diff --git a/BUILD b/BUILD
index 0f8d8c77109cbec69eda04a066a1467552fdd086..fd03d52e3cbec49dd8f69be95147fb62ab42d7bc 100644
--- a/BUILD
+++ b/BUILD
@@ -255,15 +255,24 @@ cc_library(
"src/core/ext/transport/chttp2/transport/timeout_encoding.h",
"src/core/ext/transport/chttp2/transport/varint.h",
"src/core/ext/transport/chttp2/alpn/alpn.h",
- "src/core/lib/security/auth_filters.h",
- "src/core/lib/security/b64.h",
- "src/core/lib/security/credentials.h",
- "src/core/lib/security/handshake.h",
- "src/core/lib/security/json_token.h",
- "src/core/lib/security/jwt_verifier.h",
- "src/core/lib/security/secure_endpoint.h",
- "src/core/lib/security/security_connector.h",
- "src/core/lib/security/security_context.h",
+ "src/core/lib/security/context/security_context.h",
+ "src/core/lib/security/credentials/composite/composite_credentials.h",
+ "src/core/lib/security/credentials/credentials.h",
+ "src/core/lib/security/credentials/fake/fake_credentials.h",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.h",
+ "src/core/lib/security/credentials/iam/iam_credentials.h",
+ "src/core/lib/security/credentials/jwt/json_token.h",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.h",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.h",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.h",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.h",
+ "src/core/lib/security/transport/auth_filters.h",
+ "src/core/lib/security/transport/handshake.h",
+ "src/core/lib/security/transport/secure_endpoint.h",
+ "src/core/lib/security/transport/security_connector.h",
+ "src/core/lib/security/util/b64.h",
+ "src/core/lib/security/util/json_util.h",
"src/core/lib/tsi/fake_transport_security.h",
"src/core/lib/tsi/ssl_transport_security.h",
"src/core/lib/tsi/ssl_types.h",
@@ -400,20 +409,28 @@ cc_library(
"src/core/ext/transport/chttp2/transport/writing.c",
"src/core/ext/transport/chttp2/alpn/alpn.c",
"src/core/lib/http/httpcli_security_connector.c",
- "src/core/lib/security/b64.c",
- "src/core/lib/security/client_auth_filter.c",
- "src/core/lib/security/credentials.c",
- "src/core/lib/security/credentials_metadata.c",
- "src/core/lib/security/credentials_posix.c",
- "src/core/lib/security/credentials_win32.c",
- "src/core/lib/security/google_default_credentials.c",
- "src/core/lib/security/handshake.c",
- "src/core/lib/security/json_token.c",
- "src/core/lib/security/jwt_verifier.c",
- "src/core/lib/security/secure_endpoint.c",
- "src/core/lib/security/security_connector.c",
- "src/core/lib/security/security_context.c",
- "src/core/lib/security/server_auth_filter.c",
+ "src/core/lib/security/context/security_context.c",
+ "src/core/lib/security/credentials/composite/composite_credentials.c",
+ "src/core/lib/security/credentials/credentials.c",
+ "src/core/lib/security/credentials/credentials_metadata.c",
+ "src/core/lib/security/credentials/fake/fake_credentials.c",
+ "src/core/lib/security/credentials/google_default/credentials_posix.c",
+ "src/core/lib/security/credentials/google_default/credentials_win32.c",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.c",
+ "src/core/lib/security/credentials/iam/iam_credentials.c",
+ "src/core/lib/security/credentials/jwt/json_token.c",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.c",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.c",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.c",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.c",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.c",
+ "src/core/lib/security/transport/client_auth_filter.c",
+ "src/core/lib/security/transport/handshake.c",
+ "src/core/lib/security/transport/secure_endpoint.c",
+ "src/core/lib/security/transport/security_connector.c",
+ "src/core/lib/security/transport/server_auth_filter.c",
+ "src/core/lib/security/util/b64.c",
+ "src/core/lib/security/util/json_util.c",
"src/core/lib/surface/init_secure.c",
"src/core/lib/tsi/fake_transport_security.c",
"src/core/lib/tsi/ssl_transport_security.c",
@@ -1429,20 +1446,28 @@ objc_library(
"src/core/ext/transport/chttp2/transport/writing.c",
"src/core/ext/transport/chttp2/alpn/alpn.c",
"src/core/lib/http/httpcli_security_connector.c",
- "src/core/lib/security/b64.c",
- "src/core/lib/security/client_auth_filter.c",
- "src/core/lib/security/credentials.c",
- "src/core/lib/security/credentials_metadata.c",
- "src/core/lib/security/credentials_posix.c",
- "src/core/lib/security/credentials_win32.c",
- "src/core/lib/security/google_default_credentials.c",
- "src/core/lib/security/handshake.c",
- "src/core/lib/security/json_token.c",
- "src/core/lib/security/jwt_verifier.c",
- "src/core/lib/security/secure_endpoint.c",
- "src/core/lib/security/security_connector.c",
- "src/core/lib/security/security_context.c",
- "src/core/lib/security/server_auth_filter.c",
+ "src/core/lib/security/context/security_context.c",
+ "src/core/lib/security/credentials/composite/composite_credentials.c",
+ "src/core/lib/security/credentials/credentials.c",
+ "src/core/lib/security/credentials/credentials_metadata.c",
+ "src/core/lib/security/credentials/fake/fake_credentials.c",
+ "src/core/lib/security/credentials/google_default/credentials_posix.c",
+ "src/core/lib/security/credentials/google_default/credentials_win32.c",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.c",
+ "src/core/lib/security/credentials/iam/iam_credentials.c",
+ "src/core/lib/security/credentials/jwt/json_token.c",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.c",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.c",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.c",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.c",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.c",
+ "src/core/lib/security/transport/client_auth_filter.c",
+ "src/core/lib/security/transport/handshake.c",
+ "src/core/lib/security/transport/secure_endpoint.c",
+ "src/core/lib/security/transport/security_connector.c",
+ "src/core/lib/security/transport/server_auth_filter.c",
+ "src/core/lib/security/util/b64.c",
+ "src/core/lib/security/util/json_util.c",
"src/core/lib/surface/init_secure.c",
"src/core/lib/tsi/fake_transport_security.c",
"src/core/lib/tsi/ssl_transport_security.c",
@@ -1614,15 +1639,24 @@ objc_library(
"src/core/ext/transport/chttp2/transport/timeout_encoding.h",
"src/core/ext/transport/chttp2/transport/varint.h",
"src/core/ext/transport/chttp2/alpn/alpn.h",
- "src/core/lib/security/auth_filters.h",
- "src/core/lib/security/b64.h",
- "src/core/lib/security/credentials.h",
- "src/core/lib/security/handshake.h",
- "src/core/lib/security/json_token.h",
- "src/core/lib/security/jwt_verifier.h",
- "src/core/lib/security/secure_endpoint.h",
- "src/core/lib/security/security_connector.h",
- "src/core/lib/security/security_context.h",
+ "src/core/lib/security/context/security_context.h",
+ "src/core/lib/security/credentials/composite/composite_credentials.h",
+ "src/core/lib/security/credentials/credentials.h",
+ "src/core/lib/security/credentials/fake/fake_credentials.h",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.h",
+ "src/core/lib/security/credentials/iam/iam_credentials.h",
+ "src/core/lib/security/credentials/jwt/json_token.h",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.h",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.h",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.h",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.h",
+ "src/core/lib/security/transport/auth_filters.h",
+ "src/core/lib/security/transport/handshake.h",
+ "src/core/lib/security/transport/secure_endpoint.h",
+ "src/core/lib/security/transport/security_connector.h",
+ "src/core/lib/security/util/b64.h",
+ "src/core/lib/security/util/json_util.h",
"src/core/lib/tsi/fake_transport_security.h",
"src/core/lib/tsi/ssl_transport_security.h",
"src/core/lib/tsi/ssl_types.h",
diff --git a/Makefile b/Makefile
index 949f8669c7a76b1a0d3c80a15c21bcc025567ca5..578eb57f7e7514c741236f56f79bc5ed9b37f210 100644
--- a/Makefile
+++ b/Makefile
@@ -2598,20 +2598,28 @@ LIBGRPC_SRC = \
src/core/ext/transport/chttp2/transport/writing.c \
src/core/ext/transport/chttp2/alpn/alpn.c \
src/core/lib/http/httpcli_security_connector.c \
- src/core/lib/security/b64.c \
- src/core/lib/security/client_auth_filter.c \
- src/core/lib/security/credentials.c \
- src/core/lib/security/credentials_metadata.c \
- src/core/lib/security/credentials_posix.c \
- src/core/lib/security/credentials_win32.c \
- src/core/lib/security/google_default_credentials.c \
- src/core/lib/security/handshake.c \
- src/core/lib/security/json_token.c \
- src/core/lib/security/jwt_verifier.c \
- src/core/lib/security/secure_endpoint.c \
- src/core/lib/security/security_connector.c \
- src/core/lib/security/security_context.c \
- src/core/lib/security/server_auth_filter.c \
+ src/core/lib/security/context/security_context.c \
+ src/core/lib/security/credentials/composite/composite_credentials.c \
+ src/core/lib/security/credentials/credentials.c \
+ src/core/lib/security/credentials/credentials_metadata.c \
+ src/core/lib/security/credentials/fake/fake_credentials.c \
+ src/core/lib/security/credentials/google_default/credentials_posix.c \
+ src/core/lib/security/credentials/google_default/credentials_win32.c \
+ src/core/lib/security/credentials/google_default/google_default_credentials.c \
+ src/core/lib/security/credentials/iam/iam_credentials.c \
+ src/core/lib/security/credentials/jwt/json_token.c \
+ src/core/lib/security/credentials/jwt/jwt_credentials.c \
+ src/core/lib/security/credentials/jwt/jwt_verifier.c \
+ src/core/lib/security/credentials/oauth2/oauth2_credentials.c \
+ src/core/lib/security/credentials/plugin/plugin_credentials.c \
+ src/core/lib/security/credentials/ssl/ssl_credentials.c \
+ src/core/lib/security/transport/client_auth_filter.c \
+ src/core/lib/security/transport/handshake.c \
+ src/core/lib/security/transport/secure_endpoint.c \
+ src/core/lib/security/transport/security_connector.c \
+ src/core/lib/security/transport/server_auth_filter.c \
+ src/core/lib/security/util/b64.c \
+ src/core/lib/security/util/json_util.c \
src/core/lib/surface/init_secure.c \
src/core/lib/tsi/fake_transport_security.c \
src/core/lib/tsi/ssl_transport_security.c \
@@ -14407,20 +14415,28 @@ src/core/ext/transport/cronet/client/secure/cronet_channel_create.c: $(OPENSSL_D
src/core/ext/transport/cronet/transport/cronet_api_dummy.c: $(OPENSSL_DEP)
src/core/ext/transport/cronet/transport/cronet_transport.c: $(OPENSSL_DEP)
src/core/lib/http/httpcli_security_connector.c: $(OPENSSL_DEP)
-src/core/lib/security/b64.c: $(OPENSSL_DEP)
-src/core/lib/security/client_auth_filter.c: $(OPENSSL_DEP)
-src/core/lib/security/credentials.c: $(OPENSSL_DEP)
-src/core/lib/security/credentials_metadata.c: $(OPENSSL_DEP)
-src/core/lib/security/credentials_posix.c: $(OPENSSL_DEP)
-src/core/lib/security/credentials_win32.c: $(OPENSSL_DEP)
-src/core/lib/security/google_default_credentials.c: $(OPENSSL_DEP)
-src/core/lib/security/handshake.c: $(OPENSSL_DEP)
-src/core/lib/security/json_token.c: $(OPENSSL_DEP)
-src/core/lib/security/jwt_verifier.c: $(OPENSSL_DEP)
-src/core/lib/security/secure_endpoint.c: $(OPENSSL_DEP)
-src/core/lib/security/security_connector.c: $(OPENSSL_DEP)
-src/core/lib/security/security_context.c: $(OPENSSL_DEP)
-src/core/lib/security/server_auth_filter.c: $(OPENSSL_DEP)
+src/core/lib/security/context/security_context.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/composite/composite_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/credentials_metadata.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/fake/fake_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/google_default/credentials_posix.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/google_default/credentials_win32.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/google_default/google_default_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/iam/iam_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/jwt/json_token.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/jwt/jwt_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/jwt/jwt_verifier.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/oauth2/oauth2_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/plugin/plugin_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/ssl/ssl_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/client_auth_filter.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/handshake.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/secure_endpoint.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/security_connector.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/server_auth_filter.c: $(OPENSSL_DEP)
+src/core/lib/security/util/b64.c: $(OPENSSL_DEP)
+src/core/lib/security/util/json_util.c: $(OPENSSL_DEP)
src/core/lib/surface/init_secure.c: $(OPENSSL_DEP)
src/core/lib/tsi/fake_transport_security.c: $(OPENSSL_DEP)
src/core/lib/tsi/ssl_transport_security.c: $(OPENSSL_DEP)
diff --git a/binding.gyp b/binding.gyp
index 442a14762c2c7fb225153e337de621976d841f0c..7b187070005d55d6c1e036f5b20e6fdafa11443e 100644
--- a/binding.gyp
+++ b/binding.gyp
@@ -669,20 +669,28 @@
'src/core/ext/transport/chttp2/transport/writing.c',
'src/core/ext/transport/chttp2/alpn/alpn.c',
'src/core/lib/http/httpcli_security_connector.c',
- 'src/core/lib/security/b64.c',
- 'src/core/lib/security/client_auth_filter.c',
- 'src/core/lib/security/credentials.c',
- 'src/core/lib/security/credentials_metadata.c',
- 'src/core/lib/security/credentials_posix.c',
- 'src/core/lib/security/credentials_win32.c',
- 'src/core/lib/security/google_default_credentials.c',
- 'src/core/lib/security/handshake.c',
- 'src/core/lib/security/json_token.c',
- 'src/core/lib/security/jwt_verifier.c',
- 'src/core/lib/security/secure_endpoint.c',
- 'src/core/lib/security/security_connector.c',
- 'src/core/lib/security/security_context.c',
- 'src/core/lib/security/server_auth_filter.c',
+ 'src/core/lib/security/context/security_context.c',
+ 'src/core/lib/security/credentials/composite/composite_credentials.c',
+ 'src/core/lib/security/credentials/credentials.c',
+ 'src/core/lib/security/credentials/credentials_metadata.c',
+ 'src/core/lib/security/credentials/fake/fake_credentials.c',
+ 'src/core/lib/security/credentials/google_default/credentials_posix.c',
+ 'src/core/lib/security/credentials/google_default/credentials_win32.c',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.c',
+ 'src/core/lib/security/credentials/iam/iam_credentials.c',
+ 'src/core/lib/security/credentials/jwt/json_token.c',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.c',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.c',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.c',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.c',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.c',
+ 'src/core/lib/security/transport/client_auth_filter.c',
+ 'src/core/lib/security/transport/handshake.c',
+ 'src/core/lib/security/transport/secure_endpoint.c',
+ 'src/core/lib/security/transport/security_connector.c',
+ 'src/core/lib/security/transport/server_auth_filter.c',
+ 'src/core/lib/security/util/b64.c',
+ 'src/core/lib/security/util/json_util.c',
'src/core/lib/surface/init_secure.c',
'src/core/lib/tsi/fake_transport_security.c',
'src/core/lib/tsi/ssl_transport_security.c',
diff --git a/build.yaml b/build.yaml
index acf2f9307f7e6008508ae9ef36edd3ec6da9e216..450d43b4724951d81ba70e9d53b6a521461c5154 100644
--- a/build.yaml
+++ b/build.yaml
@@ -404,31 +404,48 @@ filegroups:
- include/grpc/grpc_security.h
- include/grpc/grpc_security_constants.h
headers:
- - src/core/lib/security/auth_filters.h
- - src/core/lib/security/b64.h
- - src/core/lib/security/credentials.h
- - src/core/lib/security/handshake.h
- - src/core/lib/security/json_token.h
- - src/core/lib/security/jwt_verifier.h
- - src/core/lib/security/secure_endpoint.h
- - src/core/lib/security/security_connector.h
- - src/core/lib/security/security_context.h
+ - src/core/lib/security/context/security_context.h
+ - src/core/lib/security/credentials/composite/composite_credentials.h
+ - src/core/lib/security/credentials/credentials.h
+ - src/core/lib/security/credentials/fake/fake_credentials.h
+ - src/core/lib/security/credentials/google_default/google_default_credentials.h
+ - src/core/lib/security/credentials/iam/iam_credentials.h
+ - src/core/lib/security/credentials/jwt/json_token.h
+ - src/core/lib/security/credentials/jwt/jwt_credentials.h
+ - src/core/lib/security/credentials/jwt/jwt_verifier.h
+ - src/core/lib/security/credentials/oauth2/oauth2_credentials.h
+ - src/core/lib/security/credentials/plugin/plugin_credentials.h
+ - src/core/lib/security/credentials/ssl/ssl_credentials.h
+ - src/core/lib/security/transport/auth_filters.h
+ - src/core/lib/security/transport/handshake.h
+ - src/core/lib/security/transport/secure_endpoint.h
+ - src/core/lib/security/transport/security_connector.h
+ - src/core/lib/security/util/b64.h
+ - src/core/lib/security/util/json_util.h
src:
