done = 1;
if (need_compute_engine_creds) {
- result = grpc_google_compute_engine_credentials_create(NULL);
+ call_creds = grpc_google_compute_engine_credentials_create(NULL);
}
}
end:
- if (!serving_cached_credentials && result != NULL) {
- /* Blend with default ssl credentials and add a global reference so that it
- can be cached and re-served. */
- grpc_credentials *ssl_creds = grpc_ssl_credentials_create(NULL, NULL, NULL);
- default_credentials = grpc_credentials_ref(
- grpc_composite_credentials_create(ssl_creds, result, NULL));
- GPR_ASSERT(default_credentials != NULL);
- grpc_credentials_unref(ssl_creds);
- grpc_credentials_unref(result);
- result = default_credentials;
+ if (result == NULL) {
+ if (call_creds != NULL) {
+ /* Blend with default ssl credentials and add a global reference so that it
+ can be cached and re-served. */
+ grpc_channel_credentials *ssl_creds =
+ grpc_ssl_credentials_create(NULL, NULL, NULL);
+ default_credentials = grpc_channel_credentials_ref(
+ grpc_composite_channel_credentials_create(ssl_creds, call_creds,
+ NULL));
+ GPR_ASSERT(default_credentials != NULL);
+ grpc_channel_credentials_unref(ssl_creds);
+ grpc_call_credentials_unref(call_creds);
+ result = default_credentials;
+ } else {
+ gpr_log(GPR_ERROR, "Could not create google default credentials.");
+ }
}
gpr_mu_unlock(&g_mu);
return result;
@@ -232,7 +237,7 @@ void grpc_flush_cached_google_default_credentials(void) {
gpr_once_init(&g_once, init_default_credentials);
gpr_mu_lock(&g_mu);
if (default_credentials != NULL) {
- grpc_credentials_unref(default_credentials);
+ grpc_channel_credentials_unref(default_credentials);
default_credentials = NULL;
}
gpr_mu_unlock(&g_mu);
diff --git a/src/core/security/security_connector.c b/src/core/security/security_connector.c
index 7c4cf6f04d..8dbacdd35e 100644
--- a/src/core/security/security_connector.c
+++ b/src/core/security/security_connector.c
@@ -203,16 +203,6 @@ grpc_security_connector *grpc_find_security_connector_in_args(
return NULL;
}
-static int check_request_metadata_creds(grpc_credentials *creds) {
- if (creds != NULL && !grpc_credentials_has_request_metadata(creds)) {
- gpr_log(GPR_ERROR,
- "Incompatible credentials for channel security connector: needs to "
- "set request metadata.");
- return 0;
- }
- return 1;
-}
-
/* -- Fake implementation. -- */
typedef struct {
@@ -222,7 +212,7 @@ typedef struct {
static void fake_channel_destroy(grpc_security_connector *sc) {
grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc;
- grpc_credentials_unref(c->request_metadata_creds);
+ grpc_call_credentials_unref(c->request_metadata_creds);
GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector");
gpr_free(sc);
}
@@ -306,7 +296,8 @@ static grpc_security_connector_vtable fake_server_vtable = {
fake_server_destroy, fake_server_do_handshake, fake_check_peer};
grpc_channel_security_connector *grpc_fake_channel_security_connector_create(
- grpc_credentials *request_metadata_creds, int call_host_check_is_async) {
+ grpc_call_credentials *request_metadata_creds,
+ int call_host_check_is_async) {
grpc_fake_channel_security_connector *c =
gpr_malloc(sizeof(grpc_fake_channel_security_connector));
memset(c, 0, sizeof(grpc_fake_channel_security_connector));
@@ -314,8 +305,8 @@ grpc_channel_security_connector *grpc_fake_channel_security_connector_create(
c->base.base.is_client_side = 1;
