From 9decf48632e2106a56515e67c4147e1a6506b47d Mon Sep 17 00:00:00 2001
From: Soheil Hassas Yeganeh <soheil@google.com>
Date: Thu, 6 Dec 2018 01:17:51 -0500
Subject: Move security credentials, connectors, and auth context to C++

This is to use `grpc_core::RefCount` to improve performnace.
This commit also replaces explicit C vtables, with C++ vtable
with its own compile time assertions and performance benefits.
It also makes use of `RefCountedPtr` wherever possible.
---
 src/cpp/client/secure_credentials.cc         |  6 ++---
 src/cpp/client/secure_credentials.h          |  9 +++++--
 src/cpp/common/secure_auth_context.cc        | 38 ++++++++++++----------------
 src/cpp/common/secure_auth_context.h         | 11 ++++----
 src/cpp/common/secure_create_auth_context.cc |  5 ++--
 src/cpp/server/secure_server_credentials.cc  |  2 +-
 6 files changed, 36 insertions(+), 35 deletions(-)

(limited to 'src/cpp')

diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc
index d0abe441a6..4d0ed355ab 100644
--- a/src/cpp/client/secure_credentials.cc
+++ b/src/cpp/client/secure_credentials.cc
@@ -261,10 +261,10 @@ void MetadataCredentialsPluginWrapper::InvokePlugin(
     grpc_status_code* status_code, const char** error_details) {
   std::multimap<grpc::string, grpc::string> metadata;
 
-  // const_cast is safe since the SecureAuthContext does not take owndership and
-  // the object is passed as a const ref to plugin_->GetMetadata.
+  // const_cast is safe since the SecureAuthContext only inc/dec the refcount
+  // and the object is passed as a const ref to plugin_->GetMetadata.
   SecureAuthContext cpp_channel_auth_context(
-      const_cast<grpc_auth_context*>(context.channel_auth_context), false);
+      const_cast<grpc_auth_context*>(context.channel_auth_context));
 
   Status status = plugin_->GetMetadata(context.service_url, context.method_name,
                                        cpp_channel_auth_context, &metadata);
diff --git a/src/cpp/client/secure_credentials.h b/src/cpp/client/secure_credentials.h
index 613f1d6dc2..4918bd5a4d 100644
--- a/src/cpp/client/secure_credentials.h
+++ b/src/cpp/client/secure_credentials.h
@@ -24,6 +24,7 @@
 #include <grpcpp/security/credentials.h>
 #include <grpcpp/support/config.h>
 
+#include "src/core/lib/security/credentials/credentials.h"
 #include "src/cpp/server/thread_pool_interface.h"
 
 namespace grpc {
@@ -31,7 +32,9 @@ namespace grpc {
 class SecureChannelCredentials final : public ChannelCredentials {
  public:
   explicit SecureChannelCredentials(grpc_channel_credentials* c_creds);
-  ~SecureChannelCredentials() { grpc_channel_credentials_release(c_creds_); }
+  ~SecureChannelCredentials() {
+    if (c_creds_ != nullptr) c_creds_->Unref();
+  }
   grpc_channel_credentials* GetRawCreds() { return c_creds_; }
 
   std::shared_ptr<grpc::Channel> CreateChannel(
@@ -51,7 +54,9 @@ class SecureChannelCredentials final : public ChannelCredentials {
 class SecureCallCredentials final : public CallCredentials {
  public:
   explicit SecureCallCredentials(grpc_call_credentials* c_creds);
-  ~SecureCallCredentials() { grpc_call_credentials_release(c_creds_); }
+  ~SecureCallCredentials() {
+    if (c_creds_ != nullptr) c_creds_->Unref();
+  }
   grpc_call_credentials* GetRawCreds() { return c_creds_; }
 
   bool ApplyToCall(grpc_call* call) override;
diff --git a/src/cpp/common/secure_auth_context.cc b/src/cpp/common/secure_auth_context.cc
index 1d66dd3d1f..7a2b5afed6 100644
--- a/src/cpp/common/secure_auth_context.cc
+++ b/src/cpp/common/secure_auth_context.cc
@@ -22,19 +22,12 @@
 
 namespace grpc {
 
-SecureAuthContext::SecureAuthContext(grpc_auth_context* ctx,
-                                     bool take_ownership)
-    : ctx_(ctx), take_ownership_(take_ownership) {}
-
-SecureAuthContext::~SecureAuthContext() {
-  if (take_ownership_) grpc_auth_context_release(ctx_);
-}
-
 std::vector<grpc::string_ref> SecureAuthContext::GetPeerIdentity() const {
-  if (!ctx_) {
+  if (ctx_ == nullptr) {
     return std::vector<grpc::string_ref>();
   }
-  grpc_auth_property_iterator iter = grpc_auth_context_peer_identity(ctx_);
+  grpc_auth_property_iterator iter =
+      grpc_auth_context_peer_identity(ctx_.get());
   std::vector<grpc::string_ref> identity;
   const grpc_auth_property* property = nullptr;
   while ((property = grpc_auth_property_iterator_next(&iter))) {
@@ -45,20 +38,20 @@ std::vector<grpc::string_ref> SecureAuthContext::GetPeerIdentity() const {
 }
 
 grpc::string SecureAuthContext::GetPeerIdentityPropertyName() const {
-  if (!ctx_) {
+  if (ctx_ == nullptr) {
     return "";
   }
-  const char* name = grpc_auth_context_peer_identity_property_name(ctx_);
+  const char* name = grpc_auth_context_peer_identity_property_name(ctx_.get());
   return name == nullptr ? "" : name;
 }
 
 std::vector<grpc::string_ref> SecureAuthContext::FindPropertyValues(
     const grpc::string& name) const {
-  if (!ctx_) {
+  if (ctx_ == nullptr) {
     return std::vector<grpc::string_ref>();
   }
   grpc_auth_property_iterator iter =
-      grpc_auth_context_find_properties_by_name(ctx_, name.c_str());
+      grpc_auth_context_find_properties_by_name(ctx_.get(), name.c_str());
   const grpc_auth_property* property = nullptr;
   std::vector<grpc::string_ref> values;
   while ((property = grpc_auth_property_iterator_next(&iter))) {
@@ -68,9 +61,9 @@ std::vector<grpc::string_ref> SecureAuthContext::FindPropertyValues(
 }
 
