aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/core
diff options
context:
space:
mode:
Diffstat (limited to 'src/core')
-rw-r--r--src/core/httpcli/httpcli.c72
-rw-r--r--src/core/httpcli/httpcli.h14
-rw-r--r--src/core/httpcli/httpcli_security_connector.c49
-rw-r--r--src/core/httpcli/httpcli_security_connector.h43
-rw-r--r--src/core/security/credentials.c4
-rw-r--r--src/core/security/jwt_verifier.c4
6 files changed, 92 insertions, 94 deletions
diff --git a/src/core/httpcli/httpcli.c b/src/core/httpcli/httpcli.c
index 65997d5f44..9012070e8e 100644
--- a/src/core/httpcli/httpcli.c
+++ b/src/core/httpcli/httpcli.c
@@ -40,9 +40,7 @@
#include "src/core/iomgr/resolve_address.h"
#include "src/core/iomgr/tcp_client.h"
#include "src/core/httpcli/format_request.h"
-#include "src/core/httpcli/httpcli_security_connector.h"
#include "src/core/httpcli/parser.h"
-#include "src/core/security/secure_transport_setup.h"
#include "src/core/support/string.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
@@ -57,7 +55,7 @@ typedef struct {
char *host;
gpr_timespec deadline;
int have_read_byte;
- int use_ssl;
+ const grpc_httpcli_handshaker *handshaker;
grpc_httpcli_response_cb on_response;
void *user_data;
grpc_httpcli_context *context;
@@ -68,6 +66,16 @@ typedef struct {
static grpc_httpcli_get_override g_get_override = NULL;
static grpc_httpcli_post_override g_post_override = NULL;
+static void plaintext_handshake(void *arg, grpc_endpoint *endpoint,
+ const char *host,
+ void (*on_done)(void *arg,
+ grpc_endpoint *endpoint)) {
+ on_done(arg, endpoint);
+}
+
+const grpc_httpcli_handshaker grpc_httpcli_plaintext = {"http",
+ plaintext_handshake};
+
void grpc_httpcli_context_init(grpc_httpcli_context *context) {
grpc_pollset_set_init(&context->pollset_set);
}
@@ -163,18 +171,16 @@ static void start_write(internal_request *req) {
}
}
-static void on_secure_transport_setup_done(void *rp,
- grpc_security_status status,
- grpc_endpoint *wrapped_endpoint,
- grpc_endpoint *secure_endpoint) {
- internal_request *req = rp;
- if (status != GRPC_SECURITY_OK) {
- gpr_log(GPR_ERROR, "Secure transport setup failed with error %d.", status);
- finish(req, 0);
- } else {
- req->ep = secure_endpoint;
- start_write(req);
+static void on_handshake_done(void *arg, grpc_endpoint *ep) {
+ internal_request *req = arg;
+
+ if (!ep) {
+ next_address(req);
+ return;
}
+
+ req->ep = ep;
+ start_write(req);
}
static void on_connected(void *arg, grpc_endpoint *tcp) {
@@ -184,25 +190,7 @@ static void on_connected(void *arg, grpc_endpoint *tcp) {
next_address(req);
return;
}
- req->ep = tcp;
- if (req->use_ssl) {
- grpc_channel_security_connector *sc = NULL;
- const unsigned char *pem_root_certs = NULL;
- size_t pem_root_certs_size = grpc_get_default_ssl_roots(&pem_root_certs);
- if (pem_root_certs == NULL || pem_root_certs_size == 0) {
- gpr_log(GPR_ERROR, "Could not get default pem root certs.");
- finish(req, 0);
- return;
- }
- GPR_ASSERT(grpc_httpcli_ssl_channel_security_connector_create(
- pem_root_certs, pem_root_certs_size, req->host, &sc) ==
- GRPC_SECURITY_OK);
- grpc_setup_secure_transport(&sc->base, tcp, on_secure_transport_setup_done,
- req);
- GRPC_SECURITY_CONNECTOR_UNREF(&sc->base, "httpcli");
- } else {
- start_write(req);
- }
+ req->handshaker->handshake(req, tcp, req->host, on_handshake_done);
}
static void next_address(internal_request *req) {
@@ -245,18 +233,17 @@ void grpc_httpcli_get(grpc_httpcli_context *context, grpc_pollset *pollset,
req->on_response = on_response;
req->user_data = user_data;
req->deadline = deadline;
- req->use_ssl = request->use_ssl;
+ req->handshaker =
+ request->handshaker ? request->handshaker : &grpc_httpcli_plaintext;
req->context = context;
req->pollset = pollset;
gpr_asprintf(&name, "HTTP:GET:%s:%s", request->host, request->path);
