diff options
Diffstat (limited to 'src')
85 files changed, 1533 insertions, 1138 deletions
diff --git a/src/core/security/client_auth_filter.c b/src/core/security/client_auth_filter.c index c780b65873..be2522a7a0 100644 --- a/src/core/security/client_auth_filter.c +++ b/src/core/security/client_auth_filter.c @@ -50,7 +50,7 @@ /* We can have a per-call credentials. */ typedef struct { - grpc_credentials *creds; + grpc_call_credentials *creds; grpc_mdstr *host; grpc_mdstr *method; /* pollset bound to this call; if we need to make external @@ -143,39 +143,35 @@ static void send_security_metadata(grpc_exec_ctx *exec_ctx, channel_data *chand = elem->channel_data; grpc_client_security_context *ctx = (grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY].value; - grpc_credentials *channel_creds = + grpc_call_credentials *channel_call_creds = chand->security_connector->request_metadata_creds; - int channel_creds_has_md = - (channel_creds != NULL) && - grpc_credentials_has_request_metadata(channel_creds); - int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) && - grpc_credentials_has_request_metadata(ctx->creds); + int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL); - if (!channel_creds_has_md && !call_creds_has_md) { + if (channel_call_creds == NULL && !call_creds_has_md) { /* Skip sending metadata altogether. */ grpc_call_next_op(exec_ctx, elem, op); return; } - if (channel_creds_has_md && call_creds_has_md) { - calld->creds = - grpc_composite_credentials_create(channel_creds, ctx->creds, NULL); + if (channel_call_creds != NULL && call_creds_has_md) { + calld->creds = grpc_composite_call_credentials_create(channel_call_creds, + ctx->creds, NULL); if (calld->creds == NULL) { bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT, "Incompatible credentials set on channel and call."); return; } } else { - calld->creds = - grpc_credentials_ref(call_creds_has_md ? ctx->creds : channel_creds); + calld->creds = grpc_call_credentials_ref( + call_creds_has_md ? ctx->creds : channel_call_creds); } build_service_url(chand->security_connector->base.url_scheme, calld); calld->op = *op; /* Copy op (originates from the caller's stack). */ GPR_ASSERT(calld->pollset); - grpc_credentials_get_request_metadata(exec_ctx, calld->creds, calld->pollset, - calld->service_url, - on_credentials_metadata, elem); + grpc_call_credentials_get_request_metadata(exec_ctx, calld->creds, + calld->pollset, calld->service_url, + on_credentials_metadata, elem); } static void on_host_checked(grpc_exec_ctx *exec_ctx, void *user_data, @@ -282,7 +278,7 @@ static void set_pollset(grpc_exec_ctx *exec_ctx, grpc_call_element *elem, static void destroy_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem) { call_data *calld = elem->call_data; - grpc_credentials_unref(calld->creds); + grpc_call_credentials_unref(calld->creds); if (calld->host != NULL) { GRPC_MDSTR_UNREF(calld->host); } diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c index 2a8ffae5d7..3db531cd35 100644 --- a/src/core/security/credentials.c +++ b/src/core/security/credentials.c @@ -54,18 +54,18 @@ /* -- Common. -- */ struct grpc_credentials_metadata_request { - grpc_credentials *creds; + grpc_call_credentials *creds; grpc_credentials_metadata_cb cb; void *user_data; }; static grpc_credentials_metadata_request * -grpc_credentials_metadata_request_create(grpc_credentials *creds, +grpc_credentials_metadata_request_create(grpc_call_credentials *creds, grpc_credentials_metadata_cb cb, void *user_data) { grpc_credentials_metadata_request *r = gpr_malloc(sizeof(grpc_credentials_metadata_request)); - r->creds = grpc_credentials_ref(creds); + r->creds = grpc_call_credentials_ref(creds); r->cb = cb; r->user_data = user_data; return r; @@ -73,44 +73,53 @@ grpc_credentials_metadata_request_create(grpc_credentials *creds, static void grpc_credentials_metadata_request_destroy( grpc_credentials_metadata_request *r) { - grpc_credentials_unref(r->creds); + grpc_call_credentials_unref(r->creds); gpr_free(r); } -grpc_credentials *grpc_credentials_ref(grpc_credentials *creds) { +grpc_channel_credentials *grpc_channel_credentials_ref( + grpc_channel_credentials *creds) { if (creds == NULL) return NULL; gpr_ref(&creds->refcount); return creds; } -void grpc_credentials_unref(grpc_credentials *creds) { +void grpc_channel_credentials_unref(grpc_channel_credentials *creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { - creds->vtable->destruct(creds); + if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); gpr_free(creds); } } -void grpc_credentials_release(grpc_credentials *creds) { - GRPC_API_TRACE("grpc_credentials_release(creds=%p)", 1, (creds)); - grpc_credentials_unref(creds); +void grpc_channel_credentials_release(grpc_channel_credentials *creds) { + GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds)); + grpc_channel_credentials_unref(creds); } -int grpc_credentials_has_request_metadata(grpc_credentials *creds) { - if (creds == NULL) return 0; - return creds->vtable->has_request_metadata(creds); +grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) { + if (creds == NULL) return NULL; + gpr_ref(&creds->refcount); + return creds; } -int grpc_credentials_has_request_metadata_only(grpc_credentials *creds) { - if (creds == NULL) return 0; - return creds->vtable->has_request_metadata_only(creds); +void grpc_call_credentials_unref(grpc_call_credentials *creds) { + if (creds == NULL) return; + if (gpr_unref(&creds->refcount)) { + if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); + gpr_free(creds); + } } -void grpc_credentials_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, +void grpc_call_credentials_release(grpc_call_credentials *creds) { + GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds)); + grpc_call_credentials_unref(creds); +} + +void grpc_call_credentials_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { - if (creds == NULL || !grpc_credentials_has_request_metadata(creds) || - creds->vtable->get_request_metadata == NULL) { + if (creds == NULL || creds->vtable->get_request_metadata == NULL) { if (cb != NULL) { cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); } @@ -120,19 +129,17 @@ void grpc_credentials_get_request_metadata( user_data); } -grpc_security_status grpc_credentials_create_security_connector( - grpc_credentials *creds, const char *target, const grpc_channel_args *args, - grpc_credentials *request_metadata_creds, - grpc_channel_security_connector **sc, grpc_channel_args **new_args) { +grpc_security_status grpc_channel_credentials_create_security_connector( + grpc_channel_credentials *channel_creds, const char *target, + const grpc_channel_args *args, grpc_channel_security_connector **sc, + grpc_channel_args **new_args) { *new_args = NULL; - if (creds == NULL || creds->vtable->create_security_connector == NULL || - grpc_credentials_has_request_metadata_only(creds)) { - gpr_log(GPR_ERROR, - "Invalid credentials for creating a security connector."); + if (channel_creds == NULL) { return GRPC_SECURITY_ERROR; } - return creds->vtable->create_security_connector( - creds, target, args, request_metadata_creds, sc, new_args); + GPR_ASSERT(channel_creds->vtable->create_security_connector != NULL); + return channel_creds->vtable->create_security_connector( + channel_creds, NULL, target, args, sc, new_args); } grpc_server_credentials *grpc_server_credentials_ref( @@ -145,7 +152,7 @@ grpc_server_credentials *grpc_server_credentials_ref( void grpc_server_credentials_unref(grpc_server_credentials *creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { - creds->vtable->destruct(creds); + if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); if (creds->processor.destroy != NULL && creds->processor.state != NULL) { creds->processor.destroy(creds->processor.state); } @@ -224,7 +231,7 @@ grpc_server_credentials *grpc_find_server_credentials_in_args( /* -- Ssl credentials. -- */ -static void ssl_destruct(grpc_credentials *creds) { +static void ssl_destruct(grpc_channel_credentials *creds) { grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs); if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key); @@ -253,15 +260,9 @@ static void ssl_server_destruct(grpc_server_credentials *creds) { if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs); } -static int ssl_has_request_metadata(const grpc_credentials *creds) { return 0; } - -static int ssl_has_request_metadata_only(const grpc_credentials *creds) { - return 0; -} - static grpc_security_status ssl_create_security_connector( - grpc_credentials *creds, const char *target, const grpc_channel_args *args, - grpc_credentials *request_metadata_creds, + grpc_channel_credentials *creds, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, grpc_channel_security_connector **sc, grpc_channel_args **new_args) { grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; grpc_security_status status = GRPC_SECURITY_OK; @@ -278,7 +279,7 @@ static grpc_security_status ssl_create_security_connector( } } status = grpc_ssl_channel_security_connector_create( - request_metadata_creds, &c->config, target, overridden_target_name, sc); + call_creds, &c->config, target, overridden_target_name, sc); if (status != GRPC_SECURITY_OK) { return status; } @@ -295,9 +296,8 @@ static grpc_security_status ssl_server_create_security_connector( return grpc_ssl_server_security_connector_create(&c->config, sc); } -static grpc_credentials_vtable ssl_vtable = { - ssl_destruct, ssl_has_request_metadata, ssl_has_request_metadata_only, NULL, - ssl_create_security_connector}; +static grpc_channel_credentials_vtable ssl_vtable = { + ssl_destruct, ssl_create_security_connector}; static grpc_server_credentials_vtable ssl_server_vtable = { ssl_server_destruct, ssl_server_create_security_connector}; @@ -362,7 +362,7 @@ static void ssl_build_server_config( } } -grpc_credentials *grpc_ssl_credentials_create( +grpc_channel_credentials *grpc_ssl_credentials_create( const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, void *reserved) { grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials)); @@ -373,7 +373,7 @@ grpc_credentials *grpc_ssl_credentials_create( 3, (pem_root_certs, pem_key_cert_pair, reserved)); GPR_ASSERT(reserved == NULL); memset(c, 0, sizeof(grpc_ssl_credentials)); - c->base.type = GRPC_CREDENTIALS_TYPE_SSL; + c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL; c->base.vtable = &ssl_vtable; gpr_ref_init(&c->base.refcount, 1); ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config); @@ -393,7 +393,7 @@ grpc_server_credentials *grpc_ssl_server_credentials_create( force_client_auth, reserved)); GPR_ASSERT(reserved == NULL); memset(c, 0, sizeof(grpc_ssl_server_credentials)); - c->base.type = GRPC_CREDENTIALS_TYPE_SSL; + c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL; gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &ssl_server_vtable; ssl_build_server_config(pem_root_certs, pem_key_cert_pairs, @@ -415,7 +415,7 @@ static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) { c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); } -static void jwt_destruct(grpc_credentials *creds) { +static void jwt_destruct(grpc_call_credentials *creds) { grpc_service_account_jwt_access_credentials *c = (grpc_service_account_jwt_access_credentials *)creds; grpc_auth_json_key_destruct(&c->key); @@ -423,14 +423,8 @@ static void jwt_destruct(grpc_credentials *creds) { gpr_mu_destroy(&c->cache_mu); } -static int jwt_has_request_metadata(const grpc_credentials *creds) { return 1; } - -static int jwt_has_request_metadata_only(const grpc_credentials *creds) { - return 1; -} - static void jwt_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { grpc_service_account_jwt_access_credentials *c = (grpc_service_account_jwt_access_credentials *)creds; @@ -483,11 +477,10 @@ static void jwt_get_request_metadata( } } -static grpc_credentials_vtable jwt_vtable = { - jwt_destruct, jwt_has_request_metadata, jwt_has_request_metadata_only, - jwt_get_request_metadata, NULL}; +static grpc_call_credentials_vtable jwt_vtable = {jwt_destruct, + jwt_get_request_metadata}; -grpc_credentials * +grpc_call_credentials * grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_auth_json_key key, gpr_timespec token_lifetime) { grpc_service_account_jwt_access_credentials *c; @@ -497,7 +490,7 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( } c = gpr_malloc(sizeof(grpc_service_account_jwt_access_credentials)); memset(c, 0, sizeof(grpc_service_account_jwt_access_credentials)); - c->base.type = GRPC_CREDENTIALS_TYPE_JWT; + c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT; gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &jwt_vtable; c->key = key; @@ -507,7 +500,7 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( return &c->base; } -grpc_credentials *grpc_service_account_jwt_access_credentials_create( +grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( const char *json_key, gpr_timespec token_lifetime, void *reserved) { GRPC_API_TRACE( "grpc_service_account_jwt_access_credentials_create(" @@ -524,7 +517,7 @@ grpc_credentials *grpc_service_account_jwt_access_credentials_create( /* -- Oauth2TokenFetcher credentials -- */ -static void oauth2_token_fetcher_destruct(grpc_credentials *creds) { +static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) { grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *)creds; grpc_credentials_md_store_unref(c->access_token_md); @@ -532,16 +525,6 @@ static void oauth2_token_fetcher_destruct(grpc_credentials *creds) { grpc_httpcli_context_destroy(&c->httpcli_context); } -static int oauth2_token_fetcher_has_request_metadata( - const grpc_credentials *creds) { - return 1; -} - -static int oauth2_token_fetcher_has_request_metadata_only( - const grpc_credentials *creds) { - return 1; -} - grpc_credentials_status grpc_oauth2_token_fetcher_credentials_parse_server_response( const grpc_httpcli_response *response, grpc_credentials_md_store **token_md, @@ -659,8 +642,9 @@ static void on_oauth2_token_fetcher_http_response( } static void oauth2_token_fetcher_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, - const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, + grpc_pollset *pollset, const char *service_url, + grpc_credentials_metadata_cb cb, void *user_data) { grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *)creds; gpr_timespec refresh_threshold = gpr_time_from_seconds( @@ -693,7 +677,7 @@ static void oauth2_token_fetcher_get_request_metadata( static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c, grpc_fetch_oauth2_func fetch_func) { memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials)); - c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; + c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2; gpr_ref_init(&c->base.refcount, 1); gpr_mu_init(&c->mu); c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); @@ -703,10 +687,8 @@ static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c, /* -- GoogleComputeEngine credentials. -- */ -static grpc_credentials_vtable compute_engine_vtable = { - oauth2_token_fetcher_destruct, oauth2_token_fetcher_has_request_metadata, - oauth2_token_fetcher_has_request_metadata_only, - oauth2_token_fetcher_get_request_metadata, NULL}; +static grpc_call_credentials_vtable compute_engine_vtable = { + oauth2_token_fetcher_destruct, oauth2_token_fetcher_get_request_metadata}; static void compute_engine_fetch_oauth2( grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req, @@ -723,7 +705,7 @@ static void compute_engine_fetch_oauth2( response_cb, metadata_req); } -grpc_credentials *grpc_google_compute_engine_credentials_create( +grpc_call_credentials *grpc_google_compute_engine_credentials_create( void *reserved) { grpc_oauth2_token_fetcher_credentials *c = gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials)); @@ -737,17 +719,15 @@ grpc_credentials *grpc_google_compute_engine_credentials_create( /* -- GoogleRefreshToken credentials. -- */ -static void refresh_token_destruct(grpc_credentials *creds) { +static void refresh_token_destruct(grpc_call_credentials *creds) { grpc_google_refresh_token_credentials *c = (grpc_google_refresh_token_credentials *)creds; grpc_auth_refresh_token_destruct(&c->refresh_token); oauth2_token_fetcher_destruct(&c->base.base); } -static grpc_credentials_vtable refresh_token_vtable = { - refresh_token_destruct, oauth2_token_fetcher_has_request_metadata, - oauth2_token_fetcher_has_request_metadata_only, - oauth2_token_fetcher_get_request_metadata, NULL}; +static grpc_call_credentials_vtable refresh_token_vtable = { + refresh_token_destruct, oauth2_token_fetcher_get_request_metadata}; static void refresh_token_fetch_oauth2( grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req, @@ -773,7 +753,8 @@ static void refresh_token_fetch_oauth2( gpr_free(body); } -grpc_credentials *grpc_refresh_token_credentials_create_from_auth_refresh_token( +grpc_call_credentials * +grpc_refresh_token_credentials_create_from_auth_refresh_token( grpc_auth_refresh_token refresh_token) { grpc_google_refresh_token_credentials *c; if (!grpc_auth_refresh_token_is_valid(&refresh_token)) { @@ -788,7 +769,7 @@ grpc_credentials *grpc_refresh_token_credentials_create_from_auth_refresh_token( return &c->base.base; } -grpc_credentials *grpc_google_refresh_token_credentials_create( +grpc_call_credentials *grpc_google_refresh_token_credentials_create( const char *json_refresh_token, void *reserved) { GRPC_API_TRACE( "grpc_refresh_token_credentials_create(json_refresh_token=%s, " @@ -801,20 +782,11 @@ grpc_credentials *grpc_google_refresh_token_credentials_create( /* -- Metadata-only credentials. -- */ -static void md_only_test_destruct(grpc_credentials *creds) { +static void md_only_test_destruct(grpc_call_credentials *creds) { grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; grpc_credentials_md_store_unref(c->md_store); } -static int md_only_test_has_request_metadata(const grpc_credentials *creds) { - return 1; -} - -static int md_only_test_has_request_metadata_only( - const grpc_credentials *creds) { - return 1; -} - static void on_simulated_token_fetch_done(void *user_data) { grpc_credentials_metadata_request *r = (grpc_credentials_metadata_request *)user_data; @@ -827,7 +799,7 @@ static void on_simulated_token_fetch_done(void *user_data) { } static void md_only_test_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds; @@ -841,18 +813,15 @@ static void md_only_test_get_request_metadata( } } -static grpc_credentials_vtable md_only_test_vtable = { - md_only_test_destruct, md_only_test_has_request_metadata, - md_only_test_has_request_metadata_only, md_only_test_get_request_metadata, - NULL}; +static grpc_call_credentials_vtable md_only_test_vtable = { + md_only_test_destruct, md_only_test_get_request_metadata}; -grpc_credentials *grpc_md_only_test_credentials_create(const char *md_key, - const char *md_value, - int is_async) { +grpc_call_credentials *grpc_md_only_test_credentials_create( + const char *md_key, const char *md_value, int is_async) { grpc_md_only_test_credentials *c = gpr_malloc(sizeof(grpc_md_only_test_credentials)); memset(c, 0, sizeof(grpc_md_only_test_credentials)); - c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; + c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2; c->base.vtable = &md_only_test_vtable; gpr_ref_init(&c->base.refcount, 1); c->md_store = grpc_credentials_md_store_create(1); @@ -863,34 +832,23 @@ grpc_credentials *grpc_md_only_test_credentials_create(const char *md_key, /* -- Oauth2 Access Token credentials. -- */ -static void access_token_destruct(grpc_credentials *creds) { +static void access_token_destruct(grpc_call_credentials *creds) { grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; grpc_credentials_md_store_unref(c->access_token_md); } -static int access_token_has_request_metadata(const grpc_credentials *creds) { - return 1; -} - -static int access_token_has_request_metadata_only( - const grpc_credentials *creds) { - return 1; -} - static void access_token_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds; cb(exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK); } -static grpc_credentials_vtable access_token_vtable = { - access_token_destruct, access_token_has_request_metadata, - access_token_has_request_metadata_only, access_token_get_request_metadata, - NULL}; +static grpc_call_credentials_vtable access_token_vtable = { + access_token_destruct, access_token_get_request_metadata}; -grpc_credentials *grpc_access_token_credentials_create(const char *access_token, - void *reserved) { +grpc_call_credentials *grpc_access_token_credentials_create( + const char *access_token, void *reserved) { grpc_access_token_credentials *c = gpr_malloc(sizeof(grpc_access_token_credentials)); char *token_md_value; @@ -900,7 +858,7 @@ grpc_credentials *grpc_access_token_credentials_create(const char *access_token, 2, (access_token, reserved)); GPR_ASSERT(reserved == NULL); memset(c, 0, sizeof(grpc_access_token_credentials)); - c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; + c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2; c->base.vtable = &access_token_vtable; gpr_ref_init(&c->base.refcount, 1); c->access_token_md = grpc_credentials_md_store_create(1); @@ -913,31 +871,11 @@ grpc_credentials *grpc_access_token_credentials_create(const char *access_token, /* -- Fake transport security credentials. -- */ -static void fake_transport_security_credentials_destruct( - grpc_credentials *creds) { - /* Nothing to do here. */ -} - -static void fake_transport_security_server_credentials_destruct( - grpc_server_credentials *creds) { - /* Nothing to do here. */ -} - -static int fake_transport_security_has_request_metadata( - const grpc_credentials *creds) { - return 0; -} - -static int fake_transport_security_has_request_metadata_only( - const grpc_credentials *creds) { - return 0; -} - static grpc_security_status fake_transport_security_create_security_connector( - grpc_credentials *c, const char *target, const grpc_channel_args *args, - grpc_credentials *request_metadata_creds, + grpc_channel_credentials *c, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, grpc_channel_security_connector **sc, grpc_channel_args **new_args) { - *sc = grpc_fake_channel_security_connector_create(request_metadata_creds, 1); + *sc = grpc_fake_channel_security_connector_create(call_creds, 1); return GRPC_SECURITY_OK; } @@ -948,21 +886,19 @@ fake_transport_security_server_create_security_connector( return GRPC_SECURITY_OK; } -static grpc_credentials_vtable fake_transport_security_credentials_vtable = { - fake_transport_security_credentials_destruct, - fake_transport_security_has_request_metadata, - fake_transport_security_has_request_metadata_only, NULL, - fake_transport_security_create_security_connector}; +static grpc_channel_credentials_vtable + fake_transport_security_credentials_vtable = { + NULL, fake_transport_security_create_security_connector}; static grpc_server_credentials_vtable fake_transport_security_server_credentials_vtable = { - fake_transport_security_server_credentials_destruct, - fake_transport_security_server_create_security_connector}; + NULL, fake_transport_security_server_create_security_connector}; -grpc_credentials *grpc_fake_transport_security_credentials_create(void) { - grpc_credentials *c = gpr_malloc(sizeof(grpc_credentials)); - memset(c, 0, sizeof(grpc_credentials)); - c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; +grpc_channel_credentials *grpc_fake_transport_security_credentials_create( + void) { + grpc_channel_credentials *c = gpr_malloc(sizeof(grpc_channel_credentials)); + memset(c, 0, sizeof(grpc_channel_credentials)); + c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; c->vtable = &fake_transport_security_credentials_vtable; gpr_ref_init(&c->refcount, 1); return c; @@ -972,69 +908,46 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( void) { grpc_server_credentials *c = gpr_malloc(sizeof(grpc_server_credentials)); memset(c, 0, sizeof(grpc_server_credentials)); - c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; + c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; gpr_ref_init(&c->refcount, 1); c->vtable = &fake_transport_security_server_credentials_vtable; return c; } -/* -- Composite credentials. -- */ +/* -- Composite call credentials. -- */ typedef struct { - grpc_composite_credentials *composite_creds; + grpc_composite_call_credentials *composite_creds; size_t creds_index; grpc_credentials_md_store *md_elems; char *service_url; void *user_data; grpc_pollset *pollset; grpc_credentials_metadata_cb cb; -} grpc_composite_credentials_metadata_context; +} grpc_composite_call_credentials_metadata_context; -static void composite_destruct(grpc_credentials *creds) { - grpc_composite_credentials *c = (grpc_composite_credentials *)creds; +static void composite_call_destruct(grpc_call_credentials *creds) { + grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; size_t i; for (i = 0; i < c->inner.num_creds; i++) { - grpc_credentials_unref(c->inner.creds_array[i]); + grpc_call_credentials_unref(c->inner.creds_array[i]); } gpr_free(c->inner.creds_array); } -static int composite_has_request_metadata(const grpc_credentials *creds) { - const grpc_composite_credentials *c = - (const grpc_composite_credentials *)creds; - size_t i; - for (i = 0; i < c->inner.num_creds; i++) { - if (grpc_credentials_has_request_metadata(c->inner.creds_array[i])) { - return 1; - } - } - return 0; -} - -static int composite_has_request_metadata_only(const grpc_credentials *creds) { - const grpc_composite_credentials *c = - (const grpc_composite_credentials *)creds; - size_t i; - for (i = 0; i < c->inner.num_creds; i++) { - if (!grpc_credentials_has_request_metadata_only(c->inner.creds_array[i])) { - return 0; - } - } - return 1; -} - -static void composite_md_context_destroy( - grpc_composite_credentials_metadata_context *ctx) { +static void composite_call_md_context_destroy( + grpc_composite_call_credentials_metadata_context *ctx) { grpc_credentials_md_store_unref(ctx->md_elems); if (ctx->service_url != NULL) gpr_free(ctx->service_url); gpr_free(ctx); } -static void composite_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, - grpc_credentials_md *md_elems, size_t num_md, - grpc_credentials_status status) { - grpc_composite_credentials_metadata_context *ctx = - (grpc_composite_credentials_metadata_context *)user_data; +static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, + grpc_credentials_md *md_elems, + size_t num_md, + grpc_credentials_status status) { + grpc_composite_call_credentials_metadata_context *ctx = + (grpc_composite_call_credentials_metadata_context *)user_data; if (status != GRPC_CREDENTIALS_OK) { ctx->cb(exec_ctx, ctx->user_data, NULL, 0, status); return; @@ -1050,158 +963,111 @@ static void composite_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, } /* See if we need to get some more metadata. */ - while (ctx->creds_index < ctx->composite_creds->inner.num_creds) { - grpc_credentials *inner_creds = + if (ctx->creds_index < ctx->composite_creds->inner.num_creds) { + grpc_call_credentials *inner_creds = ctx->composite_creds->inner.creds_array[ctx->creds_index++]; - if (grpc_credentials_has_request_metadata(inner_creds)) { - grpc_credentials_get_request_metadata(exec_ctx, inner_creds, ctx->pollset, - ctx->service_url, - composite_metadata_cb, ctx); - return; - } + grpc_call_credentials_get_request_metadata(exec_ctx, inner_creds, + ctx->pollset, ctx->service_url, + composite_call_metadata_cb, ctx); + return; } /* We're done!. */ ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries, ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK); - composite_md_context_destroy(ctx); + composite_call_md_context_destroy(ctx); } -static void composite_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, +static void composite_call_get_request_metadata( + grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { - grpc_composite_credentials *c = (grpc_composite_credentials *)creds; - grpc_composite_credentials_metadata_context *ctx; - if (!grpc_credentials_has_request_metadata(creds)) { - cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); - return; - } - ctx = gpr_malloc(sizeof(grpc_composite_credentials_metadata_context)); - memset(ctx, 0, sizeof(grpc_composite_credentials_metadata_context)); + grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; + grpc_composite_call_credentials_metadata_context *ctx; + + ctx = gpr_malloc(sizeof(grpc_composite_call_credentials_metadata_context)); + memset(ctx, 0, sizeof(grpc_composite_call_credentials_metadata_context)); ctx->service_url = gpr_strdup(service_url); ctx->user_data = user_data; ctx->cb = cb; ctx->composite_creds = c; ctx->pollset = pollset; ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds); - while (ctx->creds_index < c->inner.num_creds) { - grpc_credentials *inner_creds = c->inner.creds_array[ctx->creds_index++]; - if (grpc_credentials_has_request_metadata(inner_creds)) { - grpc_credentials_get_request_metadata(exec_ctx, inner_creds, pollset, - service_url, composite_metadata_cb, - ctx); - return; - } - } - GPR_ASSERT(0); /* Should have exited before. */ + grpc_call_credentials_get_request_metadata( + exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset, service_url, + composite_call_metadata_cb, ctx); } -static grpc_security_status composite_create_security_connector( - grpc_credentials *creds, const char *target, const grpc_channel_args *args, - grpc_credentials *request_metadata_creds, - grpc_channel_security_connector **sc, grpc_channel_args **new_args) { - grpc_composite_credentials *c = (grpc_composite_credentials *)creds; - if (c->connector_creds == NULL) { - gpr_log(GPR_ERROR, - "Cannot create security connector, missing connector credentials."); - return GRPC_SECURITY_ERROR; - } - return grpc_credentials_create_security_connector(c->connector_creds, target, - args, creds, sc, new_args); -} +static grpc_call_credentials_vtable composite_call_credentials_vtable = { + composite_call_destruct, composite_call_get_request_metadata}; -static grpc_credentials_vtable composite_credentials_vtable = { - composite_destruct, composite_has_request_metadata, - composite_has_request_metadata_only, composite_get_request_metadata, - composite_create_security_connector}; - -static grpc_credentials_array get_creds_array(grpc_credentials **creds_addr) { - grpc_credentials_array result; - grpc_credentials *creds = *creds_addr; +static grpc_call_credentials_array get_creds_array( + grpc_call_credentials **creds_addr) { + grpc_call_credentials_array result; + grpc_call_credentials *creds = *creds_addr; result.creds_array = creds_addr; result.num_creds = 1; - if (strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) { - result = *grpc_composite_credentials_get_credentials(creds); + if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { + result = *grpc_composite_call_credentials_get_credentials(creds); } return result; } -grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1, - grpc_credentials *creds2, - void *reserved) { +grpc_call_credentials *grpc_composite_call_credentials_create( + grpc_call_credentials *creds1, grpc_call_credentials *creds2, + void *reserved) { size_t i; size_t creds_array_byte_size; - grpc_credentials_array creds1_array; - grpc_credentials_array creds2_array; - grpc_composite_credentials *c; + grpc_call_credentials_array creds1_array; + grpc_call_credentials_array creds2_array; + grpc_composite_call_credentials *c; GRPC_API_TRACE( - "grpc_composite_credentials_create(creds1=%p, creds2=%p, " + "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, " "reserved=%p)", 3, (creds1, creds2, reserved)); GPR_ASSERT(reserved == NULL); GPR_ASSERT(creds1 != NULL); GPR_ASSERT(creds2 != NULL); - c = gpr_malloc(sizeof(grpc_composite_credentials)); - memset(c, 0, sizeof(grpc_composite_credentials)); - c->base.type = GRPC_CREDENTIALS_TYPE_COMPOSITE; - c->base.vtable = &composite_credentials_vtable; + c = gpr_malloc(sizeof(grpc_composite_call_credentials)); + memset(c, 0, sizeof(grpc_composite_call_credentials)); + c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE; + c->base.vtable = &composite_call_credentials_vtable; gpr_ref_init(&c->base.refcount, 1); creds1_array = get_creds_array(&creds1); creds2_array = get_creds_array(&creds2); c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds; - creds_array_byte_size = c->inner.num_creds * sizeof(grpc_credentials *); + creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *); c->inner.creds_array = gpr_malloc(creds_array_byte_size); memset(c->inner.creds_array, 0, creds_array_byte_size); for (i = 0; i < creds1_array.num_creds; i++) { - grpc_credentials *cur_creds = creds1_array.creds_array[i]; - if (!grpc_credentials_has_request_metadata_only(cur_creds)) { - if (c->connector_creds == NULL) { - c->connector_creds = cur_creds; - } else { - gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials."); - goto fail; - } - } - c->inner.creds_array[i] = grpc_credentials_ref(cur_creds); + grpc_call_credentials *cur_creds = creds1_array.creds_array[i]; + c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds); } for (i = 0; i < creds2_array.num_creds; i++) { - grpc_credentials *cur_creds = creds2_array.creds_array[i]; - if (!grpc_credentials_has_request_metadata_only(cur_creds)) { - if (c->connector_creds == NULL) { - c->connector_creds = cur_creds; - } else { - gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials."); - goto fail; - } - } + grpc_call_credentials *cur_creds = creds2_array.creds_array[i]; c->inner.creds_array[i + creds1_array.num_creds] = - grpc_credentials_ref(cur_creds); + grpc_call_credentials_ref(cur_creds); } return &c->base; - -fail: - grpc_credentials_unref(&c->base); - return NULL; } -const grpc_credentials_array *grpc_composite_credentials_get_credentials( - grpc_credentials *creds) { - const grpc_composite_credentials *c = - (const grpc_composite_credentials *)creds; - GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); +const grpc_call_credentials_array * +grpc_composite_call_credentials_get_credentials(grpc_call_credentials *creds) { + const grpc_composite_call_credentials *c = + (const grpc_composite_call_credentials *)creds; + GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0); return &c->inner; } -grpc_credentials *grpc_credentials_contains_type( - grpc_credentials *creds, const char *type, - grpc_credentials **composite_creds) { +grpc_call_credentials *grpc_credentials_contains_type( + grpc_call_credentials *creds, const char *type, + grpc_call_credentials **composite_creds) { size_t i; if (strcmp(creds->type, type) == 0) { if (composite_creds != NULL) *composite_creds = NULL; return creds; - } else if (strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) { - const grpc_credentials_array *inner_creds_array = - grpc_composite_credentials_get_credentials(creds); + } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { + const grpc_call_credentials_array *inner_creds_array = + grpc_composite_call_credentials_get_credentials(creds); for (i = 0; i < inner_creds_array->num_creds; i++) { if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) { if (composite_creds != NULL) *composite_creds = creds; @@ -1214,30 +1080,26 @@ grpc_credentials *grpc_credentials_contains_type( /* -- IAM credentials. -- */ -static void iam_destruct(grpc_credentials *creds) { +static void iam_destruct(grpc_call_credentials *creds) { grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; grpc_credentials_md_store_unref(c->iam_md); } -static int iam_has_request_metadata(const grpc_credentials *creds) { return 1; } - -static int iam_has_request_metadata_only(const grpc_credentials *creds) { - return 1; -} - -static void iam_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, - const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { +static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds, + grpc_pollset *pollset, + const char *service_url, + grpc_credentials_metadata_cb cb, + void *user_data) { grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds; cb(exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries, GRPC_CREDENTIALS_OK); } -static grpc_credentials_vtable iam_vtable = { - iam_destruct, iam_has_request_metadata, iam_has_request_metadata_only, - iam_get_request_metadata, NULL}; +static grpc_call_credentials_vtable iam_vtable = {iam_destruct, + iam_get_request_metadata}; -grpc_credentials *grpc_google_iam_credentials_create( +grpc_call_credentials *grpc_google_iam_credentials_create( const char *token, const char *authority_selector, void *reserved) { grpc_google_iam_credentials *c; GRPC_API_TRACE( @@ -1249,7 +1111,7 @@ grpc_credentials *grpc_google_iam_credentials_create( GPR_ASSERT(authority_selector != NULL); c = gpr_malloc(sizeof(grpc_google_iam_credentials)); memset(c, 0, sizeof(grpc_google_iam_credentials)); - c->base.type = GRPC_CREDENTIALS_TYPE_IAM; + c->base.type = GRPC_CALL_CREDENTIALS_TYPE_IAM; c->base.vtable = &iam_vtable; gpr_ref_init(&c->base.refcount, 1); c->iam_md = grpc_credentials_md_store_create(2); @@ -1267,21 +1129,13 @@ typedef struct { grpc_credentials_metadata_cb cb; } grpc_metadata_plugin_request; -static void plugin_destruct(grpc_credentials *creds) { +static void plugin_destruct(grpc_call_credentials *creds) { grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; if (c->plugin.state != NULL && c->plugin.destroy != NULL) { c->plugin.destroy(c->plugin.state); } } -static int plugin_has_request_metadata(const grpc_credentials *creds) { - return 1; -} - -static int plugin_has_request_metadata_only(const grpc_credentials *creds) { - return 1; -} - static void plugin_md_request_metadata_ready(void *request, const grpc_metadata *md, size_t num_md, @@ -1320,9 +1174,12 @@ static void plugin_md_request_metadata_ready(void *request, grpc_exec_ctx_finish(&exec_ctx); } -static void plugin_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, - const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { +static void plugin_get_request_metadata(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds, + grpc_pollset *pollset, + const char *service_url, + grpc_credentials_metadata_cb cb, + void *user_data) { grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; if (c->plugin.get_metadata != NULL) { grpc_metadata_plugin_request *request = gpr_malloc(sizeof(*request)); @@ -1336,18 +1193,76 @@ static void plugin_get_request_metadata( } } -static grpc_credentials_vtable plugin_vtable = { - plugin_destruct, plugin_has_request_metadata, - plugin_has_request_metadata_only, plugin_get_request_metadata, NULL}; +static grpc_call_credentials_vtable plugin_vtable = { + plugin_destruct, plugin_get_request_metadata}; -grpc_credentials *grpc_metadata_credentials_create_from_plugin( +grpc_call_credentials *grpc_metadata_credentials_create_from_plugin( grpc_metadata_credentials_plugin plugin, void *reserved) { grpc_plugin_credentials *c = gpr_malloc(sizeof(*c)); + GRPC_API_TRACE("grpc_metadata_credentials_create_from_plugin(reserved=%p)", 1, + (reserved)); GPR_ASSERT(reserved == NULL); memset(c, 0, sizeof(*c)); - c->base.type = GRPC_CREDENTIALS_TYPE_METADATA_PLUGIN; + c->base.type = GRPC_CALL_CREDENTIALS_TYPE_METADATA_PLUGIN; c->base.vtable = &plugin_vtable; gpr_ref_init(&c->base.refcount, 1); c->plugin = plugin; return &c->base; } + +/* -- Composite channel credentials. -- */ + +static void composite_channel_destruct(grpc_channel_credentials *creds) { + grpc_composite_channel_credentials *c = + (grpc_composite_channel_credentials *)creds; + grpc_channel_credentials_unref(c->inner_creds); + grpc_call_credentials_unref(c->call_creds); +} + +static grpc_security_status composite_channel_create_security_connector( + grpc_channel_credentials *creds, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + grpc_composite_channel_credentials *c = + (grpc_composite_channel_credentials *)creds; + grpc_security_status status = GRPC_SECURITY_ERROR; + + GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL && + c->inner_creds->vtable != NULL && + c->inner_creds->vtable->create_security_connector != NULL); + /* If we are passed a call_creds, create a call composite to pass it + downstream. */ + if (call_creds != NULL) { + grpc_call_credentials *composite_call_creds = + grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL); + status = c->inner_creds->vtable->create_security_connector( + c->inner_creds, composite_call_creds, target, args, sc, new_args); + grpc_call_credentials_unref(composite_call_creds); + } else { + status = c->inner_creds->vtable->create_security_connector( + c->inner_creds, c->call_creds, target, args, sc, new_args); + } + return status; +} + +static grpc_channel_credentials_vtable composite_channel_credentials_vtable = { + composite_channel_destruct, composite_channel_create_security_connector}; + +grpc_channel_credentials *grpc_composite_channel_credentials_create( + grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, + void *reserved) { + grpc_composite_channel_credentials *c = gpr_malloc(sizeof(*c)); + memset(c, 0, sizeof(*c)); + GPR_ASSERT(channel_creds != NULL && call_creds != NULL && reserved == NULL); + GRPC_API_TRACE( + "grpc_composite_channel_credentials_create(channel_creds=%p, " + "call_creds=%p, reserved=%p)", + 3, (channel_creds, call_creds, reserved)); + c->base.type = channel_creds->type; + c->base.vtable = &composite_channel_credentials_vtable; + gpr_ref_init(&c->base.refcount, 1); + c->inner_creds = grpc_channel_credentials_ref(channel_creds); + c->call_creds = grpc_call_credentials_ref(call_creds); + return &c->base; +} + diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h index c74beef0e4..559574d514 100644 --- a/src/core/security/credentials.h +++ b/src/core/security/credentials.h @@ -54,15 +54,17 @@ typedef enum { #define GRPC_FAKE_TRANSPORT_SECURITY_TYPE "fake" -#define GRPC_CREDENTIALS_TYPE_SSL "Ssl" -#define GRPC_CREDENTIALS_TYPE_OAUTH2 "Oauth2" -#define GRPC_CREDENTIALS_TYPE_METADATA_PLUGIN "Plugin" -#define GRPC_CREDENTIALS_TYPE_JWT "Jwt" -#define GRPC_CREDENTIALS_TYPE_IAM "Iam" -#define GRPC_CREDENTIALS_TYPE_COMPOSITE "Composite" -#define GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY "FakeTransportSecurity" - -#define GRPC_AUTHORIZATION_METADATA_KEY "Authorization" +#define GRPC_CHANNEL_CREDENTIALS_TYPE_SSL "Ssl" +#define GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY \ + "FakeTransportSecurity" + +#define GRPC_CALL_CREDENTIALS_TYPE_OAUTH2 "Oauth2" +#define GRPC_CALL_CREDENTIALS_TYPE_METADATA_PLUGIN "Plugin" +#define GRPC_CALL_CREDENTIALS_TYPE_JWT "Jwt" +#define GRPC_CALL_CREDENTIALS_TYPE_IAM "Iam" +#define GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE "Composite" + +#define GRPC_AUTHORIZATION_METADATA_KEY "authorization" #define GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY \ "x-goog-iam-authorization-token" #define GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY "x-goog-iam-authority-selector" @@ -87,6 +89,41 @@ typedef enum { #define GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING \ "client_id=%s&client_secret=%s&refresh_token=%s&grant_type=refresh_token" +/* --- Google utils --- */ + +/* It is the caller's responsibility to gpr_free the result if not NULL. */ +char *grpc_get_well_known_google_credentials_file_path(void); + +/* --- grpc_channel_credentials. --- */ + +typedef struct { + void (*destruct)(grpc_channel_credentials *c); + + grpc_security_status (*create_security_connector)( + grpc_channel_credentials *c, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, + grpc_channel_security_connector **sc, grpc_channel_args **new_args); +} grpc_channel_credentials_vtable; + +struct grpc_channel_credentials { + const grpc_channel_credentials_vtable *vtable; + const char *type; + gpr_refcount refcount; +}; + +grpc_channel_credentials *grpc_channel_credentials_ref( + grpc_channel_credentials *creds); +void grpc_channel_credentials_unref(grpc_channel_credentials *creds); + +/* Creates a security connector for the channel. May also create new channel + args for the channel to be used in place of the passed in const args if + returned non NULL. In that case the caller is responsible for destroying + new_args after channel creation. */ +grpc_security_status grpc_channel_credentials_create_security_connector( + grpc_channel_credentials *creds, const char *target, + const grpc_channel_args *args, grpc_channel_security_connector **sc, + grpc_channel_args **new_args); + /* --- grpc_credentials_md. --- */ typedef struct { @@ -113,16 +150,7 @@ grpc_credentials_md_store *grpc_credentials_md_store_ref( grpc_credentials_md_store *store); void grpc_credentials_md_store_unref(grpc_credentials_md_store *store); -/* --- grpc_credentials. --- */ - -/* Creates a fake transport security credentials object for testing. */ -grpc_credentials *grpc_fake_transport_security_credentials_create(void); -/* Creates a fake server transport security credentials object for testing. */ -grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( - void); - -/* It is the caller's responsibility to gpr_free the result if not NULL. */ -char *grpc_get_well_known_google_credentials_file_path(void); +/* --- grpc_call_credentials. --- */ typedef void (*grpc_credentials_metadata_cb)(grpc_exec_ctx *exec_ctx, void *user_data, @@ -131,57 +159,44 @@ typedef void (*grpc_credentials_metadata_cb)(grpc_exec_ctx *exec_ctx, grpc_credentials_status status); typedef struct { - void (*destruct)(grpc_credentials *c); - int (*has_request_metadata)(const grpc_credentials *c); - int (*has_request_metadata_only)(const grpc_credentials *c); - void (*get_request_metadata)(grpc_exec_ctx *exec_ctx, grpc_credentials *c, - grpc_pollset *pollset, const char *service_url, + void (*destruct)(grpc_call_credentials *c); + void (*get_request_metadata)(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *c, grpc_pollset *pollset, + const char *service_url, grpc_credentials_metadata_cb cb, void *user_data); - grpc_security_status (*create_security_connector)( - grpc_credentials *c, const char *target, const grpc_channel_args *args, - grpc_credentials *request_metadata_creds, - grpc_channel_security_connector **sc, grpc_channel_args **new_args); -} grpc_credentials_vtable; +} grpc_call_credentials_vtable; -struct grpc_credentials { - const grpc_credentials_vtable *vtable; +struct grpc_call_credentials { + const grpc_call_credentials_vtable *vtable; const char *type; gpr_refcount refcount; }; -grpc_credentials *grpc_credentials_ref(grpc_credentials *creds); -void grpc_credentials_unref(grpc_credentials *creds); -int grpc_credentials_has_request_metadata(grpc_credentials *creds); -int grpc_credentials_has_request_metadata_only(grpc_credentials *creds); -void grpc_credentials_get_request_metadata( - grpc_exec_ctx *exec_ctx, grpc_credentials *creds, grpc_pollset *pollset, - const char *service_url, grpc_credentials_metadata_cb cb, void *user_data); - -/* Creates a security connector for the channel. May also create new channel - args for the channel to be used in place of the passed in const args if - returned non NULL. In that case the caller is responsible for destroying - new_args after channel creation. */ -grpc_security_status grpc_credentials_create_security_connector( - grpc_credentials *creds, const char *target, const grpc_channel_args *args, - grpc_credentials *request_metadata_creds, - grpc_channel_security_connector **sc, grpc_channel_args **new_args); +grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds); +void grpc_call_credentials_unref(grpc_call_credentials *creds); +void grpc_call_credentials_get_request_metadata(grpc_exec_ctx *exec_ctx, + grpc_call_credentials *creds, + grpc_pollset *pollset, + const char *service_url, + grpc_credentials_metadata_cb cb, + void *user_data); typedef struct { - grpc_credentials **creds_array; + grpc_call_credentials **creds_array; size_t num_creds; -} grpc_credentials_array; +} grpc_call_credentials_array; -const grpc_credentials_array *grpc_composite_credentials_get_credentials( - grpc_credentials *composite_creds); +const grpc_call_credentials_array *grpc_composite_call_credentials_get_credentials( + grpc_call_credentials *composite_creds); /* Returns creds if creds is of the specified type or the inner creds of the specified type (if found), if the creds is of type COMPOSITE. If composite_creds is not NULL, *composite_creds will point to creds if of type COMPOSITE in case of success. */ -grpc_credentials *grpc_credentials_contains_type( - grpc_credentials *creds, const char *type, - grpc_credentials **composite_creds); +grpc_call_credentials *grpc_credentials_contains_type( + grpc_call_credentials *creds, const char *type, + grpc_call_credentials **composite_creds); /* Exposed for testing only. */ grpc_credentials_status @@ -192,19 +207,19 @@ void grpc_flush_cached_google_default_credentials(void); /* Metadata-only credentials with the specified key and value where asynchronicity can be simulated for testing. */ -grpc_credentials *grpc_md_only_test_credentials_create(const char *md_key, - const char *md_value, - int is_async); +grpc_call_credentials *grpc_md_only_test_credentials_create( + const char *md_key, const char *md_value, int is_async); /* Private constructor for jwt credentials from an already parsed json key. Takes ownership of the key. */ -grpc_credentials * +grpc_call_credentials * grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_auth_json_key key, gpr_timespec token_lifetime); /* Private constructor for refresh token credentials from an already parsed refresh token. Takes ownership of the refresh token. */ -grpc_credentials *grpc_refresh_token_credentials_create_from_auth_refresh_token( +grpc_call_credentials * +grpc_refresh_token_credentials_create_from_auth_refresh_token( grpc_auth_refresh_token token); /* --- grpc_server_credentials. --- */ @@ -237,10 +252,18 @@ grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg); grpc_server_credentials *grpc_find_server_credentials_in_args( const grpc_channel_args *args); +/* -- Fake transport security credentials. -- */ + +/* Creates a fake transport security credentials object for testing. */ +grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void); +/* Creates a fake server transport security credentials object for testing. */ +grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( + void); + /* -- Ssl credentials. -- */ typedef struct { - grpc_credentials base; + grpc_channel_credentials base; grpc_ssl_config config; } grpc_ssl_credentials; @@ -249,10 +272,18 @@ typedef struct { grpc_ssl_server_config config; } grpc_ssl_server_credentials; +/* -- Channel composite