- src/core/lib/http/httpcli_security_connector.c
- - src/core/lib/security/b64.c
- - src/core/lib/security/client_auth_filter.c
- - src/core/lib/security/credentials.c
- - src/core/lib/security/credentials_metadata.c
- - src/core/lib/security/credentials_posix.c
- - src/core/lib/security/credentials_win32.c
- - src/core/lib/security/google_default_credentials.c
- - src/core/lib/security/handshake.c
- - src/core/lib/security/json_token.c
- - src/core/lib/security/jwt_verifier.c
- - src/core/lib/security/secure_endpoint.c
- - src/core/lib/security/security_connector.c
- - src/core/lib/security/security_context.c
- - src/core/lib/security/server_auth_filter.c
+ - src/core/lib/security/context/security_context.c
+ - src/core/lib/security/credentials/composite/composite_credentials.c
+ - src/core/lib/security/credentials/credentials.c
+ - src/core/lib/security/credentials/credentials_metadata.c
+ - src/core/lib/security/credentials/fake/fake_credentials.c
+ - src/core/lib/security/credentials/google_default/credentials_posix.c
+ - src/core/lib/security/credentials/google_default/credentials_win32.c
+ - src/core/lib/security/credentials/google_default/google_default_credentials.c
+ - src/core/lib/security/credentials/iam/iam_credentials.c
+ - src/core/lib/security/credentials/jwt/json_token.c
+ - src/core/lib/security/credentials/jwt/jwt_credentials.c
+ - src/core/lib/security/credentials/jwt/jwt_verifier.c
+ - src/core/lib/security/credentials/oauth2/oauth2_credentials.c
+ - src/core/lib/security/credentials/plugin/plugin_credentials.c
+ - src/core/lib/security/credentials/ssl/ssl_credentials.c
+ - src/core/lib/security/transport/client_auth_filter.c
+ - src/core/lib/security/transport/handshake.c
+ - src/core/lib/security/transport/secure_endpoint.c
+ - src/core/lib/security/transport/security_connector.c
+ - src/core/lib/security/transport/server_auth_filter.c
+ - src/core/lib/security/util/b64.c
+ - src/core/lib/security/util/json_util.c
- src/core/lib/surface/init_secure.c
secure: true
uses:
@@ -3276,7 +3293,7 @@ configs:
LDXX: clang++
compile_the_world: true
test_environ:
- UBSAN_OPTIONS: print_stacktrace=1
+ UBSAN_OPTIONS: halt_on_error=1:print_stacktrace=1
timeout_multiplier: 1.5
defaults:
boringssl:
diff --git a/config.m4 b/config.m4
index 8f2cfa24a4e0c705171399a4ff34068abfcaf82a..29df77ce1dbe937ba8c984d618609453d1b5af39 100644
--- a/config.m4
+++ b/config.m4
@@ -188,20 +188,28 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/transport/chttp2/transport/writing.c \
src/core/ext/transport/chttp2/alpn/alpn.c \
src/core/lib/http/httpcli_security_connector.c \
- src/core/lib/security/b64.c \
- src/core/lib/security/client_auth_filter.c \
- src/core/lib/security/credentials.c \
- src/core/lib/security/credentials_metadata.c \
- src/core/lib/security/credentials_posix.c \
- src/core/lib/security/credentials_win32.c \
- src/core/lib/security/google_default_credentials.c \
- src/core/lib/security/handshake.c \
- src/core/lib/security/json_token.c \
- src/core/lib/security/jwt_verifier.c \
- src/core/lib/security/secure_endpoint.c \
- src/core/lib/security/security_connector.c \
- src/core/lib/security/security_context.c \
- src/core/lib/security/server_auth_filter.c \
+ src/core/lib/security/context/security_context.c \
+ src/core/lib/security/credentials/composite/composite_credentials.c \
+ src/core/lib/security/credentials/credentials.c \
+ src/core/lib/security/credentials/credentials_metadata.c \
+ src/core/lib/security/credentials/fake/fake_credentials.c \
+ src/core/lib/security/credentials/google_default/credentials_posix.c \
+ src/core/lib/security/credentials/google_default/credentials_win32.c \
+ src/core/lib/security/credentials/google_default/google_default_credentials.c \
+ src/core/lib/security/credentials/iam/iam_credentials.c \
+ src/core/lib/security/credentials/jwt/json_token.c \
+ src/core/lib/security/credentials/jwt/jwt_credentials.c \
+ src/core/lib/security/credentials/jwt/jwt_verifier.c \
+ src/core/lib/security/credentials/oauth2/oauth2_credentials.c \
+ src/core/lib/security/credentials/plugin/plugin_credentials.c \
+ src/core/lib/security/credentials/ssl/ssl_credentials.c \
+ src/core/lib/security/transport/client_auth_filter.c \
+ src/core/lib/security/transport/handshake.c \
+ src/core/lib/security/transport/secure_endpoint.c \
+ src/core/lib/security/transport/security_connector.c \
+ src/core/lib/security/transport/server_auth_filter.c \
+ src/core/lib/security/util/b64.c \
+ src/core/lib/security/util/json_util.c \
src/core/lib/surface/init_secure.c \
src/core/lib/tsi/fake_transport_security.c \
src/core/lib/tsi/ssl_transport_security.c \
@@ -578,7 +586,18 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/iomgr)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/json)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/profiling)
- PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/context)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/composite)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/fake)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/google_default)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/iam)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/jwt)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/oauth2)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/plugin)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/ssl)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/transport)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/util)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/support)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/surface)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/transport)
diff --git a/examples/cpp/helloworld/Makefile b/examples/cpp/helloworld/Makefile
index 58a82dbb8312611ea278d85a2e9bdb991994b5a8..780e5e427a7677db21aacfc3f6976ca363e12f1d 100644
--- a/examples/cpp/helloworld/Makefile
+++ b/examples/cpp/helloworld/Makefile
@@ -32,7 +32,7 @@
CXX = g++
CPPFLAGS += -I/usr/local/include -pthread
CXXFLAGS += -std=c++11
-LDFLAGS += -L/usr/local/lib `pkg-config --libs grpc++` -lprotobuf -lpthread -ldl
+LDFLAGS += -L/usr/local/lib `pkg-config --libs grpc++ grpc` -lprotobuf -lpthread -ldl
PROTOC = protoc
GRPC_CPP_PLUGIN = grpc_cpp_plugin
GRPC_CPP_PLUGIN_PATH ?= `which $(GRPC_CPP_PLUGIN)`
diff --git a/gRPC.podspec b/gRPC.podspec
index ea02aa348703530846833975bab40e98edae251d..cc8ba3de94e9dc0b7281e0fd60ac13f1e1b74186 100644
--- a/gRPC.podspec
+++ b/gRPC.podspec
@@ -258,15 +258,24 @@ Pod::Spec.new do |s|
'src/core/ext/transport/chttp2/transport/timeout_encoding.h',
'src/core/ext/transport/chttp2/transport/varint.h',
'src/core/ext/transport/chttp2/alpn/alpn.h',
- 'src/core/lib/security/auth_filters.h',
- 'src/core/lib/security/b64.h',
- 'src/core/lib/security/credentials.h',
- 'src/core/lib/security/handshake.h',
- 'src/core/lib/security/json_token.h',
- 'src/core/lib/security/jwt_verifier.h',
- 'src/core/lib/security/secure_endpoint.h',
- 'src/core/lib/security/security_connector.h',
- 'src/core/lib/security/security_context.h',
+ 'src/core/lib/security/context/security_context.h',
+ 'src/core/lib/security/credentials/composite/composite_credentials.h',
+ 'src/core/lib/security/credentials/credentials.h',
+ 'src/core/lib/security/credentials/fake/fake_credentials.h',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.h',
+ 'src/core/lib/security/credentials/iam/iam_credentials.h',
+ 'src/core/lib/security/credentials/jwt/json_token.h',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.h',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.h',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.h',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.h',
+ 'src/core/lib/security/transport/auth_filters.h',
+ 'src/core/lib/security/transport/handshake.h',
+ 'src/core/lib/security/transport/secure_endpoint.h',
+ 'src/core/lib/security/transport/security_connector.h',
+ 'src/core/lib/security/util/b64.h',
+ 'src/core/lib/security/util/json_util.h',
'src/core/lib/tsi/fake_transport_security.h',
'src/core/lib/tsi/ssl_transport_security.h',
'src/core/lib/tsi/ssl_types.h',
@@ -437,20 +446,28 @@ Pod::Spec.new do |s|
'src/core/ext/transport/chttp2/transport/writing.c',
'src/core/ext/transport/chttp2/alpn/alpn.c',
'src/core/lib/http/httpcli_security_connector.c',
- 'src/core/lib/security/b64.c',
- 'src/core/lib/security/client_auth_filter.c',
- 'src/core/lib/security/credentials.c',
- 'src/core/lib/security/credentials_metadata.c',
- 'src/core/lib/security/credentials_posix.c',
- 'src/core/lib/security/credentials_win32.c',
- 'src/core/lib/security/google_default_credentials.c',
- 'src/core/lib/security/handshake.c',
- 'src/core/lib/security/json_token.c',
- 'src/core/lib/security/jwt_verifier.c',
- 'src/core/lib/security/secure_endpoint.c',
- 'src/core/lib/security/security_connector.c',
- 'src/core/lib/security/security_context.c',
- 'src/core/lib/security/server_auth_filter.c',
+ 'src/core/lib/security/context/security_context.c',
+ 'src/core/lib/security/credentials/composite/composite_credentials.c',
+ 'src/core/lib/security/credentials/credentials.c',
+ 'src/core/lib/security/credentials/credentials_metadata.c',
+ 'src/core/lib/security/credentials/fake/fake_credentials.c',
+ 'src/core/lib/security/credentials/google_default/credentials_posix.c',
+ 'src/core/lib/security/credentials/google_default/credentials_win32.c',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.c',
+ 'src/core/lib/security/credentials/iam/iam_credentials.c',
+ 'src/core/lib/security/credentials/jwt/json_token.c',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.c',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.c',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.c',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.c',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.c',
+ 'src/core/lib/security/transport/client_auth_filter.c',
+ 'src/core/lib/security/transport/handshake.c',
+ 'src/core/lib/security/transport/secure_endpoint.c',
+ 'src/core/lib/security/transport/security_connector.c',
+ 'src/core/lib/security/transport/server_auth_filter.c',
+ 'src/core/lib/security/util/b64.c',
+ 'src/core/lib/security/util/json_util.c',
'src/core/lib/surface/init_secure.c',
'src/core/lib/tsi/fake_transport_security.c',
'src/core/lib/tsi/ssl_transport_security.c',
@@ -606,15 +623,24 @@ Pod::Spec.new do |s|
'src/core/ext/transport/chttp2/transport/timeout_encoding.h',
'src/core/ext/transport/chttp2/transport/varint.h',
'src/core/ext/transport/chttp2/alpn/alpn.h',
- 'src/core/lib/security/auth_filters.h',
- 'src/core/lib/security/b64.h',
- 'src/core/lib/security/credentials.h',
- 'src/core/lib/security/handshake.h',
- 'src/core/lib/security/json_token.h',
- 'src/core/lib/security/jwt_verifier.h',
- 'src/core/lib/security/secure_endpoint.h',
- 'src/core/lib/security/security_connector.h',
- 'src/core/lib/security/security_context.h',
+ 'src/core/lib/security/context/security_context.h',
+ 'src/core/lib/security/credentials/composite/composite_credentials.h',
+ 'src/core/lib/security/credentials/credentials.h',
+ 'src/core/lib/security/credentials/fake/fake_credentials.h',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.h',
+ 'src/core/lib/security/credentials/iam/iam_credentials.h',
+ 'src/core/lib/security/credentials/jwt/json_token.h',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.h',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.h',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.h',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.h',
+ 'src/core/lib/security/transport/auth_filters.h',
+ 'src/core/lib/security/transport/handshake.h',
+ 'src/core/lib/security/transport/secure_endpoint.h',
+ 'src/core/lib/security/transport/security_connector.h',
+ 'src/core/lib/security/util/b64.h',
+ 'src/core/lib/security/util/json_util.h',
'src/core/lib/tsi/fake_transport_security.h',
'src/core/lib/tsi/ssl_transport_security.h',
'src/core/lib/tsi/ssl_types.h',
diff --git a/grpc.gemspec b/grpc.gemspec
index 72f044258b8fd1214ebaf32d914f13623a6bfbea..ae7f9b7d2eed016c661f9f49035f7deea2cd6717 100755
--- a/grpc.gemspec
+++ b/grpc.gemspec
@@ -267,15 +267,24 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/transport/chttp2/transport/timeout_encoding.h )
s.files += %w( src/core/ext/transport/chttp2/transport/varint.h )
s.files += %w( src/core/ext/transport/chttp2/alpn/alpn.h )
- s.files += %w( src/core/lib/security/auth_filters.h )
- s.files += %w( src/core/lib/security/b64.h )
- s.files += %w( src/core/lib/security/credentials.h )
- s.files += %w( src/core/lib/security/handshake.h )
- s.files += %w( src/core/lib/security/json_token.h )
- s.files += %w( src/core/lib/security/jwt_verifier.h )
- s.files += %w( src/core/lib/security/secure_endpoint.h )
- s.files += %w( src/core/lib/security/security_connector.h )
- s.files += %w( src/core/lib/security/security_context.h )
+ s.files += %w( src/core/lib/security/context/security_context.h )
+ s.files += %w( src/core/lib/security/credentials/composite/composite_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/credentials.h )
+ s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/iam/iam_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/jwt/json_token.h )
+ s.files += %w( src/core/lib/security/credentials/jwt/jwt_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/jwt/jwt_verifier.h )
+ s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.h )
+ s.files += %w( src/core/lib/security/transport/auth_filters.h )
+ s.files += %w( src/core/lib/security/transport/handshake.h )
+ s.files += %w( src/core/lib/security/transport/secure_endpoint.h )
+ s.files += %w( src/core/lib/security/transport/security_connector.h )
+ s.files += %w( src/core/lib/security/util/b64.h )
+ s.files += %w( src/core/lib/security/util/json_util.h )
s.files += %w( src/core/lib/tsi/fake_transport_security.h )
s.files += %w( src/core/lib/tsi/ssl_transport_security.h )
s.files += %w( src/core/lib/tsi/ssl_types.h )
@@ -416,20 +425,28 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/transport/chttp2/transport/writing.c )
s.files += %w( src/core/ext/transport/chttp2/alpn/alpn.c )
s.files += %w( src/core/lib/http/httpcli_security_connector.c )
- s.files += %w( src/core/lib/security/b64.c )
- s.files += %w( src/core/lib/security/client_auth_filter.c )
- s.files += %w( src/core/lib/security/credentials.c )
- s.files += %w( src/core/lib/security/credentials_metadata.c )
- s.files += %w( src/core/lib/security/credentials_posix.c )
- s.files += %w( src/core/lib/security/credentials_win32.c )
- s.files += %w( src/core/lib/security/google_default_credentials.c )
- s.files += %w( src/core/lib/security/handshake.c )
- s.files += %w( src/core/lib/security/json_token.c )
- s.files += %w( src/core/lib/security/jwt_verifier.c )
- s.files += %w( src/core/lib/security/secure_endpoint.c )
- s.files += %w( src/core/lib/security/security_connector.c )
- s.files += %w( src/core/lib/security/security_context.c )
- s.files += %w( src/core/lib/security/server_auth_filter.c )
+ s.files += %w( src/core/lib/security/context/security_context.c )
+ s.files += %w( src/core/lib/security/credentials/composite/composite_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/credentials.c )
+ s.files += %w( src/core/lib/security/credentials/credentials_metadata.c )
+ s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/google_default/credentials_posix.c )
+ s.files += %w( src/core/lib/security/credentials/google_default/credentials_win32.c )
+ s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/iam/iam_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/jwt/json_token.c )
+ s.files += %w( src/core/lib/security/credentials/jwt/jwt_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/jwt/jwt_verifier.c )
+ s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.c )
+ s.files += %w( src/core/lib/security/transport/client_auth_filter.c )
+ s.files += %w( src/core/lib/security/transport/handshake.c )
+ s.files += %w( src/core/lib/security/transport/secure_endpoint.c )
+ s.files += %w( src/core/lib/security/transport/security_connector.c )
+ s.files += %w( src/core/lib/security/transport/server_auth_filter.c )
+ s.files += %w( src/core/lib/security/util/b64.c )
+ s.files += %w( src/core/lib/security/util/json_util.c )
s.files += %w( src/core/lib/surface/init_secure.c )
s.files += %w( src/core/lib/tsi/fake_transport_security.c )
s.files += %w( src/core/lib/tsi/ssl_transport_security.c )
diff --git a/package.xml b/package.xml
index a9b0ee4be2e23ce1f14b72bfeaa8785f61156534..507a2a7ed6c1c1aa5174cbf2d70b4f450c8364d1 100644
--- a/package.xml
+++ b/package.xml
@@ -274,15 +274,24 @@