grpc_iomgr_register_object(&req->iomgr_obj, name);
gpr_free(name);
- if (req->use_ssl) {
- req->host = gpr_strdup(request->host);
- }
+ req->host = gpr_strdup(request->host);
grpc_pollset_set_add_pollset(&req->context->pollset_set, req->pollset);
- grpc_resolve_address(request->host, req->use_ssl ? "https" : "http",
+ grpc_resolve_address(request->host, req->handshaker->default_port,
on_resolved, req);
}
@@ -279,18 +266,17 @@ void grpc_httpcli_post(grpc_httpcli_context *context, grpc_pollset *pollset,
req->on_response = on_response;
req->user_data = user_data;
req->deadline = deadline;
- req->use_ssl = request->use_ssl;
+ req->handshaker =
+ request->handshaker ? request->handshaker : &grpc_httpcli_plaintext;
req->context = context;
req->pollset = pollset;
gpr_asprintf(&name, "HTTP:GET:%s:%s", request->host, request->path);
grpc_iomgr_register_object(&req->iomgr_obj, name);
gpr_free(name);
- if (req->use_ssl) {
- req->host = gpr_strdup(request->host);
- }
+ req->host = gpr_strdup(request->host);
grpc_pollset_set_add_pollset(&req->context->pollset_set, req->pollset);
- grpc_resolve_address(request->host, req->use_ssl ? "https" : "http",
+ grpc_resolve_address(request->host, req->handshaker->default_port,
on_resolved, req);
}
diff --git a/src/core/httpcli/httpcli.h b/src/core/httpcli/httpcli.h
index ab98178f8a..c45966714c 100644
--- a/src/core/httpcli/httpcli.h
+++ b/src/core/httpcli/httpcli.h
@@ -38,6 +38,7 @@
#include <grpc/support/time.h>
+#include "src/core/iomgr/endpoint.h"
#include "src/core/iomgr/pollset_set.h"
/* User agent this library reports */
@@ -58,6 +59,15 @@ typedef struct grpc_httpcli_context {
grpc_pollset_set pollset_set;
} grpc_httpcli_context;
+typedef struct {
+ const char *default_port;
+ void (*handshake)(void *arg, grpc_endpoint *endpoint, const char *host,
+ void (*on_done)(void *arg, grpc_endpoint *endpoint));
+} grpc_httpcli_handshaker;
+
+extern const grpc_httpcli_handshaker grpc_httpcli_plaintext;
+extern const grpc_httpcli_handshaker grpc_httpcli_ssl;
+
/* A request */
typedef struct grpc_httpcli_request {
/* The host name to connect to */
@@ -69,8 +79,8 @@ typedef struct grpc_httpcli_request {
Host, Connection, User-Agent */
size_t hdr_count;
grpc_httpcli_header *hdrs;
- /* whether to use ssl for the request */
- int use_ssl;
+ /* handshaker to use ssl for the request */
+ const grpc_httpcli_handshaker *handshaker;
} grpc_httpcli_request;
/* A response */
diff --git a/src/core/httpcli/httpcli_security_connector.c b/src/core/httpcli/httpcli_security_connector.c
index ce0d3d5a70..7887f9d530 100644
--- a/src/core/httpcli/httpcli_security_connector.c
+++ b/src/core/httpcli/httpcli_security_connector.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/httpcli/httpcli_security_connector.h"
+#include "src/core/httpcli/httpcli.h"
#include <string.h>
@@ -96,7 +96,7 @@ static grpc_security_status httpcli_ssl_check_peer(grpc_security_connector *sc,
static grpc_security_connector_vtable httpcli_ssl_vtable = {
httpcli_ssl_destroy, httpcli_ssl_create_handshaker, httpcli_ssl_check_peer};
-grpc_security_status grpc_httpcli_ssl_channel_security_connector_create(
+static grpc_security_status httpcli_ssl_channel_security_connector_create(
const unsigned char *pem_root_certs, size_t pem_root_certs_size,
const char *secure_peer_name, grpc_channel_security_connector **sc) {
tsi_result result = TSI_OK;
@@ -130,3 +130,48 @@ grpc_security_status grpc_httpcli_ssl_channel_security_connector_create(
*sc = &c->base;
return GRPC_SECURITY_OK;
}
+
+/* handshaker */
+
+typedef struct {
+ void (*func)(void *arg, grpc_endpoint *endpoint);
+ void *arg;
+} on_done_closure;
+
+static void on_secure_transport_setup_done(void *rp,
+ grpc_security_status status,
+ grpc_endpoint *wrapped_endpoint,