credentials. -- */ + +typedef struct { + grpc_channel_credentials base; + grpc_channel_credentials *inner_creds; + grpc_call_credentials *call_creds; +} grpc_composite_channel_credentials; + /* -- Jwt credentials -- */ typedef struct { - grpc_credentials base; + grpc_call_credentials base; /* Have a simple cache for now with just 1 entry. We could have a map based on the service_url for a more sophisticated one. */ @@ -283,7 +314,7 @@ typedef void (*grpc_fetch_oauth2_func)(grpc_exec_ctx *exec_ctx, gpr_timespec deadline); typedef struct { - grpc_credentials base; + grpc_call_credentials base; gpr_mu mu; grpc_credentials_md_store *access_token_md; gpr_timespec token_expiration; @@ -301,14 +332,14 @@ typedef struct { /* -- Oauth2 Access Token credentials. -- */ typedef struct { - grpc_credentials base; + grpc_call_credentials base; grpc_credentials_md_store *access_token_md; } grpc_access_token_credentials; /* -- Metadata-only Test credentials. -- */ typedef struct { - grpc_credentials base; + grpc_call_credentials base; grpc_credentials_md_store *md_store; int is_async; } grpc_md_only_test_credentials; @@ -316,22 +347,21 @@ typedef struct { /* -- GoogleIAM credentials. -- */ typedef struct { - grpc_credentials base; + grpc_call_credentials base; grpc_credentials_md_store *iam_md; } grpc_google_iam_credentials; /* -- Composite credentials. -- */ typedef struct { - grpc_credentials base; - grpc_credentials_array inner; - grpc_credentials *connector_creds; -} grpc_composite_credentials; + grpc_call_credentials base; + grpc_call_credentials_array inner; +} grpc_composite_call_credentials; /* -- Plugin credentials. -- */ typedef struct { - grpc_credentials base; + grpc_call_credentials base; grpc_metadata_credentials_plugin plugin; grpc_credentials_md_store *plugin_md; } grpc_plugin_credentials; diff --git a/src/core/security/google_default_credentials.c b/src/core/security/google_default_credentials.c index 45135305b2..e5a810f23c 100644 --- a/src/core/security/google_default_credentials.c +++ b/src/core/security/google_default_credentials.c @@ -50,7 +50,7 @@ /* -- Default credentials. -- */ -static grpc_credentials *default_credentials = NULL; +static grpc_channel_credentials *default_credentials = NULL; static int compute_engine_detection_done = 0; static gpr_mu g_mu; static gpr_once g_once = GPR_ONCE_INIT; @@ -138,11 +138,11 @@ static int is_stack_running_on_compute_engine(void) { } /* Takes ownership of creds_path if not NULL. */ -static grpc_credentials *create_default_creds_from_path(char *creds_path) { +static grpc_call_credentials *create_default_creds_from_path(char *creds_path) { grpc_json *json = NULL; grpc_auth_json_key key; grpc_auth_refresh_token token; - grpc_credentials *result = NULL; + grpc_call_credentials *result = NULL; gpr_slice creds_data = gpr_empty_slice(); int file_ok = 0; if (creds_path == NULL) goto end; @@ -176,9 +176,9 @@ end: return result; } -grpc_credentials *grpc_google_default_credentials_create(void) { - grpc_credentials *result = NULL; - int serving_cached_credentials = 0; +grpc_channel_credentials *grpc_google_default_credentials_create(void) { + grpc_channel_credentials *result = NULL; + grpc_call_credentials *call_creds = NULL; GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ()); @@ -187,20 +187,19 @@ grpc_credentials *grpc_google_default_credentials_create(void) { gpr_mu_lock(&g_mu); if (default_credentials != NULL) { - result = grpc_credentials_ref(default_credentials); - serving_cached_credentials = 1; + result = grpc_channel_credentials_ref(default_credentials); goto end; } /* First, try the environment variable. */ - result = create_default_creds_from_path( + call_creds = create_default_creds_from_path( gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR)); - if (result != NULL) goto end; + if (call_creds != NULL) goto end; /* Then the well-known file. */ - result = create_default_creds_from_path( + call_creds = create_default_creds_from_path( grpc_get_well_known_google_credentials_file_path()); - if (result != NULL) goto end; + if (call_creds != NULL) goto end; /* At last try to see if we're on compute engine (do the detection only once since it requires a network test). */ @@ -208,21 +207,27 @@ grpc_credentials *grpc_google_default_credentials_create(void) { int need_compute_engine_creds = is_stack_running_on_compute_engine(); compute_engine_detection_done = 1; if (need_compute_engine_creds) { - result = grpc_google_compute_engine_credentials_create(NULL); + call_creds = grpc_google_compute_engine_credentials_create(NULL); } } end: - if (!serving_cached_credentials && result != NULL) { - /* Blend with default ssl credentials and add a global reference so that it - can be cached and re-served. */ - grpc_credentials *ssl_creds = grpc_ssl_credentials_create(NULL, NULL, NULL); - default_credentials = grpc_credentials_ref( - grpc_composite_credentials_create(ssl_creds, result, NULL)); - GPR_ASSERT(default_credentials != NULL); - grpc_credentials_unref(ssl_creds); - grpc_credentials_unref(result); - result = default_credentials; + if (result == NULL) { + if (call_creds != NULL) { + /* Blend with default ssl credentials and add a global reference so that it + can be cached and re-served. */ + grpc_channel_credentials *ssl_creds = + grpc_ssl_credentials_create(NULL, NULL, NULL); + default_credentials = grpc_channel_credentials_ref( + grpc_composite_channel_credentials_create(ssl_creds, call_creds, + NULL)); + GPR_ASSERT(default_credentials != NULL); + grpc_channel_credentials_unref(ssl_creds); + grpc_call_credentials_unref(call_creds); + result = default_credentials; + } else { + gpr_log(GPR_ERROR, "Could not create google default credentials."); + } } gpr_mu_unlock(&g_mu); return result; @@ -232,7 +237,7 @@ void grpc_flush_cached_google_default_credentials(void) { gpr_once_init(&g_once, init_default_credentials); gpr_mu_lock(&g_mu); if (default_credentials != NULL) { - grpc_credentials_unref(default_credentials); + grpc_channel_credentials_unref(default_credentials); default_credentials = NULL; } gpr_mu_unlock(&g_mu); diff --git a/src/core/security/security_connector.c b/src/core/security/security_connector.c index 7c4cf6f04d..8dbacdd35e 100644 --- a/src/core/security/security_connector.c +++ b/src/core/security/security_connector.c @@ -203,16 +203,6 @@ grpc_security_connector *grpc_find_security_connector_in_args( return NULL; } -static int check_request_metadata_creds(grpc_credentials *creds) { - if (creds != NULL && !grpc_credentials_has_request_metadata(creds)) { - gpr_log(GPR_ERROR, - "Incompatible credentials for channel security connector: needs to " - "set request metadata."); - return 0; - } - return 1; -} - /* -- Fake implementation. -- */ typedef struct { @@ -222,7 +212,7 @@ typedef struct { static void fake_channel_destroy(grpc_security_connector *sc) { grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc; - grpc_credentials_unref(c->request_metadata_creds); + grpc_call_credentials_unref(c->request_metadata_creds); GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector"); gpr_free(sc); } @@ -306,7 +296,8 @@ static grpc_security_connector_vtable fake_server_vtable = { fake_server_destroy, fake_server_do_handshake, fake_check_peer}; grpc_channel_security_connector *grpc_fake_channel_security_connector_create( - grpc_credentials *request_metadata_creds, int call_host_check_is_async) { + grpc_call_credentials *request_metadata_creds, + int call_host_check_is_async) { grpc_fake_channel_security_connector *c = gpr_malloc(sizeof(grpc_fake_channel_security_connector)); memset(c, 0, sizeof(grpc_fake_channel_security_connector)); @@ -314,8 +305,8 @@ grpc_channel_security_connector *grpc_fake_channel_security_connector_create( c->base.base.is_client_side = 1; c->base.base.url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME; c->base.base.vtable = &fake_channel_vtable; - GPR_ASSERT(check_request_metadata_creds(request_metadata_creds)); - c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds); + c->base.request_metadata_creds = + grpc_call_credentials_ref(request_metadata_creds); c->base.check_call_host = fake_channel_check_call_host; c->call_host_check_is_async = call_host_check_is_async; return &c->base; @@ -349,7 +340,7 @@ typedef struct { static void ssl_channel_destroy(grpc_security_connector *sc) { grpc_ssl_channel_security_connector *c = (grpc_ssl_channel_security_connector *)sc; - grpc_credentials_unref(c->base.request_metadata_creds); + grpc_call_credentials_unref(c->base.request_metadata_creds); if (c->handshaker_factory != NULL) { tsi_ssl_handshaker_factory_destroy(c->handshaker_factory); } @@ -580,7 +571,7 @@ size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs) { } grpc_security_status grpc_ssl_channel_security_connector_create( - grpc_credentials *request_metadata_creds, const grpc_ssl_config *config, + grpc_call_credentials *request_metadata_creds, const grpc_ssl_config *config, const char *target_name, const char *overridden_target_name, grpc_channel_security_connector **sc) { size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions(); @@ -606,9 +597,6 @@ grpc_security_status grpc_ssl_channel_security_connector_create( gpr_log(GPR_ERROR, "An ssl channel needs a config and a target name."); goto error; } - if (!check_request_metadata_creds(request_metadata_creds)) { - goto error; - } if (config->pem_root_certs == NULL) { pem_root_certs_size = grpc_get_default_ssl_roots(&pem_root_certs); if (pem_root_certs == NULL || pem_root_certs_size == 0) { @@ -627,7 +615,8 @@ grpc_security_status grpc_ssl_channel_security_connector_create( c->base.base.vtable = &ssl_channel_vtable; c->base.base.is_client_side = 1; c->base.base.url_scheme = GRPC_SSL_URL_SCHEME; - c->base.request_metadata_creds = grpc_credentials_ref(request_metadata_creds); + c->base.request_metadata_creds = + grpc_call_credentials_ref(request_metadata_creds); c->base.check_call_host = ssl_channel_check_call_host; gpr_split_host_port(target_name, &c->target_name, &port); gpr_free(port); diff --git a/src/core/security/security_connector.h b/src/core/security/security_connector.h index 9218a3caab..c5f00c5563 100644 --- a/src/core/security/security_connector.h +++ b/src/core/security/security_connector.h @@ -145,7 +145,7 @@ typedef struct grpc_channel_security_connector grpc_channel_security_connector; struct grpc_channel_security_connector { grpc_security_connector base; /* requires is_client_side to be non 0. */ - grpc_credentials *request_metadata_creds; + grpc_call_credentials *request_metadata_creds; grpc_security_status (*check_call_host)(grpc_exec_ctx *exec_ctx, grpc_channel_security_connector *sc, const char *host, @@ -167,7 +167,8 @@ grpc_security_status grpc_channel_security_connector_check_call_host( /* For TESTING ONLY! Creates a fake connector that emulates real channel security. */ grpc_channel_security_connector *grpc_fake_channel_security_connector_create( - grpc_credentials *request_metadata_creds, int call_host_check_is_async); + grpc_call_credentials *request_metadata_creds, + int call_host_check_is_async); /* For TESTING ONLY! Creates a fake connector that emulates real server security. */ @@ -197,9 +198,9 @@ typedef struct { specific error code otherwise. */ grpc_security_status grpc_ssl_channel_security_connector_create( - grpc_credentials *request_metadata_creds, const grpc_ssl_config *config, - const char *target_name, const char *overridden_target_name, - grpc_channel_security_connector **sc); + grpc_call_credentials *request_metadata_creds, + const grpc_ssl_config *config, const char *target_name, + const char *overridden_target_name, grpc_channel_security_connector **sc); /* Gets the default ssl roots. */ size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs); diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c index ff3ad64d92..2068c97d78 100644 --- a/src/core/security/security_context.c +++ b/src/core/security/security_context.c @@ -46,7 +46,7 @@ /* --- grpc_call --- */ grpc_call_error grpc_call_set_credentials(grpc_call *call, - grpc_credentials *creds) { + grpc_call_credentials *creds) { grpc_client_security_context *ctx = NULL; GRPC_API_TRACE("grpc_call_set_credentials(call=%p, creds=%p)", 2, (call, creds)); @@ -54,20 +54,16 @@ grpc_call_error grpc_call_set_credentials(grpc_call *call, gpr_log(GPR_ERROR, "Method is client-side only."); return GRPC_CALL_ERROR_NOT_ON_SERVER; } - if (creds != NULL && !grpc_credentials_has_request_metadata_only(creds)) { - gpr_log(GPR_ERROR, "Incompatible credentials to set on a call."); - return GRPC_CALL_ERROR; - } ctx = (grpc_client_security_context *)grpc_call_context_get( call, GRPC_CONTEXT_SECURITY); if (ctx == NULL) { ctx = grpc_client_security_context_create(); - ctx->creds = grpc_credentials_ref(creds); + ctx->creds = grpc_call_credentials_ref(creds); grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx, grpc_client_security_context_destroy); } else { - grpc_credentials_unref(ctx->creds); - ctx->creds = grpc_credentials_ref(creds); + grpc_call_credentials_unref(ctx->creds); + ctx->creds = grpc_call_credentials_ref(creds); } return GRPC_CALL_OK; } @@ -101,7 +97,7 @@ grpc_client_security_context *grpc_client_security_context_create(void) { void grpc_client_security_context_destroy(void *ctx) { grpc_client_security_context *c = (grpc_client_security_context *)ctx; - grpc_credentials_unref(c->creds); + grpc_call_credentials_unref(c->creds); GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context"); gpr_free(ctx); } diff --git a/src/core/security/security_context.h b/src/core/security/security_context.h index 2bbdc4be97..794258edbc 100644 --- a/src/core/security/security_context.h +++ b/src/core/security/security_context.h @@ -85,7 +85,7 @@ void grpc_auth_property_reset(grpc_auth_property *property); Internal client-side security context. */ typedef struct { - grpc_credentials *creds; + grpc_call_credentials *creds; grpc_auth_context *auth_context; } grpc_client_security_context; diff --git a/src/core/surface/secure_channel_create.c b/src/core/surface/secure_channel_create.c index 1282ee99ed..0dd0a31169 100644 --- a/src/core/surface/secure_channel_create.c +++ b/src/core/surface/secure_channel_create.c @@ -230,7 +230,7 @@ static const grpc_subchannel_factory_vtable subchannel_factory_vtable = { Asynchronously: - resolve target - connect to it (trying alternatives as presented) - perform handshakes */ -grpc_channel *grpc_secure_channel_create(grpc_credentials *creds, +grpc_channel *grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved) { @@ -261,9 +261,9 @@ grpc_channel *grpc_secure_channel_create(grpc_credentials *creds, "Security connector exists in channel args."); } - if (grpc_credentials_create_security_connector( - creds, target, args, NULL, &security_connector, - &new_args_from_connector) != GRPC_SECURITY_OK) { + if (grpc_channel_credentials_create_security_connector( + creds, target, args, &security_connector, &new_args_from_connector) != + GRPC_SECURITY_OK) { grpc_exec_ctx_finish(&exec_ctx); return grpc_lame_client_channel_create( target, GRPC_STATUS_INVALID_ARGUMENT, diff --git a/src/core/surface/version.c b/src/core/surface/version.c index e559d51448..962a72112a 100644 --- a/src/core/surface/version.c +++ b/src/core/surface/version.c @@ -36,4 +36,4 @@ #include <grpc/grpc.h> -const char *grpc_version_string(void) { return "0.11.0.0"; } +const char *grpc_version_string(void) { return "0.12.0.0"; } diff --git a/src/core/tsi/test_creds/server1.pem b/src/core/tsi/test_creds/server1.pem index 8e582e571f..f3d43fcc5b 100644 --- a/src/core/tsi/test_creds/server1.pem +++ b/src/core/tsi/test_creds/server1.pem @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMTQwNzIyMDYwMDU3WhcNMjQwNzE5 -MDYwMDU3WjBkMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFDASBgNVBAoTC0dvb2dsZSBJbmMuMRowGAYDVQQDFBEqLnRl -c3QuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4cMVJygs -JUmlgMMzgdi0h1XoCR7+ww1pop04OMMyy7H/i0PJ2W6Y35+b4CM8QrkYeEafUGDO -RYX6yV/cHGGsD/x02ye6ey1UDtkGAD/mpDEx8YCrjAc1Vfvt8Fk6Cn1WVIxV/J30 -3xjBsFgByQ55RBp1OLZfVLo6AleBDSbcxaECAwEAAaNrMGkwCQYDVR0TBAIwADAL -BgNVHQ8EBAMCBeAwTwYDVR0RBEgwRoIQKi50ZXN0Lmdvb2dsZS5mcoIYd2F0ZXJ6 -b29pLnRlc3QuZ29vZ2xlLmJlghIqLnRlc3QueW91dHViZS5jb22HBMCoAQMwDQYJ -KoZIhvcNAQEFBQADgYEAM2Ii0LgTGbJ1j4oqX9bxVcxm+/R5Yf8oi0aZqTJlnLYS -wXcBykxTx181s7WyfJ49WwrYXo78zTDAnf1ma0fPq3e4mpspvyndLh1a+OarHa1e -aT0DIIYk7qeEa1YcVljx2KyLd0r1BBAfrwyGaEPVeJQVYWaOJRU2we/KD4ojf9s= +MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx +MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV +BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 +ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco +LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg +zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd +9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy +em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G +CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 +hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh +y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 -----END CERTIFICATE----- diff --git a/src/cpp/client/client_context.cc b/src/cpp/client/client_context.cc index 574656a7e9..9bb358b233 100644 --- a/src/cpp/client/client_context.cc +++ b/src/cpp/client/client_context.cc @@ -48,6 +48,7 @@ namespace grpc { ClientContext::ClientContext() : initial_metadata_received_(false), call_(nullptr), + call_canceled_(false), deadline_(gpr_inf_future(GPR_CLOCK_REALTIME)), propagate_from_call_(nullptr) {} @@ -72,6 +73,7 @@ void ClientContext::AddMetadata(const grpc::string& meta_key, void ClientContext::set_call(grpc_call* call, const std::shared_ptr<Channel>& channel) { + grpc::unique_lock<grpc::mutex> lock(mu_); GPR_ASSERT(call_ == nullptr); call_ = call; channel_ = channel; @@ -79,6 +81,9 @@ void ClientContext::set_call(grpc_call* call, grpc_call_cancel_with_status(call, GRPC_STATUS_CANCELLED, "Failed to set credentials to rpc.", nullptr); } + if (call_canceled_) { + grpc_call_cancel(call_, nullptr); + } } void ClientContext::set_compression_algorithm( @@ -101,8 +106,11 @@ std::shared_ptr<const AuthContext> ClientContext::auth_context() const { } void ClientContext::TryCancel() { + grpc::unique_lock<grpc::mutex> lock(mu_); if (call_) { grpc_call_cancel(call_, nullptr); + } else { + call_canceled_ = true; } } diff --git a/src/cpp/client/create_channel.cc b/src/cpp/client/create_channel.cc index d2b2d30126..3bbca807d3 100644 --- a/src/cpp/client/create_channel.cc +++ b/src/cpp/client/create_channel.cc @@ -44,12 +44,14 @@ namespace grpc { class ChannelArguments; std::shared_ptr<Channel> CreateChannel( - const grpc::string& target, const std::shared_ptr<Credentials>& creds) { + const grpc::string& target, + const std::shared_ptr<ChannelCredentials>& creds) { return CreateCustomChannel(target, creds, ChannelArguments()); } std::shared_ptr<Channel> CreateCustomChannel( - const grpc::string& target, const std::shared_ptr<Credentials>& creds, + const grpc::string& target, + const std::shared_ptr<ChannelCredentials>& creds, const ChannelArguments& args) { GrpcLibrary init_lib; // We need to call init in case of a bad creds. ChannelArguments cp_args = args; diff --git a/src/cpp/client/credentials.cc b/src/cpp/client/credentials.cc index 7a8149e9c7..0c08db11a9 100644 --- a/src/cpp/client/credentials.cc +++ b/src/cpp/client/credentials.cc @@ -35,6 +35,8 @@ namespace grpc { -Credentials::~Credentials() {} +ChannelCredentials::~ChannelCredentials() {} + +CallCredentials::~CallCredentials() {} } // namespace grpc diff --git a/src/cpp/client/insecure_credentials.cc b/src/cpp/client/insecure_credentials.cc index c476f3ce95..563fa9267d 100644 --- a/src/cpp/client/insecure_credentials.cc +++ b/src/cpp/client/insecure_credentials.cc @@ -43,7 +43,7 @@ namespace grpc { namespace { -class InsecureCredentialsImpl GRPC_FINAL : public Credentials { +class InsecureChannelCredentialsImpl GRPC_FINAL : public ChannelCredentials { public: std::shared_ptr<grpc::Channel> CreateChannel( const string& target, const grpc::ChannelArguments& args) GRPC_OVERRIDE { @@ -54,15 +54,13 @@ class InsecureCredentialsImpl GRPC_FINAL : public Credentials { grpc_insecure_channel_create(target.c_str(), &channel_args, nullptr)); } - // InsecureCredentials should not be applied to a call. - bool ApplyToCall(grpc_call* call) GRPC_OVERRIDE { return false; } - - SecureCredentials* AsSecureCredentials() GRPC_OVERRIDE { return nullptr; } + SecureChannelCredentials* AsSecureCredentials() GRPC_OVERRIDE { return nullptr; } }; } // namespace -std::shared_ptr<Credentials> InsecureCredentials() { - return std::shared_ptr<Credentials>(new InsecureCredentialsImpl()); +std::shared_ptr<ChannelCredentials> InsecureChannelCredentials() { + return std::shared_ptr<ChannelCredentials>( + new InsecureChannelCredentialsImpl()); } } // namespace grpc diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc index 8299ebeb8a..a1b9a3018e 100644 --- a/src/cpp/client/secure_credentials.cc +++ b/src/cpp/client/secure_credentials.cc @@ -40,7 +40,7 @@ namespace grpc { -std::shared_ptr<grpc::Channel> SecureCredentials::CreateChannel( +std::shared_ptr<grpc::Channel> SecureChannelCredentials::CreateChannel( const string& target, const grpc::ChannelArguments& args) { grpc_channel_args channel_args; args.SetChannelArgs(&channel_args); @@ -50,96 +50,104 @@ std::shared_ptr<grpc::Channel> SecureCredentials::CreateChannel( nullptr)); } -bool SecureCredentials::ApplyToCall(grpc_call* call) { +bool SecureCallCredentials::ApplyToCall(grpc_call* call) { return grpc_call_set_credentials(call, c_creds_) == GRPC_CALL_OK; } namespace { -std::shared_ptr<Credentials> WrapCredentials(grpc_credentials* creds) { - return creds == nullptr - ? nullptr - : std::shared_ptr<Credentials>(new SecureCredentials(creds)); +std::shared_ptr<ChannelCredentials> WrapChannelCredentials( + grpc_channel_credentials* creds) { + return creds == nullptr ? nullptr : std::shared_ptr<ChannelCredentials>( + new SecureChannelCredentials(creds)); +} + +std::shared_ptr<CallCredentials> WrapCallCredentials( + grpc_call_credentials* creds) { + return creds == nullptr ? nullptr : std::shared_ptr<CallCredentials>( + new SecureCallCredentials(creds)); } } // namespace -std::shared_ptr<Credentials> GoogleDefaultCredentials() { +std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials() { GrpcLibrary init; // To call grpc_init(). - return WrapCredentials(grpc_google_default_credentials_create()); + return WrapChannelCredentials(grpc_google_default_credentials_create()); } // Builds SSL Credentials given SSL specific options -std::shared_ptr<Credentials> SslCredentials( +std::shared_ptr<ChannelCredentials> SslCredentials( const SslCredentialsOptions& options) { GrpcLibrary init; // To call grpc_init(). grpc_ssl_pem_key_cert_pair pem_key_cert_pair = { options.pem_private_key.c_str(), options.pem_cert_chain.c_str()}; - grpc_credentials* c_creds = grpc_ssl_credentials_create( + grpc_channel_credentials* c_creds = grpc_ssl_credentials_create( options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(), options.pem_private_key.empty() ? nullptr : &pem_key_cert_pair, nullptr); - return WrapCredentials(c_creds); + return WrapChannelCredentials(c_creds); } // Builds credentials for use when running in GCE -std::shared_ptr<Credentials> GoogleComputeEngineCredentials() { +std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials() { GrpcLibrary init; // To call grpc_init(). - return WrapCredentials( + return WrapCallCredentials( grpc_google_compute_engine_credentials_create(nullptr)); } // Builds JWT credentials. -std::shared_ptr<Credentials> ServiceAccountJWTAccessCredentials( +std::shared_ptr<CallCredentials> ServiceAccountJWTAccessCredentials( const grpc::string& json_key, long token_lifetime_seconds) { GrpcLibrary init; // To call grpc_init(). if (token_lifetime_seconds <= 0) { gpr_log(GPR_ERROR, "Trying to create JWTCredentials with non-positive lifetime"); - return WrapCredentials(nullptr); + return WrapCallCredentials(nullptr); } gpr_timespec lifetime = gpr_time_from_seconds(token_lifetime_seconds, GPR_TIMESPAN); - return WrapCredentials(grpc_service_account_jwt_access_credentials_create( + return WrapCallCredentials(grpc_service_account_jwt_access_credentials_create( json_key.c_str(), lifetime, nullptr)); } // Builds refresh token credentials. -std::shared_ptr<Credentials> GoogleRefreshTokenCredentials( +std::shared_ptr<CallCredentials> GoogleRefreshTokenCredentials( const grpc::string& json_refresh_token) { GrpcLibrary init; // To call grpc_init(). - return WrapCredentials(grpc_google_refresh_token_credentials_create( + return WrapCallCredentials(grpc_google_refresh_token_credentials_create( json_refresh_token.c_str(), nullptr)); } // Builds access token credentials. -std::shared_ptr<Credentials> AccessTokenCredentials( +std::shared_ptr<CallCredentials> AccessTokenCredentials( const grpc::string& access_token) { GrpcLibrary init; // To call grpc_init(). - return WrapCredentials( + return WrapCallCredentials( grpc_access_token_credentials_create(access_token.c_str(), nullptr)); } // Builds IAM credentials. -std::shared_ptr<Credentials> GoogleIAMCredentials( +std::shared_ptr<CallCredentials> GoogleIAMCredentials( const grpc::string& authorization_token, const grpc::string& authority_selector) { GrpcLibrary init; // To call