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/transport/timeout_encoding.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/transport/varint.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/alpn/alpn.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/auth_filters.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/b64.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/handshake.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/json_token.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/jwt_verifier.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/secure_endpoint.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_connector.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_context.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/context/security_context.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/composite/composite_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/fake/fake_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/google_default/google_default_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/iam/iam_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/json_token.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/jwt_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/jwt_verifier.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/auth_filters.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/handshake.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/security_connector.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/util/b64.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/util/json_util.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/fake_transport_security.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/ssl_transport_security.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/ssl_types.h" role="src" />
@@ -423,20 +432,28 @@
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/transport/writing.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/alpn/alpn.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/http/httpcli_security_connector.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/b64.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/client_auth_filter.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials_metadata.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials_posix.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials_win32.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/google_default_credentials.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/handshake.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/json_token.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/jwt_verifier.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/secure_endpoint.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_connector.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_context.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/server_auth_filter.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/context/security_context.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/composite/composite_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/credentials_metadata.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/fake/fake_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/google_default/credentials_posix.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/google_default/credentials_win32.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/google_default/google_default_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/iam/iam_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/json_token.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/jwt_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/jwt_verifier.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/client_auth_filter.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/handshake.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/security_connector.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/server_auth_filter.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/util/b64.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/util/json_util.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/surface/init_secure.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/fake_transport_security.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/ssl_transport_security.c" role="src" />
diff --git a/src/core/ext/client_config/subchannel.c b/src/core/ext/client_config/subchannel.c
index bd45d3825cc5527c84ac923809b05541ee90fd84..cfd39e7cfbfefab1624ab230d1c32c3a08161675 100644
--- a/src/core/ext/client_config/subchannel.c
+++ b/src/core/ext/client_config/subchannel.c
@@ -320,7 +320,7 @@ grpc_subchannel *grpc_subchannel_create(grpc_exec_ctx *exec_ctx,
c->filters = NULL;
}
c->addr = gpr_malloc(args->addr_len);
- memcpy(c->addr, args->addr, args->addr_len);
+ if (args->addr_len) memcpy(c->addr, args->addr, args->addr_len);
c->pollset_set = grpc_pollset_set_create();
c->addr_len = args->addr_len;
grpc_set_initial_connect_string(&c->addr, &c->addr_len,
diff --git a/src/core/ext/client_config/subchannel_index.c b/src/core/ext/client_config/subchannel_index.c
index ab8d9bd91d83ab23cc952512d91feaaac6e8715a..690cb16b96f06237017603ce49ff503cde43fb76 100644
--- a/src/core/ext/client_config/subchannel_index.c
+++ b/src/core/ext/client_config/subchannel_index.c
@@ -77,12 +77,19 @@ static grpc_subchannel_key *create_key(
grpc_subchannel_key *k = gpr_malloc(sizeof(*k));
k->connector = grpc_connector_ref(connector);
k->args.filter_count = args->filter_count;
- k->args.filters = gpr_malloc(sizeof(*k->args.filters) * k->args.filter_count);
- memcpy((grpc_channel_filter *)k->args.filters, args->filters,
- sizeof(*k->args.filters) * k->args.filter_count);
+ if (k->args.filter_count > 0) {
+ k->args.filters =
+ gpr_malloc(sizeof(*k->args.filters) * k->args.filter_count);
+ memcpy((grpc_channel_filter *)k->args.filters, args->filters,
+ sizeof(*k->args.filters) * k->args.filter_count);
+ } else {
+ k->args.filters = NULL;
+ }
k->args.addr_len = args->addr_len;
k->args.addr = gpr_malloc(args->addr_len);
- memcpy(k->args.addr, args->addr, k->args.addr_len);
+ if (k->args.addr_len > 0) {
+ memcpy(k->args.addr, args->addr, k->args.addr_len);
+ }
k->args.args = copy_channel_args(args->args);
return k;
}
@@ -104,11 +111,15 @@ static int subchannel_key_compare(grpc_subchannel_key *a,
if (c != 0) return c;
c = GPR_ICMP(a->args.filter_count, b->args.filter_count);
if (c != 0) return c;
- c = memcmp(a->args.addr, b->args.addr, a->args.addr_len);
- if (c != 0) return c;
- c = memcmp(a->args.filters, b->args.filters,
- a->args.filter_count * sizeof(*a->args.filters));
- if (c != 0) return c;
+ if (a->args.addr_len) {
+ c = memcmp(a->args.addr, b->args.addr, a->args.addr_len);
+ if (c != 0) return c;
+ }
+ if (a->args.filter_count > 0) {
+ c = memcmp(a->args.filters, b->args.filters,
+ a->args.filter_count * sizeof(*a->args.filters));
+ if (c != 0) return c;
+ }
return grpc_channel_args_compare(a->args.args, b->args.args);
}
diff --git a/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c b/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c
index 58af6f995a4dc1da5465299e03790674f3c3ebf2..a262306085c7892eef0bd339ec3e778ac0d29ff7 100644
--- a/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c
+++ b/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c
@@ -45,9 +45,9 @@
#include "src/core/ext/transport/chttp2/transport/chttp2_transport.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/iomgr/tcp_client.h"
-#include "src/core/lib/security/auth_filters.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/auth_filters.h"
#include "src/core/lib/surface/api_trace.h"
#include "src/core/lib/surface/channel.h"
#include "src/core/lib/tsi/transport_security_interface.h"
diff --git a/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c b/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c
index 26b0f00e9efbdd4da1fbc89bf3d17841003a76e0..ebbefbcd89300067045676a2335597020abcfce6 100644
--- a/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c
+++ b/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c
@@ -45,10 +45,10 @@
#include "src/core/lib/iomgr/endpoint.h"
#include "src/core/lib/iomgr/resolve_address.h"
#include "src/core/lib/iomgr/tcp_server.h"
-#include "src/core/lib/security/auth_filters.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_connector.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/auth_filters.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/surface/api_trace.h"
#include "src/core/lib/surface/server.h"
diff --git a/src/core/ext/transport/chttp2/transport/frame_goaway.c b/src/core/ext/transport/chttp2/transport/frame_goaway.c
index 69accb7696dd8ad93a982b379446d2b35a830974..827e7a697707f9b44d6c4d972cd6c39f3b7247f6 100644
--- a/src/core/ext/transport/chttp2/transport/frame_goaway.c
+++ b/src/core/ext/transport/chttp2/transport/frame_goaway.c
@@ -137,7 +137,8 @@ grpc_chttp2_parse_error grpc_chttp2_goaway_parser_parse(
++cur;
/* fallthrough */
case GRPC_CHTTP2_GOAWAY_DEBUG:
- memcpy(p->debug_data + p->debug_pos, cur, (size_t)(end - cur));
+ if (end != cur)
+ memcpy(p->debug_data + p->debug_pos, cur, (size_t)(end - cur));
GPR_ASSERT((size_t)(end - cur) < UINT32_MAX - p->debug_pos);
p->debug_pos += (uint32_t)(end - cur);
p->state = GRPC_CHTTP2_GOAWAY_DEBUG;
diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.c b/src/core/ext/transport/chttp2/transport/hpack_parser.c
index 687936bfd35a51f96d4749e12d3a1f6363205e69..ed45bc9cb38a9ab297ebaf774aee5fa52615bf9f 100644
--- a/src/core/ext/transport/chttp2/transport/hpack_parser.c
+++ b/src/core/ext/transport/chttp2/transport/hpack_parser.c
@@ -1138,6 +1138,7 @@ static int parse_string_prefix(grpc_chttp2_hpack_parser *p, const uint8_t *cur,
/* append some bytes to a string */
static void append_bytes(grpc_chttp2_hpack_parser_string *str,
const uint8_t *data, size_t length) {
+ if (length == 0) return;
if (length + str->length > str->capacity) {
GPR_ASSERT(str->length + length <= UINT32_MAX);
str->capacity = (uint32_t)(str->length + length);
@@ -1445,6 +1446,11 @@ grpc_chttp2_parse_error grpc_chttp2_header_parser_parse(
stream id on a header */
if (stream_parsing != NULL) {
if (parser->is_boundary) {
+ if (stream_parsing->header_frames_received ==
+ GPR_ARRAY_SIZE(stream_parsing->got_metadata_on_parse)) {
+ gpr_log(GPR_ERROR, "too many trailer frames");
+ return GRPC_CHTTP2_CONNECTION_ERROR;
+ }
stream_parsing
->got_metadata_on_parse[stream_parsing->header_frames_received] = 1;
stream_parsing->header_frames_received++;
diff --git a/src/core/lib/channel/channel_args.c b/src/core/lib/channel/channel_args.c
index 893cf0700e54ad39c6de8af8c852d94c61781061..569be4dc2825113b1119ce1f8b66116d1a9710a2 100644
--- a/src/core/lib/channel/channel_args.c
+++ b/src/core/lib/channel/channel_args.c
@@ -132,7 +132,8 @@ grpc_channel_args *grpc_channel_args_normalize(const grpc_channel_args *a) {
for (size_t i = 0; i < a->num_args; i++) {
args[i] = &a->args[i];
}
- qsort(args, a->num_args, sizeof(grpc_arg *), cmp_key_stable);
+ if (a->num_args > 1)
+ qsort(args, a->num_args, sizeof(grpc_arg *), cmp_key_stable);
grpc_channel_args *b = gpr_malloc(sizeof(grpc_channel_args));
b->num_args = a->num_args;
diff --git a/src/core/lib/compression/compression_algorithm.c b/src/core/lib/compression/compression_algorithm.c
index 7039364b7bcbb5b2c0896802b047aa6d6b1eee41..820871d579bf590f3691e0bb4c9729fcfd54fa64 100644
--- a/src/core/lib/compression/compression_algorithm.c
+++ b/src/core/lib/compression/compression_algorithm.c
@@ -199,5 +199,6 @@ void grpc_compression_options_disable_algorithm(
int grpc_compression_options_is_algorithm_enabled(
const grpc_compression_options *opts,
grpc_compression_algorithm algorithm) {
+ if (algorithm >= GRPC_COMPRESS_ALGORITHMS_COUNT) return 0;
return GPR_BITGET(opts->enabled_algorithms_bitset, algorithm);
}
diff --git a/src/core/lib/http/httpcli_security_connector.c b/src/core/lib/http/httpcli_security_connector.c
index ea4bff30d4b245a052d3c9f569a88f4fc0436ebe..559092896849b44c70953cc92caa869c300e30f2 100644
--- a/src/core/lib/http/httpcli_security_connector.c
+++ b/src/core/lib/http/httpcli_security_connector.c
@@ -38,7 +38,7 @@
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
-#include "src/core/lib/security/handshake.h"
+#include "src/core/lib/security/transport/handshake.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/tsi/ssl_transport_security.h"
diff --git a/src/core/lib/security/security_context.c b/src/core/lib/security/context/security_context.c
similarity index 99%
rename from src/core/lib/security/security_context.c
rename to src/core/lib/security/context/security_context.c
index 343e0b5b8b11cf1eef285497e6c112c70ed5f997..127b13ee50382a5faf45a113b98107086a0397b7 100644
--- a/src/core/lib/security/security_context.c
+++ b/src/core/lib/security/context/security_context.c
@@ -33,7 +33,7 @@
#include <string.h>
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/surface/api_trace.h"
#include "src/core/lib/surface/call.h"
diff --git a/src/core/lib/security/security_context.h b/src/core/lib/security/context/security_context.h
similarity index 94%
rename from src/core/lib/security/security_context.h
rename to src/core/lib/security/context/security_context.h
index 81161ec47dee41c1d66d13308d0470533093a7b0..ef0c06b1fb65842d3a814979e3f34595b5dfb343 100644
--- a/src/core/lib/security/security_context.h
+++ b/src/core/lib/security/context/security_context.h
@@ -31,11 +31,11 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONTEXT_H
-#define GRPC_CORE_LIB_SECURITY_SECURITY_CONTEXT_H
+#ifndef GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H
+#define GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H
#include "src/core/lib/iomgr/pollset.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
/* --- grpc_auth_context ---
@@ -111,4 +111,4 @@ grpc_auth_context *grpc_auth_context_from_arg(const grpc_arg *arg);
grpc_auth_context *grpc_find_auth_context_in_args(
const grpc_channel_args *args);
-#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONTEXT_H */
+#endif /* GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H */
diff --git a/src/core/lib/security/credentials.c b/src/core/lib/security/credentials.c
deleted file mode 100644
index fd5ad3589b78ddf44692aaa652cbe05154e932a5..0000000000000000000000000000000000000000
--- a/src/core/lib/security/credentials.c
+++ /dev/null
@@ -1,1296 +0,0 @@
-/*
- *
- * Copyright 2015, Google Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following disclaimer
- * in the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Google Inc. nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "src/core/lib/security/credentials.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/channel/http_client_filter.h"
-#include "src/core/lib/http/httpcli.h"
-#include "src/core/lib/http/parser.h"
-#include "src/core/lib/iomgr/executor.h"
-#include "src/core/lib/json/json.h"
-#include "src/core/lib/support/string.h"
-#include "src/core/lib/surface/api_trace.h"
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-#include <grpc/support/string_util.h>
-#include <grpc/support/sync.h>
-#include <grpc/support/time.h>
-
-/* -- Common. -- */
-
-struct grpc_credentials_metadata_request {
- grpc_call_credentials *creds;
- grpc_credentials_metadata_cb cb;
- void *user_data;
-};
-
-static grpc_credentials_metadata_request *
-grpc_credentials_metadata_request_create(grpc_call_credentials *creds,
- grpc_credentials_metadata_cb cb,
- void *user_data) {
- grpc_credentials_metadata_request *r =
- gpr_malloc(sizeof(grpc_credentials_metadata_request));
- r->creds = grpc_call_credentials_ref(creds);
- r->cb = cb;
- r->user_data = user_data;
- return r;
-}
-
-static void grpc_credentials_metadata_request_destroy(
- grpc_credentials_metadata_request *r) {
- grpc_call_credentials_unref(r->creds);
- gpr_free(r);
-}
-
-grpc_channel_credentials *grpc_channel_credentials_ref(
- grpc_channel_credentials *creds) {
- if (creds == NULL) return NULL;
- gpr_ref(&creds->refcount);
- return creds;
-}
-
-void grpc_channel_credentials_unref(grpc_channel_credentials *creds) {
- if (creds == NULL) return;
- if (gpr_unref(&creds->refcount)) {
- if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
- gpr_free(creds);
- }
-}
-
-void grpc_channel_credentials_release(grpc_channel_credentials *creds) {
- GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds));
- grpc_channel_credentials_unref(creds);
-}
-
-grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) {
- if (creds == NULL) return NULL;
- gpr_ref(&creds->refcount);
- return creds;
-}
-
-void grpc_call_credentials_unref(grpc_call_credentials *creds) {
- if (creds == NULL) return;
- if (gpr_unref(&creds->refcount)) {
- if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
- gpr_free(creds);
- }
-}
-
-void grpc_call_credentials_release(grpc_call_credentials *creds) {
- GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds));
- grpc_call_credentials_unref(creds);
-}
-
-void grpc_call_credentials_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- if (creds == NULL || creds->vtable->get_request_metadata == NULL) {
- if (cb != NULL) {
- cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
- }
- return;
- }
- creds->vtable->get_request_metadata(exec_ctx, creds, pollset, context, cb,
- user_data);
-}
-