c->base.base.url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME;
c->base.base.vtable = &fake_channel_vtable;
- GPR_ASSERT(check_request_metadata_creds(request_metadata_creds));
- c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds);
+ c->base.request_metadata_creds =
+ grpc_call_credentials_ref(request_metadata_creds);
c->base.check_call_host = fake_channel_check_call_host;
c->call_host_check_is_async = call_host_check_is_async;
return &c->base;
@@ -349,7 +340,7 @@ typedef struct {
static void ssl_channel_destroy(grpc_security_connector *sc) {
grpc_ssl_channel_security_connector *c =
(grpc_ssl_channel_security_connector *)sc;
- grpc_credentials_unref(c->base.request_metadata_creds);
+ grpc_call_credentials_unref(c->base.request_metadata_creds);
if (c->handshaker_factory != NULL) {
tsi_ssl_handshaker_factory_destroy(c->handshaker_factory);
}
@@ -580,7 +571,7 @@ size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs) {
}
grpc_security_status grpc_ssl_channel_security_connector_create(
- grpc_credentials *request_metadata_creds, const grpc_ssl_config *config,
+ grpc_call_credentials *request_metadata_creds, const grpc_ssl_config *config,
const char *target_name, const char *overridden_target_name,
grpc_channel_security_connector **sc) {
size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions();
@@ -606,9 +597,6 @@ grpc_security_status grpc_ssl_channel_security_connector_create(
gpr_log(GPR_ERROR, "An ssl channel needs a config and a target name.");
goto error;
}
- if (!check_request_metadata_creds(request_metadata_creds)) {
- goto error;
- }
if (config->pem_root_certs == NULL) {
pem_root_certs_size = grpc_get_default_ssl_roots(&pem_root_certs);
if (pem_root_certs == NULL || pem_root_certs_size == 0) {
@@ -627,7 +615,8 @@ grpc_security_status grpc_ssl_channel_security_connector_create(
c->base.base.vtable = &ssl_channel_vtable;
c->base.base.is_client_side = 1;
c->base.base.url_scheme = GRPC_SSL_URL_SCHEME;
- c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds);
+ c->base.request_metadata_creds =
+ grpc_call_credentials_ref(request_metadata_creds);
c->base.check_call_host = ssl_channel_check_call_host;
gpr_split_host_port(target_name, &c->target_name, &port);
gpr_free(port);
diff --git a/src/core/security/security_connector.h b/src/core/security/security_connector.h
index 9218a3caab..c5f00c5563 100644
--- a/src/core/security/security_connector.h
+++ b/src/core/security/security_connector.h
@@ -145,7 +145,7 @@ typedef struct grpc_channel_security_connector grpc_channel_security_connector;
struct grpc_channel_security_connector {
grpc_security_connector base; /* requires is_client_side to be non 0. */
- grpc_credentials *request_metadata_creds;
+ grpc_call_credentials *request_metadata_creds;
grpc_security_status (*check_call_host)(grpc_exec_ctx *exec_ctx,
grpc_channel_security_connector *sc,
const char *host,
@@ -167,7 +167,8 @@ grpc_security_status grpc_channel_security_connector_check_call_host(
/* For TESTING ONLY!
Creates a fake connector that emulates real channel security. */
grpc_channel_security_connector *grpc_fake_channel_security_connector_create(
- grpc_credentials *request_metadata_creds, int call_host_check_is_async);
+ grpc_call_credentials *request_metadata_creds,
+ int call_host_check_is_async);
/* For TESTING ONLY!
Creates a fake connector that emulates real server security. */
@@ -197,9 +198,9 @@ typedef struct {
specific error code otherwise.