+ grpc_endpoint *secure_endpoint) {
+ on_done_closure *c = rp;
+ if (status != GRPC_SECURITY_OK) {
+ gpr_log(GPR_ERROR, "Secure transport setup failed with error %d.", status);
+ c->func(c->arg, NULL);
+ } else {
+ c->func(c->arg, secure_endpoint);
+ }
+ gpr_free(c);
+}
+
+static void ssl_handshake(void *arg, grpc_endpoint *tcp, const char *host,
+ void (*on_done)(void *arg, grpc_endpoint *endpoint)) {
+ grpc_channel_security_connector *sc = NULL;
+ const unsigned char *pem_root_certs = NULL;
+ on_done_closure *c = gpr_malloc(sizeof(*c));
+ size_t pem_root_certs_size = grpc_get_default_ssl_roots(&pem_root_certs);
+ if (pem_root_certs == NULL || pem_root_certs_size == 0) {
+ gpr_log(GPR_ERROR, "Could not get default pem root certs.");
+ on_done(arg, NULL);
+ gpr_free(c);
+ return;
+ }
+ c->func = on_done;
+ c->arg = arg;
+ GPR_ASSERT(httpcli_ssl_channel_security_connector_create(
+ pem_root_certs, pem_root_certs_size, host, &sc) ==
+ GRPC_SECURITY_OK);
+ grpc_setup_secure_transport(&sc->base, tcp, on_secure_transport_setup_done,
+ c);
+ GRPC_SECURITY_CONNECTOR_UNREF(&sc->base, "httpcli");
+}
+
+const grpc_httpcli_handshaker grpc_httpcli_ssl = {"https", ssl_handshake};
diff --git a/src/core/httpcli/httpcli_security_connector.h b/src/core/httpcli/httpcli_security_connector.h
deleted file mode 100644
index c50f25905e..0000000000
--- a/src/core/httpcli/httpcli_security_connector.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- *
- * Copyright 2015, Google Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following disclaimer
- * in the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Google Inc. nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef GRPC_INTERNAL_CORE_HTTPCLI_HTTPCLI_SECURITY_CONNECTOR_H
-#define GRPC_INTERNAL_CORE_HTTPCLI_HTTPCLI_SECURITY_CONNECTOR_H
-
-#include "src/core/security/security_connector.h"
-
-grpc_security_status grpc_httpcli_ssl_channel_security_connector_create(
- const unsigned char *pem_root_certs, size_t pem_root_certs_size,
- const char *secure_peer_name, grpc_channel_security_connector **sc);
-
-#endif /* GRPC_INTERNAL_CORE_HTTPCLI_HTTPCLI_SECURITY_CONNECTOR_H */
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c
index 2239f57378..6421ce673d 100644
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@@ -685,7 +685,7 @@ static void service_account_fetch_oauth2(
request.path = GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH;
request.hdr_count = 1;
request.hdrs = &header;
- request.use_ssl = 1;
+ request.handshaker = &grpc_httpcli_ssl;
grpc_httpcli_post(httpcli_context, pollset, &request, body, strlen(body),
deadline, response_cb, metadata_req);
gpr_free(body);
@@ -744,7 +744,7 @@ static void refresh_token_fetch_oauth2(
request.path = GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH;
request.hdr_count = 1;
request.hdrs = &header;
- request.use_ssl = 1;
+ request.handshaker = &grpc_httpcli_ssl;
grpc_httpcli_post(httpcli_context, pollset, &request, body, strlen(body),
deadline, response_cb, metadata_req);
gpr_free(body);
diff --git a/src/core/security/jwt_verifier.c b/src/core/security/jwt_verifier.c
index 1276693da7..38ad134a6a 100644
--- a/src/core/security/jwt_verifier.c
+++ b/src/core/security/jwt_verifier.c
@@ -628,7 +628,7 @@ static void on_openid_config_retrieved(void *user_data,
goto error;
}
jwks_uri += 8;
- req.use_ssl = 1;
+ req.handshaker = &grpc_httpcli_ssl;
req.host = gpr_strdup(jwks_uri);
req.path = strchr(jwks_uri, '/');
if (req.path == NULL) {
@@ -685,7 +685,7 @@ static void retrieve_key_and_verify(verifier_cb_ctx *ctx) {
const char *iss;
grpc_httpcli_request req;
memset(&req, 0, sizeof(grpc_httpcli_request));
- req.use_ssl = 1;
+ req.handshaker = &grpc_httpcli_ssl;
GPR_ASSERT(ctx != NULL && ctx->header != NULL && ctx->claims != NULL);
iss = ctx->claims->iss;