-grpc_security_status grpc_channel_credentials_create_security_connector(
- grpc_channel_credentials *channel_creds, const char *target,
- const grpc_channel_args *args, grpc_channel_security_connector **sc,
- grpc_channel_args **new_args) {
- *new_args = NULL;
- if (channel_creds == NULL) {
- return GRPC_SECURITY_ERROR;
- }
- GPR_ASSERT(channel_creds->vtable->create_security_connector != NULL);
- return channel_creds->vtable->create_security_connector(
- channel_creds, NULL, target, args, sc, new_args);
-}
-
-grpc_server_credentials *grpc_server_credentials_ref(
- grpc_server_credentials *creds) {
- if (creds == NULL) return NULL;
- gpr_ref(&creds->refcount);
- return creds;
-}
-
-void grpc_server_credentials_unref(grpc_server_credentials *creds) {
- if (creds == NULL) return;
- if (gpr_unref(&creds->refcount)) {
- if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
- if (creds->processor.destroy != NULL && creds->processor.state != NULL) {
- creds->processor.destroy(creds->processor.state);
- }
- gpr_free(creds);
- }
-}
-
-void grpc_server_credentials_release(grpc_server_credentials *creds) {
- GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds));
- grpc_server_credentials_unref(creds);
-}
-
-grpc_security_status grpc_server_credentials_create_security_connector(
- grpc_server_credentials *creds, grpc_server_security_connector **sc) {
- if (creds == NULL || creds->vtable->create_security_connector == NULL) {
- gpr_log(GPR_ERROR, "Server credentials cannot create security context.");
- return GRPC_SECURITY_ERROR;
- }
- return creds->vtable->create_security_connector(creds, sc);
-}
-
-void grpc_server_credentials_set_auth_metadata_processor(
- grpc_server_credentials *creds, grpc_auth_metadata_processor processor) {
- GRPC_API_TRACE(
- "grpc_server_credentials_set_auth_metadata_processor("
- "creds=%p, "
- "processor=grpc_auth_metadata_processor { process: %p, state: %p })",
- 3, (creds, (void *)(intptr_t)processor.process, processor.state));
- if (creds == NULL) return;
- if (creds->processor.destroy != NULL && creds->processor.state != NULL) {
- creds->processor.destroy(creds->processor.state);
- }
- creds->processor = processor;
-}
-
-static void server_credentials_pointer_arg_destroy(void *p) {
- grpc_server_credentials_unref(p);
-}
-
-static void *server_credentials_pointer_arg_copy(void *p) {
- return grpc_server_credentials_ref(p);
-}
-
-static int server_credentials_pointer_cmp(void *a, void *b) {
- return GPR_ICMP(a, b);
-}
-
-static const grpc_arg_pointer_vtable cred_ptr_vtable = {
- server_credentials_pointer_arg_copy, server_credentials_pointer_arg_destroy,
- server_credentials_pointer_cmp};
-
-grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials *p) {
- grpc_arg arg;
- memset(&arg, 0, sizeof(grpc_arg));
- arg.type = GRPC_ARG_POINTER;
- arg.key = GRPC_SERVER_CREDENTIALS_ARG;
- arg.value.pointer.p = p;
- arg.value.pointer.vtable = &cred_ptr_vtable;
- return arg;
-}
-
-grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg) {
- if (strcmp(arg->key, GRPC_SERVER_CREDENTIALS_ARG) != 0) return NULL;
- if (arg->type != GRPC_ARG_POINTER) {
- gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
- GRPC_SERVER_CREDENTIALS_ARG);
- return NULL;
- }
- return arg->value.pointer.p;
-}
-
-grpc_server_credentials *grpc_find_server_credentials_in_args(
- const grpc_channel_args *args) {
- size_t i;
- if (args == NULL) return NULL;
- for (i = 0; i < args->num_args; i++) {
- grpc_server_credentials *p =
- grpc_server_credentials_from_arg(&args->args[i]);
- if (p != NULL) return p;
- }
- return NULL;
-}
-
-/* -- Ssl credentials. -- */
-
-static void ssl_destruct(grpc_channel_credentials *creds) {
- grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
- if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
- if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key);
- if (c->config.pem_cert_chain != NULL) gpr_free(c->config.pem_cert_chain);
-}
-
-static void ssl_server_destruct(grpc_server_credentials *creds) {
- grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
- size_t i;
- for (i = 0; i < c->config.num_key_cert_pairs; i++) {
- if (c->config.pem_private_keys[i] != NULL) {
- gpr_free(c->config.pem_private_keys[i]);
- }
- if (c->config.pem_cert_chains[i] != NULL) {
- gpr_free(c->config.pem_cert_chains[i]);
- }
- }
- if (c->config.pem_private_keys != NULL) gpr_free(c->config.pem_private_keys);
- if (c->config.pem_private_keys_sizes != NULL) {
- gpr_free(c->config.pem_private_keys_sizes);
- }
- if (c->config.pem_cert_chains != NULL) gpr_free(c->config.pem_cert_chains);
- if (c->config.pem_cert_chains_sizes != NULL) {
- gpr_free(c->config.pem_cert_chains_sizes);
- }
- if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
-}
-
-static grpc_security_status ssl_create_security_connector(
- grpc_channel_credentials *creds, grpc_call_credentials *call_creds,
- const char *target, const grpc_channel_args *args,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
- grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
- grpc_security_status status = GRPC_SECURITY_OK;
- size_t i = 0;
- const char *overridden_target_name = NULL;
- grpc_arg new_arg;
-
- for (i = 0; args && i < args->num_args; i++) {
- grpc_arg *arg = &args->args[i];
- if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 &&
- arg->type == GRPC_ARG_STRING) {
- overridden_target_name = arg->value.string;
- break;
- }
- }
- status = grpc_ssl_channel_security_connector_create(
- call_creds, &c->config, target, overridden_target_name, sc);
- if (status != GRPC_SECURITY_OK) {
- return status;
- }
- new_arg.type = GRPC_ARG_STRING;
- new_arg.key = GRPC_ARG_HTTP2_SCHEME;
- new_arg.value.string = "https";
- *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1);
- return status;
-}
-
-static grpc_security_status ssl_server_create_security_connector(
- grpc_server_credentials *creds, grpc_server_security_connector **sc) {
- grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
- return grpc_ssl_server_security_connector_create(&c->config, sc);
-}
-
-static grpc_channel_credentials_vtable ssl_vtable = {
- ssl_destruct, ssl_create_security_connector};
-
-static grpc_server_credentials_vtable ssl_server_vtable = {
- ssl_server_destruct, ssl_server_create_security_connector};
-
-static void ssl_copy_key_material(const char *input, unsigned char **output,
- size_t *output_size) {
- *output_size = strlen(input);
- *output = gpr_malloc(*output_size);
- memcpy(*output, input, *output_size);
-}
-
-static void ssl_build_config(const char *pem_root_certs,
- grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
- grpc_ssl_config *config) {
- if (pem_root_certs != NULL) {
- ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
- &config->pem_root_certs_size);
- }
- if (pem_key_cert_pair != NULL) {
- GPR_ASSERT(pem_key_cert_pair->private_key != NULL);
- GPR_ASSERT(pem_key_cert_pair->cert_chain != NULL);
- ssl_copy_key_material(pem_key_cert_pair->private_key,
- &config->pem_private_key,
- &config->pem_private_key_size);
- ssl_copy_key_material(pem_key_cert_pair->cert_chain,
- &config->pem_cert_chain,
- &config->pem_cert_chain_size);
- }
-}
-
-static void ssl_build_server_config(
- const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
- size_t num_key_cert_pairs,
- grpc_ssl_client_certificate_request_type client_certificate_request,
- grpc_ssl_server_config *config) {
- size_t i;
- config->client_certificate_request = client_certificate_request;
- if (pem_root_certs != NULL) {
- ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
- &config->pem_root_certs_size);
- }
- if (num_key_cert_pairs > 0) {
- GPR_ASSERT(pem_key_cert_pairs != NULL);
- config->pem_private_keys =
- gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
- config->pem_cert_chains =
- gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
- config->pem_private_keys_sizes =
- gpr_malloc(num_key_cert_pairs * sizeof(size_t));
- config->pem_cert_chains_sizes =
- gpr_malloc(num_key_cert_pairs * sizeof(size_t));
- }
- config->num_key_cert_pairs = num_key_cert_pairs;
- for (i = 0; i < num_key_cert_pairs; i++) {
- GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL);
- GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL);
- ssl_copy_key_material(pem_key_cert_pairs[i].private_key,
- &config->pem_private_keys[i],
- &config->pem_private_keys_sizes[i]);
- ssl_copy_key_material(pem_key_cert_pairs[i].cert_chain,
- &config->pem_cert_chains[i],
- &config->pem_cert_chains_sizes[i]);
- }
-}
-
-grpc_channel_credentials *grpc_ssl_credentials_create(
- const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
- void *reserved) {
- grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials));
- GRPC_API_TRACE(
- "grpc_ssl_credentials_create(pem_root_certs=%s, "
- "pem_key_cert_pair=%p, "
- "reserved=%p)",
- 3, (pem_root_certs, pem_key_cert_pair, reserved));
- GPR_ASSERT(reserved == NULL);
- memset(c, 0, sizeof(grpc_ssl_credentials));
- c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
- c->base.vtable = &ssl_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config);
- return &c->base;
-}
-
-grpc_server_credentials *grpc_ssl_server_credentials_create(
- const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
- size_t num_key_cert_pairs, int force_client_auth, void *reserved) {
- return grpc_ssl_server_credentials_create_ex(
- pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs,
- force_client_auth
- ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
- : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
- reserved);
-}
-
-grpc_server_credentials *grpc_ssl_server_credentials_create_ex(
- const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
- size_t num_key_cert_pairs,
- grpc_ssl_client_certificate_request_type client_certificate_request,
- void *reserved) {
- grpc_ssl_server_credentials *c =
- gpr_malloc(sizeof(grpc_ssl_server_credentials));
- GRPC_API_TRACE(
- "grpc_ssl_server_credentials_create_ex("
- "pem_root_certs=%s, pem_key_cert_pairs=%p, num_key_cert_pairs=%lu, "
- "client_certificate_request=%d, reserved=%p)",
- 5, (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs,
- client_certificate_request, reserved));
- GPR_ASSERT(reserved == NULL);
- memset(c, 0, sizeof(grpc_ssl_server_credentials));
- c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
- gpr_ref_init(&c->base.refcount, 1);
- c->base.vtable = &ssl_server_vtable;
- ssl_build_server_config(pem_root_certs, pem_key_cert_pairs,
- num_key_cert_pairs, client_certificate_request,
- &c->config);
- return &c->base;
-}
-
-/* -- Jwt credentials -- */
-
-static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) {
- if (c->cached.jwt_md != NULL) {
- grpc_credentials_md_store_unref(c->cached.jwt_md);
- c->cached.jwt_md = NULL;
- }
- if (c->cached.service_url != NULL) {
- gpr_free(c->cached.service_url);
- c->cached.service_url = NULL;
- }
- c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
-}
-
-static void jwt_destruct(grpc_call_credentials *creds) {
- grpc_service_account_jwt_access_credentials *c =
- (grpc_service_account_jwt_access_credentials *)creds;
- grpc_auth_json_key_destruct(&c->key);
- jwt_reset_cache(c);
- gpr_mu_destroy(&c->cache_mu);
-}
-
-static void jwt_get_request_metadata(grpc_exec_ctx *exec_ctx,
- grpc_call_credentials *creds,
- grpc_pollset *pollset,
- grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb,
- void *user_data) {
- grpc_service_account_jwt_access_credentials *c =
- (grpc_service_account_jwt_access_credentials *)creds;
- gpr_timespec refresh_threshold = gpr_time_from_seconds(
- GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN);
-
- /* See if we can return a cached jwt. */
- grpc_credentials_md_store *jwt_md = NULL;
- {
- gpr_mu_lock(&c->cache_mu);
- if (c->cached.service_url != NULL &&
- strcmp(c->cached.service_url, context.service_url) == 0 &&
- c->cached.jwt_md != NULL &&
- (gpr_time_cmp(gpr_time_sub(c->cached.jwt_expiration,
- gpr_now(GPR_CLOCK_REALTIME)),
- refresh_threshold) > 0)) {
- jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md);
- }
- gpr_mu_unlock(&c->cache_mu);
- }
-
- if (jwt_md == NULL) {
- char *jwt = NULL;
- /* Generate a new jwt. */
- gpr_mu_lock(&c->cache_mu);
- jwt_reset_cache(c);
- jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url,
- c->jwt_lifetime, NULL);
- if (jwt != NULL) {
- char *md_value;
- gpr_asprintf(&md_value, "Bearer %s", jwt);
- gpr_free(jwt);
- c->cached.jwt_expiration =
- gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), c->jwt_lifetime);
- c->cached.service_url = gpr_strdup(context.service_url);
- c->cached.jwt_md = grpc_credentials_md_store_create(1);
- grpc_credentials_md_store_add_cstrings(
- c->cached.jwt_md, GRPC_AUTHORIZATION_METADATA_KEY, md_value);
- gpr_free(md_value);
- jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md);
- }
- gpr_mu_unlock(&c->cache_mu);
- }
-
- if (jwt_md != NULL) {
- cb(exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries,
- GRPC_CREDENTIALS_OK);
- grpc_credentials_md_store_unref(jwt_md);
- } else {
- cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR);
- }
-}
-
-static grpc_call_credentials_vtable jwt_vtable = {jwt_destruct,
- jwt_get_request_metadata};
-
-grpc_call_credentials *
-grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
- grpc_auth_json_key key, gpr_timespec token_lifetime) {
- grpc_service_account_jwt_access_credentials *c;
- if (!grpc_auth_json_key_is_valid(&key)) {
- gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation");
- return NULL;
- }
- c = gpr_malloc(sizeof(grpc_service_account_jwt_access_credentials));
- memset(c, 0, sizeof(grpc_service_account_jwt_access_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT;
- gpr_ref_init(&c->base.refcount, 1);
- c->base.vtable = &jwt_vtable;
- c->key = key;
- c->jwt_lifetime = token_lifetime;
- gpr_mu_init(&c->cache_mu);
- jwt_reset_cache(c);
- return &c->base;
-}
-
-grpc_call_credentials *grpc_service_account_jwt_access_credentials_create(
- const char *json_key, gpr_timespec token_lifetime, void *reserved) {
- GRPC_API_TRACE(
- "grpc_service_account_jwt_access_credentials_create("
- "json_key=%s, "
- "token_lifetime="
- "gpr_timespec { tv_sec: %lld, tv_nsec: %d, clock_type: %d }, "
- "reserved=%p)",
- 5,
- (json_key, (long long)token_lifetime.tv_sec, (int)token_lifetime.tv_nsec,
- (int)token_lifetime.clock_type, reserved));
- GPR_ASSERT(reserved == NULL);
- return grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
- grpc_auth_json_key_create_from_string(json_key), token_lifetime);
-}
-
-/* -- Oauth2TokenFetcher credentials -- */
-
-static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) {
- grpc_oauth2_token_fetcher_credentials *c =
- (grpc_oauth2_token_fetcher_credentials *)creds;
- grpc_credentials_md_store_unref(c->access_token_md);
- gpr_mu_destroy(&c->mu);
- grpc_httpcli_context_destroy(&c->httpcli_context);
-}
-
-grpc_credentials_status
-grpc_oauth2_token_fetcher_credentials_parse_server_response(
- const grpc_http_response *response, grpc_credentials_md_store **token_md,
- gpr_timespec *token_lifetime) {
- char *null_terminated_body = NULL;
- char *new_access_token = NULL;
- grpc_credentials_status status = GRPC_CREDENTIALS_OK;
- grpc_json *json = NULL;
-
- if (response == NULL) {
- gpr_log(GPR_ERROR, "Received NULL response.");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
-
- if (response->body_length > 0) {
- null_terminated_body = gpr_malloc(response->body_length + 1);
- null_terminated_body[response->body_length] = '\0';
- memcpy(null_terminated_body, response->body, response->body_length);
- }
-
- if (response->status != 200) {
- gpr_log(GPR_ERROR, "Call to http server ended with error %d [%s].",
- response->status,
- null_terminated_body != NULL ? null_terminated_body : "");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- } else {
- grpc_json *access_token = NULL;
- grpc_json *token_type = NULL;
- grpc_json *expires_in = NULL;
- grpc_json *ptr;
- json = grpc_json_parse_string(null_terminated_body);
- if (json == NULL) {
- gpr_log(GPR_ERROR, "Could not parse JSON from %s", null_terminated_body);
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- if (json->type != GRPC_JSON_OBJECT) {
- gpr_log(GPR_ERROR, "Response should be a JSON object");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- for (ptr = json->child; ptr; ptr = ptr->next) {
- if (strcmp(ptr->key, "access_token") == 0) {
- access_token = ptr;
- } else if (strcmp(ptr->key, "token_type") == 0) {
- token_type = ptr;
- } else if (strcmp(ptr->key, "expires_in") == 0) {
- expires_in = ptr;
- }
- }
- if (access_token == NULL || access_token->type != GRPC_JSON_STRING) {
- gpr_log(GPR_ERROR, "Missing or invalid access_token in JSON.");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- if (token_type == NULL || token_type->type != GRPC_JSON_STRING) {
- gpr_log(GPR_ERROR, "Missing or invalid token_type in JSON.");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- if (expires_in == NULL || expires_in->type != GRPC_JSON_NUMBER) {