grpc_init(). - return WrapCredentials(grpc_google_iam_credentials_create( + return WrapCallCredentials(grpc_google_iam_credentials_create( authorization_token.c_str(), authority_selector.c_str(), nullptr)); } -// Combines two credentials objects into a composite credentials. -std::shared_ptr<Credentials> CompositeCredentials( - const std::shared_ptr<Credentials>& creds1, - const std::shared_ptr<Credentials>& creds2) { - // Note that we are not saving shared_ptrs to the two credentials - // passed in here. This is OK because the underlying C objects (i.e., - // creds1 and creds2) into grpc_composite_credentials_create will see their - // refcounts incremented. - SecureCredentials* s1 = creds1->AsSecureCredentials(); - SecureCredentials* s2 = creds2->AsSecureCredentials(); - if (s1 && s2) { - return WrapCredentials(grpc_composite_credentials_create( - s1->GetRawCreds(), s2->GetRawCreds(), nullptr)); +// Combines one channel credentials and one call credentials into a channel +// composite credentials. +std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( + const std::shared_ptr<ChannelCredentials>& channel_creds, + const std::shared_ptr<CallCredentials>& call_creds) { + // Note that we are not saving shared_ptrs to the two credentials passed in + // here. This is OK because the underlying C objects (i.e., channel_creds and + // call_creds) into grpc_composite_credentials_create will see their refcounts + // incremented. + SecureChannelCredentials* s_channel_creds = + channel_creds->AsSecureCredentials(); + SecureCallCredentials* s_call_creds = call_creds->AsSecureCredentials(); + if (s_channel_creds && s_call_creds) { + return WrapChannelCredentials(grpc_composite_channel_credentials_create( + s_channel_creds->GetRawCreds(), s_call_creds->GetRawCreds(), nullptr)); } return nullptr; } @@ -193,7 +201,7 @@ MetadataCredentialsPluginWrapper::MetadataCredentialsPluginWrapper( std::unique_ptr<MetadataCredentialsPlugin> plugin) : thread_pool_(CreateDefaultThreadPool()), plugin_(std::move(plugin)) {} -std::shared_ptr<Credentials> MetadataCredentialsFromPlugin( +std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin( std::unique_ptr<MetadataCredentialsPlugin> plugin) { GrpcLibrary init; // To call grpc_init(). MetadataCredentialsPluginWrapper* wrapper = @@ -201,7 +209,7 @@ std::shared_ptr<Credentials> MetadataCredentialsFromPlugin( grpc_metadata_credentials_plugin c_plugin = { MetadataCredentialsPluginWrapper::GetMetadata, MetadataCredentialsPluginWrapper::Destroy, wrapper}; - return WrapCredentials( + return WrapCallCredentials( grpc_metadata_credentials_create_from_plugin(c_plugin, nullptr)); } diff --git a/src/cpp/client/secure_credentials.h b/src/cpp/client/secure_credentials.h index d354827725..b241761a7c 100644 --- a/src/cpp/client/secure_credentials.h +++ b/src/cpp/client/secure_credentials.h @@ -43,21 +43,40 @@ namespace grpc { -class SecureCredentials GRPC_FINAL : public Credentials { +class SecureChannelCredentials GRPC_FINAL : public ChannelCredentials { public: - explicit SecureCredentials(grpc_credentials* c_creds) : c_creds_(c_creds) {} - ~SecureCredentials() GRPC_OVERRIDE { grpc_credentials_release(c_creds_); } - grpc_credentials* GetRawCreds() { return c_creds_; } - bool ApplyToCall(grpc_call* call) GRPC_OVERRIDE; + explicit SecureChannelCredentials(grpc_channel_credentials* c_creds) + : c_creds_(c_creds) {} + ~SecureChannelCredentials() GRPC_OVERRIDE { + grpc_channel_credentials_release(c_creds_); + } + grpc_channel_credentials* GetRawCreds() { return c_creds_; } std::shared_ptr<grpc::Channel> CreateChannel( const string& target, const grpc::ChannelArguments& args) GRPC_OVERRIDE; - SecureCredentials* AsSecureCredentials() GRPC_OVERRIDE { return this; } + SecureChannelCredentials* AsSecureCredentials() GRPC_OVERRIDE { return this; } private: - grpc_credentials* const c_creds_; + grpc_channel_credentials* const c_creds_; }; +class SecureCallCredentials GRPC_FINAL : public CallCredentials { + public: + explicit SecureCallCredentials(grpc_call_credentials* c_creds) + : c_creds_(c_creds) {} + ~SecureCallCredentials() GRPC_OVERRIDE { + grpc_call_credentials_release(c_creds_); + } + grpc_call_credentials* GetRawCreds() { return c_creds_; } + + bool ApplyToCall(grpc_call* call) GRPC_OVERRIDE; + SecureCallCredentials* AsSecureCredentials() GRPC_OVERRIDE { return this; } + + private: + grpc_call_credentials* const c_creds_; +}; + + class MetadataCredentialsPluginWrapper GRPC_FINAL { public: static void Destroy(void* wrapper); diff --git a/src/csharp/Grpc.Core.Tests/FakeCredentials.cs b/src/csharp/Grpc.Core.Tests/FakeCredentials.cs index 87d55cd276..144b8320b9 100644 --- a/src/csharp/Grpc.Core.Tests/FakeCredentials.cs +++ b/src/csharp/Grpc.Core.Tests/FakeCredentials.cs @@ -57,7 +57,7 @@ namespace Grpc.Core.Tests get { return composable; } } - internal override CredentialsSafeHandle ToNativeCredentials() + internal override ChannelCredentialsSafeHandle ToNativeCredentials() { return null; } @@ -65,7 +65,7 @@ namespace Grpc.Core.Tests internal class FakeCallCredentials : CallCredentials { - internal override CredentialsSafeHandle ToNativeCredentials() + internal override CallCredentialsSafeHandle ToNativeCredentials() { return null; } diff --git a/src/csharp/Grpc.Core/CallCredentials.cs b/src/csharp/Grpc.Core/CallCredentials.cs index 400a9825de..5ea179dfea 100644 --- a/src/csharp/Grpc.Core/CallCredentials.cs +++ b/src/csharp/Grpc.Core/CallCredentials.cs @@ -78,7 +78,7 @@ namespace Grpc.Core /// Creates native object for the credentials. /// </summary> /// <returns>The native credentials.</returns> - internal abstract CredentialsSafeHandle ToNativeCredentials(); + internal abstract CallCredentialsSafeHandle ToNativeCredentials(); } /// <summary> @@ -98,7 +98,7 @@ namespace Grpc.Core this.interceptor = Preconditions.CheckNotNull(interceptor); } - internal override CredentialsSafeHandle ToNativeCredentials() + internal override CallCredentialsSafeHandle ToNativeCredentials() { NativeMetadataCredentialsPlugin plugin = new NativeMetadataCredentialsPlugin(interceptor); return plugin.Credentials; @@ -123,14 +123,14 @@ namespace Grpc.Core this.credentials = new List<CallCredentials>(credentials); } - internal override CredentialsSafeHandle ToNativeCredentials() + internal override CallCredentialsSafeHandle ToNativeCredentials() { return ToNativeRecursive(0); } // Recursive descent makes managing lifetime of intermediate CredentialSafeHandle instances easier. // In practice, we won't usually see composites from more than two credentials anyway. - private CredentialsSafeHandle ToNativeRecursive(int startIndex) + private CallCredentialsSafeHandle ToNativeRecursive(int startIndex) { if (startIndex == credentials.Count - 1) { @@ -140,7 +140,7 @@ namespace Grpc.Core using (var cred1 = credentials[startIndex].ToNativeCredentials()) using (var cred2 = ToNativeRecursive(startIndex + 1)) { - var nativeComposite = CredentialsSafeHandle.CreateComposite(cred1, cred2); + var nativeComposite = CallCredentialsSafeHandle.CreateComposite(cred1, cred2); if (nativeComposite.IsInvalid) { throw new ArgumentException("Error creating native composite credentials. Likely, this is because you are trying to compose incompatible credentials."); diff --git a/src/csharp/Grpc.Core/Channel.cs b/src/csharp/Grpc.Core/Channel.cs index 6b99055d4c..f5eec969f5 100644 --- a/src/csharp/Grpc.Core/Channel.cs +++ b/src/csharp/Grpc.Core/Channel.cs @@ -75,8 +75,8 @@ namespace Grpc.Core this.options = options != null ? new List<ChannelOption>(options) : new List<ChannelOption>(); EnsureUserAgentChannelOption(this.options); - using (CredentialsSafeHandle nativeCredentials = credentials.ToNativeCredentials()) - using (ChannelArgsSafeHandle nativeChannelArgs = ChannelOptions.CreateChannelArgs(this.options)) + using (var nativeCredentials = credentials.ToNativeCredentials()) + using (var nativeChannelArgs = ChannelOptions.CreateChannelArgs(this.options)) { if (nativeCredentials != null) { diff --git a/src/csharp/Grpc.Core/ChannelCredentials.cs b/src/csharp/Grpc.Core/ChannelCredentials.cs index 9d2bcdabe8..5d96958e7c 100644 --- a/src/csharp/Grpc.Core/ChannelCredentials.cs +++ b/src/csharp/Grpc.Core/ChannelCredentials.cs @@ -76,7 +76,7 @@ namespace Grpc.Core /// should be created. /// </summary> /// <returns>The native credentials.</returns> - internal abstract CredentialsSafeHandle ToNativeCredentials(); + internal abstract ChannelCredentialsSafeHandle ToNativeCredentials(); /// <summary> /// Returns <c>true</c> if this credential type allows being composed by <c>CompositeCredentials</c>. @@ -88,7 +88,7 @@ namespace Grpc.Core private sealed class InsecureCredentialsImpl : ChannelCredentials { - internal override CredentialsSafeHandle ToNativeCredentials() + internal override ChannelCredentialsSafeHandle ToNativeCredentials() { return null; } @@ -160,9 +160,9 @@ namespace Grpc.Core get { return true; } } - internal override CredentialsSafeHandle ToNativeCredentials() + internal override ChannelCredentialsSafeHandle ToNativeCredentials() { - return CredentialsSafeHandle.CreateSslCredentials(rootCertificates, keyCertificatePair); + return ChannelCredentialsSafeHandle.CreateSslCredentials(rootCertificates, keyCertificatePair); } } @@ -188,12 +188,12 @@ namespace Grpc.Core Preconditions.CheckArgument(channelCredentials.IsComposable, "Supplied channel credentials do not allow composition."); } - internal override CredentialsSafeHandle ToNativeCredentials() + internal override ChannelCredentialsSafeHandle ToNativeCredentials() { - using (var cred1 = channelCredentials.ToNativeCredentials()) - using (var cred2 = callCredentials.ToNativeCredentials()) + using (var channelCreds = channelCredentials.ToNativeCredentials()) + using (var callCreds = callCredentials.ToNativeCredentials()) { - var nativeComposite = CredentialsSafeHandle.CreateComposite(cred1, cred2); + var nativeComposite = ChannelCredentialsSafeHandle.CreateComposite(channelCreds, callCreds); if (nativeComposite.IsInvalid) { throw new ArgumentException("Error creating native composite credentials. Likely, this is because you are trying to compose incompatible credentials."); diff --git a/src/csharp/Grpc.Core/Grpc.Core.csproj b/src/csharp/Grpc.Core/Grpc.Core.csproj index 0aab7bdd8a..c4f799297d 100644 --- a/src/csharp/Grpc.Core/Grpc.Core.csproj +++ b/src/csharp/Grpc.Core/Grpc.Core.csproj @@ -80,7 +80,6 @@ <Compile Include="ServerServiceDefinition.cs" /> <Compile Include="Utils\AsyncStreamExtensions.cs" /> <Compile Include="Utils\BenchmarkUtil.cs" /> - <Compile Include="Internal\CredentialsSafeHandle.cs" /> <Compile Include="ChannelCredentials.cs" /> <Compile Include="Internal\ChannelArgsSafeHandle.cs" /> <Compile Include="Internal\AsyncCompletion.cs" /> @@ -119,6 +118,8 @@ <Compile Include="CompressionLevel.cs" /> <Compile Include="WriteOptions.cs" /> <Compile Include="ContextPropagationToken.cs" /> + <Compile Include="Internal\CallCredentialsSafeHandle.cs" /> + <Compile Include="Internal\ChannelCredentialsSafeHandle.cs" /> <Compile Include="Profiling\ProfilerEntry.cs" /> <Compile Include="Profiling\ProfilerScope.cs" /> <Compile Include="Profiling\IProfiler.cs" /> @@ -157,4 +158,4 @@ <ItemGroup> <Folder Include="Profiling\" /> </ItemGroup> -</Project>
\ No newline at end of file +</Project> diff --git a/src/csharp/Grpc.Core/Internal/CallCredentialsSafeHandle.cs b/src/csharp/Grpc.Core/Internal/CallCredentialsSafeHandle.cs new file mode 100644 index 0000000000..3678c7dd86 --- /dev/null +++ b/src/csharp/Grpc.Core/Internal/CallCredentialsSafeHandle.cs @@ -0,0 +1,64 @@ +#region Copyright notice and license +// Copyright 2015, Google Inc. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +#endregion +using System; +using System.Runtime.InteropServices; +using System.Threading; +using System.Threading.Tasks; + +namespace Grpc.Core.Internal +{ + /// <summary> + /// grpc_call_credentials from <c>grpc/grpc_security.h</c> + /// </summary> + internal class CallCredentialsSafeHandle : SafeHandleZeroIsInvalid + { + [DllImport("grpc_csharp_ext.dll")] + static extern CallCredentialsSafeHandle grpcsharp_composite_call_credentials_create(CallCredentialsSafeHandle creds1, CallCredentialsSafeHandle creds2); + + [DllImport("grpc_csharp_ext.dll")] + static extern void grpcsharp_call_credentials_release(IntPtr credentials); + + private CallCredentialsSafeHandle() + { + } + + public static CallCredentialsSafeHandle CreateComposite(CallCredentialsSafeHandle creds1, CallCredentialsSafeHandle creds2) + { + return grpcsharp_composite_call_credentials_create(creds1, creds2); + } + + protected override bool ReleaseHandle() + { + grpcsharp_call_credentials_release(handle); + return true; + } + } +} diff --git a/src/csharp/Grpc.Core/Internal/CallSafeHandle.cs b/src/csharp/Grpc.Core/Internal/CallSafeHandle.cs index ddeedebd11..ad2e2919b7 100644 --- a/src/csharp/Grpc.Core/Internal/CallSafeHandle.cs +++ b/src/csharp/Grpc.Core/Internal/CallSafeHandle.cs @@ -100,7 +100,7 @@ namespace Grpc.Core.Internal BatchContextSafeHandle ctx, MetadataArraySafeHandle metadataArray); [DllImport("grpc_csharp_ext.dll")] - static extern GRPCCallError grpcsharp_call_set_credentials(CallSafeHandle call, CredentialsSafeHandle credentials); + static extern GRPCCallError grpcsharp_call_set_credentials(CallSafeHandle call, CallCredentialsSafeHandle credentials); [DllImport("grpc_csharp_ext.dll")] static extern CStringSafeHandle grpcsharp_call_get_peer(CallSafeHandle call); @@ -117,7 +117,7 @@ namespace Grpc.Core.Internal this.completionRegistry = completionRegistry; } - public void SetCredentials(CredentialsSafeHandle credentials) + public void SetCredentials(CallCredentialsSafeHandle credentials) { grpcsharp_call_set_credentials(this, credentials).CheckOk(); } diff --git a/src/csharp/Grpc.Core/Internal/CredentialsSafeHandle.cs b/src/csharp/Grpc.Core/Internal/ChannelCredentialsSafeHandle.cs index bab45108e0..8a58c64478 100644 --- a/src/csharp/Grpc.Core/Internal/CredentialsSafeHandle.cs +++ b/src/csharp/Grpc.Core/Internal/ChannelCredentialsSafeHandle.cs @@ -36,31 +36,31 @@ using System.Threading.Tasks; namespace Grpc.Core.Internal { /// <summary> - /// grpc_credentials from <c>grpc/grpc_security.h</c> + /// grpc_channel_credentials from <c>grpc/grpc_security.h</c> /// </summary> - internal class CredentialsSafeHandle : SafeHandleZeroIsInvalid + internal class ChannelCredentialsSafeHandle : SafeHandleZeroIsInvalid { [DllImport("grpc_csharp_ext.dll", CharSet = CharSet.Ansi)] - static extern CredentialsSafeHandle grpcsharp_ssl_credentials_create(string pemRootCerts, string keyCertPairCertChain, string keyCertPairPrivateKey); + static extern ChannelCredentialsSafeHandle grpcsharp_ssl_credentials_create(string pemRootCerts, string keyCertPairCertChain, string keyCertPairPrivateKey); [DllImport("grpc_csharp_ext.dll")] - static extern CredentialsSafeHandle grpcsharp_composite_credentials_create(CredentialsSafeHandle creds1, CredentialsSafeHandle creds2); + static extern ChannelCredentialsSafeHandle grpcsharp_composite_channel_credentials_create(ChannelCredentialsSafeHandle channelCreds, CallCredentialsSafeHandle callCreds); [DllImport("grpc_csharp_ext.dll")] - static extern void grpcsharp_credentials_release(IntPtr credentials); + static extern void grpcsharp_channel_credentials_release(IntPtr credentials); - private CredentialsSafeHandle() + private ChannelCredentialsSafeHandle() { } - public static CredentialsSafeHandle CreateNullCredentials() + public static ChannelCredentialsSafeHandle CreateNullCredentials() { - var creds = new CredentialsSafeHandle(); + var creds = new ChannelCredentialsSafeHandle(); creds.SetHandle(IntPtr.Zero); return creds; } - public static CredentialsSafeHandle CreateSslCredentials(string pemRootCerts, KeyCertificatePair keyCertPair) + public static ChannelCredentialsSafeHandle CreateSslCredentials(string pemRootCerts, KeyCertificatePair keyCertPair) { if (keyCertPair != null) { @@ -72,14 +72,14 @@ namespace Grpc.Core.Internal } } - public static CredentialsSafeHandle CreateComposite(CredentialsSafeHandle creds1, CredentialsSafeHandle creds2) + public static ChannelCredentialsSafeHandle CreateComposite(ChannelCredentialsSafeHandle channelCreds, CallCredentialsSafeHandle callCreds) { - return grpcsharp_composite_credentials_create(creds1, creds2); + return grpcsharp_composite_channel_credentials_create(channelCreds, callCreds); } protected override bool ReleaseHandle() { - grpcsharp_credentials_release(handle); + grpcsharp_channel_credentials_release(handle); return true; } } diff --git a/src/csharp/Grpc.Core/Internal/ChannelSafeHandle.cs b/src/csharp/Grpc.Core/Internal/ChannelSafeHandle.cs index 5f9169bcb2..b3aa27c40f 100644 --- a/src/csharp/Grpc.Core/Internal/ChannelSafeHandle.cs +++ b/src/csharp/Grpc.Core/Internal/ChannelSafeHandle.cs @@ -45,7 +45,7 @@ namespace Grpc.Core.Internal static extern ChannelSafeHandle grpcsharp_insecure_channel_create(string target, ChannelArgsSafeHandle channelArgs); [DllImport("grpc_csharp_ext.dll")] - static extern ChannelSafeHandle grpcsharp_secure_channel_create(CredentialsSafeHandle credentials, string target, ChannelArgsSafeHandle channelArgs); + static extern ChannelSafeHandle grpcsharp_secure_channel_create(ChannelCredentialsSafeHandle credentials, string target, ChannelArgsSafeHandle channelArgs); [DllImport("grpc_csharp_ext.dll")] static extern CallSafeHandle grpcsharp_channel_create_call(ChannelSafeHandle channel, CallSafeHandle parentCall, ContextPropagationFlags propagationMask, CompletionQueueSafeHandle cq, string method, string host, Timespec deadline); @@ -75,7 +75,7 @@ namespace Grpc.Core.Internal return grpcsharp_insecure_channel_create(target, channelArgs); } - public static ChannelSafeHandle CreateSecure(CredentialsSafeHandle credentials, string target, ChannelArgsSafeHandle channelArgs) + public static ChannelSafeHandle CreateSecure(ChannelCredentialsSafeHandle credentials, string target, ChannelArgsSafeHandle channelArgs) { // Increment reference count for the native gRPC environment to make sure we don't do grpc_shutdown() before destroying the server handle. // Doing so would make object finalizer crash if we end up abandoning the handle. @@ -83,7 +83,7 @@ namespace Grpc.Core.Internal return grpcsharp_secure_channel_create(credentials, target, channelArgs); } - public CallSafeHandle CreateCall(CompletionRegistry registry, CallSafeHandle parentCall, ContextPropagationFlags propagationMask, CompletionQueueSafeHandle cq, string method, string host, Timespec deadline, CredentialsSafeHandle credentials) + public CallSafeHandle CreateCall(CompletionRegistry registry, CallSafeHandle parentCall, ContextPropagationFlags propagationMask, CompletionQueueSafeHandle cq, string method, string host, Timespec deadline, CallCredentialsSafeHandle credentials) { using (Profilers.ForCurrentThread().NewScope("ChannelSafeHandle.CreateCall")) { diff --git a/src/csharp/Grpc.Core/Internal/NativeMetadataCredentialsPlugin.cs b/src/csharp/Grpc.Core/Internal/NativeMetadataCredentialsPlugin.cs index f76492cba4..2a571cd6c9 100644 --- a/src/csharp/Grpc.Core/Internal/NativeMetadataCredentialsPlugin.cs +++ b/src/csharp/Grpc.Core/Internal/NativeMetadataCredentialsPlugin.cs @@ -46,7 +46,7 @@ namespace Grpc.Core.Internal static readonly ILogger Logger = GrpcEnvironment.Logger.ForType<NativeMetadataCredentialsPlugin>(); [DllImport("grpc_csharp_ext.dll")] - static extern CredentialsSafeHandle grpcsharp_metadata_credentials_create_from_plugin(NativeMetadataInterceptor interceptor); + static extern CallCredentialsSafeHandle grpcsharp_metadata_credentials_create_from_plugin(NativeMetadataInterceptor interceptor); [DllImport("grpc_csharp_ext.dll", CharSet = CharSet.Ansi)] static extern void grpcsharp_metadata_credentials_notify_from_plugin(IntPtr callbackPtr, IntPtr userData, MetadataArraySafeHandle metadataArray, StatusCode statusCode, string errorDetails); @@ -54,7 +54,7 @@ namespace Grpc.Core.Internal AsyncAuthInterceptor interceptor; GCHandle gcHandle; NativeMetadataInterceptor nativeInterceptor; - CredentialsSafeHandle credentials; + CallCredentialsSafeHandle credentials; public NativeMetadataCredentialsPlugin(AsyncAuthInterceptor interceptor) { @@ -66,7 +66,7 @@ namespace Grpc.Core.Internal this.credentials = grpcsharp_metadata_credentials_create_from_plugin(nativeInterceptor); } - public CredentialsSafeHandle Credentials + public CallCredentialsSafeHandle Credentials { get { return credentials; } } diff --git a/src/csharp/Grpc.IntegrationTesting/data/server1.pem b/src/csharp/Grpc.IntegrationTesting/data/server1.pem index 8e582e571f..f3d43fcc5b 100644 --- a/src/csharp/Grpc.IntegrationTesting/data/server1.pem +++ b/src/csharp/Grpc.IntegrationTesting/data/server1.pem @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMTQwNzIyMDYwMDU3WhcNMjQwNzE5 -MDYwMDU3WjBkMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFDASBgNVBAoTC0dvb2dsZSBJbmMuMRowGAYDVQQDFBEqLnRl -c3QuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4cMVJygs -JUmlgMMzgdi0h1XoCR7+ww1pop04OMMyy7H/i0PJ2W6Y35+b4CM8QrkYeEafUGDO -RYX6yV/cHGGsD/x02ye6ey1UDtkGAD/mpDEx8YCrjAc1Vfvt8Fk6Cn1WVIxV/J30 -3xjBsFgByQ55RBp1OLZfVLo6AleBDSbcxaECAwEAAaNrMGkwCQYDVR0TBAIwADAL -BgNVHQ8EBAMCBeAwTwYDVR0RBEgwRoIQKi50ZXN0Lmdvb2dsZS5mcoIYd2F0ZXJ6 -b29pLnRlc3QuZ29vZ2xlLmJlghIqLnRlc3QueW91dHViZS5jb22HBMCoAQMwDQYJ -KoZIhvcNAQEFBQADgYEAM2Ii0LgTGbJ1j4oqX9bxVcxm+/R5Yf8oi0aZqTJlnLYS -wXcBykxTx181s7WyfJ49WwrYXo78zTDAnf1ma0fPq3e4mpspvyndLh1a+OarHa1e -aT0DIIYk7qeEa1YcVljx2KyLd0r1BBAfrwyGaEPVeJQVYWaOJRU2we/KD4ojf9s= +MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx +MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV +BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 +ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco +LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg +zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd +9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy +em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G +CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 +hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh +y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 -----END CERTIFICATE----- diff --git a/src/csharp/ext/grpc_csharp_ext.c b/src/csharp/ext/grpc_csharp_ext.c index 679ca43d74..183931936e 100644 --- a/src/csharp/ext/grpc_csharp_ext.c +++ b/src/csharp/ext/grpc_csharp_ext.c @@ -785,9 +785,10 @@ grpcsharp_call_send_initial_metadata(grpc_call *call, NULL); } -GPR_EXPORT grpc_call_error GPR_CALLTYPE grpcsharp_call_set_credentials(grpc_call *call, - grpc_credentials *creds) { - return grpc_call_set_credentials(call, creds); +GPR_EXPORT grpc_call_error GPR_CALLTYPE grpcsharp_call_set_credentials( + grpc_call *call, + grpc_call_credentials *creds) { + return grpc_call_set_credentials(call, creds); } /* Server */ @@ -834,7 +835,7 @@ grpcsharp_server_request_call(grpc_server *server, grpc_completion_queue *cq, /* Security */ -GPR_EXPORT grpc_credentials *GPR_CALLTYPE +GPR_EXPORT grpc_channel_credentials *GPR_CALLTYPE grpcsharp_ssl_credentials_create(const char *pem_root_certs, const char *key_cert_pair_cert_chain, const char *key_cert_pair_private_key) { @@ -850,12 +851,19 @@ grpcsharp_ssl_credentials_create(const char *pem_root_certs, } } -GPR_EXPORT void GPR_CALLTYPE grpcsharp_credentials_release(grpc_credentials *creds) { - grpc_credentials_release(creds); +GPR_EXPORT void GPR_CALLTYPE grpcsharp_channel_credentials_release( + grpc_channel_credentials *creds) { + grpc_channel_credentials_release(creds); +} + +GPR_EXPORT void GPR_CALLTYPE grpcsharp_call_credentials_release( + grpc_call_credentials *creds) { + grpc_call_credentials_release(creds); } GPR_EXPORT grpc_channel *GPR_CALLTYPE -grpcsharp_secure_channel_create(grpc_credentials *creds, const char *target, +grpcsharp_secure_channel_create(grpc_channel_credentials *creds, + const char *target, const grpc_channel_args *args) { return grpc_secure_channel_create(creds, target, args, NULL); } @@ -897,10 +905,16 @@ grpcsharp_server_add_secure_http2_port(grpc_server *server, const char *addr, return grpc_server_add_secure_http2_port(server, addr, creds); } -GPR_EXPORT grpc_credentials *GPR_CALLTYPE grpcsharp_composite_credentials_create( - grpc_credentials *creds1, - grpc_credentials *creds2) { - return grpc_composite_credentials_create(creds1, creds2, NULL); +GPR_EXPORT grpc_channel_credentials *GPR_CALLTYPE grpcsharp_composite_channel_credentials_create( + grpc_channel_credentials *channel_creds, + grpc_call_credentials *call_creds) { + return grpc_composite_channel_credentials_create(channel_creds, call_creds, NULL); +} + +GPR_EXPORT grpc_call_credentials *GPR_CALLTYPE grpcsharp_composite_call_credentials_create( + grpc_call_credentials *creds1, + grpc_call_credentials *creds2) { + return grpc_composite_call_credentials_create(creds1, creds2, NULL); } /* Metadata credentials plugin */ @@ -929,7 +943,7 @@ static void grpcsharp_metadata_credentials_destroy_handler(void *state) { interceptor(state, NULL, NULL, NULL, 1); } -GPR_EXPORT grpc_credentials *GPR_CALLTYPE grpcsharp_metadata_credentials_create_from_plugin( +GPR_EXPORT grpc_call_credentials *GPR_CALLTYPE grpcsharp_metadata_credentials_create_from_plugin( grpcsharp_metadata_interceptor_func metadata_interceptor) { grpc_metadata_credentials_plugin plugin; plugin.get_metadata = grpcsharp_get_metadata_handler; diff --git a/src/node/ext/call.cc b/src/node/ext/call.cc index fe11905109..a98ae85427 100644 --- a/src/node/ext/call.cc +++ b/src/node/ext/call.cc @@ -757,7 +757,7 @@ NAN_METHOD(Call::SetCredentials) { Call *call = ObjectWrap::Unwrap<Call>(info.This()); CallCredentials *creds_object = ObjectWrap::Unwrap<CallCredentials>( Nan::To<Object>(info[0]).ToLocalChecked()); - grpc_credentials *creds = creds_object->GetWrappedCredentials(); + grpc_call_credentials *creds = creds_object->GetWrappedCredentials(); grpc_call_error error = GRPC_CALL_ERROR; if (creds) { error = grpc_call_set_credentials(call->wrapped_call, creds); diff --git a/src/node/ext/call_credentials.cc b/src/node/ext/call_credentials.cc index ff16a1f122..9c5d9d291b 100644 --- a/src/node/ext/call_credentials.cc +++ b/src/node/ext/call_credentials.cc @@ -64,11 +64,11 @@ using v8::Value; Nan::Callback *CallCredentials::constructor; Persistent<FunctionTemplate> CallCredentials::fun_tpl; -CallCredentials::CallCredentials(grpc_credentials *credentials) +CallCredentials::CallCredentials(grpc_call_credentials *credentials) : wrapped_credentials(credentials) {} CallCredentials::~CallCredentials() { - grpc_credentials_release(wrapped_credentials); + grpc_call_credentials_release(wrapped_credentials); } void CallCredentials::Init(Local<Object> exports) { @@ -91,7 +91,7 @@ bool CallCredentials::HasInstance(Local<Value> val) { return Nan::New(fun_tpl)->HasInstance(val); } -Local<Value> CallCredentials::WrapStruct(grpc_credentials *credentials) { +Local<Value> CallCredentials::WrapStruct(grpc_call_credentials *credentials) { EscapableHandleScope scope; const int argc = 1; if (credentials == NULL) { @@ -108,7 +108,7 @@ Local<Value> CallCredentials::WrapStruct(grpc_credentials *credentials) { } } -grpc_credentials *CallCredentials::GetWrappedCredentials() { +grpc_call_credentials *CallCredentials::GetWrappedCredentials() { return wrapped_credentials; } @@ -119,8 +119,8 @@ NAN_METHOD(CallCredentials::New) { "CallCredentials can only be created with the provided functions"); } Local<External> ext = info[0].As<External>(); - grpc_credentials *creds_value = - reinterpret_cast<grpc_credentials *>(ext->Value()); + grpc_call_credentials *creds_value = + reinterpret_cast<grpc_call_credentials *>(ext->Value()); CallCredentials *credentials = new CallCredentials(creds_value); credentials->Wrap(info.This()); info.GetReturnValue().Set(info.This()); @@ -144,7 +144,7 @@ NAN_METHOD(CallCredentials::Compose) { CallCredentials *self = ObjectWrap::Unwrap<CallCredentials>(info.This()); CallCredentials *other = ObjectWrap::Unwrap<CallCredentials>( Nan::To<Object>(info[0]).ToLocalChecked()); - grpc_credentials *creds = grpc_composite_credentials_create( + grpc_call_credentials *creds = grpc_composite_call_credentials_create( self->wrapped_credentials, other->wrapped_credentials, NULL); info.GetReturnValue().Set(WrapStruct(creds)); } @@ -162,8 +162,8 @@ NAN_METHOD(CallCredentials::CreateFromPlugin) { plugin.get_metadata = plugin_get_metadata; plugin.destroy = plugin_destroy_state; plugin.state = reinterpret_cast<void*>(state); - grpc_credentials *creds = grpc_metadata_credentials_create_from_plugin(plugin, - NULL); + grpc_call_credentials *creds = grpc_metadata_credentials_create_from_plugin( + plugin, NULL); info.GetReturnValue().Set(WrapStruct(creds)); } diff --git a/src/node/ext/call_credentials.h b/src/node/ext/call_credentials.h index 618292d19e..1cd8d8dd5d 100644 --- a/src/node/ext/call_credentials.h +++ b/src/node/ext/call_credentials.h @@ -45,14 +45,14 @@ class CallCredentials : public Nan::ObjectWrap { public: static void Init(v8::Local<v8::Object> exports); static bool HasInstance(v8::Local<v8::Value> val); - /* Wrap a grpc_credentials struct in a javascript object */ - static v8::Local<v8::Value> WrapStruct(grpc_credentials *credentials); + /* Wrap a grpc_call_credentials struct in a javascript object */ + static v8::Local<v8::Value> WrapStruct(grpc_call_credentials *credentials); - /* Returns the grpc_credentials struct that this object wraps */ - grpc_credentials *GetWrappedCredentials(); + /* Returns the grpc_call_credentials struct that this object wraps */ + grpc_call_credentials *GetWrappedCredentials(); private: - explicit CallCredentials(grpc_credentials *credentials); + explicit CallCredentials(grpc_call_credentials *credentials); ~CallCredentials(); // Prevent copying @@ -68,7 +68,7 @@ class CallCredentials : public Nan::ObjectWrap { // Used for typechecking instances of this javascript class static Nan::Persistent<v8::FunctionTemplate> fun_tpl; - grpc_credentials *wrapped_credentials; + grpc_call_credentials *wrapped_credentials; }; /* Auth metadata plugin functionality */ diff --git a/src/node/ext/channel.cc b/src/node/ext/channel.cc index c11734d737..00fcca6dc8 100644 --- a/src/node/ext/channel.cc +++ b/src/node/ext/channel.cc @@ -177,7 +177,7 @@ NAN_METHOD(Channel::New) { grpc_channel *wrapped_channel; // Owned by the Channel object Utf8String host(info[0]); - grpc_credentials *creds; + grpc_channel_credentials *creds; if (!ChannelCredentials::HasInstance(info[1])) { return Nan::ThrowTypeError( "Channel's second argument must be a ChannelCredentials"); diff --git a/src/node/ext/channel_credentials.cc b/src/node/ext/channel_credentials.cc index 7ca3b9816c..b77ff80af2 100644 --- a/src/node/ext/channel_credentials.cc +++ b/src/node/ext/channel_credentials.cc @@ -65,11 +65,11 @@ using v8::Value; Nan::Callback *ChannelCredentials::constructor; Persistent<FunctionTemplate> ChannelCredentials::fun_tpl; -ChannelCredentials::ChannelCredentials(grpc_credentials *credentials) +ChannelCredentials::ChannelCredentials(grpc_channel_credentials *credentials) : wrapped_credentials(credentials) {} ChannelCredentials::~ChannelCredentials() { - grpc_credentials_release(wrapped_credentials); + grpc_channel_credentials_release(wrapped_credentials); } void ChannelCredentials::Init(Local<Object> exports) { @@ -95,7 +95,8 @@ bool ChannelCredentials::HasInstance(Local<Value> val) { return Nan::New(fun_tpl)->HasInstance(val); } -Local<Value> ChannelCredentials::WrapStruct(grpc_credentials *credentials) { +Local<Value> ChannelCredentials::WrapStruct( + grpc_channel_credentials *credentials) { EscapableHandleScope scope; const int argc = 1; Local<Value> argv[argc] = { @@ -109,7 +110,7 @@ Local<Value> ChannelCredentials::WrapStruct(grpc_credentials *credentials) { } } -grpc_credentials *ChannelCredentials::GetWrappedCredentials() { +grpc_channel_credentials *ChannelCredentials::GetWrappedCredentials() { return wrapped_credentials; } @@ -120,8 +121,8 @@ NAN_METHOD(ChannelCredentials::New) { "ChannelCredentials can only be created with the provided functions"); } Local<External> ext = info[0].As<External>(); - grpc_credentials *creds_value = - reinterpret_cast<grpc_credentials *>(ext->Value()); + grpc_channel_credentials *creds_value = + reinterpret_cast<grpc_channel_credentials *>(ext->Value()); ChannelCredentials *credentials = new ChannelCredentials(creds_value); credentials->Wrap(info.This()); info.GetReturnValue().Set(info.This()); @@ -153,7 +154,7 @@ NAN_METHOD(ChannelCredentials::CreateSsl) { return Nan::ThrowTypeError( "createSSl's third argument must be a Buffer if provided"); } - grpc_credentials *creds = grpc_ssl_credentials_create( + grpc_channel_credentials *creds = grpc_ssl_credentials_create( root_certs, key_cert_pair.private_key == NULL ? NULL : &key_cert_pair, NULL); if (creds == NULL) { @@ -180,7 +181,7 @@ NAN_METHOD(ChannelCredentials::Compose) { } CallCredentials *other = ObjectWrap::Unwrap<CallCredentials>( Nan::To<Object>(info[0]).ToLocalChecked()); - grpc_credentials *creds = grpc_composite_credentials_create( + grpc_channel_credentials *creds = grpc_composite_channel_credentials_create( self->wrapped_credentials, other->GetWrappedCredentials(), NULL); if (creds == NULL) { info.GetReturnValue().SetNull(); diff --git a/src/node/ext/channel_credentials.h b/src/node/ext/channel_credentials.h index 31ea0987bc..89b115267f 100644 --- a/src/node/ext/channel_credentials.h +++ b/src/node/ext/channel_credentials.h @@ -42,19 +42,19 @@ namespace grpc { namespace node { -/* Wrapper class for grpc_credentials structs */ +/* Wrapper class for grpc_channel_credentials structs */ class ChannelCredentials : public Nan::ObjectWrap { public: static void Init(v8::Local<v8::Object> exports); static bool HasInstance(v8::Local<v8::Value> val); - /* Wrap a grpc_credentials struct in a javascript object */ - static v8::Local<v8::Value> WrapStruct(grpc_credentials *credentials); + /* Wrap a grpc_channel_credentials struct in a javascript object */ + static v8::Local<v8::Value> WrapStruct(grpc_channel_credentials *credentials); - /* Returns the grpc_credentials struct that this object wraps */ - grpc_credentials *GetWrappedCredentials(); + /* Returns the grpc_channel_credentials struct that this object wraps */ + grpc_channel_credentials *GetWrappedCredentials(); private: - explicit ChannelCredentials(grpc_credentials *credentials); + explicit ChannelCredentials(grpc_channel_credentials *credentials); ~ChannelCredentials(); // Prevent copying @@ -70,7 +70,7 @@ class ChannelCredentials : public Nan::ObjectWrap { // Used for typechecking instances of this javascript class static Nan::Persistent<v8::FunctionTemplate> fun_tpl; - grpc_credentials *wrapped_credentials; + grpc_channel_credentials *wrapped_credentials; }; } // namespace node diff --git a/src/node/test/credentials_test.js b/src/node/test/credentials_test.js index 3e01b62cf4..647f648ca9 100644 --- a/src/node/test/credentials_test.js +++ b/src/node/test/credentials_test.js @@ -71,7 +71,7 @@ var fakeSuccessfulGoogleCredentials = { var fakeFailingGoogleCredentials = { getRequestMetadata: function(service_url, callback) { setTimeout(function() { - callback(new Error('Authorization failure')); + callback(new Error('Authentication failure')); }, 0); } }; @@ -218,6 +218,25 @@ describe('client credentials', function() { done(); }); }); + it('Should not add metadata with just SSL credentials', function(done) { + // Tests idempotency of credentials composition + var metadataUpdater = function(service_url, callback) { + var metadata = new grpc.Metadata(); + metadata.set('plugin_key', 'plugin_value'); + callback(null, metadata); + }; + var creds = grpc.credentials.createFromMetadataGenerator(metadataUpdater); + grpc.credentials.combineChannelCredentials(client_ssl_creds, creds); + var client = new Client('localhost:' + port, client_ssl_creds, + client_options); + var call = client.unary({}, function(err, data) { + assert.ifError(err); + }); + call.on('metadata', function(metadata) { + assert.deepEqual(metadata.get('plugin_key'), []); + done(); + }); + }); it.skip('should get an error from a Google credential', function(done) { var creds = grpc.credentials.createFromGoogleCredential( fakeFailingGoogleCredentials); @@ -227,7 +246,7 @@ describe('client credentials', function() { client_options); client.unary({}, function(err, data) { assert(err); - assert.strictEqual(err.message, 'Authorization failure'); + assert.strictEqual(err.message, 'Authentication failure'); done(); }); }); diff --git a/src/node/test/data/server1.pem b/src/node/test/data/server1.pem index 8e582e571f..f3d43fcc5b 100644 --- a/src/node/test/data/server1.pem +++ b/src/node/test/data/server1.pem @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMTQwNzIyMDYwMDU3WhcNMjQwNzE5 -MDYwMDU3WjBkMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFDASBgNVBAoTC0dvb2dsZSBJbmMuMRowGAYDVQQDFBEqLnRl -c3QuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4cMVJygs -JUmlgMMzgdi0h1XoCR7+ww1pop04OMMyy7H/i0PJ2W6Y35+b4CM8QrkYeEafUGDO -RYX6yV/cHGGsD/x02ye6ey1UDtkGAD/mpDEx8YCrjAc1Vfvt8Fk6Cn1WVIxV/J30 -3xjBsFgByQ55RBp1OLZfVLo6AleBDSbcxaECAwEAAaNrMGkwCQYDVR0TBAIwADAL -BgNVHQ8EBAMCBeAwTwYDVR0RBEgwRoIQKi50ZXN0Lmdvb2dsZS5mcoIYd2F0ZXJ6 -b29pLnRlc3QuZ29vZ2xlLmJlghIqLnRlc3QueW91dHViZS5jb22HBMCoAQMwDQYJ -KoZIhvcNAQEFBQADgYEAM2Ii0LgTGbJ1j4oqX9bxVcxm+/R5Yf8oi0aZqTJlnLYS -wXcBykxTx181s7WyfJ49WwrYXo78zTDAnf1ma0fPq3e4mpspvyndLh1a+OarHa1e -aT0DIIYk7qeEa1YcVljx2KyLd0r1BBAfrwyGaEPVeJQVYWaOJRU2we/KD4ojf9s= +MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx +MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV +BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 +ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco +LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg +zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd +9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy +em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G +CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 +hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh +y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 -----END CERTIFICATE----- diff --git a/src/objective-c/GRPCClient/private/GRPCSecureChannel.h b/src/objective-c/GRPCClient/private/GRPCSecureChannel.h index 4e0881e5a2..b82b9fe35a 100644 --- a/src/objective-c/GRPCClient/private/GRPCSecureChannel.h +++ b/src/objective-c/GRPCClient/private/GRPCSecureChannel.h @@ -35,7 +35,7 @@ #import "GRPCChannel.h" -struct grpc_credentials; +struct grpc_channel_credentials; @interface GRPCSecureChannel : GRPCChannel - (instancetype)initWithHost:(NSString *)host; @@ -50,6 +50,6 @@ struct grpc_credentials; /** The passed arguments aren't required to be valid beyond the invocation of this initializer. */ - (instancetype)initWithHost:(NSString *)host - credentials:(struct grpc_credentials *)credentials + credentials:(struct grpc_channel_credentials *)credentials args:(grpc_channel_args *)args NS_DESIGNATED_INITIALIZER; @end diff --git a/src/objective-c/GRPCClient/private/GRPCSecureChannel.m b/src/objective-c/GRPCClient/private/GRPCSecureChannel.m index ce16655330..a573c171e9 100644 --- a/src/objective-c/GRPCClient/private/GRPCSecureChannel.m +++ b/src/objective-c/GRPCClient/private/GRPCSecureChannel.m @@ -37,7 +37,7 @@ // Returns NULL if the file at path couldn't be read. In that case, if errorPtr isn't NULL, // *errorPtr will be an object describing what went wrong. -static grpc_credentials *CertificatesAtPath(NSString *path, NSError **errorPtr) { +static grpc_channel_credentials *CertificatesAtPath(NSString *path, NSError **errorPtr) { // Files in PEM format can have non-ASCII characters in their comments (e.g. for the name of the // issuer). Load them as UTF8 and produce an ASCII equivalent. NSString *contentInUTF8 = [NSString stringWithContentsOfFile:path @@ -62,7 +62,7 @@ static grpc_credentials *CertificatesAtPath(NSString *path, NSError **errorPtr) pathToCertificates:(NSString *)path hostNameOverride:(NSString *)hostNameOverride { // Load default SSL certificates once. - static grpc_credentials *kDefaultCertificates; + static grpc_channel_credentials *kDefaultCertificates; static dispatch_once_t loading; dispatch_once(&loading, ^{ NSString *defaultPath = @"gRPCCertificates.bundle/roots"; // .pem @@ -79,7 +79,9 @@ static grpc_credentials *CertificatesAtPath(NSString *path, NSError **errorPtr) }); //TODO(jcanizales): Add NSError** parameter to the initializer. - grpc_credentials *certificates = path ? CertificatesAtPath(path, NULL) : kDefaultCertificates; + grpc_channel_credentials *certificates = path + ? CertificatesAtPath(path, NULL) + : kDefaultCertificates; if (!certificates) { return nil; } @@ -99,7 +101,7 @@ static grpc_credentials *CertificatesAtPath(NSString *path, NSError **errorPtr) } - (instancetype)initWithHost:(NSString *)host - credentials:(grpc_credentials *)credentials + credentials:(grpc_channel_credentials *)credentials args:(grpc_channel_args *)args { return (self = [super initWithChannel:grpc_secure_channel_create( diff --git a/src/php/ext/grpc/call_credentials.c b/src/php/ext/grpc/call_credentials.c new file mode 100644 index 0000000000..17f167befb --- /dev/null +++ b/src/php/ext/grpc/call_credentials.c @@ -0,0 +1,138 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "channel_credentials.h" +#include "call_credentials.h" + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <php.h> +#include <php_ini.h> +#include <ext/standard/info.h> +#include <ext/spl/spl_exceptions.h> +#include "php_grpc.h" + +#include <zend_exceptions.h> +#include <zend_hash.h> + +#include <grpc/grpc.h> +#include <grpc/grpc_security.h> + +zend_class_entry *grpc_ce_call_credentials; + +/* Frees and destroys an instance of wrapped_grpc_call_credentials */ +void free_wrapped_grpc_call_credentials(void *object TSRMLS_DC) { + wrapped_grpc_call_credentials *creds = + (wrapped_grpc_call_credentials *)object; + if (creds->wrapped != NULL) { + grpc_call_credentials_release(creds->wrapped); + } + efree(creds); +} + +/* Initializes an instance of wrapped_grpc_call_credentials to be + * associated with an object of a class specified by class_type */ +zend_object_value create_wrapped_grpc_call_credentials( + zend_class_entry *class_type TSRMLS_DC) { + zend_object_value retval; + wrapped_grpc_call_credentials *intern; + + intern = (wrapped_grpc_call_credentials *)emalloc( + sizeof(wrapped_grpc_call_credentials)); + memset(intern, 0, sizeof(wrapped_grpc_call_credentials)); + + zend_object_std_init(&intern->std, class_type TSRMLS_CC); + object_properties_init(&intern->std, class_type); + retval.handle = zend_objects_store_put( + intern, (zend_objects_store_dtor_t)zend_objects_destroy_object, + free_wrapped_grpc_call_credentials, NULL TSRMLS_CC); + retval.handlers = zend_get_std_object_handlers(); + return retval; +} + +zval *grpc_php_wrap_call_credentials(grpc_call_credentials *wrapped) { + zval *credentials_object; + MAKE_STD_ZVAL(credentials_object); + object_init_ex(credentials_object, grpc_ce_call_credentials); + wrapped_grpc_call_credentials *credentials = + (wrapped_grpc_call_credentials *)zend_object_store_get_object( + credentials_object TSRMLS_CC); + credentials->wrapped = wrapped; + return credentials_object; +} + +/** + * Create composite credentials from two existing credentials. + * @param CallCredentials cred1 The first credential + * @param CallCredentials cred2 The second credential + * @return CallCredentials The new composite credentials object + */ +PHP_METHOD(CallCredentials, createComposite) { + zval *cred1_obj; + zval *cred2_obj; + + /* "OO" == 3 Objects */ + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "OO", &cred1_obj, + grpc_ce_call_credentials, &cred2_obj, + grpc_ce_call_credentials) == FAILURE) { + zend_throw_exception(spl_ce_InvalidArgumentException, + "createComposite expects 2 CallCredentials", + 1 TSRMLS_CC); + return; + } + wrapped_grpc_call_credentials *cred1 = + (wrapped_grpc_call_credentials *)zend_object_store_get_object( + cred1_obj TSRMLS_CC); + wrapped_grpc_call_credentials *cred2 = + (wrapped_grpc_call_credentials *)zend_object_store_get_object( + cred2_obj TSRMLS_CC); + grpc_call_credentials *creds = + grpc_composite_call_credentials_create(cred1->wrapped, cred2->wrapped, + NULL); + zval *creds_object = grpc_php_wrap_call_credentials(creds); + RETURN_DESTROY_ZVAL(creds_object); +} + +static zend_function_entry call_credentials_methods[] = { + PHP_ME(CallCredentials, createComposite, NULL, + ZEND_ACC_PUBLIC | ZEND_ACC_STATIC) + PHP_FE_END}; + +void grpc_init_call_credentials(TSRMLS_D) { + zend_class_entry ce; + INIT_CLASS_ENTRY(ce, "Grpc\\CallCredentials", call_credentials_methods); + ce.create_object = create_wrapped_grpc_call_credentials; + grpc_ce_call_credentials = zend_register_internal_class(&ce TSRMLS_CC); +} diff --git a/src/php/ext/grpc/credentials.h b/src/php/ext/grpc/call_credentials.h index 86d7ae5b14..8f35ac68bc 100755 --- a/src/php/ext/grpc/credentials.h +++ b/src/php/ext/grpc/call_credentials.h @@ -31,8 +31,8 @@ * */ -#ifndef NET_GRPC_PHP_GRPC_CREDENTIALS_H_ -#define NET_GRPC_PHP_GRPC_CREDENTIALS_H_ +#ifndef NET_GRPC_PHP_GRPC_CALL_CREDENTIALS_H_ +#define NET_GRPC_PHP_GRPC_CALL_CREDENTIALS_H_ #ifdef HAVE_CONFIG_H #include "config.h" @@ -46,18 +46,18 @@ #include "grpc/grpc.h" #include "grpc/grpc_security.h" -/* Class entry for the Credentials PHP class */ -extern zend_class_entry *grpc_ce_credentials; +/* Class entry for the CallCredentials PHP class */ +extern zend_class_entry *grpc_ce_call_credentials; -/* Wrapper struct for grpc_credentials that can be associated with a PHP - * object */ -typedef struct wrapped_grpc_credentials { +/* Wrapper struct for grpc_call_credentials that can be associated + * with a PHP object */ +typedef struct wrapped_grpc_call_credentials { zend_object std; - grpc_credentials *wrapped; -} wrapped_grpc_credentials; + grpc_call_credentials *wrapped; +} wrapped_grpc_call_credentials; -/* Initializes the Credentials PHP class */ -void grpc_init_credentials(TSRMLS_D); +/* Initializes the CallCredentials PHP class */ +void grpc_init_call_credentials(TSRMLS_D); -#endif /* NET_GRPC_PHP_GRPC_CREDENTIALS_H_ */ +#endif /* NET_GRPC_PHP_GRPC_CALL_CREDENTIALS_H_ */ diff --git a/src/php/ext/grpc/channel.c b/src/php/ext/grpc/channel.c index a4313b6bd4..f8c4f0423f 100644 --- a/src/php/ext/grpc/channel.c +++ b/src/php/ext/grpc/channel.c @@ -52,7 +52,7 @@ #include <grpc/grpc_security.h> #include "completion_queue.h" -#include "credentials.h" +#include "channel_credentials.h" #include "server.h" #include "timeval.h" @@ -125,21 +125,22 @@ void php_grpc_read_args_array(zval *args_array, grpc_channel_args *args) { /** * Construct an instance of the Channel class. If the $args array contains a - * "credentials" key mapping to a Credentials object, a secure channel will be - * created with those credentials. + * "credentials" key mapping to a ChannelCredentials object, a secure channel + * will be created with those credentials. * @param string $target The hostname to associate with this channel * @param array $args The arguments to pass to the Channel (optional) */ PHP_METHOD(Channel, __construct) { wrapped_grpc_channel *channel = - (wrapped_grpc_channel *)zend_object_store_get_object(getThis() TSRMLS_CC); + (wrapped_grpc_channel *)zend_object_store_get_object( + getThis() TSRMLS_CC); char *target; int target_length; zval *args_array = NULL; grpc_channel_args args; HashTable *array_hash; zval **creds_obj = NULL; - wrapped_grpc_credentials *creds = NULL; + wrapped_grpc_channel_credentials *creds = NULL; /* "s|a" == 1 string, 1 optional array */ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|a", &target, &target_length, &args_array) == FAILURE) { @@ -153,13 +154,14 @@ PHP_METHOD(Channel, __construct) { array_hash = Z_ARRVAL_P(args_array); if (zend_hash_find(array_hash, "credentials", sizeof("credentials"), (void **)&creds_obj) == SUCCESS) { - if (zend_get_class_entry(*creds_obj TSRMLS_CC) != grpc_ce_credentials) { + if (zend_get_class_entry(*creds_obj TSRMLS_CC) != + grpc_ce_channel_credentials) { zend_throw_exception(spl_ce_InvalidArgumentException, - "credentials must be a Credentials object", + "credentials must be a ChannelCredentials object", 1 TSRMLS_CC); return; } - creds = (wrapped_grpc_credentials *)zend_object_store_get_object( + creds = (wrapped_grpc_channel_credentials *)zend_object_store_get_object( *creds_obj TSRMLS_CC); zend_hash_del(array_hash, "credentials", 12); } diff --git a/src/php/ext/grpc/credentials.c b/src/php/ext/grpc/channel_credentials.c index e413070b45..df4a5d5162 100644 --- a/src/php/ext/grpc/credentials.c +++ b/src/php/ext/grpc/channel_credentials.c @@ -31,7 +31,8 @@ * */ -#include "credentials.h" +#include "channel_credentials.h" +#include "call_credentials.h" #ifdef HAVE_CONFIG_H #include "config.h" @@ -49,55 +50,56 @@ #include <grpc/grpc.h> #include <grpc/grpc_security.h> -zend_class_entry *grpc_ce_credentials; +zend_class_entry *grpc_ce_channel_credentials; -/* Frees and destroys an instance of wrapped_grpc_credentials */ -void free_wrapped_grpc_credentials(void *object TSRMLS_DC) { - wrapped_grpc_credentials *creds = (wrapped_grpc_credentials *)object; +/* Frees and destroys an instance of wrapped_grpc_channel_credentials */ +void free_wrapped_grpc_channel_credentials(void *object TSRMLS_DC) { + wrapped_grpc_channel_credentials *creds = + (wrapped_grpc_channel_credentials *)object; if (creds->wrapped != NULL) { - grpc_credentials_release(creds->wrapped); + grpc_channel_credentials_release(creds->wrapped); } efree(creds); } -/* Initializes an instance of wrapped_grpc_credentials to be associated with an - * object of a class specified by class_type */ -zend_object_value create_wrapped_grpc_credentials(zend_class_entry *class_type - TSRMLS_DC) { +/* Initializes an instance of wrapped_grpc_channel_credentials to be + * associated with an object of a class specified by class_type */ +zend_object_value create_wrapped_grpc_channel_credentials( + zend_class_entry *class_type TSRMLS_DC) { zend_object_value retval; - wrapped_grpc_credentials *intern; + wrapped_grpc_channel_credentials *intern; - intern = - (wrapped_grpc_credentials *)emalloc(sizeof(wrapped_grpc_credentials)); - memset(intern, 0, sizeof(wrapped_grpc_credentials)); + intern = (wrapped_grpc_channel_credentials *)emalloc( + sizeof(wrapped_grpc_channel_credentials)); + memset(intern, 0, sizeof(wrapped_grpc_channel_credentials)); zend_object_std_init(&intern->std, class_type TSRMLS_CC); object_properties_init(&intern->std, class_type); retval.handle = zend_objects_store_put( intern, (zend_objects_store_dtor_t)zend_objects_destroy_object, - free_wrapped_grpc_credentials, NULL