3 files changed, 78 insertions, 1 deletions

diff --git a/src/cpp/server/insecure_server_credentials.cc b/src/cpp/server/insecure_server_credentials.cc
index 800cd36caa..96458477f0 100644
--- a/src/cpp/server/insecure_server_credentials.cc
+++ b/src/cpp/server/insecure_server_credentials.cc
@@ -43,6 +43,8 @@ class InsecureServerCredentialsImpl GRPC_FINAL : public ServerCredentials {
                       grpc_server* server) GRPC_OVERRIDE {
     return grpc_server_add_insecure_http2_port(server, addr.c_str());
   }
+  void SetAuthMetadataProcessor(
+      const std::shared_ptr<AuthMetadataProcessor>& processor) GRPC_OVERRIDE {}
 };
 }  // namespace
 
diff --git a/src/cpp/server/secure_server_credentials.cc b/src/cpp/server/secure_server_credentials.cc
index 32c45e2280..bdb7ba6e48 100644
--- a/src/cpp/server/secure_server_credentials.cc
+++ b/src/cpp/server/secure_server_credentials.cc
@@ -31,15 +31,65 @@
  *
  */
 
+#include <functional>
+#include <map>
+#include <memory>
+
+
+#include "src/cpp/common/secure_auth_context.h"
 #include "src/cpp/server/secure_server_credentials.h"
 
+#include <grpc++/auth_metadata_processor.h>
+
 namespace grpc {
 
+void AuthMetadataProcessorAyncWrapper::Process(
+    void* self, grpc_auth_context* context, const grpc_metadata* md,
+    size_t md_count, grpc_process_auth_metadata_done_cb cb, void* user_data) {
+  AuthMetadataProcessorAyncWrapper* instance =
+      reinterpret_cast<AuthMetadataProcessorAyncWrapper*>(self);
+  instance->thread_pool_->Add(
+      std::bind(&AuthMetadataProcessorAyncWrapper::ProcessAsync, instance,
+                context, md, md_count, cb, user_data));
+}
+
+void AuthMetadataProcessorAyncWrapper::ProcessAsync(
+    grpc_auth_context* ctx, const grpc_metadata* md, size_t md_count,
+    grpc_process_auth_metadata_done_cb cb, void* user_data) {
+  SecureAuthContext context(ctx);
+  std::multimap<grpc::string, grpc::string> metadata;
+  for (size_t i = 0; i < md_count; i++) {
+    metadata.insert(std::make_pair(
+        md[i].key, grpc::string(md[i].value, md[i].value_length)));
+  }
+  std::multimap<grpc::string, grpc::string> consumed_metadata;
+  bool ok = processor_->Process(metadata, &context, &consumed_metadata);
+  if (ok) {
+    std::vector<grpc_metadata> consumed_md(consumed_metadata.size());
+    for (const auto& entry : consumed_metadata) {
+      consumed_md.push_back({entry.first.c_str(),
+                             entry.second.data(),
+                             entry.second.size(),
+                             {{nullptr, nullptr, nullptr}}});
+    }
+    cb(user_data, &consumed_md[0], consumed_md.size(), 1);
+  } else {
+    cb(user_data, nullptr, 0, 0);
+  }
+}
+
 int SecureServerCredentials::AddPortToServer(
     const grpc::string& addr, grpc_server* server) {
   return grpc_server_add_secure_http2_port(server, addr.c_str(), creds_);
 }
 
+void SecureServerCredentials::SetAuthMetadataProcessor(
+    const std::shared_ptr<AuthMetadataProcessor>& processor) {
+  processor_.reset(new AuthMetadataProcessorAyncWrapper(processor));
+  grpc_server_credentials_set_auth_metadata_processor(
+      creds_, {AuthMetadataProcessorAyncWrapper::Process, processor_.get()});
+}
+
 std::shared_ptr<ServerCredentials> SslServerCredentials(
     const SslServerCredentialsOptions& options) {
   std::vector<grpc_ssl_pem_key_cert_pair> pem_key_cert_pairs;
diff --git a/src/cpp/server/secure_server_credentials.h b/src/cpp/server/secure_server_credentials.h
index b9803f107e..2707336d7f 100644
--- a/src/cpp/server/secure_server_credentials.h
+++ b/src/cpp/server/secure_server_credentials.h
@@ -34,12 +34,33 @@
 #ifndef GRPC_INTERNAL_CPP_SERVER_SECURE_SERVER_CREDENTIALS_H
 #define GRPC_INTERNAL_CPP_SERVER_SECURE_SERVER_CREDENTIALS_H
 
+#include <memory>
+
 #include <grpc/grpc_security.h>
 
 #include <grpc++/server_credentials.h>
+#include <grpc++/thread_pool_interface.h>
 
 namespace grpc {
 
+class AuthMetadataProcessorAyncWrapper GRPC_FINAL {
+ public:
+  static void Process(void* self, grpc_auth_context* context,
+                      const grpc_metadata* md, size_t md_count,
+                      grpc_process_auth_metadata_done_cb cb, void* user_data);
+
+  AuthMetadataProcessorAyncWrapper(
+      const std::shared_ptr<AuthMetadataProcessor>& processor)
+      : thread_pool_(CreateDefaultThreadPool()), processor_(processor) {}
+
+ private:
+  void ProcessAsync(grpc_auth_context* context, const grpc_metadata* md,
+                    size_t md_count, grpc_process_auth_metadata_done_cb cb,
+                    void* user_data);
+  std::unique_ptr<ThreadPoolInterface> thread_pool_;
+  std::shared_ptr<AuthMetadataProcessor> processor_;
+};
+
 class SecureServerCredentials GRPC_FINAL : public ServerCredentials {
  public:
   explicit SecureServerCredentials(grpc_server_credentials* creds)
@@ -51,8 +72,12 @@ class SecureServerCredentials GRPC_FINAL : public ServerCredentials {
   int AddPortToServer(const grpc::string& addr,
                       grpc_server* server) GRPC_OVERRIDE;
 
+  void SetAuthMetadataProcessor(
+      const std::shared_ptr<AuthMetadataProcessor>& processor) GRPC_OVERRIDE;
+
  private:
-  grpc_server_credentials* const creds_;
+  grpc_server_credentials* creds_;
+  std::unique_ptr<AuthMetadataProcessorAyncWrapper> processor_;
 };
 
 }  // namespace grpc