- gpr_log(GPR_ERROR, "Missing or invalid expires_in in JSON.");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- gpr_asprintf(&new_access_token, "%s %s", token_type->value,
- access_token->value);
- token_lifetime->tv_sec = strtol(expires_in->value, NULL, 10);
- token_lifetime->tv_nsec = 0;
- token_lifetime->clock_type = GPR_TIMESPAN;
- if (*token_md != NULL) grpc_credentials_md_store_unref(*token_md);
- *token_md = grpc_credentials_md_store_create(1);
- grpc_credentials_md_store_add_cstrings(
- *token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token);
- status = GRPC_CREDENTIALS_OK;
- }
-
-end:
- if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) {
- grpc_credentials_md_store_unref(*token_md);
- *token_md = NULL;
- }
- if (null_terminated_body != NULL) gpr_free(null_terminated_body);
- if (new_access_token != NULL) gpr_free(new_access_token);
- if (json != NULL) grpc_json_destroy(json);
- return status;
-}
-
-static void on_oauth2_token_fetcher_http_response(
- grpc_exec_ctx *exec_ctx, void *user_data,
- const grpc_http_response *response) {
- grpc_credentials_metadata_request *r =
- (grpc_credentials_metadata_request *)user_data;
- grpc_oauth2_token_fetcher_credentials *c =
- (grpc_oauth2_token_fetcher_credentials *)r->creds;
- gpr_timespec token_lifetime;
- grpc_credentials_status status;
-
- gpr_mu_lock(&c->mu);
- status = grpc_oauth2_token_fetcher_credentials_parse_server_response(
- response, &c->access_token_md, &token_lifetime);
- if (status == GRPC_CREDENTIALS_OK) {
- c->token_expiration =
- gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), token_lifetime);
- r->cb(exec_ctx, r->user_data, c->access_token_md->entries,
- c->access_token_md->num_entries, status);
- } else {
- c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
- r->cb(exec_ctx, r->user_data, NULL, 0, status);
- }
- gpr_mu_unlock(&c->mu);
- grpc_credentials_metadata_request_destroy(r);
-}
-
-static void oauth2_token_fetcher_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- grpc_oauth2_token_fetcher_credentials *c =
- (grpc_oauth2_token_fetcher_credentials *)creds;
- gpr_timespec refresh_threshold = gpr_time_from_seconds(
- GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN);
- grpc_credentials_md_store *cached_access_token_md = NULL;
- {
- gpr_mu_lock(&c->mu);
- if (c->access_token_md != NULL &&
- (gpr_time_cmp(
- gpr_time_sub(c->token_expiration, gpr_now(GPR_CLOCK_REALTIME)),
- refresh_threshold) > 0)) {
- cached_access_token_md =
- grpc_credentials_md_store_ref(c->access_token_md);
- }
- gpr_mu_unlock(&c->mu);
- }
- if (cached_access_token_md != NULL) {
- cb(exec_ctx, user_data, cached_access_token_md->entries,
- cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK);
- grpc_credentials_md_store_unref(cached_access_token_md);
- } else {
- c->fetch_func(
- exec_ctx,
- grpc_credentials_metadata_request_create(creds, cb, user_data),
- &c->httpcli_context, pollset, on_oauth2_token_fetcher_http_response,
- gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), refresh_threshold));
- }
-}
-
-static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c,
- grpc_fetch_oauth2_func fetch_func) {
- memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
- gpr_ref_init(&c->base.refcount, 1);
- gpr_mu_init(&c->mu);
- c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
- c->fetch_func = fetch_func;
- grpc_httpcli_context_init(&c->httpcli_context);
-}
-
-/* -- GoogleComputeEngine credentials. -- */
-
-static grpc_call_credentials_vtable compute_engine_vtable = {
- oauth2_token_fetcher_destruct, oauth2_token_fetcher_get_request_metadata};
-
-static void compute_engine_fetch_oauth2(
- grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
- grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
- grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
- grpc_http_header header = {"Metadata-Flavor", "Google"};
- grpc_httpcli_request request;
- memset(&request, 0, sizeof(grpc_httpcli_request));
- request.host = GRPC_COMPUTE_ENGINE_METADATA_HOST;
- request.http.path = GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH;
- request.http.hdr_count = 1;
- request.http.hdrs = &header;
- grpc_httpcli_get(exec_ctx, httpcli_context, pollset, &request, deadline,
- response_cb, metadata_req);
-}
-
-grpc_call_credentials *grpc_google_compute_engine_credentials_create(
- void *reserved) {
- grpc_oauth2_token_fetcher_credentials *c =
- gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials));
- GRPC_API_TRACE("grpc_compute_engine_credentials_create(reserved=%p)", 1,
- (reserved));
- GPR_ASSERT(reserved == NULL);
- init_oauth2_token_fetcher(c, compute_engine_fetch_oauth2);
- c->base.vtable = &compute_engine_vtable;
- return &c->base;
-}
-
-/* -- GoogleRefreshToken credentials. -- */
-
-static void refresh_token_destruct(grpc_call_credentials *creds) {
- grpc_google_refresh_token_credentials *c =
- (grpc_google_refresh_token_credentials *)creds;
- grpc_auth_refresh_token_destruct(&c->refresh_token);
- oauth2_token_fetcher_destruct(&c->base.base);
-}
-
-static grpc_call_credentials_vtable refresh_token_vtable = {
- refresh_token_destruct, oauth2_token_fetcher_get_request_metadata};
-
-static void refresh_token_fetch_oauth2(
- grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
- grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
- grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
- grpc_google_refresh_token_credentials *c =
- (grpc_google_refresh_token_credentials *)metadata_req->creds;
- grpc_http_header header = {"Content-Type",
- "application/x-www-form-urlencoded"};
- grpc_httpcli_request request;
- char *body = NULL;
- gpr_asprintf(&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING,
- c->refresh_token.client_id, c->refresh_token.client_secret,
- c->refresh_token.refresh_token);
- memset(&request, 0, sizeof(grpc_httpcli_request));
- request.host = GRPC_GOOGLE_OAUTH2_SERVICE_HOST;
- request.http.path = GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH;
- request.http.hdr_count = 1;
- request.http.hdrs = &header;
- request.handshaker = &grpc_httpcli_ssl;
- grpc_httpcli_post(exec_ctx, httpcli_context, pollset, &request, body,
- strlen(body), deadline, response_cb, metadata_req);
- gpr_free(body);
-}
-
-grpc_call_credentials *
-grpc_refresh_token_credentials_create_from_auth_refresh_token(
- grpc_auth_refresh_token refresh_token) {
- grpc_google_refresh_token_credentials *c;
- if (!grpc_auth_refresh_token_is_valid(&refresh_token)) {
- gpr_log(GPR_ERROR, "Invalid input for refresh token credentials creation");
- return NULL;
- }
- c = gpr_malloc(sizeof(grpc_google_refresh_token_credentials));
- memset(c, 0, sizeof(grpc_google_refresh_token_credentials));
- init_oauth2_token_fetcher(&c->base, refresh_token_fetch_oauth2);
- c->base.base.vtable = &refresh_token_vtable;
- c->refresh_token = refresh_token;
- return &c->base.base;
-}
-
-grpc_call_credentials *grpc_google_refresh_token_credentials_create(
- const char *json_refresh_token, void *reserved) {
- GRPC_API_TRACE(
- "grpc_refresh_token_credentials_create(json_refresh_token=%s, "
- "reserved=%p)",
- 2, (json_refresh_token, reserved));
- GPR_ASSERT(reserved == NULL);
- return grpc_refresh_token_credentials_create_from_auth_refresh_token(
- grpc_auth_refresh_token_create_from_string(json_refresh_token));
-}
-
-/* -- Metadata-only credentials. -- */
-
-static void md_only_test_destruct(grpc_call_credentials *creds) {
- grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
- grpc_credentials_md_store_unref(c->md_store);
-}
-
-static void on_simulated_token_fetch_done(grpc_exec_ctx *exec_ctx,
- void *user_data, bool success) {
- grpc_credentials_metadata_request *r =
- (grpc_credentials_metadata_request *)user_data;
- grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)r->creds;
- r->cb(exec_ctx, r->user_data, c->md_store->entries, c->md_store->num_entries,
- GRPC_CREDENTIALS_OK);
- grpc_credentials_metadata_request_destroy(r);
-}
-
-static void md_only_test_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
-
- if (c->is_async) {
- grpc_credentials_metadata_request *cb_arg =
- grpc_credentials_metadata_request_create(creds, cb, user_data);
- grpc_executor_enqueue(
- grpc_closure_create(on_simulated_token_fetch_done, cb_arg), true);
- } else {
- cb(exec_ctx, user_data, c->md_store->entries, 1, GRPC_CREDENTIALS_OK);
- }
-}
-
-static grpc_call_credentials_vtable md_only_test_vtable = {
- md_only_test_destruct, md_only_test_get_request_metadata};
-
-grpc_call_credentials *grpc_md_only_test_credentials_create(
- const char *md_key, const char *md_value, int is_async) {
- grpc_md_only_test_credentials *c =
- gpr_malloc(sizeof(grpc_md_only_test_credentials));
- memset(c, 0, sizeof(grpc_md_only_test_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
- c->base.vtable = &md_only_test_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->md_store = grpc_credentials_md_store_create(1);
- grpc_credentials_md_store_add_cstrings(c->md_store, md_key, md_value);
- c->is_async = is_async;
- return &c->base;
-}
-
-/* -- Oauth2 Access Token credentials. -- */
-
-static void access_token_destruct(grpc_call_credentials *creds) {
- grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
- grpc_credentials_md_store_unref(c->access_token_md);
-}
-
-static void access_token_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
- cb(exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK);
-}
-
-static grpc_call_credentials_vtable access_token_vtable = {
- access_token_destruct, access_token_get_request_metadata};
-
-grpc_call_credentials *grpc_access_token_credentials_create(
- const char *access_token, void *reserved) {
- grpc_access_token_credentials *c =
- gpr_malloc(sizeof(grpc_access_token_credentials));
- char *token_md_value;
- GRPC_API_TRACE(
- "grpc_access_token_credentials_create(access_token=%s, "
- "reserved=%p)",
- 2, (access_token, reserved));
- GPR_ASSERT(reserved == NULL);
- memset(c, 0, sizeof(grpc_access_token_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
- c->base.vtable = &access_token_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->access_token_md = grpc_credentials_md_store_create(1);
- gpr_asprintf(&token_md_value, "Bearer %s", access_token);
- grpc_credentials_md_store_add_cstrings(
- c->access_token_md, GRPC_AUTHORIZATION_METADATA_KEY, token_md_value);
- gpr_free(token_md_value);
- return &c->base;
-}
-
-/* -- Fake transport security credentials. -- */
-
-static grpc_security_status fake_transport_security_create_security_connector(
- grpc_channel_credentials *c, grpc_call_credentials *call_creds,
- const char *target, const grpc_channel_args *args,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
- *sc = grpc_fake_channel_security_connector_create(call_creds);
- return GRPC_SECURITY_OK;
-}
-
-static grpc_security_status
-fake_transport_security_server_create_security_connector(
- grpc_server_credentials *c, grpc_server_security_connector **sc) {
- *sc = grpc_fake_server_security_connector_create();
- return GRPC_SECURITY_OK;
-}
-
-static grpc_channel_credentials_vtable
- fake_transport_security_credentials_vtable = {
- NULL, fake_transport_security_create_security_connector};
-
-static grpc_server_credentials_vtable
- fake_transport_security_server_credentials_vtable = {
- NULL, fake_transport_security_server_create_security_connector};
-
-grpc_channel_credentials *grpc_fake_transport_security_credentials_create(
- void) {
- grpc_channel_credentials *c = gpr_malloc(sizeof(grpc_channel_credentials));
- memset(c, 0, sizeof(grpc_channel_credentials));
- c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
- c->vtable = &fake_transport_security_credentials_vtable;
- gpr_ref_init(&c->refcount, 1);
- return c;
-}
-
-grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
- void) {
- grpc_server_credentials *c = gpr_malloc(sizeof(grpc_server_credentials));
- memset(c, 0, sizeof(grpc_server_credentials));
- c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
- gpr_ref_init(&c->refcount, 1);
- c->vtable = &fake_transport_security_server_credentials_vtable;
- return c;
-}
-
-/* -- Composite call credentials. -- */
-
-typedef struct {
- grpc_composite_call_credentials *composite_creds;
- size_t creds_index;
- grpc_credentials_md_store *md_elems;
- grpc_auth_metadata_context auth_md_context;
- void *user_data;
- grpc_pollset *pollset;
- grpc_credentials_metadata_cb cb;
-} grpc_composite_call_credentials_metadata_context;
-
-static void composite_call_destruct(grpc_call_credentials *creds) {
- grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
- size_t i;
- for (i = 0; i < c->inner.num_creds; i++) {
- grpc_call_credentials_unref(c->inner.creds_array[i]);
- }
- gpr_free(c->inner.creds_array);
-}
-
-static void composite_call_md_context_destroy(
- grpc_composite_call_credentials_metadata_context *ctx) {
- grpc_credentials_md_store_unref(ctx->md_elems);
- gpr_free(ctx);
-}
-
-static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data,
- grpc_credentials_md *md_elems,
- size_t num_md,
- grpc_credentials_status status) {
- grpc_composite_call_credentials_metadata_context *ctx =
- (grpc_composite_call_credentials_metadata_context *)user_data;
- if (status != GRPC_CREDENTIALS_OK) {
- ctx->cb(exec_ctx, ctx->user_data, NULL, 0, status);
- return;
- }
-
- /* Copy the metadata in the context. */
- if (num_md > 0) {
- size_t i;
- for (i = 0; i < num_md; i++) {
- grpc_credentials_md_store_add(ctx->md_elems, md_elems[i].key,
- md_elems[i].value);
- }
- }
-
- /* See if we need to get some more metadata. */
- if (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
- grpc_call_credentials *inner_creds =
- ctx->composite_creds->inner.creds_array[ctx->creds_index++];
- grpc_call_credentials_get_request_metadata(
- exec_ctx, inner_creds, ctx->pollset, ctx->auth_md_context,
- composite_call_metadata_cb, ctx);
- return;
- }
-
- /* We're done!. */
- ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries,
- ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK);
- composite_call_md_context_destroy(ctx);
-}
-
-static void composite_call_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context auth_md_context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
- grpc_composite_call_credentials_metadata_context *ctx;
-
- ctx = gpr_malloc(sizeof(grpc_composite_call_credentials_metadata_context));
- memset(ctx, 0, sizeof(grpc_composite_call_credentials_metadata_context));
- ctx->auth_md_context = auth_md_context;
- ctx->user_data = user_data;
- ctx->cb = cb;
- ctx->composite_creds = c;
- ctx->pollset = pollset;
- ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds);
- grpc_call_credentials_get_request_metadata(
- exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset,
- auth_md_context, composite_call_metadata_cb, ctx);
-}
-
-static grpc_call_credentials_vtable composite_call_credentials_vtable = {
- composite_call_destruct, composite_call_get_request_metadata};
-
-static grpc_call_credentials_array get_creds_array(
- grpc_call_credentials **creds_addr) {
- grpc_call_credentials_array result;
- grpc_call_credentials *creds = *creds_addr;
- result.creds_array = creds_addr;
- result.num_creds = 1;
- if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
- result = *grpc_composite_call_credentials_get_credentials(creds);
- }
- return result;
-}
-
-grpc_call_credentials *grpc_composite_call_credentials_create(
- grpc_call_credentials *creds1, grpc_call_credentials *creds2,
- void *reserved) {
- size_t i;
- size_t creds_array_byte_size;
- grpc_call_credentials_array creds1_array;
- grpc_call_credentials_array creds2_array;
- grpc_composite_call_credentials *c;
- GRPC_API_TRACE(
- "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, "
- "reserved=%p)",
- 3, (creds1, creds2, reserved));
- GPR_ASSERT(reserved == NULL);
- GPR_ASSERT(creds1 != NULL);
- GPR_ASSERT(creds2 != NULL);
- c = gpr_malloc(sizeof(grpc_composite_call_credentials));
- memset(c, 0, sizeof(grpc_composite_call_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE;
- c->base.vtable = &composite_call_credentials_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- creds1_array = get_creds_array(&creds1);
- creds2_array = get_creds_array(&creds2);
- c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds;
- creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *);
- c->inner.creds_array = gpr_malloc(creds_array_byte_size);
- memset(c->inner.creds_array, 0, creds_array_byte_size);
- for (i = 0; i < creds1_array.num_creds; i++) {
- grpc_call_credentials *cur_creds = creds1_array.creds_array[i];
- c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds);
- }
- for (i = 0; i < creds2_array.num_creds; i++) {
- grpc_call_credentials *cur_creds = creds2_array.creds_array[i];
- c->inner.creds_array[i + creds1_array.num_creds] =
- grpc_call_credentials_ref(cur_creds);
- }
- return &c->base;
-}
-
-const grpc_call_credentials_array *
-grpc_composite_call_credentials_get_credentials(grpc_call_credentials *creds) {
- const grpc_composite_call_credentials *c =
- (const grpc_composite_call_credentials *)creds;
- GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0);