 AuthPropertyIterator SecureAuthContext::begin() const {
-  if (ctx_) {
+  if (ctx_ != nullptr) {
     grpc_auth_property_iterator iter =
-        grpc_auth_context_property_iterator(ctx_);
+        grpc_auth_context_property_iterator(ctx_.get());
     const grpc_auth_property* property =
         grpc_auth_property_iterator_next(&iter);
     return AuthPropertyIterator(property, &iter);
@@ -85,19 +78,20 @@ AuthPropertyIterator SecureAuthContext::end() const {
 
 void SecureAuthContext::AddProperty(const grpc::string& key,
                                     const grpc::string_ref& value) {
-  if (!ctx_) return;
-  grpc_auth_context_add_property(ctx_, key.c_str(), value.data(), value.size());
+  if (ctx_ == nullptr) return;
+  grpc_auth_context_add_property(ctx_.get(), key.c_str(), value.data(),
+                                 value.size());
 }
 
 bool SecureAuthContext::SetPeerIdentityPropertyName(const grpc::string& name) {
-  if (!ctx_) return false;
-  return grpc_auth_context_set_peer_identity_property_name(ctx_,
+  if (ctx_ == nullptr) return false;
+  return grpc_auth_context_set_peer_identity_property_name(ctx_.get(),
                                                            name.c_str()) != 0;
 }
 
 bool SecureAuthContext::IsPeerAuthenticated() const {
-  if (!ctx_) return false;
-  return grpc_auth_context_peer_is_authenticated(ctx_) != 0;
+  if (ctx_ == nullptr) return false;
+  return grpc_auth_context_peer_is_authenticated(ctx_.get()) != 0;
 }
 
 }  // namespace grpc
diff --git a/src/cpp/common/secure_auth_context.h b/src/cpp/common/secure_auth_context.h
index 142617959c..2e8f793721 100644
--- a/src/cpp/common/secure_auth_context.h
+++ b/src/cpp/common/secure_auth_context.h
@@ -21,15 +21,17 @@
 
 #include <grpcpp/security/auth_context.h>
 
-struct grpc_auth_context;
+#include "src/core/lib/gprpp/ref_counted_ptr.h"
+#include "src/core/lib/security/context/security_context.h"
 
 namespace grpc {
 
 class SecureAuthContext final : public AuthContext {
  public:
-  SecureAuthContext(grpc_auth_context* ctx, bool take_ownership);
+  explicit SecureAuthContext(grpc_auth_context* ctx)
+      : ctx_(ctx != nullptr ? ctx->Ref() : nullptr) {}
 
-  ~SecureAuthContext() override;
+  ~SecureAuthContext() override = default;
 
   bool IsPeerAuthenticated() const override;
 
@@ -50,8 +52,7 @@ class SecureAuthContext final : public AuthContext {
   virtual bool SetPeerIdentityPropertyName(const grpc::string& name) override;
 
  private:
-  grpc_auth_context* ctx_;
-  bool take_ownership_;
+  grpc_core::RefCountedPtr<grpc_auth_context> ctx_;
 };
 
 }  // namespace grpc
diff --git a/src/cpp/common/secure_create_auth_context.cc b/src/cpp/common/secure_create_auth_context.cc
index bc1387c8d7..908c46629e 100644
--- a/src/cpp/common/secure_create_auth_context.cc
+++ b/src/cpp/common/secure_create_auth_context.cc
@@ -20,6 +20,7 @@
 #include <grpc/grpc.h>
 #include <grpc/grpc_security.h>
 #include <grpcpp/security/auth_context.h>
+#include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/cpp/common/secure_auth_context.h"
 
 namespace grpc {
@@ -28,8 +29,8 @@ std::shared_ptr<const AuthContext> CreateAuthContext(grpc_call* call) {
   if (call == nullptr) {
     return std::shared_ptr<const AuthContext>();
   }
-  return std::shared_ptr<const AuthContext>(
-      new SecureAuthContext(grpc_call_auth_context(call), true));
+  grpc_core::RefCountedPtr<grpc_auth_context> ctx(grpc_call_auth_context(call));
+  return std::make_shared<SecureAuthContext>(ctx.get());
 }
 
 }  // namespace grpc
diff --git a/src/cpp/server/secure_server_credentials.cc b/src/cpp/server/secure_server_credentials.cc
index ebb17def32..453e76eb25 100644
--- a/src/cpp/server/secure_server_credentials.cc
+++ b/src/cpp/server/secure_server_credentials.cc
@@ -61,7 +61,7 @@ void AuthMetadataProcessorAyncWrapper::InvokeProcessor(
     metadata.insert(std::make_pair(StringRefFromSlice(&md[i].key),
                                    StringRefFromSlice(&md[i].value)));
   }
-  SecureAuthContext context(ctx, false);
+  SecureAuthContext context(ctx);
   AuthMetadataProcessor::OutputMetadata consumed_metadata;
   AuthMetadataProcessor::OutputMetadata response_metadata;
 
-- 
cgit v1.2.3