TSRMLS_CC); + free_wrapped_grpc_channel_credentials, NULL TSRMLS_CC); retval.handlers = zend_get_std_object_handlers(); return retval; } -zval *grpc_php_wrap_credentials(grpc_credentials *wrapped) { +zval *grpc_php_wrap_channel_credentials(grpc_channel_credentials *wrapped) { zval *credentials_object; MAKE_STD_ZVAL(credentials_object); - object_init_ex(credentials_object, grpc_ce_credentials); - wrapped_grpc_credentials *credentials = - (wrapped_grpc_credentials *)zend_object_store_get_object( + object_init_ex(credentials_object, grpc_ce_channel_credentials); + wrapped_grpc_channel_credentials *credentials = + (wrapped_grpc_channel_credentials *)zend_object_store_get_object( credentials_object TSRMLS_CC); credentials->wrapped = wrapped; return credentials_object; } /** - * Create a default credentials object. - * @return Credentials The new default credentials object + * Create a default channel credentials object. + * @return ChannelCredentials The new default channel credentials object */ -PHP_METHOD(Credentials, createDefault) { - grpc_credentials *creds = grpc_google_default_credentials_create(); - zval *creds_object = grpc_php_wrap_credentials(creds); +PHP_METHOD(ChannelCredentials, createDefault) { + grpc_channel_credentials *creds = grpc_google_default_credentials_create(); + zval *creds_object = grpc_php_wrap_channel_credentials(creds); RETURN_DESTROY_ZVAL(creds_object); } @@ -108,9 +110,9 @@ PHP_METHOD(Credentials, createDefault) { * (optional) * @param string pem_cert_chain PEM encoding of the client's certificate chain * (optional) - * @return Credentials The new SSL credentials object + * @return ChannelCredentials The new SSL credentials object */ -PHP_METHOD(Credentials, createSsl) { +PHP_METHOD(ChannelCredentials, createSsl) { char *pem_root_certs = NULL; grpc_ssl_pem_key_cert_pair pem_key_cert_pair; @@ -121,71 +123,65 @@ PHP_METHOD(Credentials, createSsl) { /* "|s!s!s! == 3 optional nullable strings */ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s!s!s!", &pem_root_certs, &root_certs_length, - &pem_key_cert_pair.private_key, &private_key_length, + &pem_key_cert_pair.private_key, + &private_key_length, &pem_key_cert_pair.cert_chain, &cert_chain_length) == FAILURE) { zend_throw_exception(spl_ce_InvalidArgumentException, "createSsl expects 3 optional strings", 1 TSRMLS_CC); return; } - grpc_credentials *creds = grpc_ssl_credentials_create( + grpc_channel_credentials *creds = grpc_ssl_credentials_create( pem_root_certs, pem_key_cert_pair.private_key == NULL ? NULL : &pem_key_cert_pair, NULL); - zval *creds_object = grpc_php_wrap_credentials(creds); + zval *creds_object = grpc_php_wrap_channel_credentials(creds); RETURN_DESTROY_ZVAL(creds_object); } /** * Create composite credentials from two existing credentials. - * @param Credentials cred1 The first credential - * @param Credentials cred2 The second credential - * @return Credentials The new composite credentials object + * @param ChannelCredentials cred1 The first credential + * @param CallCredentials cred2 The second credential + * @return ChannelCredentials The new composite credentials object */ -PHP_METHOD(Credentials, createComposite) { +PHP_METHOD(ChannelCredentials, createComposite) { zval *cred1_obj; zval *cred2_obj; /* "OO" == 3 Objects */ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "OO", &cred1_obj, - grpc_ce_credentials, &cred2_obj, - grpc_ce_credentials) == FAILURE) { + grpc_ce_channel_credentials, &cred2_obj, + grpc_ce_call_credentials) == FAILURE) { zend_throw_exception(spl_ce_InvalidArgumentException, "createComposite expects 2 Credentials", 1 TSRMLS_CC); return; } - wrapped_grpc_credentials *cred1 = - (wrapped_grpc_credentials *)zend_object_store_get_object( + wrapped_grpc_channel_credentials *cred1 = + (wrapped_grpc_channel_credentials *)zend_object_store_get_object( cred1_obj TSRMLS_CC); - wrapped_grpc_credentials *cred2 = - (wrapped_grpc_credentials *)zend_object_store_get_object( + wrapped_grpc_call_credentials *cred2 = + (wrapped_grpc_call_credentials *)zend_object_store_get_object( cred2_obj TSRMLS_CC); - grpc_credentials *creds = - grpc_composite_credentials_create(cred1->wrapped, cred2->wrapped, NULL); - zval *creds_object = grpc_php_wrap_credentials(creds); + grpc_channel_credentials *creds = + grpc_composite_channel_credentials_create(cred1->wrapped, cred2->wrapped, + NULL); + zval *creds_object = grpc_php_wrap_channel_credentials(creds); RETURN_DESTROY_ZVAL(creds_object); } -/** - * Create Google Compute Engine credentials - * @return Credentials The new GCE credentials object - */ -PHP_METHOD(Credentials, createGce) { - grpc_credentials *creds = grpc_google_compute_engine_credentials_create(NULL); - zval *creds_object = grpc_php_wrap_credentials(creds); - RETURN_DESTROY_ZVAL(creds_object); -} - -static zend_function_entry credentials_methods[] = { - PHP_ME(Credentials, createDefault, NULL, ZEND_ACC_PUBLIC | ZEND_ACC_STATIC) - PHP_ME(Credentials, createSsl, NULL, ZEND_ACC_PUBLIC | ZEND_ACC_STATIC) - PHP_ME(Credentials, createComposite, NULL, - ZEND_ACC_PUBLIC | ZEND_ACC_STATIC) - PHP_ME(Credentials, createGce, NULL, ZEND_ACC_PUBLIC | ZEND_ACC_STATIC) - PHP_FE_END}; +static zend_function_entry channel_credentials_methods[] = { + PHP_ME(ChannelCredentials, createDefault, NULL, + ZEND_ACC_PUBLIC | ZEND_ACC_STATIC) + PHP_ME(ChannelCredentials, createSsl, NULL, + ZEND_ACC_PUBLIC | ZEND_ACC_STATIC) + PHP_ME(ChannelCredentials, createComposite, NULL, + ZEND_ACC_PUBLIC | ZEND_ACC_STATIC) + PHP_FE_END}; -void grpc_init_credentials(TSRMLS_D) { +void grpc_init_channel_credentials(TSRMLS_D) { zend_class_entry ce; - INIT_CLASS_ENTRY(ce, "Grpc\\Credentials", credentials_methods); - ce.create_object = create_wrapped_grpc_credentials; - grpc_ce_credentials = zend_register_internal_class(&ce TSRMLS_CC); + INIT_CLASS_ENTRY(ce, "Grpc\\ChannelCredentials", + channel_credentials_methods); + ce.create_object = create_wrapped_grpc_channel_credentials; + grpc_ce_channel_credentials = zend_register_internal_class(&ce TSRMLS_CC); } diff --git a/src/php/ext/grpc/channel_credentials.h b/src/php/ext/grpc/channel_credentials.h new file mode 100755 index 0000000000..d89984ce60 --- /dev/null +++ b/src/php/ext/grpc/channel_credentials.h @@ -0,0 +1,63 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef NET_GRPC_PHP_GRPC_CHANNEL_CREDENTIALS_H_ +#define NET_GRPC_PHP_GRPC_CHANNEL_CREDENTIALS_H_ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "php.h" +#include "php_ini.h" +#include "ext/standard/info.h" +#include "php_grpc.h" + +#include "grpc/grpc.h" +#include "grpc/grpc_security.h" + +/* Class entry for the ChannelCredentials PHP class */ +extern zend_class_entry *grpc_ce_channel_credentials; + +/* Wrapper struct for grpc_channel_credentials that can be associated + * with a PHP object */ +typedef struct wrapped_grpc_channel_credentials { + zend_object std; + + grpc_channel_credentials *wrapped; +} wrapped_grpc_channel_credentials; + +/* Initializes the ChannelCredentials PHP class */ +void grpc_init_channel_credentials(TSRMLS_D); + +#endif /* NET_GRPC_PHP_GRPC_CHANNEL_CREDENTIALS_H_ */ diff --git a/src/php/ext/grpc/config.m4 b/src/php/ext/grpc/config.m4 index 8bacdfbfec..7928687943 100755 --- a/src/php/ext/grpc/config.m4 +++ b/src/php/ext/grpc/config.m4 @@ -71,5 +71,7 @@ if test "$PHP_GRPC" != "no"; then PHP_SUBST(GRPC_SHARED_LIBADD) - PHP_NEW_EXTENSION(grpc, byte_buffer.c call.c channel.c completion_queue.c credentials.c timeval.c server.c server_credentials.c php_grpc.c, $ext_shared, , -Wall -Werror -std=c11) + PHP_NEW_EXTENSION(grpc, byte_buffer.c call.c call_credentials.c channel.c \ + channel_credentials.c completion_queue.c timeval.c server.c \ + server_credentials.c php_grpc.c, $ext_shared, , -Wall -Werror -std=c11) fi diff --git a/src/php/ext/grpc/package.xml b/src/php/ext/grpc/package.xml index 921cfc6ae6..a2e3e2826a 100644 --- a/src/php/ext/grpc/package.xml +++ b/src/php/ext/grpc/package.xml @@ -10,8 +10,8 @@ <email>grpc-packages@google.com</email> <active>yes</active> </lead> - <date>2015-10-07</date> - <time>13:40:54</time> + <date>2015-10-21</date> + <time>17:04:32</time> <version> <release>0.6.1</release> <api>0.6.0</api> @@ -30,16 +30,18 @@ <file baseinstalldir="/" md5sum="c8de0f819499c48adfc8d7f472c0196b" name="byte_buffer.h" role="src" /> <file baseinstalldir="/" md5sum="d64c9005993de02abac55664b0b9e0b2" name="call.c" role="src" /> <file baseinstalldir="/" md5sum="26acbf04c30162c2d2aca4688bb2aec8" name="call.h" role="src" /> - <file baseinstalldir="/" md5sum="15e56239b32c803f073e8a2b9f96e8c3" name="channel.c" role="src" /> + <file baseinstalldir="/" md5sum="6fa13d260dfde216f795225644f04e7a" name="call_credentials.c" role="src" /> + <file baseinstalldir="/" md5sum="e45269975f9a30fd349a90daf6b31aa2" name="call_credentials.h" role="src" /> + <file baseinstalldir="/" md5sum="0779db3b196c98081b2260ceec22cd4d" name="channel.c" role="src" /> <file baseinstalldir="/" md5sum="ed4b00c0cf3702b115d0cfa87450dc09" name="channel.h" role="src" /> + <file baseinstalldir="/" md5sum="1b40f50fa6184ad7d24a961ac76151ff" name="channel_credentials.c" role="src" /> + <file baseinstalldir="/" md5sum="a86250e03f610ce6c2c7595a84e08821" name="channel_credentials.h" role="src" /> <file baseinstalldir="/" md5sum="55ab7a42f9dd9bfc7e28a61cfc5fca63" name="completion_queue.c" role="src" /> <file baseinstalldir="/" md5sum="f10b5bb232d74a6878e829e2e76cdaa2" name="completion_queue.h" role="src" /> - <file baseinstalldir="/" md5sum="a22f8eac0164761058cc4d9eb2ceb069" name="config.m4" role="src" /> - <file baseinstalldir="/" md5sum="588752c908f7bc1663f7b8fc922ae661" name="credentials.c" role="src" /> - <file baseinstalldir="/" md5sum="6988d6e97c19c8f8e3eb92371cf8246b" name="credentials.h" role="src" /> + <file baseinstalldir="/" md5sum="c7bba7f0f00d1b1483de457d55311382" name="config.m4" role="src" /> <file baseinstalldir="/" md5sum="38a1bc979d810c36ebc2a52d4b7b5319" name="CREDITS" role="doc" /> <file baseinstalldir="/" md5sum="3f35b472bbdef5a788cd90617d7d0847" name="LICENSE" role="doc" /> - <file baseinstalldir="/" md5sum="b77f1f3941aaf7a21090b493e9f26037" name="php_grpc.c" role="src" /> + <file baseinstalldir="/" md5sum="3131a8af38fe5918e5409016b89d6cdb" name="php_grpc.c" role="src" /> <file baseinstalldir="/" md5sum="673b07859d9f69232f8a754c56780686" name="php_grpc.h" role="src" /> <file baseinstalldir="/" md5sum="7533a6d3ea02c78cad23a9651de0825d" name="README.md" role="doc" /> <file baseinstalldir="/" md5sum="3e4e960454ebb2fc7b78a840493f5315" name="server.c" role="src" /> @@ -122,7 +124,7 @@ Update to wrap gRPC C Core version 0.10.0 <release>beta</release> <api>beta</api> </stability> - <date>2015-10-07</date> + <date>2015-10-21</date> <license>BSD</license> <notes> - fixed undefined constant fatal error when run with apache/nginx #2275 diff --git a/src/php/ext/grpc/php_grpc.c b/src/php/ext/grpc/php_grpc.c index fcd94a6306..762c01385c 100644 --- a/src/php/ext/grpc/php_grpc.c +++ b/src/php/ext/grpc/php_grpc.c @@ -35,7 +35,8 @@ #include "channel.h" #include "server.h" #include "timeval.h" -#include "credentials.h" +#include "channel_credentials.h" +#include "call_credentials.h" #include "server_credentials.h" #include "completion_queue.h" @@ -233,7 +234,8 @@ PHP_MINIT_FUNCTION(grpc) { grpc_init_channel(TSRMLS_C); grpc_init_server(TSRMLS_C); grpc_init_timeval(TSRMLS_C); - grpc_init_credentials(TSRMLS_C); + grpc_init_channel_credentials(TSRMLS_C); + grpc_init_call_credentials(TSRMLS_C); grpc_init_server_credentials(TSRMLS_C); grpc_php_init_completion_queue(TSRMLS_C); return SUCCESS; diff --git a/src/php/tests/data/server1.pem b/src/php/tests/data/server1.pem index 8e582e571f..f3d43fcc5b 100755 --- a/src/php/tests/data/server1.pem +++ b/src/php/tests/data/server1.pem @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMTQwNzIyMDYwMDU3WhcNMjQwNzE5 -MDYwMDU3WjBkMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFDASBgNVBAoTC0dvb2dsZSBJbmMuMRowGAYDVQQDFBEqLnRl -c3QuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4cMVJygs -JUmlgMMzgdi0h1XoCR7+ww1pop04OMMyy7H/i0PJ2W6Y35+b4CM8QrkYeEafUGDO -RYX6yV/cHGGsD/x02ye6ey1UDtkGAD/mpDEx8YCrjAc1Vfvt8Fk6Cn1WVIxV/J30 -3xjBsFgByQ55RBp1OLZfVLo6AleBDSbcxaECAwEAAaNrMGkwCQYDVR0TBAIwADAL -BgNVHQ8EBAMCBeAwTwYDVR0RBEgwRoIQKi50ZXN0Lmdvb2dsZS5mcoIYd2F0ZXJ6 -b29pLnRlc3QuZ29vZ2xlLmJlghIqLnRlc3QueW91dHViZS5jb22HBMCoAQMwDQYJ -KoZIhvcNAQEFBQADgYEAM2Ii0LgTGbJ1j4oqX9bxVcxm+/R5Yf8oi0aZqTJlnLYS -wXcBykxTx181s7WyfJ49WwrYXo78zTDAnf1ma0fPq3e4mpspvyndLh1a+OarHa1e -aT0DIIYk7qeEa1YcVljx2KyLd0r1BBAfrwyGaEPVeJQVYWaOJRU2we/KD4ojf9s= +MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx +MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV +BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 +ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco +LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg +zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd +9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy +em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G +CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 +hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh +y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 -----END CERTIFICATE----- diff --git a/src/php/tests/interop/interop_client.php b/src/php/tests/interop/interop_client.php index 3019866561..9aab5c966c 100755 --- a/src/php/tests/interop/interop_client.php +++ b/src/php/tests/interop/interop_client.php @@ -423,10 +423,10 @@ $opts = []; if ($use_tls) { if ($use_test_ca) { - $ssl_credentials = Grpc\Credentials::createSsl( - file_get_contents(dirname(__FILE__).'/../data/ca.pem')); + $ssl_credentials = Grpc\ChannelCredentials::createSsl( + file_get_contents(dirname(__FILE__).'/../data/ca.pem')); } else { - $ssl_credentials = Grpc\Credentials::createSsl(); + $ssl_credentials = Grpc\ChannelCredentials::createSsl(); } $opts['credentials'] = $ssl_credentials; $opts['grpc.ssl_target_name_override'] = $host_override; diff --git a/src/php/tests/unit_tests/SecureEndToEndTest.php b/src/php/tests/unit_tests/SecureEndToEndTest.php index e66bde376c..c388ee5031 100755 --- a/src/php/tests/unit_tests/SecureEndToEndTest.php +++ b/src/php/tests/unit_tests/SecureEndToEndTest.php @@ -35,7 +35,7 @@ class SecureEndToEndTest extends PHPUnit_Framework_TestCase { public function setUp() { - $credentials = Grpc\Credentials::createSsl( + $credentials = Grpc\ChannelCredentials::createSsl( file_get_contents(dirname(__FILE__).'/../data/ca.pem')); $server_credentials = Grpc\ServerCredentials::createSsl( null, diff --git a/src/python/grpcio/grpc/_adapter/_c/types.c b/src/python/grpcio/grpc/_adapter/_c/types.c index 8855c32ca6..8dedf5902b 100644 --- a/src/python/grpcio/grpc/_adapter/_c/types.c +++ b/src/python/grpcio/grpc/_adapter/_c/types.c @@ -40,7 +40,8 @@ int pygrpc_module_add_types(PyObject *module) { int i; PyTypeObject *types[] = { - &pygrpc_ClientCredentials_type, + &pygrpc_CallCredentials_type, + &pygrpc_ChannelCredentials_type, &pygrpc_ServerCredentials_type, &pygrpc_CompletionQueue_type, &pygrpc_Call_type, diff --git a/src/python/grpcio/grpc/_adapter/_c/types.h b/src/python/grpcio/grpc/_adapter/_c/types.h index 31fd470d36..9ab415d216 100644 --- a/src/python/grpcio/grpc/_adapter/_c/types.h +++ b/src/python/grpcio/grpc/_adapter/_c/types.h @@ -44,27 +44,35 @@ /* Client-side credentials */ /*=========================*/ -typedef struct ClientCredentials { +typedef struct ChannelCredentials { PyObject_HEAD - grpc_credentials *c_creds; -} ClientCredentials; -void pygrpc_ClientCredentials_dealloc(ClientCredentials *self); -ClientCredentials *pygrpc_ClientCredentials_google_default( + grpc_channel_credentials *c_creds; +} ChannelCredentials; +void pygrpc_ChannelCredentials_dealloc(ChannelCredentials *self); +ChannelCredentials *pygrpc_ChannelCredentials_google_default( PyTypeObject *type, PyObject *ignored); -ClientCredentials *pygrpc_ClientCredentials_ssl( +ChannelCredentials *pygrpc_ChannelCredentials_ssl( PyTypeObject *type, PyObject *args, PyObject *kwargs); -ClientCredentials *pygrpc_ClientCredentials_composite( +ChannelCredentials *pygrpc_ChannelCredentials_composite( PyTypeObject *type, PyObject *args, PyObject *kwargs); -ClientCredentials *pygrpc_ClientCredentials_compute_engine( +extern PyTypeObject pygrpc_ChannelCredentials_type; + +typedef struct CallCredentials { + PyObject_HEAD + grpc_call_credentials *c_creds; +} CallCredentials; +void pygrpc_CallCredentials_dealloc(CallCredentials *self); +CallCredentials *pygrpc_CallCredentials_composite( + PyTypeObject *type, PyObject *args, PyObject *kwargs); +CallCredentials *pygrpc_CallCredentials_compute_engine( PyTypeObject *type, PyObject *ignored); -ClientCredentials *pygrpc_ClientCredentials_jwt( +CallCredentials *pygrpc_CallCredentials_jwt( PyTypeObject *type, PyObject *args, PyObject *kwargs); -ClientCredentials *pygrpc_ClientCredentials_refresh_token( +CallCredentials *pygrpc_CallCredentials_refresh_token( PyTypeObject *type, PyObject *args, PyObject *kwargs); -ClientCredentials *pygrpc_ClientCredentials_iam( +CallCredentials *pygrpc_CallCredentials_iam( PyTypeObject *type, PyObject *args, PyObject *kwargs); -extern PyTypeObject pygrpc_ClientCredentials_type; - +extern PyTypeObject pygrpc_CallCredentials_type; /*=========================*/ /* Server-side credentials */ diff --git a/src/python/grpcio/grpc/_adapter/_c/types/call.c b/src/python/grpcio/grpc/_adapter/_c/types/call.c index 5604aba39d..04ec871880 100644 --- a/src/python/grpcio/grpc/_adapter/_c/types/call.c +++ b/src/python/grpcio/grpc/_adapter/_c/types/call.c @@ -173,12 +173,12 @@ PyObject *pygrpc_Call_peer(Call *self) { } PyObject *pygrpc_Call_set_credentials(Call *self, PyObject *args, PyObject *kwargs) { - ClientCredentials *creds; + CallCredentials *creds; grpc_call_error errcode; static char *keywords[] = {"creds", NULL}; if (!PyArg_ParseTupleAndKeywords( args, kwargs, "O!:set_credentials", keywords, - &pygrpc_ClientCredentials_type, &creds)) { + &pygrpc_CallCredentials_type, &creds)) { return NULL; } errcode = grpc_call_set_credentials(self->c_call, creds->c_creds); diff --git a/src/python/grpcio/grpc/_adapter/_c/types/client_credentials.c b/src/python/grpcio/grpc/_adapter/_c/types/call_credentials.c index 90652b7b47..5a15a6e17d 100644 --- a/src/python/grpcio/grpc/_adapter/_c/types/client_credentials.c +++ b/src/python/grpcio/grpc/_adapter/_c/types/call_credentials.c @@ -39,31 +39,28 @@ #include <grpc/grpc_security.h> -PyMethodDef pygrpc_ClientCredentials_methods[] = { - {"google_default", (PyCFunction)pygrpc_ClientCredentials_google_default, - METH_CLASS|METH_NOARGS, ""}, - {"ssl", (PyCFunction)pygrpc_ClientCredentials_ssl, - METH_CLASS|METH_KEYWORDS, ""}, - {"composite", (PyCFunction)pygrpc_ClientCredentials_composite, +PyMethodDef pygrpc_CallCredentials_methods[] = { + {"composite", (PyCFunction)pygrpc_CallCredentials_composite, METH_CLASS|METH_KEYWORDS, ""}, - {"compute_engine", (PyCFunction)pygrpc_ClientCredentials_compute_engine, + {"compute_engine", (PyCFunction)pygrpc_CallCredentials_compute_engine, METH_CLASS|METH_NOARGS, ""}, - {"jwt", (PyCFunction)pygrpc_ClientCredentials_jwt, + {"jwt", (PyCFunction)pygrpc_CallCredentials_jwt, METH_CLASS|METH_KEYWORDS, ""}, - {"refresh_token", (PyCFunction)pygrpc_ClientCredentials_refresh_token, + {"refresh_token", (PyCFunction)pygrpc_CallCredentials_refresh_token, METH_CLASS|METH_KEYWORDS, ""}, - {"iam", (PyCFunction)pygrpc_ClientCredentials_iam, + {"iam", (PyCFunction)pygrpc_CallCredentials_iam, METH_CLASS|METH_KEYWORDS, ""}, {NULL} }; -const char pygrpc_ClientCredentials_doc[] = ""; -PyTypeObject pygrpc_ClientCredentials_type = { + +const char pygrpc_CallCredentials_doc[] = ""; +PyTypeObject pygrpc_CallCredentials_type = { PyObject_HEAD_INIT(NULL) 0, /* ob_size */ - "ClientCredentials", /* tp_name */ - sizeof(ClientCredentials), /* tp_basicsize */ + "CallCredentials", /* tp_name */ + sizeof(CallCredentials), /* tp_basicsize */ 0, /* tp_itemsize */ - (destructor)pygrpc_ClientCredentials_dealloc, /* tp_dealloc */ + (destructor)pygrpc_CallCredentials_dealloc, /* tp_dealloc */ 0, /* tp_print */ 0, /* tp_getattr */ 0, /* tp_setattr */ @@ -79,14 +76,14 @@ PyTypeObject pygrpc_ClientCredentials_type = { 0, /* tp_setattro */ 0, /* tp_as_buffer */ Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /* tp_flags */ - pygrpc_ClientCredentials_doc, /* tp_doc */ + pygrpc_CallCredentials_doc, /* tp_doc */ 0, /* tp_traverse */ 0, /* tp_clear */ 0, /* tp_richcompare */ 0, /* tp_weaklistoffset */ 0, /* tp_iter */ 0, /* tp_iternext */ - pygrpc_ClientCredentials_methods, /* tp_methods */ + pygrpc_CallCredentials_methods, /* tp_methods */ 0, /* tp_members */ 0, /* tp_getset */ 0, /* tp_base */ @@ -99,67 +96,26 @@ PyTypeObject pygrpc_ClientCredentials_type = { 0 /* tp_new */ }; -void pygrpc_ClientCredentials_dealloc(ClientCredentials *self) { - grpc_credentials_release(self->c_creds); +void pygrpc_CallCredentials_dealloc(CallCredentials *self) { + grpc_call_credentials_release(self->c_creds); self->ob_type->tp_free((PyObject *)self); } -ClientCredentials *pygrpc_ClientCredentials_google_default( - PyTypeObject *type, PyObject *ignored) { - ClientCredentials *self = (ClientCredentials *)type->tp_alloc(type, 0); - self->c_creds = grpc_google_default_credentials_create(); - if (!self->c_creds) { - Py_DECREF(self); - PyErr_SetString(PyExc_RuntimeError, - "couldn't create Google default credentials"); - return NULL; - } - return self; -} - -ClientCredentials *pygrpc_ClientCredentials_ssl( - PyTypeObject *type, PyObject *args, PyObject *kwargs) { - ClientCredentials *self; - const char *root_certs; - const char *private_key = NULL; - const char *cert_chain = NULL; - grpc_ssl_pem_key_cert_pair key_cert_pair; - static char *keywords[] = {"root_certs", "private_key", "cert_chain", NULL}; - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "z|zz:ssl", keywords, - &root_certs, &private_key, &cert_chain)) { - return NULL; - } - self = (ClientCredentials *)type->tp_alloc(type, 0); - if (private_key && cert_chain) { - key_cert_pair.private_key = private_key; - key_cert_pair.cert_chain = cert_chain; - self->c_creds = - grpc_ssl_credentials_create(root_certs, &key_cert_pair, NULL); - } else { - self->c_creds = grpc_ssl_credentials_create(root_certs, NULL, NULL); - } - if (!self->c_creds) { - Py_DECREF(self); - PyErr_SetString(PyExc_RuntimeError, "couldn't create ssl credentials"); - return NULL; - } - return self; -} - -ClientCredentials *pygrpc_ClientCredentials_composite( +CallCredentials *pygrpc_CallCredentials_composite( PyTypeObject *type, PyObject *args, PyObject *kwargs) { - ClientCredentials *self; - ClientCredentials *creds1; - ClientCredentials *creds2; + CallCredentials *self; + CallCredentials *creds1; + CallCredentials *creds2; static char *keywords[] = {"creds1", "creds2", NULL}; if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O!O!:composite", keywords, - &pygrpc_ClientCredentials_type, &creds1, - &pygrpc_ClientCredentials_type, &creds2)) { + &pygrpc_CallCredentials_type, &creds1, + &pygrpc_CallCredentials_type, &creds2)) { return NULL; } - self = (ClientCredentials *)type->tp_alloc(type, 0); + self = (CallCredentials *)type->tp_alloc(type, 0); self->c_creds = - grpc_composite_credentials_create(creds1->c_creds, creds2->c_creds, NULL); + grpc_composite_call_credentials_create( + creds1->c_creds, creds2->c_creds, NULL); if (!self->c_creds) { Py_DECREF(self); PyErr_SetString(PyExc_RuntimeError, "couldn't create composite credentials"); @@ -168,9 +124,9 @@ ClientCredentials *pygrpc_ClientCredentials_composite( return self; } -ClientCredentials *pygrpc_ClientCredentials_compute_engine( +CallCredentials *pygrpc_CallCredentials_compute_engine( PyTypeObject *type, PyObject *ignored) { - ClientCredentials *self = (ClientCredentials *)type->tp_alloc(type, 0); + CallCredentials *self = (CallCredentials *)type->tp_alloc(type, 0); self->c_creds = grpc_google_compute_engine_credentials_create(NULL); if (!self->c_creds) { Py_DECREF(self); @@ -182,9 +138,9 @@ ClientCredentials *pygrpc_ClientCredentials_compute_engine( } /* TODO: Rename this credentials to something like service_account_jwt_access */ -ClientCredentials *pygrpc_ClientCredentials_jwt( +CallCredentials *pygrpc_CallCredentials_jwt( PyTypeObject *type, PyObject *args, PyObject *kwargs) { - ClientCredentials *self; + CallCredentials *self; const char *json_key; double lifetime; static char *keywords[] = {"json_key", "token_lifetime", NULL}; @@ -192,7 +148,7 @@ ClientCredentials *pygrpc_ClientCredentials_jwt( &json_key, &lifetime)) { return NULL; } - self = (ClientCredentials *)type->tp_alloc(type, 0); + self = (CallCredentials *)type->tp_alloc(type, 0); self->c_creds = grpc_service_account_jwt_access_credentials_create( json_key, pygrpc_cast_double_to_gpr_timespec(lifetime), NULL); if (!self->c_creds) { @@ -203,16 +159,16 @@ ClientCredentials *pygrpc_ClientCredentials_jwt( return self; } -ClientCredentials *pygrpc_ClientCredentials_refresh_token( +CallCredentials *pygrpc_CallCredentials_refresh_token( PyTypeObject *type, PyObject *args, PyObject *kwargs) { - ClientCredentials *self; + CallCredentials *self; const char *json_refresh_token; static char *keywords[] = {"json_refresh_token", NULL}; if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s:refresh_token", keywords, &json_refresh_token)) { return