- return &c->inner;
-}
-
-grpc_call_credentials *grpc_credentials_contains_type(
- grpc_call_credentials *creds, const char *type,
- grpc_call_credentials **composite_creds) {
- size_t i;
- if (strcmp(creds->type, type) == 0) {
- if (composite_creds != NULL) *composite_creds = NULL;
- return creds;
- } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
- const grpc_call_credentials_array *inner_creds_array =
- grpc_composite_call_credentials_get_credentials(creds);
- for (i = 0; i < inner_creds_array->num_creds; i++) {
- if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) {
- if (composite_creds != NULL) *composite_creds = creds;
- return inner_creds_array->creds_array[i];
- }
- }
- }
- return NULL;
-}
-
-/* -- IAM credentials. -- */
-
-static void iam_destruct(grpc_call_credentials *creds) {
- grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
- grpc_credentials_md_store_unref(c->iam_md);
-}
-
-static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx,
- grpc_call_credentials *creds,
- grpc_pollset *pollset,
- grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb,
- void *user_data) {
- grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
- cb(exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries,
- GRPC_CREDENTIALS_OK);
-}
-
-static grpc_call_credentials_vtable iam_vtable = {iam_destruct,
- iam_get_request_metadata};
-
-grpc_call_credentials *grpc_google_iam_credentials_create(
- const char *token, const char *authority_selector, void *reserved) {
- grpc_google_iam_credentials *c;
- GRPC_API_TRACE(
- "grpc_iam_credentials_create(token=%s, authority_selector=%s, "
- "reserved=%p)",
- 3, (token, authority_selector, reserved));
- GPR_ASSERT(reserved == NULL);
- GPR_ASSERT(token != NULL);
- GPR_ASSERT(authority_selector != NULL);
- c = gpr_malloc(sizeof(grpc_google_iam_credentials));
- memset(c, 0, sizeof(grpc_google_iam_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_IAM;
- c->base.vtable = &iam_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->iam_md = grpc_credentials_md_store_create(2);
- grpc_credentials_md_store_add_cstrings(
- c->iam_md, GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, token);
- grpc_credentials_md_store_add_cstrings(
- c->iam_md, GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, authority_selector);
- return &c->base;
-}
-
-/* -- Plugin credentials. -- */
-
-typedef struct {
- void *user_data;
- grpc_credentials_metadata_cb cb;
-} grpc_metadata_plugin_request;
-
-static void plugin_destruct(grpc_call_credentials *creds) {
- grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
- if (c->plugin.state != NULL && c->plugin.destroy != NULL) {
- c->plugin.destroy(c->plugin.state);
- }
-}
-
-static void plugin_md_request_metadata_ready(void *request,
- const grpc_metadata *md,
- size_t num_md,
- grpc_status_code status,
- const char *error_details) {
- /* called from application code */
- grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
- grpc_metadata_plugin_request *r = (grpc_metadata_plugin_request *)request;
- if (status != GRPC_STATUS_OK) {
- if (error_details != NULL) {
- gpr_log(GPR_ERROR, "Getting metadata from plugin failed with error: %s",
- error_details);
- }
- r->cb(&exec_ctx, r->user_data, NULL, 0, GRPC_CREDENTIALS_ERROR);
- } else {
- size_t i;
- grpc_credentials_md *md_array = NULL;
- if (num_md > 0) {
- md_array = gpr_malloc(num_md * sizeof(grpc_credentials_md));
- for (i = 0; i < num_md; i++) {
- md_array[i].key = gpr_slice_from_copied_string(md[i].key);
- md_array[i].value =
- gpr_slice_from_copied_buffer(md[i].value, md[i].value_length);
- }
- }
- r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK);
- if (md_array != NULL) {
- for (i = 0; i < num_md; i++) {
- gpr_slice_unref(md_array[i].key);
- gpr_slice_unref(md_array[i].value);
- }
- gpr_free(md_array);
- }
- }
- gpr_free(r);
- grpc_exec_ctx_finish(&exec_ctx);
-}
-
-static void plugin_get_request_metadata(grpc_exec_ctx *exec_ctx,
- grpc_call_credentials *creds,
- grpc_pollset *pollset,
- grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb,
- void *user_data) {
- grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
- if (c->plugin.get_metadata != NULL) {
- grpc_metadata_plugin_request *request = gpr_malloc(sizeof(*request));
- memset(request, 0, sizeof(*request));
- request->user_data = user_data;
- request->cb = cb;
- c->plugin.get_metadata(c->plugin.state, context,
- plugin_md_request_metadata_ready, request);
- } else {
- cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
- }
-}
-
-static grpc_call_credentials_vtable plugin_vtable = {
- plugin_destruct, plugin_get_request_metadata};
-
-grpc_call_credentials *grpc_metadata_credentials_create_from_plugin(
- grpc_metadata_credentials_plugin plugin, void *reserved) {
- grpc_plugin_credentials *c = gpr_malloc(sizeof(*c));
- GRPC_API_TRACE("grpc_metadata_credentials_create_from_plugin(reserved=%p)", 1,
- (reserved));
- GPR_ASSERT(reserved == NULL);
- memset(c, 0, sizeof(*c));
- c->base.type = plugin.type;
- c->base.vtable = &plugin_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->plugin = plugin;
- return &c->base;
-}
-
-/* -- Composite channel credentials. -- */
-
-static void composite_channel_destruct(grpc_channel_credentials *creds) {
- grpc_composite_channel_credentials *c =
- (grpc_composite_channel_credentials *)creds;
- grpc_channel_credentials_unref(c->inner_creds);
- grpc_call_credentials_unref(c->call_creds);
-}
-
-static grpc_security_status composite_channel_create_security_connector(
- grpc_channel_credentials *creds, grpc_call_credentials *call_creds,
- const char *target, const grpc_channel_args *args,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
- grpc_composite_channel_credentials *c =
- (grpc_composite_channel_credentials *)creds;
- grpc_security_status status = GRPC_SECURITY_ERROR;
-
- GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL &&
- c->inner_creds->vtable != NULL &&
- c->inner_creds->vtable->create_security_connector != NULL);
- /* If we are passed a call_creds, create a call composite to pass it
- downstream. */
- if (call_creds != NULL) {
- grpc_call_credentials *composite_call_creds =
- grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL);
- status = c->inner_creds->vtable->create_security_connector(
- c->inner_creds, composite_call_creds, target, args, sc, new_args);
- grpc_call_credentials_unref(composite_call_creds);
- } else {
- status = c->inner_creds->vtable->create_security_connector(
- c->inner_creds, c->call_creds, target, args, sc, new_args);
- }
- return status;
-}
-
-static grpc_channel_credentials_vtable composite_channel_credentials_vtable = {
- composite_channel_destruct, composite_channel_create_security_connector};
-
-grpc_channel_credentials *grpc_composite_channel_credentials_create(
- grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds,
- void *reserved) {
- grpc_composite_channel_credentials *c = gpr_malloc(sizeof(*c));
- memset(c, 0, sizeof(*c));
- GPR_ASSERT(channel_creds != NULL && call_creds != NULL && reserved == NULL);
- GRPC_API_TRACE(
- "grpc_composite_channel_credentials_create(channel_creds=%p, "
- "call_creds=%p, reserved=%p)",
- 3, (channel_creds, call_creds, reserved));
- c->base.type = channel_creds->type;
- c->base.vtable = &composite_channel_credentials_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->inner_creds = grpc_channel_credentials_ref(channel_creds);
- c->call_creds = grpc_call_credentials_ref(call_creds);
- return &c->base;
-}
diff --git a/src/core/lib/security/credentials/composite/composite_credentials.c b/src/core/lib/security/credentials/composite/composite_credentials.c
new file mode 100644
index 0000000000000000000000000000000000000000..18189a8fb8c75cb3636d5ed26faee870dafc3dbf
--- /dev/null
+++ b/src/core/lib/security/credentials/composite/composite_credentials.c
@@ -0,0 +1,262 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/composite/composite_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+
+/* -- Composite call credentials. -- */
+
+typedef struct {
+ grpc_composite_call_credentials *composite_creds;
+ size_t creds_index;
+ grpc_credentials_md_store *md_elems;
+ grpc_auth_metadata_context auth_md_context;
+ void *user_data;
+ grpc_pollset *pollset;
+ grpc_credentials_metadata_cb cb;
+} grpc_composite_call_credentials_metadata_context;
+
+static void composite_call_destruct(grpc_call_credentials *creds) {
+ grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
+ size_t i;
+ for (i = 0; i < c->inner.num_creds; i++) {
+ grpc_call_credentials_unref(c->inner.creds_array[i]);
+ }
+ gpr_free(c->inner.creds_array);
+}
+
+static void composite_call_md_context_destroy(
+ grpc_composite_call_credentials_metadata_context *ctx) {
+ grpc_credentials_md_store_unref(ctx->md_elems);
+ gpr_free(ctx);
+}
+
+static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data,
+ grpc_credentials_md *md_elems,
+ size_t num_md,
+ grpc_credentials_status status) {
+ grpc_composite_call_credentials_metadata_context *ctx =
+ (grpc_composite_call_credentials_metadata_context *)user_data;
+ if (status != GRPC_CREDENTIALS_OK) {
+ ctx->cb(exec_ctx, ctx->user_data, NULL, 0, status);
+ return;
+ }
+
+ /* Copy the metadata in the context. */
+ if (num_md > 0) {
+ size_t i;
+ for (i = 0; i < num_md; i++) {
+ grpc_credentials_md_store_add(ctx->md_elems, md_elems[i].key,
+ md_elems[i].value);
+ }
+ }
+
+ /* See if we need to get some more metadata. */
+ if (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
+ grpc_call_credentials *inner_creds =
+ ctx->composite_creds->inner.creds_array[ctx->creds_index++];
+ grpc_call_credentials_get_request_metadata(
+ exec_ctx, inner_creds, ctx->pollset, ctx->auth_md_context,
+ composite_call_metadata_cb, ctx);
+ return;
+ }
+
+ /* We're done!. */
+ ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries,
+ ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK);
+ composite_call_md_context_destroy(ctx);
+}
+
+static void composite_call_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context auth_md_context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
+ grpc_composite_call_credentials_metadata_context *ctx;
+
+ ctx = gpr_malloc(sizeof(grpc_composite_call_credentials_metadata_context));
+ memset(ctx, 0, sizeof(grpc_composite_call_credentials_metadata_context));
+ ctx->auth_md_context = auth_md_context;
+ ctx->user_data = user_data;
+ ctx->cb = cb;
+ ctx->composite_creds = c;
+ ctx->pollset = pollset;
+ ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds);
+ grpc_call_credentials_get_request_metadata(
+ exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset,
+ auth_md_context, composite_call_metadata_cb, ctx);
+}
+
+static grpc_call_credentials_vtable composite_call_credentials_vtable = {
+ composite_call_destruct, composite_call_get_request_metadata};
+
+static grpc_call_credentials_array get_creds_array(
+ grpc_call_credentials **creds_addr) {
+ grpc_call_credentials_array result;
+ grpc_call_credentials *creds = *creds_addr;
+ result.creds_array = creds_addr;
+ result.num_creds = 1;
+ if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
+ result = *grpc_composite_call_credentials_get_credentials(creds);
+ }
+ return result;
+}
+
+grpc_call_credentials *grpc_composite_call_credentials_create(
+ grpc_call_credentials *creds1, grpc_call_credentials *creds2,
+ void *reserved) {
+ size_t i;
+ size_t creds_array_byte_size;
+ grpc_call_credentials_array creds1_array;
+ grpc_call_credentials_array creds2_array;
+ grpc_composite_call_credentials *c;
+ GRPC_API_TRACE(
+ "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, "
+ "reserved=%p)",
+ 3, (creds1, creds2, reserved));
+ GPR_ASSERT(reserved == NULL);
+ GPR_ASSERT(creds1 != NULL);
+ GPR_ASSERT(creds2 != NULL);
+ c = gpr_malloc(sizeof(grpc_composite_call_credentials));
+ memset(c, 0, sizeof(grpc_composite_call_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE;
+ c->base.vtable = &composite_call_credentials_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ creds1_array = get_creds_array(&creds1);
+ creds2_array = get_creds_array(&creds2);
+ c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds;
+ creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *);
+ c->inner.creds_array = gpr_malloc(creds_array_byte_size);
+ memset(c->inner.creds_array, 0, creds_array_byte_size);
+ for (i = 0; i < creds1_array.num_creds; i++) {
+ grpc_call_credentials *cur_creds = creds1_array.creds_array[i];
+ c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds);
+ }
+ for (i = 0; i < creds2_array.num_creds; i++) {
+ grpc_call_credentials *cur_creds = creds2_array.creds_array[i];
+ c->inner.creds_array[i + creds1_array.num_creds] =
+ grpc_call_credentials_ref(cur_creds);
+ }
+ return &c->base;
+}
+
+const grpc_call_credentials_array *
+grpc_composite_call_credentials_get_credentials(grpc_call_credentials *creds) {
+ const grpc_composite_call_credentials *c =
+ (const grpc_composite_call_credentials *)creds;
+ GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0);
+ return &c->inner;
+}
+
+grpc_call_credentials *grpc_credentials_contains_type(
+ grpc_call_credentials *creds, const char *type,
+ grpc_call_credentials **composite_creds) {
+ size_t i;
+ if (strcmp(creds->type, type) == 0) {
+ if (composite_creds != NULL) *composite_creds = NULL;
+ return creds;
+ } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
+ const grpc_call_credentials_array *inner_creds_array =
+ grpc_composite_call_credentials_get_credentials(creds);
+ for (i = 0; i < inner_creds_array->num_creds; i++) {
+ if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) {
+ if (composite_creds != NULL) *composite_creds = creds;
+ return inner_creds_array->creds_array[i];
+ }
+ }
+ }
+ return NULL;
+}
+
+/* -- Composite channel credentials. -- */
+
+static void composite_channel_destruct(grpc_channel_credentials *creds) {
+ grpc_composite_channel_credentials *c =
+ (grpc_composite_channel_credentials *)creds;
+ grpc_channel_credentials_unref(c->inner_creds);
+ grpc_call_credentials_unref(c->call_creds);
+}
+
+static grpc_security_status composite_channel_create_security_connector(
+ grpc_channel_credentials *creds, grpc_call_credentials *call_creds,
+ const char *target, const grpc_channel_args *args,
+ grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
+ grpc_composite_channel_credentials *c =
+ (grpc_composite_channel_credentials *)creds;
+ grpc_security_status status = GRPC_SECURITY_ERROR;
+
+ GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL &&
+ c->inner_creds->vtable != NULL &&
+ c->inner_creds->vtable->create_security_connector != NULL);
+ /* If we are passed a call_creds, create a call composite to pass it
+ downstream. */
+ if (call_creds != NULL) {
+ grpc_call_credentials *composite_call_creds =
+ grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL);
+ status = c->inner_creds->vtable->create_security_connector(
+ c->inner_creds, composite_call_creds, target, args, sc, new_args);
+ grpc_call_credentials_unref(composite_call_creds);
+ } else {
+ status = c->inner_creds->vtable->create_security_connector(
+ c->inner_creds, c->call_creds, target, args, sc, new_args);
+ }
+ return status;
+}
+
+static grpc_channel_credentials_vtable composite_channel_credentials_vtable = {
+ composite_channel_destruct, composite_channel_create_security_connector};
+
+grpc_channel_credentials *grpc_composite_channel_credentials_create(
+ grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds,
+ void *reserved) {
+ grpc_composite_channel_credentials *c = gpr_malloc(sizeof(*c));
+ memset(c, 0, sizeof(*c));
+ GPR_ASSERT(channel_creds != NULL && call_creds != NULL && reserved == NULL);
+ GRPC_API_TRACE(
+ "grpc_composite_channel_credentials_create(channel_creds=%p, "
+ "call_creds=%p, reserved=%p)",
+ 3, (channel_creds, call_creds, reserved));
+ c->base.type = channel_creds->type;
+ c->base.vtable = &composite_channel_credentials_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->inner_creds = grpc_channel_credentials_ref(channel_creds);
+ c->call_creds = grpc_call_credentials_ref(call_creds);
+ return &c->base;
+}
diff --git a/src/core/lib/security/credentials/composite/composite_credentials.h b/src/core/lib/security/credentials/composite/composite_credentials.h
new file mode 100644
index 0000000000000000000000000000000000000000..0d8966f464d331c795f0e31eab4f3916b5a59bc9
--- /dev/null
+++ b/src/core/lib/security/credentials/composite/composite_credentials.h
@@ -0,0 +1,72 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_COMPOSITE_COMPOSITE_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_COMPOSITE_COMPOSITE_CREDENTIALS_H
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+typedef struct {
+ grpc_call_credentials **creds_array;
+ size_t num_creds;
+} grpc_call_credentials_array;
+
+const grpc_call_credentials_array *
+grpc_composite_call_credentials_get_credentials(
+ grpc_call_credentials *composite_creds);
+
+/* Returns creds if creds is of the specified type or the inner creds of the
+ specified type (if found), if the creds is of type COMPOSITE.