*/
grpc_security_status grpc_ssl_channel_security_connector_create(
- grpc_credentials *request_metadata_creds, const grpc_ssl_config *config,
- const char *target_name, const char *overridden_target_name,
- grpc_channel_security_connector **sc);
+ grpc_call_credentials *request_metadata_creds,
+ const grpc_ssl_config *config, const char *target_name,
+ const char *overridden_target_name, grpc_channel_security_connector **sc);
/* Gets the default ssl roots. */
size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs);
diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c
index f544c1d943..56c56a9506 100644
--- a/src/core/security/security_context.c
+++ b/src/core/security/security_context.c
@@ -46,7 +46,7 @@
/* --- grpc_call --- */
grpc_call_error grpc_call_set_credentials(grpc_call *call,
- grpc_credentials *creds) {
+ grpc_call_credentials *creds) {
grpc_client_security_context *ctx = NULL;
GRPC_API_TRACE("grpc_call_set_credentials(call=%p, creds=%p)", 2,
(call, creds));
@@ -54,20 +54,16 @@ grpc_call_error grpc_call_set_credentials(grpc_call *call,
gpr_log(GPR_ERROR, "Method is client-side only.");
return GRPC_CALL_ERROR_NOT_ON_SERVER;
}
- if (creds != NULL && !grpc_credentials_has_request_metadata_only(creds)) {
- gpr_log(GPR_ERROR, "Incompatible credentials to set on a call.");
- return GRPC_CALL_ERROR;
- }
ctx = (grpc_client_security_context *)grpc_call_context_get(
call, GRPC_CONTEXT_SECURITY);
if (ctx == NULL) {
ctx = grpc_client_security_context_create();
- ctx->creds = grpc_credentials_ref(creds);
+ ctx->creds = grpc_call_credentials_ref(creds);
grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx,
grpc_client_security_context_destroy);
} else {
- grpc_credentials_unref(ctx->creds);
- ctx->creds = grpc_credentials_ref(creds);
+ grpc_call_credentials_unref(ctx->creds);
+ ctx->creds = grpc_call_credentials_ref(creds);
}
return GRPC_CALL_OK;
}
@@ -101,7 +97,7 @@ grpc_client_security_context *grpc_client_security_context_create(void) {
void grpc_client_security_context_destroy(void *ctx) {
grpc_client_security_context *c = (grpc_client_security_context *)ctx;
- grpc_credentials_unref(c->creds);
+ grpc_call_credentials_unref(c->creds);
GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context");
gpr_free(ctx);
}
diff --git a/src/core/security/security_context.h b/src/core/security/security_context.h
index 2bbdc4be97..794258edbc 100644
--- a/src/core/security/security_context.h
+++ b/src/core/security/security_context.h
@@ -85,7 +85,7 @@ void grpc_auth_property_reset(grpc_auth_property *property);
Internal client-side security context. */
typedef struct {
- grpc_credentials *creds;
+ grpc_call_credentials *creds;
grpc_auth_context *auth_context;
} grpc_client_security_context;
diff --git a/src/core/surface/secure_channel_create.c b/src/core/surface/secure_channel_create.c
index 1282ee99ed..0dd0a31169 100644
--- a/src/core/surface/secure_channel_create.c
+++ b/src/core/surface/secure_channel_create.c
@@ -230,7 +230,7 @@ static const grpc_subchannel_factory_vtable subchannel_factory_vtable = {
Asynchronously: - resolve target
- connect to it (trying alternatives as presented)
- perform handshakes */
-grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
+grpc_channel *grpc_secure_channel_create(grpc_channel_credentials *creds,
const char *target,
const grpc_channel_args *args,
void *reserved) {
@@ -261,9 +261,9 @@ grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
"Security connector exists in channel args.");
}
- if (grpc_credentials_create_security_connector(
- creds, target, args, NULL, &security_connector,
- &new_args_from_connector) != GRPC_SECURITY_OK) {
+ if (grpc_channel_credentials_create_security_connector(
+ creds, target, args, &security_connector, &new_args_from_connector) !=
+ GRPC_SECURITY_OK) {
grpc_exec_ctx_finish(&exec_ctx);
return grpc_lame_client_channel_create(
target, GRPC_STATUS_INVALID_ARGUMENT,