NULL; } - self = (ClientCredentials *)type->tp_alloc(type, 0); + self = (CallCredentials *)type->tp_alloc(type, 0); self->c_creds = grpc_google_refresh_token_credentials_create(json_refresh_token, NULL); if (!self->c_creds) { @@ -224,9 +180,9 @@ ClientCredentials *pygrpc_ClientCredentials_refresh_token( return self; } -ClientCredentials *pygrpc_ClientCredentials_iam( +CallCredentials *pygrpc_CallCredentials_iam( PyTypeObject *type, PyObject *args, PyObject *kwargs) { - ClientCredentials *self; + CallCredentials *self; const char *authorization_token; const char *authority_selector; static char *keywords[] = {"authorization_token", "authority_selector", NULL}; @@ -234,7 +190,7 @@ ClientCredentials *pygrpc_ClientCredentials_iam( &authorization_token, &authority_selector)) { return NULL; } - self = (ClientCredentials *)type->tp_alloc(type, 0); + self = (CallCredentials *)type->tp_alloc(type, 0); self->c_creds = grpc_google_iam_credentials_create(authorization_token, authority_selector, NULL); if (!self->c_creds) { diff --git a/src/python/grpcio/grpc/_adapter/_c/types/channel.c b/src/python/grpcio/grpc/_adapter/_c/types/channel.c index 79d39c4391..c4db2a0dfd 100644 --- a/src/python/grpcio/grpc/_adapter/_c/types/channel.c +++ b/src/python/grpcio/grpc/_adapter/_c/types/channel.c @@ -94,11 +94,11 @@ Channel *pygrpc_Channel_new( Channel *self; const char *target; PyObject *py_args; - ClientCredentials *creds = NULL; + ChannelCredentials *creds = NULL; grpc_channel_args c_args; char *keywords[] = {"target", "args", "creds", NULL}; if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO|O!:Channel", keywords, - &target, &py_args, &pygrpc_ClientCredentials_type, &creds)) { + &target, &py_args, &pygrpc_ChannelCredentials_type, &creds)) { return NULL; } if (!pygrpc_produce_channel_args(py_args, &c_args)) { diff --git a/src/python/grpcio/grpc/_adapter/_c/types/channel_credentials.c b/src/python/grpcio/grpc/_adapter/_c/types/channel_credentials.c new file mode 100644 index 0000000000..83b1fc0406 --- /dev/null +++ b/src/python/grpcio/grpc/_adapter/_c/types/channel_credentials.c @@ -0,0 +1,165 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "grpc/_adapter/_c/types.h" + +#define PY_SSIZE_T_CLEAN +#include <Python.h> +#include <grpc/grpc.h> +#include <grpc/grpc_security.h> + + +PyMethodDef pygrpc_ChannelCredentials_methods[] = { + {"google_default", (PyCFunction)pygrpc_ChannelCredentials_google_default, + METH_CLASS|METH_NOARGS, ""}, + {"ssl", (PyCFunction)pygrpc_ChannelCredentials_ssl, + METH_CLASS|METH_KEYWORDS, ""}, + {"composite", (PyCFunction)pygrpc_ChannelCredentials_composite, + METH_CLASS|METH_KEYWORDS, ""}, + {NULL} +}; + +const char pygrpc_ChannelCredentials_doc[] = ""; +PyTypeObject pygrpc_ChannelCredentials_type = { + PyObject_HEAD_INIT(NULL) + 0, /* ob_size */ + "ChannelCredentials", /* tp_name */ + sizeof(ChannelCredentials), /* tp_basicsize */ + 0, /* tp_itemsize */ + (destructor)pygrpc_ChannelCredentials_dealloc, /* tp_dealloc */ + 0, /* tp_print */ + 0, /* tp_getattr */ + 0, /* tp_setattr */ + 0, /* tp_compare */ + 0, /* tp_repr */ + 0, /* tp_as_number */ + 0, /* tp_as_sequence */ + 0, /* tp_as_mapping */ + 0, /* tp_hash */ + 0, /* tp_call */ + 0, /* tp_str */ + 0, /* tp_getattro */ + 0, /* tp_setattro */ + 0, /* tp_as_buffer */ + Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /* tp_flags */ + pygrpc_ChannelCredentials_doc, /* tp_doc */ + 0, /* tp_traverse */ + 0, /* tp_clear */ + 0, /* tp_richcompare */ + 0, /* tp_weaklistoffset */ + 0, /* tp_iter */ + 0, /* tp_iternext */ + pygrpc_ChannelCredentials_methods, /* tp_methods */ + 0, /* tp_members */ + 0, /* tp_getset */ + 0, /* tp_base */ + 0, /* tp_dict */ + 0, /* tp_descr_get */ + 0, /* tp_descr_set */ + 0, /* tp_dictoffset */ + 0, /* tp_init */ + 0, /* tp_alloc */ + 0 /* tp_new */ +}; + +void pygrpc_ChannelCredentials_dealloc(ChannelCredentials *self) { + grpc_channel_credentials_release(self->c_creds); + self->ob_type->tp_free((PyObject *)self); +} + +ChannelCredentials *pygrpc_ChannelCredentials_google_default( + PyTypeObject *type, PyObject *ignored) { + ChannelCredentials *self = (ChannelCredentials *)type->tp_alloc(type, 0); + self->c_creds = grpc_google_default_credentials_create(); + if (!self->c_creds) { + Py_DECREF(self); + PyErr_SetString(PyExc_RuntimeError, + "couldn't create Google default credentials"); + return NULL; + } + return self; +} + +ChannelCredentials *pygrpc_ChannelCredentials_ssl( + PyTypeObject *type, PyObject *args, PyObject *kwargs) { + ChannelCredentials *self; + const char *root_certs; + const char *private_key = NULL; + const char *cert_chain = NULL; + grpc_ssl_pem_key_cert_pair key_cert_pair; + static char *keywords[] = {"root_certs", "private_key", "cert_chain", NULL}; + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "z|zz:ssl", keywords, + &root_certs, &private_key, &cert_chain)) { + return NULL; + } + self = (ChannelCredentials *)type->tp_alloc(type, 0); + if (private_key && cert_chain) { + key_cert_pair.private_key = private_key; + key_cert_pair.cert_chain = cert_chain; + self->c_creds = + grpc_ssl_credentials_create(root_certs, &key_cert_pair, NULL); + } else { + self->c_creds = grpc_ssl_credentials_create(root_certs, NULL, NULL); + } + if (!self->c_creds) { + Py_DECREF(self); + PyErr_SetString(PyExc_RuntimeError, "couldn't create ssl credentials"); + return NULL; + } + return self; +} + +ChannelCredentials *pygrpc_ChannelCredentials_composite( + PyTypeObject *type, PyObject *args, PyObject *kwargs) { + ChannelCredentials *self; + ChannelCredentials *creds1; + CallCredentials *creds2; + static char *keywords[] = {"creds1", "creds2", NULL}; + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O!O!:composite", keywords, + &pygrpc_ChannelCredentials_type, &creds1, + &pygrpc_CallCredentials_type, &creds2)) { + return NULL; + } + self = (ChannelCredentials *)type->tp_alloc(type, 0); + self->c_creds = + grpc_composite_channel_credentials_create( + creds1->c_creds, creds2->c_creds, NULL); + if (!self->c_creds) { + Py_DECREF(self); + PyErr_SetString( + PyExc_RuntimeError, "couldn't create composite credentials"); + return NULL; + } + return self; +} + diff --git a/src/python/grpcio/grpc/_adapter/_intermediary_low.py b/src/python/grpcio/grpc/_adapter/_intermediary_low.py index e2feec6ffb..5634c2024d 100644 --- a/src/python/grpcio/grpc/_adapter/_intermediary_low.py +++ b/src/python/grpcio/grpc/_adapter/_intermediary_low.py @@ -253,10 +253,10 @@ class Server(object): class ClientCredentials(object): - """Adapter from old _low.ClientCredentials interface to new _low.ClientCredentials.""" + """Adapter from old _low.ClientCredentials interface to new _low.ChannelCredentials.""" def __init__(self, root_certificates, private_key, certificate_chain): - self._internal = _low.ClientCredentials.ssl(root_certificates, private_key, certificate_chain) + self._internal = _low.ChannelCredentials.ssl(root_certificates, private_key, certificate_chain) class ServerCredentials(object): diff --git a/src/python/grpcio/grpc/_adapter/_low.py b/src/python/grpcio/grpc/_adapter/_low.py index 70ceb2a911..57146aaefe 100644 --- a/src/python/grpcio/grpc/_adapter/_low.py +++ b/src/python/grpcio/grpc/_adapter/_low.py @@ -33,7 +33,8 @@ from grpc._adapter import _types _USER_AGENT = 'Python-gRPC-{}'.format(_grpcio_metadata.__version__) -ClientCredentials = _c.ClientCredentials +ChannelCredentials = _c.ChannelCredentials +CallCredentials = _c.CallCredentials ServerCredentials = _c.ServerCredentials diff --git a/src/python/grpcio/grpc/_adapter/_types.py b/src/python/grpcio/grpc/_adapter/_types.py index 5470d2de4a..ca0fa066bc 100644 --- a/src/python/grpcio/grpc/_adapter/_types.py +++ b/src/python/grpcio/grpc/_adapter/_types.py @@ -323,6 +323,14 @@ class Call: """ return None + def set_credentials(self, creds): + """Set per-call credentials. + + Args: + creds (CallCredentials): Credentials to be set for this call. + """ + return None + class Channel: __metaclass__ = abc.ABCMeta @@ -334,7 +342,7 @@ class Channel: Args: target (str): ... args (sequence of 2-sequence of str, (str|integer)): ... - credentials (ClientCredentials): If None, create an insecure channel, + credentials (ChannelCredentials): If None, create an insecure channel, else create a secure channel using the client credentials. """ diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/call.pyx b/src/python/grpcio/grpc/_cython/_cygrpc/call.pyx index ed037b660a..51c4668138 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/call.pyx +++ b/src/python/grpcio/grpc/_cython/_cygrpc/call.pyx @@ -29,6 +29,7 @@ cimport cpython +from grpc._cython._cygrpc cimport credentials from grpc._cython._cygrpc cimport grpc from grpc._cython._cygrpc cimport records @@ -73,6 +74,11 @@ cdef class Call: else: return grpc.grpc_call_cancel(self.c_call, NULL) + def set_credentials( + self, credentials.CallCredentials call_credentials not None): + return grpc.grpc_call_set_credentials( + self.c_call, call_credentials.c_credentials) + def __dealloc__(self): if self.c_call != NULL: grpc.grpc_call_destroy(self.c_call) diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx b/src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx index b52ddb6bcd..e25db3e2a4 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx +++ b/src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx @@ -37,7 +37,7 @@ from grpc._cython._cygrpc cimport records cdef class Channel: def __cinit__(self, target, records.ChannelArgs arguments=None, - credentials.ClientCredentials client_credentials=None): + credentials.ChannelCredentials channel_credentials=None): cdef grpc.grpc_channel_args *c_arguments = NULL self.c_channel = NULL self.references = [] @@ -49,13 +49,13 @@ cdef class Channel: target = target.encode() else: raise TypeError("expected target to be str or bytes") - if client_credentials is None: + if channel_credentials is None: self.c_channel = grpc.grpc_insecure_channel_create(target, c_arguments, NULL) else: self.c_channel = grpc.grpc_secure_channel_create( - client_credentials.c_credentials, target, c_arguments, NULL) - self.references.append(client_credentials) + channel_credentials.c_credentials, target, c_arguments, NULL) + self.references.append(channel_credentials) self.references.append(target) self.references.append(arguments) diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pxd b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pxd index 6b74a267e0..7a9fa7b76d 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pxd +++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pxd @@ -30,13 +30,19 @@ from grpc._cython._cygrpc cimport grpc -cdef class ClientCredentials: +cdef class ChannelCredentials: - cdef grpc.grpc_credentials *c_credentials + cdef grpc.grpc_channel_credentials *c_credentials cdef grpc.grpc_ssl_pem_key_cert_pair c_ssl_pem_key_cert_pair cdef list references +cdef class CallCredentials: + + cdef grpc.grpc_call_credentials *c_credentials + cdef list references + + cdef class ServerCredentials: cdef grpc.grpc_server_credentials *c_credentials diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx index 608207f0a2..e9836fec2c 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx +++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx @@ -31,7 +31,7 @@ from grpc._cython._cygrpc cimport grpc from grpc._cython._cygrpc cimport records -cdef class ClientCredentials: +cdef class ChannelCredentials: def __cinit__(self): self.c_credentials = NULL @@ -47,7 +47,24 @@ cdef class ClientCredentials: def __dealloc__(self): if self.c_credentials != NULL: - grpc.grpc_credentials_release(self.c_credentials) + grpc.grpc_channel_credentials_release(self.c_credentials) + + +cdef class CallCredentials: + + def __cinit__(self): + self.c_credentials = NULL + self.references = [] + + # The object *can* be invalid in Python if we fail to make the credentials + # (and the core thus returns NULL credentials). Used primarily for debugging. + @property + def is_valid(self): + return self.c_credentials != NULL + + def __dealloc__(self): + if self.c_credentials != NULL: + grpc.grpc_call_credentials_release(self.c_credentials) cdef class ServerCredentials: @@ -60,12 +77,12 @@ cdef class ServerCredentials: grpc.grpc_server_credentials_release(self.c_credentials) -def client_credentials_google_default(): - cdef ClientCredentials credentials = ClientCredentials(); +def channel_credentials_google_default(): + cdef ChannelCredentials credentials = ChannelCredentials(); credentials.c_credentials = grpc.grpc_google_default_credentials_create() return credentials -def client_credentials_ssl(pem_root_certificates, +def channel_credentials_ssl(pem_root_certificates, records.SslPemKeyCertPair ssl_pem_key_cert_pair): if pem_root_certificates is None: pass @@ -75,7 +92,7 @@ def client_credentials_ssl(pem_root_certificates, pem_root_certificates = pem_root_certificates.encode() else: raise TypeError("expected str or bytes for pem_root_certificates") - cdef ClientCredentials credentials = ClientCredentials() + cdef ChannelCredentials credentials = ChannelCredentials() cdef const char *c_pem_root_certificates = NULL if pem_root_certificates is not None: c_pem_root_certificates = pem_root_certificates @@ -88,26 +105,38 @@ def client_credentials_ssl(pem_root_certificates, credentials.c_credentials = grpc.grpc_ssl_credentials_create( c_pem_root_certificates, NULL, NULL) -def client_credentials_composite_credentials( - ClientCredentials credentials_1 not None, - ClientCredentials credentials_2 not None): +def channel_credentials_composite( + ChannelCredentials credentials_1 not None, + CallCredentials credentials_2 not None): + if not credentials_1.is_valid or not credentials_2.is_valid: + raise ValueError("passed credentials must both be valid") + cdef ChannelCredentials credentials = ChannelCredentials() + credentials.c_credentials = grpc.grpc_composite_channel_credentials_create( + credentials_1.c_credentials, credentials_2.c_credentials, NULL) + credentials.references.append(credentials_1) + credentials.references.append(credentials_2) + return credentials + +def call_credentials_composite( + CallCredentials credentials_1 not None, + CallCredentials credentials_2 not None): if not credentials_1.is_valid or not credentials_2.is_valid: raise ValueError("passed credentials must both be valid") - cdef ClientCredentials credentials = ClientCredentials() - credentials.c_credentials = grpc.grpc_composite_credentials_create( + cdef CallCredentials credentials = CallCredentials() + credentials.c_credentials = grpc.grpc_composite_call_credentials_create( credentials_1.c_credentials, credentials_2.c_credentials, NULL) credentials.references.append(credentials_1) credentials.references.append(credentials_2) return credentials -def client_credentials_google_compute_engine(): - cdef ClientCredentials credentials = ClientCredentials() +def call_credentials_google_compute_engine(): + cdef CallCredentials credentials = CallCredentials() credentials.c_credentials = ( grpc.grpc_google_compute_engine_credentials_create(NULL)) return credentials #TODO rename to something like client_credentials_service_account_jwt_access. -def client_credentials_service_account_jwt_access( +def call_credentials_service_account_jwt_access( json_key, records.Timespec token_lifetime not None): if isinstance(json_key, bytes): pass @@ -115,27 +144,27 @@ def client_credentials_service_account_jwt_access( json_key = json_key.encode() else: raise TypeError("expected json_key to be str or bytes") - cdef ClientCredentials credentials = ClientCredentials() + cdef CallCredentials credentials = CallCredentials() credentials.c_credentials = ( grpc.grpc_service_account_jwt_access_credentials_create( json_key, token_lifetime.c_time, NULL)) credentials.references.append(json_key) return credentials -def client_credentials_google_refresh_token(json_refresh_token): +def call_credentials_google_refresh_token(json_refresh_token): if isinstance(json_refresh_token, bytes): pass elif isinstance(json_refresh_token, basestring): json_refresh_token = json_refresh_token.encode() else: raise TypeError("expected json_refresh_token to be str or bytes") - cdef ClientCredentials credentials = ClientCredentials() + cdef CallCredentials credentials = CallCredentials() credentials.c_credentials = grpc.grpc_google_refresh_token_credentials_create( json_refresh_token, NULL) credentials.references.append(json_refresh_token) return credentials -def client_credentials_google_iam(authorization_token, authority_selector): +def call_credentials_google_iam(authorization_token, authority_selector): if isinstance(authorization_token, bytes): pass elif isinstance(authorization_token, basestring): @@ -148,7 +177,7 @@ def client_credentials_google_iam(authorization_token, authority_selector): authority_selector = authority_selector.encode() else: raise TypeError("expected authority_selector to be str or bytes") - cdef ClientCredentials credentials = ClientCredentials() + cdef CallCredentials credentials = CallCredentials() credentials.c_credentials = grpc.grpc_google_iam_credentials_create( authorization_token, authority_selector, NULL) credentials.references.append(authorization_token) diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxd b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxd index 62d40e7a58..36aea81a6c 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxd +++ b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxd @@ -316,32 +316,40 @@ cdef extern from "grpc/grpc_security.h": const char *private_key const char *certificate_chain "cert_chain" - ctypedef struct grpc_credentials: + ctypedef struct grpc_channel_credentials: # We don't care about the internals (and in fact don't know them) pass - grpc_credentials *grpc_google_default_credentials_create() - grpc_credentials *grpc_ssl_credentials_create( + ctypedef struct grpc_call_credentials: + # We don't care about the internals (and in fact don't know them) + pass + + grpc_channel_credentials *grpc_google_default_credentials_create() + grpc_channel_credentials *grpc_ssl_credentials_create( const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, void *reserved) + grpc_channel_credentials *grpc_composite_channel_credentials_create( + grpc_channel_credentials *creds1, grpc_call_credentials *creds2, + void *reserved) + void grpc_channel_credentials_release(grpc_channel_credentials *creds) - grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1, - grpc_credentials *creds2, - void *reserved) - grpc_credentials *grpc_google_compute_engine_credentials_create( + grpc_call_credentials *grpc_composite_call_credentials_create( + grpc_call_credentials *creds1, grpc_call_credentials *creds2, + void *reserved) + grpc_call_credentials *grpc_google_compute_engine_credentials_create( void *reserved) - grpc_credentials *grpc_service_account_jwt_access_credentials_create( + grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( const char *json_key, gpr_timespec token_lifetime, void *reserved) - grpc_credentials *grpc_google_refresh_token_credentials_create( + grpc_call_credentials *grpc_google_refresh_token_credentials_create( const char *json_refresh_token, void *reserved) - grpc_credentials *grpc_google_iam_credentials_create( + grpc_call_credentials *grpc_google_iam_credentials_create( const char *authorization_token, const char *authority_selector, void *reserved) - void grpc_credentials_release(grpc_credentials *creds) + void grpc_call_credentials_release(grpc_call_credentials *creds) grpc_channel *grpc_secure_channel_create( - grpc_credentials *creds, const char *target, + grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved) ctypedef struct grpc_server_credentials: @@ -358,4 +366,4 @@ cdef extern from "grpc/grpc_security.h": grpc_server_credentials *creds) grpc_call_error grpc_call_set_credentials(grpc_call *call, - grpc_credentials *creds) + grpc_call_credentials *creds) diff --git a/src/python/grpcio/grpc/_cython/cygrpc.pyx b/src/python/grpcio/grpc/_cython/cygrpc.pyx index 1ef2997db5..b20dda8a95 100644 --- a/src/python/grpcio/grpc/_cython/cygrpc.pyx +++ b/src/python/grpcio/grpc/_cython/cygrpc.pyx @@ -70,21 +70,24 @@ operation_receive_close_on_server = records.operation_receive_close_on_server Operations = records.Operations -ClientCredentials = credentials.ClientCredentials +CallCredentials = credentials.CallCredentials +ChannelCredentials = credentials.ChannelCredentials ServerCredentials = credentials.ServerCredentials -client_credentials_google_default = ( - credentials.client_credentials_google_default) -client_credentials_ssl = credentials.client_credentials_ssl -client_credentials_composite_credentials = ( - credentials.client_credentials_composite_credentials) -client_credentials_google_compute_engine = ( - credentials.client_credentials_google_compute_engine) -client_credentials_jwt_access = ( - credentials.client_credentials_service_account_jwt_access) -client_credentials_refresh_token = ( - credentials.client_credentials_google_refresh_token) -client_credentials_google_iam = credentials.client_credentials_google_iam +channel_credentials_google_default = ( + credentials.channel_credentials_google_default) +channel_credentials_ssl = credentials.channel_credentials_ssl +channel_credentials_composite = ( + credentials.channel_credentials_composite) +call_credentials_composite = ( + credentials.call_credentials_composite) +call_credentials_google_compute_engine = ( + credentials.call_credentials_google_compute_engine) +call_credentials_jwt_access = ( + credentials.call_credentials_service_account_jwt_access) +call_credentials_refresh_token = ( + credentials.call_credentials_google_refresh_token) +call_credentials_google_iam = credentials.call_credentials_google_iam server_credentials_ssl = credentials.server_credentials_ssl CompletionQueue = completion_queue.CompletionQueue diff --git a/src/python/grpcio/grpc/beta/interfaces.py b/src/python/grpcio/grpc/beta/interfaces.py index 07c8618f70..d4ca56500f 100644 --- a/src/python/grpcio/grpc/beta/interfaces.py +++ b/src/python/grpcio/grpc/beta/interfaces.py @@ -100,8 +100,11 @@ def grpc_call_options(disable_compression=False, credentials=None): disable_compression: A boolean indicating whether or not compression should be disabled for the request object of the RPC. Only valid for request-unary RPCs. - credentials: A ClientCredentials object to use for the invoked RPC. + credentials: Reserved for gRPC per-call credentials. The type for this does + not exist yet at the Python level. """ + if credentials is not None: + raise ValueError('`credentials` is a reserved argument') return GRPCCallOptions(disable_compression, None, credentials) diff --git a/src/python/grpcio/grpc/framework/interfaces/face/face.py b/src/python/grpcio/grpc/framework/interfaces/face/face.py index bc9a434a76..3b402356d2 100644 --- a/src/python/grpcio/grpc/framework/interfaces/face/face.py +++ b/src/python/grpcio/grpc/framework/interfaces/face/face.py @@ -117,6 +117,10 @@ class AbortionError(Exception): self.code = code self.details = details + def __str__(self): + return '%s(code=%s, details="%s")' % ( + self.__class__.