+ If composite_creds is not NULL, *composite_creds will point to creds if of
+ type COMPOSITE in case of success. */
+grpc_call_credentials *grpc_credentials_contains_type(
+ grpc_call_credentials *creds, const char *type,
+ grpc_call_credentials **composite_creds);
+
+/* -- Channel composite credentials. -- */
+
+typedef struct {
+ grpc_channel_credentials base;
+ grpc_channel_credentials *inner_creds;
+ grpc_call_credentials *call_creds;
+} grpc_composite_channel_credentials;
+
+/* -- Composite credentials. -- */
+
+typedef struct {
+ grpc_call_credentials base;
+ grpc_call_credentials_array inner;
+} grpc_composite_call_credentials;
+
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_COMPOSITE_COMPOSITE_CREDENTIALS_H \
+ */
diff --git a/src/core/lib/security/credentials/credentials.c b/src/core/lib/security/credentials/credentials.c
new file mode 100644
index 0000000000000000000000000000000000000000..3dde6e587ded2837ed97b1c5638d0e5bef527ae9
--- /dev/null
+++ b/src/core/lib/security/credentials/credentials.c
@@ -0,0 +1,231 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#include "src/core/lib/channel/channel_args.h"
+#include "src/core/lib/channel/http_client_filter.h"
+#include "src/core/lib/http/httpcli.h"
+#include "src/core/lib/http/parser.h"
+#include "src/core/lib/iomgr/executor.h"
+#include "src/core/lib/json/json.h"
+#include "src/core/lib/support/string.h"
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+#include <grpc/support/sync.h>
+#include <grpc/support/time.h>
+
+/* -- Common. -- */
+
+grpc_credentials_metadata_request *grpc_credentials_metadata_request_create(
+ grpc_call_credentials *creds, grpc_credentials_metadata_cb cb,
+ void *user_data) {
+ grpc_credentials_metadata_request *r =
+ gpr_malloc(sizeof(grpc_credentials_metadata_request));
+ r->creds = grpc_call_credentials_ref(creds);
+ r->cb = cb;
+ r->user_data = user_data;
+ return r;
+}
+
+void grpc_credentials_metadata_request_destroy(
+ grpc_credentials_metadata_request *r) {
+ grpc_call_credentials_unref(r->creds);
+ gpr_free(r);
+}
+
+grpc_channel_credentials *grpc_channel_credentials_ref(
+ grpc_channel_credentials *creds) {
+ if (creds == NULL) return NULL;
+ gpr_ref(&creds->refcount);
+ return creds;
+}
+
+void grpc_channel_credentials_unref(grpc_channel_credentials *creds) {
+ if (creds == NULL) return;
+ if (gpr_unref(&creds->refcount)) {
+ if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
+ gpr_free(creds);
+ }
+}
+
+void grpc_channel_credentials_release(grpc_channel_credentials *creds) {
+ GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds));
+ grpc_channel_credentials_unref(creds);
+}
+
+grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) {
+ if (creds == NULL) return NULL;
+ gpr_ref(&creds->refcount);
+ return creds;
+}
+
+void grpc_call_credentials_unref(grpc_call_credentials *creds) {
+ if (creds == NULL) return;
+ if (gpr_unref(&creds->refcount)) {
+ if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
+ gpr_free(creds);
+ }
+}
+
+void grpc_call_credentials_release(grpc_call_credentials *creds) {
+ GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds));
+ grpc_call_credentials_unref(creds);
+}
+
+void grpc_call_credentials_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ if (creds == NULL || creds->vtable->get_request_metadata == NULL) {
+ if (cb != NULL) {
+ cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
+ }
+ return;
+ }
+ creds->vtable->get_request_metadata(exec_ctx, creds, pollset, context, cb,
+ user_data);
+}
+
+grpc_security_status grpc_channel_credentials_create_security_connector(
+ grpc_channel_credentials *channel_creds, const char *target,
+ const grpc_channel_args *args, grpc_channel_security_connector **sc,
+ grpc_channel_args **new_args) {
+ *new_args = NULL;
+ if (channel_creds == NULL) {
+ return GRPC_SECURITY_ERROR;
+ }
+ GPR_ASSERT(channel_creds->vtable->create_security_connector != NULL);
+ return channel_creds->vtable->create_security_connector(
+ channel_creds, NULL, target, args, sc, new_args);
+}
+
+grpc_server_credentials *grpc_server_credentials_ref(
+ grpc_server_credentials *creds) {
+ if (creds == NULL) return NULL;
+ gpr_ref(&creds->refcount);
+ return creds;
+}
+
+void grpc_server_credentials_unref(grpc_server_credentials *creds) {
+ if (creds == NULL) return;
+ if (gpr_unref(&creds->refcount)) {
+ if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
+ if (creds->processor.destroy != NULL && creds->processor.state != NULL) {
+ creds->processor.destroy(creds->processor.state);
+ }
+ gpr_free(creds);
+ }
+}
+
+void grpc_server_credentials_release(grpc_server_credentials *creds) {
+ GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds));
+ grpc_server_credentials_unref(creds);
+}
+
+grpc_security_status grpc_server_credentials_create_security_connector(
+ grpc_server_credentials *creds, grpc_server_security_connector **sc) {
+ if (creds == NULL || creds->vtable->create_security_connector == NULL) {
+ gpr_log(GPR_ERROR, "Server credentials cannot create security context.");
+ return GRPC_SECURITY_ERROR;
+ }
+ return creds->vtable->create_security_connector(creds, sc);
+}
+
+void grpc_server_credentials_set_auth_metadata_processor(
+ grpc_server_credentials *creds, grpc_auth_metadata_processor processor) {
+ GRPC_API_TRACE(
+ "grpc_server_credentials_set_auth_metadata_processor("
+ "creds=%p, "
+ "processor=grpc_auth_metadata_processor { process: %p, state: %p })",
+ 3, (creds, (void *)(intptr_t)processor.process, processor.state));
+ if (creds == NULL) return;
+ if (creds->processor.destroy != NULL && creds->processor.state != NULL) {
+ creds->processor.destroy(creds->processor.state);
+ }
+ creds->processor = processor;
+}
+
+static void server_credentials_pointer_arg_destroy(void *p) {
+ grpc_server_credentials_unref(p);
+}
+
+static void *server_credentials_pointer_arg_copy(void *p) {
+ return grpc_server_credentials_ref(p);
+}
+
+static int server_credentials_pointer_cmp(void *a, void *b) {
+ return GPR_ICMP(a, b);
+}
+
+static const grpc_arg_pointer_vtable cred_ptr_vtable = {
+ server_credentials_pointer_arg_copy, server_credentials_pointer_arg_destroy,
+ server_credentials_pointer_cmp};
+
+grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials *p) {
+ grpc_arg arg;
+ memset(&arg, 0, sizeof(grpc_arg));
+ arg.type = GRPC_ARG_POINTER;
+ arg.key = GRPC_SERVER_CREDENTIALS_ARG;
+ arg.value.pointer.p = p;
+ arg.value.pointer.vtable = &cred_ptr_vtable;
+ return arg;
+}
+
+grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg) {
+ if (strcmp(arg->key, GRPC_SERVER_CREDENTIALS_ARG) != 0) return NULL;
+ if (arg->type != GRPC_ARG_POINTER) {
+ gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
+ GRPC_SERVER_CREDENTIALS_ARG);
+ return NULL;
+ }
+ return arg->value.pointer.p;
+}
+
+grpc_server_credentials *grpc_find_server_credentials_in_args(
+ const grpc_channel_args *args) {
+ size_t i;
+ if (args == NULL) return NULL;
+ for (i = 0; i < args->num_args; i++) {
+ grpc_server_credentials *p =
+ grpc_server_credentials_from_arg(&args->args[i]);
+ if (p != NULL) return p;
+ }
+ return NULL;
+}
diff --git a/src/core/lib/security/credentials.h b/src/core/lib/security/credentials/credentials.h
similarity index 62%
rename from src/core/lib/security/credentials.h
rename to src/core/lib/security/credentials/credentials.h
index 0373ceaa3fc5c3157fe752967e9d1797bd0b787e..5f44c7c3e30d22cb867318904a7b449c364d8e7c 100644
--- a/src/core/lib/security/credentials.h
+++ b/src/core/lib/security/credentials/credentials.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_H
-#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H
#include <grpc/grpc.h>
#include <grpc/grpc_security.h>
@@ -41,8 +41,7 @@
#include "src/core/lib/http/httpcli.h"
#include "src/core/lib/http/parser.h"
-#include "src/core/lib/security/json_token.h"
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/transport/security_connector.h"
struct grpc_http_response;
@@ -69,10 +68,6 @@ typedef enum {
"x-goog-iam-authorization-token"
#define GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY "x-goog-iam-authority-selector"
-#define GRPC_GOOGLE_CLOUD_SDK_CONFIG_DIRECTORY "gcloud"
-#define GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE \
- "application_default_credentials.json"
-
#define GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS 60
#define GRPC_COMPUTE_ENGINE_METADATA_HOST "metadata"
@@ -188,48 +183,11 @@ void grpc_call_credentials_get_request_metadata(
grpc_pollset *pollset, grpc_auth_metadata_context context,
grpc_credentials_metadata_cb cb, void *user_data);
-typedef struct {
- grpc_call_credentials **creds_array;
- size_t num_creds;
-} grpc_call_credentials_array;
-
-const grpc_call_credentials_array *
-grpc_composite_call_credentials_get_credentials(
- grpc_call_credentials *composite_creds);
-
-/* Returns creds if creds is of the specified type or the inner creds of the
- specified type (if found), if the creds is of type COMPOSITE.
- If composite_creds is not NULL, *composite_creds will point to creds if of
- type COMPOSITE in case of success. */
-grpc_call_credentials *grpc_credentials_contains_type(
- grpc_call_credentials *creds, const char *type,
- grpc_call_credentials **composite_creds);
-
-/* Exposed for testing only. */
-grpc_credentials_status
-grpc_oauth2_token_fetcher_credentials_parse_server_response(
- const struct grpc_http_response *response,
- grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime);
-
-void grpc_flush_cached_google_default_credentials(void);
-
/* Metadata-only credentials with the specified key and value where
asynchronicity can be simulated for testing. */
grpc_call_credentials *grpc_md_only_test_credentials_create(
const char *md_key, const char *md_value, int is_async);
-/* Private constructor for jwt credentials from an already parsed json key.