__name__, self.code, self.details) + class CancellationError(AbortionError): """Indicates that an RPC has been cancelled.""" diff --git a/src/python/grpcio/setup.py b/src/python/grpcio/setup.py index 97fa4fe6b3..ec68eb6755 100644 --- a/src/python/grpcio/setup.py +++ b/src/python/grpcio/setup.py @@ -52,7 +52,8 @@ _C_EXTENSION_SOURCES = ( 'grpc/_adapter/_c/module.c', 'grpc/_adapter/_c/types.c', 'grpc/_adapter/_c/utility.c', - 'grpc/_adapter/_c/types/client_credentials.c', + 'grpc/_adapter/_c/types/call_credentials.c', + 'grpc/_adapter/_c/types/channel_credentials.c', 'grpc/_adapter/_c/types/server_credentials.c', 'grpc/_adapter/_c/types/completion_queue.c', 'grpc/_adapter/_c/types/call.c', diff --git a/src/python/grpcio_test/grpc_interop/credentials/server1.pem b/src/python/grpcio_test/grpc_interop/credentials/server1.pem index 8e582e571f..f3d43fcc5b 100755 --- a/src/python/grpcio_test/grpc_interop/credentials/server1.pem +++ b/src/python/grpcio_test/grpc_interop/credentials/server1.pem @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMTQwNzIyMDYwMDU3WhcNMjQwNzE5 -MDYwMDU3WjBkMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFDASBgNVBAoTC0dvb2dsZSBJbmMuMRowGAYDVQQDFBEqLnRl -c3QuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4cMVJygs -JUmlgMMzgdi0h1XoCR7+ww1pop04OMMyy7H/i0PJ2W6Y35+b4CM8QrkYeEafUGDO -RYX6yV/cHGGsD/x02ye6ey1UDtkGAD/mpDEx8YCrjAc1Vfvt8Fk6Cn1WVIxV/J30 -3xjBsFgByQ55RBp1OLZfVLo6AleBDSbcxaECAwEAAaNrMGkwCQYDVR0TBAIwADAL -BgNVHQ8EBAMCBeAwTwYDVR0RBEgwRoIQKi50ZXN0Lmdvb2dsZS5mcoIYd2F0ZXJ6 -b29pLnRlc3QuZ29vZ2xlLmJlghIqLnRlc3QueW91dHViZS5jb22HBMCoAQMwDQYJ -KoZIhvcNAQEFBQADgYEAM2Ii0LgTGbJ1j4oqX9bxVcxm+/R5Yf8oi0aZqTJlnLYS -wXcBykxTx181s7WyfJ49WwrYXo78zTDAnf1ma0fPq3e4mpspvyndLh1a+OarHa1e -aT0DIIYk7qeEa1YcVljx2KyLd0r1BBAfrwyGaEPVeJQVYWaOJRU2we/KD4ojf9s= +MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx +MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV +BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 +ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco +LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg +zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd +9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy +em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G +CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 +hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh +y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 -----END CERTIFICATE----- diff --git a/src/python/grpcio_test/grpc_test/beta/_beta_features_test.py b/src/python/grpcio_test/grpc_test/beta/_beta_features_test.py index fad57da9d0..5916a9e3ea 100644 --- a/src/python/grpcio_test/grpc_test/beta/_beta_features_test.py +++ b/src/python/grpcio_test/grpc_test/beta/_beta_features_test.py @@ -181,24 +181,21 @@ class BetaFeaturesTest(unittest.TestCase): self._server.stop(test_constants.SHORT_TIMEOUT).wait() def test_unary_unary(self): - call_options = interfaces.grpc_call_options( - disable_compression=True, credentials=self._client_credentials) + call_options = interfaces.grpc_call_options(disable_compression=True) response = getattr(self._dynamic_stub, _UNARY_UNARY)( _REQUEST, test_constants.LONG_TIMEOUT, protocol_options=call_options) self.assertEqual(_RESPONSE, response) self.assertIsNotNone(self._servicer.peer()) def test_unary_stream(self): - call_options = interfaces.grpc_call_options( - disable_compression=True, credentials=self._client_credentials) + call_options = interfaces.grpc_call_options(disable_compression=True) response_iterator = getattr(self._dynamic_stub, _UNARY_STREAM)( _REQUEST, test_constants.LONG_TIMEOUT, protocol_options=call_options) self._servicer.block_until_serviced() self.assertIsNotNone(self._servicer.peer()) def test_stream_unary(self): - call_options = interfaces.grpc_call_options( - credentials=self._client_credentials) + call_options = interfaces.grpc_call_options() request_iterator = _BlockingIterator(iter((_REQUEST,))) response_future = getattr(self._dynamic_stub, _STREAM_UNARY).future( request_iterator, test_constants.LONG_TIMEOUT, @@ -212,8 +209,7 @@ class BetaFeaturesTest(unittest.TestCase): self.assertEqual(_RESPONSE, response_future.result()) def test_stream_stream(self): - call_options = interfaces.grpc_call_options( - credentials=self._client_credentials) + call_options = interfaces.grpc_call_options() request_iterator = _BlockingIterator(iter((_REQUEST,))) response_iterator = getattr(self._dynamic_stub, _STREAM_STREAM)( request_iterator, test_constants.SHORT_TIMEOUT, diff --git a/src/python/grpcio_test/grpc_test/credentials/server1.pem b/src/python/grpcio_test/grpc_test/credentials/server1.pem index 8e582e571f..f3d43fcc5b 100755 --- a/src/python/grpcio_test/grpc_test/credentials/server1.pem +++ b/src/python/grpcio_test/grpc_test/credentials/server1.pem @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMTQwNzIyMDYwMDU3WhcNMjQwNzE5 -MDYwMDU3WjBkMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFDASBgNVBAoTC0dvb2dsZSBJbmMuMRowGAYDVQQDFBEqLnRl -c3QuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4cMVJygs -JUmlgMMzgdi0h1XoCR7+ww1pop04OMMyy7H/i0PJ2W6Y35+b4CM8QrkYeEafUGDO -RYX6yV/cHGGsD/x02ye6ey1UDtkGAD/mpDEx8YCrjAc1Vfvt8Fk6Cn1WVIxV/J30 -3xjBsFgByQ55RBp1OLZfVLo6AleBDSbcxaECAwEAAaNrMGkwCQYDVR0TBAIwADAL -BgNVHQ8EBAMCBeAwTwYDVR0RBEgwRoIQKi50ZXN0Lmdvb2dsZS5mcoIYd2F0ZXJ6 -b29pLnRlc3QuZ29vZ2xlLmJlghIqLnRlc3QueW91dHViZS5jb22HBMCoAQMwDQYJ -KoZIhvcNAQEFBQADgYEAM2Ii0LgTGbJ1j4oqX9bxVcxm+/R5Yf8oi0aZqTJlnLYS -wXcBykxTx181s7WyfJ49WwrYXo78zTDAnf1ma0fPq3e4mpspvyndLh1a+OarHa1e -aT0DIIYk7qeEa1YcVljx2KyLd0r1BBAfrwyGaEPVeJQVYWaOJRU2we/KD4ojf9s= +MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx +MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV +BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 +ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco +LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg +zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd +9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy +em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G +CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 +hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh +y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 -----END CERTIFICATE----- diff --git a/src/ruby/bin/apis/pubsub_demo.rb b/src/ruby/bin/apis/pubsub_demo.rb index a039d036ac..003e91a6b3 100755 --- a/src/ruby/bin/apis/pubsub_demo.rb +++ b/src/ruby/bin/apis/pubsub_demo.rb @@ -66,7 +66,7 @@ end # creates a SSL Credentials from the production certificates. def ssl_creds - GRPC::Core::Credentials.new(load_prod_cert) + GRPC::Core::ChannelCredentials.new(load_prod_cert) end # Builds the metadata authentication update proc. diff --git a/src/ruby/bin/math_client.rb b/src/ruby/bin/math_client.rb index 0ebd26f780..d7e00e4293 100755 --- a/src/ruby/bin/math_client.rb +++ b/src/ruby/bin/math_client.rb @@ -102,7 +102,7 @@ end def test_creds certs = load_test_certs - GRPC::Core::Credentials.new(certs[0]) + GRPC::Core::ChannelCredentials.new(certs[0]) end def main diff --git a/src/ruby/bin/noproto_client.rb b/src/ruby/bin/noproto_client.rb index 390a9c59c3..3aa11870c0 100755 --- a/src/ruby/bin/noproto_client.rb +++ b/src/ruby/bin/noproto_client.rb @@ -68,7 +68,7 @@ end def test_creds certs = load_test_certs - GRPC::Core::Credentials.new(certs[0]) + GRPC::Core::ChannelCredentials.new(certs[0]) end def main diff --git a/src/ruby/ext/grpc/rb_channel.c b/src/ruby/ext/grpc/rb_channel.c index cd0b966e72..d5d82421f5 100644 --- a/src/ruby/ext/grpc/rb_channel.c +++ b/src/ruby/ext/grpc/rb_channel.c @@ -41,8 +41,8 @@ #include "rb_grpc.h" #include "rb_call.h" #include "rb_channel_args.h" +#include "rb_channel_credentials.h" #include "rb_completion_queue.h" -#include "rb_credentials.h" #include "rb_server.h" /* id_channel is the name of the hidden ivar that preserves a reference to the @@ -136,8 +136,8 @@ static VALUE grpc_rb_channel_init(int argc, VALUE *argv, VALUE self) { VALUE credentials = Qnil; VALUE target = Qnil; grpc_rb_channel *wrapper = NULL; - grpc_credentials *creds = NULL; grpc_channel *ch = NULL; + grpc_channel_credentials *creds = NULL; char *target_chars = NULL; grpc_channel_args args; MEMZERO(&args, grpc_channel_args, 1); @@ -151,7 +151,7 @@ static VALUE grpc_rb_channel_init(int argc, VALUE *argv, VALUE self) { if (credentials == Qnil) { ch = grpc_insecure_channel_create(target_chars, &args, NULL); } else { - creds = grpc_rb_get_wrapped_credentials(credentials); + creds = grpc_rb_get_wrapped_channel_credentials(credentials); ch = grpc_secure_channel_create(creds, target_chars, &args, NULL); } if (args.args != NULL) { diff --git a/src/ruby/ext/grpc/rb_credentials.c b/src/ruby/ext/grpc/rb_channel_credentials.c index 486ff79f91..072a6f54ab 100644 --- a/src/ruby/ext/grpc/rb_credentials.c +++ b/src/ruby/ext/grpc/rb_channel_credentials.c @@ -31,7 +31,7 @@ * */ -#include "rb_credentials.h" +#include "rb_channel_credentials.h" #include <ruby/ruby.h> @@ -40,32 +40,33 @@ #include "rb_grpc.h" -/* grpc_rb_cCredentials is the ruby class that proxies grpc_credentials. */ -static VALUE grpc_rb_cCredentials = Qnil; +/* grpc_rb_cChannelCredentials is the ruby class that proxies + grpc_channel_credentials. */ +static VALUE grpc_rb_cChannelCredentials = Qnil; -/* grpc_rb_credentials wraps a grpc_credentials. It provides a +/* grpc_rb_channel_credentials wraps a grpc_channel_credentials. It provides a * peer ruby object, 'mark' to minimize copying when a credential is * created from ruby. */ -typedef struct grpc_rb_credentials { +typedef struct grpc_rb_channel_credentials { /* Holder of ruby objects involved in constructing the credentials */ VALUE mark; /* The actual credentials */ - grpc_credentials *wrapped; -} grpc_rb_credentials; + grpc_channel_credentials *wrapped; +} grpc_rb_channel_credentials; /* Destroys the credentials instances. */ -static void grpc_rb_credentials_free(void *p) { - grpc_rb_credentials *wrapper = NULL; +static void grpc_rb_channel_credentials_free(void *p) { + grpc_rb_channel_credentials *wrapper = NULL; if (p == NULL) { return; }; - wrapper = (grpc_rb_credentials *)p; + wrapper = (grpc_rb_channel_credentials *)p; /* Delete the wrapped object if the mark object is Qnil, which indicates that * no other object is the actual owner. */ if (wrapper->wrapped != NULL && wrapper->mark == Qnil) { - grpc_credentials_release(wrapper->wrapped); + grpc_channel_credentials_release(wrapper->wrapped); wrapper->wrapped = NULL; } @@ -73,12 +74,12 @@ static void grpc_rb_credentials_free(void *p) { } /* Protects the mark object from GC */ -static void grpc_rb_credentials_mark(void *p) { - grpc_rb_credentials *wrapper = NULL; +static void grpc_rb_channel_credentials_mark(void *p) { + grpc_rb_channel_credentials *wrapper = NULL; if (p == NULL) { return; } - wrapper = (grpc_rb_credentials *)p; + wrapper = (grpc_rb_channel_credentials *)p; /* If it's not already cleaned up, mark the mark object */ if (wrapper->mark != Qnil) { @@ -86,9 +87,9 @@ static void grpc_rb_credentials_mark(void *p) { } } -static rb_data_type_t grpc_rb_credentials_data_type = { - "grpc_credentials", - {grpc_rb_credentials_mark, grpc_rb_credentials_free, +static rb_data_type_t grpc_rb_channel_credentials_data_type = { + "grpc_channel_credentials", + {grpc_rb_channel_credentials_mark, grpc_rb_channel_credentials_free, GRPC_RB_MEMSIZE_UNAVAILABLE, {NULL, NULL}}, NULL, NULL, @@ -97,21 +98,21 @@ static rb_data_type_t grpc_rb_credentials_data_type = { #endif }; -/* Allocates Credential instances. +/* Allocates ChannelCredential instances. Provides safe initial defaults for the instance fields. */ -static VALUE grpc_rb_credentials_alloc(VALUE cls) { - grpc_rb_credentials *wrapper = ALLOC(grpc_rb_credentials); +static VALUE grpc_rb_channel_credentials_alloc(VALUE cls) { + grpc_rb_channel_credentials *wrapper = ALLOC(grpc_rb_channel_credentials); wrapper->wrapped = NULL; wrapper->mark = Qnil; - return TypedData_Wrap_Struct(cls, &grpc_rb_credentials_data_type, wrapper); + return TypedData_Wrap_Struct(cls, &grpc_rb_channel_credentials_data_type, wrapper); } -/* Clones Credentials instances. - Gives Credentials a consistent implementation of Ruby's object copy/dup +/* Clones ChannelCredentials instances. + Gives ChannelCredentials a consistent implementation of Ruby's object copy/dup protocol. */ -static VALUE grpc_rb_credentials_init_copy(VALUE copy, VALUE orig) { - grpc_rb_credentials *orig_cred = NULL; - grpc_rb_credentials *copy_cred = NULL; +static VALUE grpc_rb_channel_credentials_init_copy(VALUE copy, VALUE orig) { + grpc_rb_channel_credentials *orig_cred = NULL; + grpc_rb_channel_credentials *copy_cred = NULL; if (copy == orig) { return copy; @@ -119,83 +120,22 @@ static VALUE grpc_rb_credentials_init_copy(VALUE copy, VALUE orig) { /* Raise an error if orig is not a credentials object or a subclass. */ if (TYPE(orig) != T_DATA || - RDATA(orig)->dfree != (RUBY_DATA_FUNC)grpc_rb_credentials_free) { - rb_raise(rb_eTypeError, "not a %s", rb_obj_classname(grpc_rb_cCredentials)); + RDATA(orig)->dfree != (RUBY_DATA_FUNC)grpc_rb_channel_credentials_free) { + rb_raise(rb_eTypeError, "not a %s", + rb_obj_classname(grpc_rb_cChannelCredentials)); } - TypedData_Get_Struct(orig, grpc_rb_credentials, - &grpc_rb_credentials_data_type, orig_cred); - TypedData_Get_Struct(copy, grpc_rb_credentials, - &grpc_rb_credentials_data_type, copy_cred); + TypedData_Get_Struct(orig, grpc_rb_channel_credentials, + &grpc_rb_channel_credentials_data_type, orig_cred); + TypedData_Get_Struct(copy, grpc_rb_channel_credentials, + &grpc_rb_channel_credentials_data_type, copy_cred); /* use ruby's MEMCPY to make a byte-for-byte copy of the credentials * wrapper object. */ - MEMCPY(copy_cred, orig_cred, grpc_rb_credentials, 1); + MEMCPY(copy_cred, orig_cred, grpc_rb_channel_credentials, 1); return copy; } -/* - call-seq: - creds = Credentials.default() - Creates the default credential instances. */ -static VALUE grpc_rb_default_credentials_create(VALUE cls) { - grpc_rb_credentials *wrapper = ALLOC(grpc_rb_credentials); - wrapper->wrapped = grpc_google_default_credentials_create(); - if (wrapper->wrapped == NULL) { - rb_raise(rb_eRuntimeError, - "could not create default credentials, not sure why"); - return Qnil; - } - - wrapper->mark = Qnil; - return TypedData_Wrap_Struct(cls, &grpc_rb_credentials_data_type, wrapper); -} - -/* - call-seq: - creds = Credentials.compute_engine() - Creates the default credential instances. */ -static VALUE grpc_rb_compute_engine_credentials_create(VALUE cls) { - grpc_rb_credentials *wrapper = ALLOC(grpc_rb_credentials); - wrapper->wrapped = grpc_google_compute_engine_credentials_create(NULL); - if (wrapper->wrapped == NULL) { - rb_raise(rb_eRuntimeError, - "could not create composite engine credentials, not sure why"); - return Qnil; - } - - wrapper->mark = Qnil; - return TypedData_Wrap_Struct(cls, &grpc_rb_credentials_data_type, wrapper); -} - -/* - call-seq: - creds1 = ... - creds2 = ... - creds3 = creds1.add(creds2) - Creates the default credential instances. */ -static VALUE grpc_rb_composite_credentials_create(VALUE self, VALUE other) { - grpc_rb_credentials *self_wrapper = NULL; - grpc_rb_credentials *other_wrapper = NULL; - grpc_rb_credentials *wrapper = NULL; - - TypedData_Get_Struct(self, grpc_rb_credentials, - &grpc_rb_credentials_data_type, self_wrapper); - TypedData_Get_Struct(other, grpc_rb_credentials, - &grpc_rb_credentials_data_type, other_wrapper); - wrapper = ALLOC(grpc_rb_credentials); - wrapper->wrapped = grpc_composite_credentials_create( - self_wrapper->wrapped, other_wrapper->wrapped, NULL); - if (wrapper->wrapped == NULL) { - rb_raise(rb_eRuntimeError, - "could not create composite credentials, not sure why"); - return Qnil; - } - - wrapper->mark = Qnil; - return TypedData_Wrap_Struct(grpc_rb_cCredentials, - &grpc_rb_credentials_data_type, wrapper); -} /* The attribute used on the mark object to hold the pem_root_certs. */ static ID id_pem_root_certs; @@ -216,12 +156,12 @@ static ID id_pem_cert_chain; pem_private_key: (optional) PEM encoding of the client's private key pem_cert_chain: (optional) PEM encoding of the client's cert chain Initializes Credential instances. */ -static VALUE grpc_rb_credentials_init(int argc, VALUE *argv, VALUE self) { +static VALUE grpc_rb_channel_credentials_init(int argc, VALUE *argv, VALUE self) { VALUE pem_root_certs = Qnil; VALUE pem_private_key = Qnil; VALUE pem_cert_chain = Qnil; - grpc_rb_credentials *wrapper = NULL; - grpc_credentials *creds = NULL; + grpc_rb_channel_credentials *wrapper = NULL; + grpc_channel_credentials *creds = NULL; grpc_ssl_pem_key_cert_pair key_cert_pair; MEMZERO(&key_cert_pair, grpc_ssl_pem_key_cert_pair, 1); /* TODO: Remove mandatory arg when we support default roots. */ @@ -229,8 +169,8 @@ static VALUE grpc_rb_credentials_init(int argc, VALUE *argv, VALUE self) { rb_scan_args(argc, argv, "12", &pem_root_certs, &pem_private_key, &pem_cert_chain); - TypedData_Get_Struct(self, grpc_rb_credentials, - &grpc_rb_credentials_data_type, wrapper); + TypedData_Get_Struct(self, grpc_rb_channel_credentials, + &grpc_rb_channel_credentials_data_type, wrapper); if (pem_root_certs == Qnil) { rb_raise(rb_eRuntimeError, "could not create a credential: nil pem_root_certs"); @@ -259,39 +199,30 @@ static VALUE grpc_rb_credentials_init(int argc, VALUE *argv, VALUE self) { return self; } -void Init_grpc_credentials() { - grpc_rb_cCredentials = - rb_define_class_under(grpc_rb_mGrpcCore, "Credentials", rb_cObject); +void Init_grpc_channel_credentials() { + grpc_rb_cChannelCredentials = + rb_define_class_under(grpc_rb_mGrpcCore, "ChannelCredentials", rb_cObject); /* Allocates an object managed by the ruby runtime */ - rb_define_alloc_func(grpc_rb_cCredentials, grpc_rb_credentials_alloc); + rb_define_alloc_func(grpc_rb_cChannelCredentials, + grpc_rb_channel_credentials_alloc); /* Provides a ruby constructor and support for dup/clone. */ - rb_define_method(grpc_rb_cCredentials, "initialize", grpc_rb_credentials_init, - -1); - rb_define_method(grpc_rb_cCredentials, "initialize_copy", - grpc_rb_credentials_init_copy, 1); - - /* Provide static funcs that create new special instances. */ - rb_define_singleton_method(grpc_rb_cCredentials, "default", - grpc_rb_default_credentials_create, 0); - - rb_define_singleton_method(grpc_rb_cCredentials, "compute_engine", - grpc_rb_compute_engine_credentials_create, 0); - - /* Provide other methods. */ - rb_define_method(grpc_rb_cCredentials, "compose", - grpc_rb_composite_credentials_create, 1); + rb_define_method(grpc_rb_cChannelCredentials, "initialize", + grpc_rb_channel_credentials_init, -1); + rb_define_method(grpc_rb_cChannelCredentials, "initialize_copy", + grpc_rb_channel_credentials_init_copy, 1); id_pem_cert_chain = rb_intern("__pem_cert_chain"); id_pem_private_key = rb_intern("__pem_private_key"); id_pem_root_certs = rb_intern("__pem_root_certs"); } -/* Gets the wrapped grpc_credentials from the ruby wrapper */ -grpc_credentials *grpc_rb_get_wrapped_credentials(VALUE v) { - grpc_rb_credentials *wrapper = NULL; - TypedData_Get_Struct(v, grpc_rb_credentials, &grpc_rb_credentials_data_type, +/* Gets the wrapped grpc_channel_credentials from the ruby wrapper */ +grpc_channel_credentials *grpc_rb_get_wrapped_channel_credentials(VALUE v) { + grpc_rb_channel_credentials *wrapper = NULL; + TypedData_Get_Struct(v, grpc_rb_channel_credentials, + &grpc_rb_channel_credentials_data_type, wrapper); return wrapper->wrapped; } diff --git a/src/ruby/ext/grpc/rb_credentials.h b/src/ruby/ext/grpc/rb_channel_credentials.h index 840f7d5f9c..15229de932 100644 --- a/src/ruby/ext/grpc/rb_credentials.h +++ b/src/ruby/ext/grpc/rb_channel_credentials.h @@ -38,10 +38,10 @@ #include <grpc/grpc_security.h> -/* Initializes the ruby Credentials class. */ -void Init_grpc_credentials(); +/* Initializes the ruby ChannelCredentials class. */ +void Init_grpc_channel_credentials(); /* Gets the wrapped credentials from the ruby wrapper */ -grpc_credentials* grpc_rb_get_wrapped_credentials(VALUE v); +grpc_channel_credentials* grpc_rb_get_wrapped_channel_credentials(VALUE v); #endif /* GRPC_RB_CREDENTIALS_H_ */ diff --git a/src/ruby/ext/grpc/rb_grpc.c b/src/ruby/ext/grpc/rb_grpc.c index 33f48779d8..7c7c2d3440 100644 --- a/src/ruby/ext/grpc/rb_grpc.c +++ b/src/ruby/ext/grpc/rb_grpc.c @@ -42,9 +42,9 @@ #include <grpc/support/time.h> #include "rb_call.h" #include "rb_channel.h" +#include "rb_channel_credentials.h" #include "rb_completion_queue.h" #include "rb_server.h" -#include "rb_credentials.h" #include "rb_server_credentials.h" static VALUE grpc_rb_cTimeVal = Qnil; @@ -318,7 +318,7 @@ void Init_grpc() { Init_grpc_channel(); Init_grpc_completion_queue(); Init_grpc_call(); - Init_grpc_credentials(); + Init_grpc_channel_credentials(); Init_grpc_server(); Init_grpc_server_credentials(); Init_grpc_status_codes(); diff --git a/src/ruby/lib/grpc/generic/client_stub.rb b/src/ruby/lib/grpc/generic/client_stub.rb index b8e33ad295..90aaa026ec 100644 --- a/src/ruby/lib/grpc/generic/client_stub.rb +++ b/src/ruby/lib/grpc/generic/client_stub.rb @@ -51,7 +51,9 @@ module GRPC end kw['grpc.primary_user_agent'] = "grpc-ruby/#{VERSION}" return Core::Channel.new(host, kw) if creds.nil? - fail(TypeError, '!Credentials') unless creds.is_a?(Core::Credentials) + unless creds.is_a?(Core::ChannelCredentials) + fail(TypeError, '!ChannelCredentials') + end Core::Channel.new(host, kw, creds) end @@ -106,7 +108,7 @@ module GRPC # @param q [Core::CompletionQueue] used to wait for events # @param channel_override [Core::Channel] a pre-created channel # @param timeout [Number] the default timeout to use in requests - # @param creds [Core::Credentials] the channel + # @param creds [Core::ChannelCredentials] the channel credentials # @param update_metadata a func that updates metadata as described above # @param kw [KeywordArgs]the channel arguments def initialize(host, q, diff --git a/src/ruby/pb/test/client.rb b/src/ruby/pb/test/client.rb index b84cd43090..30550d6cc0 100755 --- a/src/ruby/pb/test/client.rb +++ b/src/ruby/pb/test/client.rb @@ -103,13 +103,13 @@ end # creates SSL Credentials from the test certificates. def test_creds certs = load_test_certs - GRPC::Core::Credentials.new(certs[0]) + GRPC::Core::ChannelCredentials.new(certs[0]) end # creates SSL Credentials from the production certificates. def prod_creds cert_text = load_prod_cert - GRPC::Core::Credentials.new(cert_text) + GRPC::Core::ChannelCredentials.new(cert_text) end # creates the SSL Credentials. diff --git a/src/ruby/spec/credentials_spec.rb b/src/ruby/spec/channel_credentials_spec.rb index b02219dfdb..b2bdf7032e 100644 --- a/src/ruby/spec/credentials_spec.rb +++ b/src/ruby/spec/channel_credentials_spec.rb @@ -29,8 +29,8 @@ require 'grpc' -describe GRPC::Core::Credentials do - Credentials = GRPC::Core::Credentials +describe GRPC::Core::ChannelCredentials do + ChannelCredentials = GRPC::Core::ChannelCredentials def load_test_certs test_root = File.join(File.dirname(__FILE__), 'testdata') @@ -40,32 +40,24 @@ describe GRPC::Core::Credentials do describe '#new' do it 'can be constructed with fake inputs' do - expect { Credentials.new('root_certs', 'key', 'cert') }.not_to raise_error + blk = proc { ChannelCredentials.new('root_certs', 'key', 'cert') } + expect(&blk).not_to raise_error end it 'it can be constructed using specific test certificates' do certs = load_test_certs - expect { Credentials.new(*certs) }.not_to raise_error + expect { ChannelCredentials.new(*certs) }.not_to raise_error end it 'can be constructed with server roots certs only' do root_cert, _, _ = load_test_certs - expect { Credentials.new(root_cert) }.not_to raise_error + expect { ChannelCredentials.new(root_cert) }.not_to raise_error end it 'cannot be constructed with a nil server roots' do _, client_key, client_chain = load_test_certs - blk = proc { Credentials.new(nil, client_key, client_chain) } + blk = proc { ChannelCredentials.new(nil, client_key, client_chain) } expect(&blk).to raise_error end end - - describe '#compose' do - it 'cannot be completed OK with 2 SSL creds' do - certs = load_test_certs - cred1 = Credentials.new(*certs) - cred2 = Credentials.new(*certs) - expect { cred1.compose(cred2) }.to raise_error - end - end end diff --git a/src/ruby/spec/channel_spec.rb b/src/ruby/spec/channel_spec.rb index 25cefcdfb7..b4d2b94a81 100644 --- a/src/ruby/spec/channel_spec.rb +++ b/src/ruby/spec/channel_spec.rb @@ -40,7 +40,7 @@ describe GRPC::Core::Channel do let(:cq) { GRPC::Core::CompletionQueue.new } def create_test_cert - GRPC::Core::Credentials.new(load_test_certs[0]) + GRPC::Core::ChannelCredentials.new(load_test_certs[0]) end shared_examples '#new' do diff --git a/src/ruby/spec/client_server_spec.rb b/src/ruby/spec/client_server_spec.rb index ad0fb26896..734f176e94 100644 --- a/src/ruby/spec/client_server_spec.rb +++ b/src/ruby/spec/client_server_spec.rb @@ -431,7 +431,7 @@ describe 'the secure http client/server' do @server.start args = { Channel::SSL_TARGET => 'foo.test.google.fr' } @ch = Channel.new("0.0.0.0:#{server_port}", args, - GRPC::Core::Credentials.new(certs[0], nil, nil)) + GRPC::Core::ChannelCredentials.new(certs[0], nil, nil)) end after(:example) do diff --git a/src/ruby/spec/generic/client_stub_spec.rb b/src/ruby/spec/generic/client_stub_spec.rb index c5173aee1d..da5bc6c9e5 100644 --- a/src/ruby/spec/generic/client_stub_spec.rb +++ b/src/ruby/spec/generic/client_stub_spec.rb @@ -113,7 +113,7 @@ describe 'ClientStub' do opts = { GRPC::Core::Channel::SSL_TARGET => 'foo.test.google.fr', a_channel_arg: 'an_arg', - creds: GRPC::Core::Credentials.new(certs[0], nil, nil) + creds: GRPC::Core::ChannelCredentials.new(certs[0], nil, nil) } GRPC::ClientStub.new(fake_host, @cq, **opts) end diff --git a/src/ruby/spec/testdata/server1.pem b/src/ruby/spec/testdata/server1.pem index 8e582e571f..f3d43fcc5b 100755 --- a/src/ruby/spec/testdata/server1.pem +++ b/src/ruby/spec/testdata/server1.pem @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET -MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -dHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMTQwNzIyMDYwMDU3WhcNMjQwNzE5 -MDYwMDU3WjBkMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV -BAcTB0NoaWNhZ28xFDASBgNVBAoTC0dvb2dsZSBJbmMuMRowGAYDVQQDFBEqLnRl -c3QuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4cMVJygs -JUmlgMMzgdi0h1XoCR7+ww1pop04OMMyy7H/i0PJ2W6Y35+b4CM8QrkYeEafUGDO -RYX6yV/cHGGsD/x02ye6ey1UDtkGAD/mpDEx8YCrjAc1Vfvt8Fk6Cn1WVIxV/J30 -3xjBsFgByQ55RBp1OLZfVLo6AleBDSbcxaECAwEAAaNrMGkwCQYDVR0TBAIwADAL -BgNVHQ8EBAMCBeAwTwYDVR0RBEgwRoIQKi50ZXN0Lmdvb2dsZS5mcoIYd2F0ZXJ6 -b29pLnRlc3QuZ29vZ2xlLmJlghIqLnRlc3QueW91dHViZS5jb22HBMCoAQMwDQYJ -KoZIhvcNAQEFBQADgYEAM2Ii0LgTGbJ1j4oqX9bxVcxm+/R5Yf8oi0aZqTJlnLYS -wXcBykxTx181s7WyfJ49WwrYXo78zTDAnf1ma0fPq3e4mpspvyndLh1a+OarHa1e -aT0DIIYk7qeEa1YcVljx2KyLd0r1BBAfrwyGaEPVeJQVYWaOJRU2we/KD4ojf9s= +MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx +MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV +BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50 +ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco +LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg +zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd +9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy +em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G +CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6 +hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh +y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8 -----END CERTIFICATE----- |