- Takes ownership of the key. */
-grpc_call_credentials *
-grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
- grpc_auth_json_key key, gpr_timespec token_lifetime);
-
-/* Private constructor for refresh token credentials from an already parsed
- refresh token. Takes ownership of the refresh token. */
-grpc_call_credentials *
-grpc_refresh_token_credentials_create_from_auth_refresh_token(
- grpc_auth_refresh_token token);
-
/* --- grpc_server_credentials. --- */
typedef struct {
@@ -260,118 +218,19 @@ grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg);
grpc_server_credentials *grpc_find_server_credentials_in_args(
const grpc_channel_args *args);
-/* -- Fake transport security credentials. -- */
-
-/* Creates a fake transport security credentials object for testing. */
-grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void);
-/* Creates a fake server transport security credentials object for testing. */
-grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
- void);
-
-/* -- Ssl credentials. -- */
-
-typedef struct {
- grpc_channel_credentials base;
- grpc_ssl_config config;
-} grpc_ssl_credentials;
-
-typedef struct {
- grpc_server_credentials base;
- grpc_ssl_server_config config;
-} grpc_ssl_server_credentials;
-
-/* -- Channel composite credentials. -- */
-
-typedef struct {
- grpc_channel_credentials base;
- grpc_channel_credentials *inner_creds;
- grpc_call_credentials *call_creds;
-} grpc_composite_channel_credentials;
-
-/* -- Jwt credentials -- */
+/* -- Credentials Metadata Request. -- */
typedef struct {
- grpc_call_credentials base;
-
- /* Have a simple cache for now with just 1 entry. We could have a map based on
- the service_url for a more sophisticated one. */
- gpr_mu cache_mu;
- struct {
- grpc_credentials_md_store *jwt_md;
- char *service_url;
- gpr_timespec jwt_expiration;
- } cached;
-
- grpc_auth_json_key key;
- gpr_timespec jwt_lifetime;
-} grpc_service_account_jwt_access_credentials;
-
-/* -- Oauth2TokenFetcher credentials --
-
- This object is a base for credentials that need to acquire an oauth2 token
- from an http service. */
-
-typedef struct grpc_credentials_metadata_request
- grpc_credentials_metadata_request;
+ grpc_call_credentials *creds;
+ grpc_credentials_metadata_cb cb;
+ void *user_data;
+} grpc_credentials_metadata_request;
-typedef void (*grpc_fetch_oauth2_func)(grpc_exec_ctx *exec_ctx,
- grpc_credentials_metadata_request *req,
- grpc_httpcli_context *http_context,
- grpc_pollset *pollset,
- grpc_httpcli_response_cb response_cb,
- gpr_timespec deadline);
+grpc_credentials_metadata_request *grpc_credentials_metadata_request_create(
+ grpc_call_credentials *creds, grpc_credentials_metadata_cb cb,
+ void *user_data);
-typedef struct {
- grpc_call_credentials base;
- gpr_mu mu;
- grpc_credentials_md_store *access_token_md;
- gpr_timespec token_expiration;
- grpc_httpcli_context httpcli_context;
- grpc_fetch_oauth2_func fetch_func;
-} grpc_oauth2_token_fetcher_credentials;
-
-/* -- GoogleRefreshToken credentials. -- */
-
-typedef struct {
- grpc_oauth2_token_fetcher_credentials base;
- grpc_auth_refresh_token refresh_token;
-} grpc_google_refresh_token_credentials;
-
-/* -- Oauth2 Access Token credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_credentials_md_store *access_token_md;
-} grpc_access_token_credentials;
-
-/* -- Metadata-only Test credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_credentials_md_store *md_store;
- int is_async;
-} grpc_md_only_test_credentials;
-
-/* -- GoogleIAM credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_credentials_md_store *iam_md;
-} grpc_google_iam_credentials;
-
-/* -- Composite credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_call_credentials_array inner;
-} grpc_composite_call_credentials;
-
-/* -- Plugin credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_metadata_credentials_plugin plugin;
- grpc_credentials_md_store *plugin_md;
-} grpc_plugin_credentials;
+void grpc_credentials_metadata_request_destroy(
+ grpc_credentials_metadata_request *r);
-#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_H */
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H */
diff --git a/src/core/lib/security/credentials_metadata.c b/src/core/lib/security/credentials/credentials_metadata.c
similarity index 98%
rename from src/core/lib/security/credentials_metadata.c
rename to src/core/lib/security/credentials/credentials_metadata.c
index bd00194278e84b63b345f49a233e2241e07cc6ba..6a352aab3a6ca2650435973b19f26b497f8936cb 100644
--- a/src/core/lib/security/credentials_metadata.c
+++ b/src/core/lib/security/credentials/credentials_metadata.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include <grpc/support/alloc.h>
diff --git a/src/core/lib/security/credentials/fake/fake_credentials.c b/src/core/lib/security/credentials/fake/fake_credentials.c
new file mode 100644
index 0000000000000000000000000000000000000000..54d7cf2581976fbc4b5c95d639dd320fe5b8506f
--- /dev/null
+++ b/src/core/lib/security/credentials/fake/fake_credentials.c
@@ -0,0 +1,138 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/channel/channel_args.h"
+#include "src/core/lib/iomgr/executor.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+
+/* -- Fake transport security credentials. -- */
+
+static grpc_security_status fake_transport_security_create_security_connector(
+ grpc_channel_credentials *c, grpc_call_credentials *call_creds,
+ const char *target, const grpc_channel_args *args,
+ grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
+ *sc = grpc_fake_channel_security_connector_create(call_creds);
+ return GRPC_SECURITY_OK;
+}
+
+static grpc_security_status
+fake_transport_security_server_create_security_connector(
+ grpc_server_credentials *c, grpc_server_security_connector **sc) {
+ *sc = grpc_fake_server_security_connector_create();
+ return GRPC_SECURITY_OK;
+}
+
+static grpc_channel_credentials_vtable
+ fake_transport_security_credentials_vtable = {
+ NULL, fake_transport_security_create_security_connector};
+
+static grpc_server_credentials_vtable
+ fake_transport_security_server_credentials_vtable = {
+ NULL, fake_transport_security_server_create_security_connector};
+
+grpc_channel_credentials *grpc_fake_transport_security_credentials_create(
+ void) {
+ grpc_channel_credentials *c = gpr_malloc(sizeof(grpc_channel_credentials));
+ memset(c, 0, sizeof(grpc_channel_credentials));
+ c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
+ c->vtable = &fake_transport_security_credentials_vtable;
+ gpr_ref_init(&c->refcount, 1);
+ return c;
+}
+
+grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
+ void) {
+ grpc_server_credentials *c = gpr_malloc(sizeof(grpc_server_credentials));
+ memset(c, 0, sizeof(grpc_server_credentials));
+ c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
+ gpr_ref_init(&c->refcount, 1);
+ c->vtable = &fake_transport_security_server_credentials_vtable;
+ return c;
+}
+
+/* -- Metadata-only test credentials. -- */
+
+static void md_only_test_destruct(grpc_call_credentials *creds) {
+ grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
+ grpc_credentials_md_store_unref(c->md_store);
+}
+
+static void on_simulated_token_fetch_done(grpc_exec_ctx *exec_ctx,
+ void *user_data, bool success) {
+ grpc_credentials_metadata_request *r =
+ (grpc_credentials_metadata_request *)user_data;
+ grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)r->creds;
+ r->cb(exec_ctx, r->user_data, c->md_store->entries, c->md_store->num_entries,
+ GRPC_CREDENTIALS_OK);
+ grpc_credentials_metadata_request_destroy(r);
+}
+
+static void md_only_test_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
+
+ if (c->is_async) {
+ grpc_credentials_metadata_request *cb_arg =
+ grpc_credentials_metadata_request_create(creds, cb, user_data);
+ grpc_executor_enqueue(
+ grpc_closure_create(on_simulated_token_fetch_done, cb_arg), true);
+ } else {
+ cb(exec_ctx, user_data, c->md_store->entries, 1, GRPC_CREDENTIALS_OK);
+ }
+}
+
+static grpc_call_credentials_vtable md_only_test_vtable = {
+ md_only_test_destruct, md_only_test_get_request_metadata};
+
+grpc_call_credentials *grpc_md_only_test_credentials_create(
+ const char *md_key, const char *md_value, int is_async) {
+ grpc_md_only_test_credentials *c =
+ gpr_malloc(sizeof(grpc_md_only_test_credentials));
+ memset(c, 0, sizeof(grpc_md_only_test_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
+ c->base.vtable = &md_only_test_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->md_store = grpc_credentials_md_store_create(1);
+ grpc_credentials_md_store_add_cstrings(c->md_store, md_key, md_value);
+ c->is_async = is_async;
+ return &c->base;
+}
diff --git a/src/core/lib/security/credentials/fake/fake_credentials.h b/src/core/lib/security/credentials/fake/fake_credentials.h
new file mode 100644
index 0000000000000000000000000000000000000000..9cf38084a3df3fdddfa785b1d649d6fef33aee10
--- /dev/null
+++ b/src/core/lib/security/credentials/fake/fake_credentials.h
@@ -0,0 +1,56 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_FAKE_FAKE_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_FAKE_FAKE_CREDENTIALS_H
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+/* -- Fake transport security credentials. -- */
+
+/* Creates a fake transport security credentials object for testing. */
+grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void);
+
+/* Creates a fake server transport security credentials object for testing. */
+grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
+ void);
+
+/* -- Metadata-only Test credentials. -- */
+
+typedef struct {
+ grpc_call_credentials base;
+ grpc_credentials_md_store *md_store;
+ int is_async;
+} grpc_md_only_test_credentials;
+
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_FAKE_FAKE_CREDENTIALS_H */
diff --git a/src/core/lib/security/credentials_posix.c b/src/core/lib/security/credentials/google_default/credentials_posix.c
similarity index 96%
rename from src/core/lib/security/credentials_posix.c
rename to src/core/lib/security/credentials/google_default/credentials_posix.c
index a07de182a0d55fce8e33b6954934e15e44eb9333..42c9d7f997a6237da1b32e9ffc179973e7467f16 100644
--- a/src/core/lib/security/credentials_posix.c
+++ b/src/core/lib/security/credentials/google_default/credentials_posix.c
@@ -35,7 +35,7 @@
#ifdef GPR_POSIX_FILE
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
diff --git a/src/core/lib/security/credentials_win32.c b/src/core/lib/security/credentials/google_default/credentials_win32.c
similarity index 96%
rename from src/core/lib/security/credentials_win32.c
rename to src/core/lib/security/credentials/google_default/credentials_win32.c
index d29847af38ad40e1d8051bbe146098c027842d71..cd8b48080a4e6c0b0f26740232a58bb214d03bae 100644
--- a/src/core/lib/security/credentials_win32.c
+++ b/src/core/lib/security/credentials/google_default/credentials_win32.c
@@ -35,7 +35,7 @@
#ifdef GPR_WIN32
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
diff --git a/src/core/lib/security/google_default_credentials.c b/src/core/lib/security/credentials/google_default/google_default_credentials.c
similarity index 97%
rename from src/core/lib/security/google_default_credentials.c
rename to src/core/lib/security/credentials/google_default/google_default_credentials.c
index 236f1d7fa7e8f778d045b858727baad6e3c96fa5..a521d95abcebba408458be3d0e2b925b2ee89122 100644
--- a/src/core/lib/security/google_default_credentials.c
+++ b/src/core/lib/security/credentials/google_default/google_default_credentials.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include <string.h>
@@ -41,6 +41,8 @@
#include "src/core/lib/http/httpcli.h"
#include "src/core/lib/http/parser.h"
+#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
+#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/load_file.h"
#include "src/core/lib/surface/api_trace.h"
diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h
new file mode 100644
index 0000000000000000000000000000000000000000..fac4377e2c8d1770ad51de3a36a54f299b1948ab
--- /dev/null
+++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h
@@ -0,0 +1,46 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_GOOGLE_DEFAULT_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_GOOGLE_DEFAULT_CREDENTIALS_H
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+#define GRPC_GOOGLE_CLOUD_SDK_CONFIG_DIRECTORY "gcloud"
+#define GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE \
+ "application_default_credentials.json"
+
+void grpc_flush_cached_google_default_credentials(void);
+
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_GOOGLE_DEFAULT_CREDENTIALS_H \
+ */
diff --git a/src/core/lib/security/credentials/iam/iam_credentials.c b/src/core/lib/security/credentials/iam/iam_credentials.c
new file mode 100644
index 0000000000000000000000000000000000000000..89defa7c60bce07bdfbd6fce5b1fbb5fbf04e877
--- /dev/null
+++ b/src/core/lib/security/credentials/iam/iam_credentials.c
@@ -0,0 +1,85 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/iam/iam_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+#include <grpc/support/sync.h>
+
+static void iam_destruct(grpc_call_credentials *creds) {
+ grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
+ grpc_credentials_md_store_unref(c->iam_md);
+}
+
+static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx,
+ grpc_call_credentials *creds,
+ grpc_pollset *pollset,
+ grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
+ grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
+ cb(exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries,
+ GRPC_CREDENTIALS_OK);
+}
+
+static grpc_call_credentials_vtable iam_vtable = {iam_destruct,
+ iam_get_request_metadata};
+
+grpc_call_credentials *grpc_google_iam_credentials_create(
+ const char *token, const char *authority_selector, void *reserved) {
+ grpc_google_iam_credentials *c;
+ GRPC_API_TRACE(
+ "grpc_iam_credentials_create(token=%s, authority_selector=%s, "
+ "reserved=%p)",
+ 3, (token, authority_selector, reserved));
+ GPR_ASSERT(reserved == NULL);
+ GPR_ASSERT(token != NULL);
+ GPR_ASSERT(authority_selector != NULL);
+ c = gpr_malloc(sizeof(grpc_google_iam_credentials));
+ memset(c, 0, sizeof(grpc_google_iam_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_IAM;
+ c->base.vtable = &iam_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->iam_md = grpc_credentials_md_store_create(2);
+ grpc_credentials_md_store_add_cstrings(
+ c->iam_md, GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, token);
+ grpc_credentials_md_store_add_cstrings(
+ c->iam_md, GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, authority_selector);
+ return &c->base;
+}
diff --git a/src/core/lib/security/credentials/iam/iam_credentials.h b/src/core/lib/security/credentials/iam/iam_credentials.h
new file mode 100644
index 0000000000000000000000000000000000000000..af54faa5868e6120239ef8ddefc67bf1a2bcdb6a
--- /dev/null
+++ b/src/core/lib/security/credentials/iam/iam_credentials.h
@@ -0,0 +1,44 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_IAM_IAM_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_IAM_IAM_CREDENTIALS_H
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+typedef struct {
+ grpc_call_credentials base;
+ grpc_credentials_md_store *iam_md;
+} grpc_google_iam_credentials;
+
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_IAM_IAM_CREDENTIALS_H */
diff --git a/src/core/lib/security/json_token.c b/src/core/lib/security/credentials/jwt/json_token.c
similarity index 74%
rename from src/core/lib/security/json_token.c
rename to src/core/lib/security/credentials/jwt/json_token.c
index d5bc2c8d6081d3b0c8567c3e1c89496922ff447e..354c13133ef8bffcb91a49f05357a61b72cd5e83 100644
--- a/src/core/lib/security/json_token.c
+++ b/src/core/lib/security/credentials/jwt/json_token.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/credentials/jwt/json_token.h"
#include <string.h>
@@ -39,7 +39,8 @@
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/util/b64.h"
+#include "src/core/lib/security/util/json_util.h"
#include "src/core/lib/support/string.h"
#include <openssl/bio.h>
@@ -66,28 +67,6 @@ static grpc_jwt_encode_and_sign_override g_jwt_encode_and_sign_override = NULL;
/* --- grpc_auth_json_key. --- */
-static const char *json_get_string_property(const grpc_json *json,
- const char *prop_name) {
- grpc_json *child;
- for (child = json->child; child != NULL; child = child->next) {
- if (strcmp(child->key, prop_name) == 0) break;
- }
- if (child == NULL || child->type != GRPC_JSON_STRING) {
- gpr_log(GPR_ERROR, "Invalid or missing %s property.", prop_name);
- return NULL;
- }
- return child->value;
-}
-
-static int set_json_key_string_property(const grpc_json *json,
- const char *prop_name,
- char **json_key_field) {
- const char *prop_value = json_get_string_property(json, prop_name);
- if (prop_value == NULL) return 0;
- *json_key_field = gpr_strdup(prop_value);
- return 1;
-}
-
int grpc_auth_json_key_is_valid(const grpc_auth_json_key *json_key) {
return (json_key != NULL) &&
strcmp(json_key->type, GRPC_AUTH_JSON_TYPE_INVALID);
@@ -106,22 +85,22 @@ grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json *json) {
goto end;
}
- prop_value = json_get_string_property(json, "type");
+ prop_value = grpc_json_get_string_property(json, "type");
if (prop_value == NULL ||
strcmp(prop_value, GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT)) {
goto end;
}
result.type = GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT;
- if (!set_json_key_string_property(json, "private_key_id",
- &result.private_key_id) ||
- !set_json_key_string_property(json, "client_id", &result.client_id) ||
- !set_json_key_string_property(json, "client_email",
- &result.client_email)) {
+ if (!grpc_copy_json_string_property(json, "private_key_id",
+ &result.private_key_id) ||
+ !grpc_copy_json_string_property(json, "client_id", &result.client_id) ||
+ !grpc_copy_json_string_property(json, "client_email",
+ &result.client_email)) {
goto end;
}
- prop_value = json_get_string_property(json, "private_key");
+ prop_value = grpc_json_get_string_property(json, "private_key");
if (prop_value == NULL) {
goto end;
}
@@ -339,73 +318,3 @@ void grpc_jwt_encode_and_sign_set_override(
grpc_jwt_encode_and_sign_override func) {
g_jwt_encode_and_sign_override = func;
}
-
-/* --- grpc_auth_refresh_token --- */
-
-int grpc_auth_refresh_token_is_valid(
- const grpc_auth_refresh_token *refresh_token) {
- return (refresh_token != NULL) &&
- strcmp(refresh_token->type, GRPC_AUTH_JSON_TYPE_INVALID);
-}
-
-grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json(
- const grpc_json *json) {
- grpc_auth_refresh_token result;
- const char *prop_value;
- int success = 0;
-
- memset(&result, 0, sizeof(grpc_auth_refresh_token));
- result.type = GRPC_AUTH_JSON_TYPE_INVALID;
- if (json == NULL) {
- gpr_log(GPR_ERROR, "Invalid json.");
- goto end;
- }
-
- prop_value = json_get_string_property(json, "type");
- if (prop_value == NULL ||
- strcmp(prop_value, GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER)) {
- goto end;
- }
- result.type = GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER;
-
- if (!set_json_key_string_property(json, "client_secret",
- &result.client_secret) ||
- !set_json_key_string_property(json, "client_id", &result.client_id) ||
- !set_json_key_string_property(json, "refresh_token",
- &result.refresh_token)) {
- goto end;
- }
- success = 1;
-
-end:
- if (!success) grpc_auth_refresh_token_destruct(&result);
- return result;
-}
-
-grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
- const char *json_string) {
- char *scratchpad = gpr_strdup(json_string);
- grpc_json *json = grpc_json_parse_string(scratchpad);
- grpc_auth_refresh_token result =
- grpc_auth_refresh_token_create_from_json(json);
- if (json != NULL) grpc_json_destroy(json);
- gpr_free(scratchpad);
- return result;
-}
-
-void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) {
- if (refresh_token == NULL) return;
- refresh_token->type = GRPC_AUTH_JSON_TYPE_INVALID;
- if (refresh_token->client_id != NULL) {
- gpr_free(refresh_token->client_id);
- refresh_token->client_id = NULL;
- }
- if (refresh_token->client_secret != NULL) {
- gpr_free(refresh_token->client_secret);
- refresh_token->client_secret = NULL;
- }
- if (refresh_token->refresh_token != NULL) {
- gpr_free(refresh_token->refresh_token);
- refresh_token->refresh_token = NULL;
- }
-}
diff --git a/src/core/lib/security/json_token.h b/src/core/lib/security/credentials/jwt/json_token.h
similarity index 74%
rename from src/core/lib/security/json_token.h
rename to src/core/lib/security/credentials/jwt/json_token.h
index 123fa652fd808079961589fa2887f2e7bf940580..07fc5bf0e012b7a07e42309f38c18221a8aa2758 100644
--- a/src/core/lib/security/json_token.h
+++ b/src/core/lib/security/credentials/jwt/json_token.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_JSON_TOKEN_H
-#define GRPC_CORE_LIB_SECURITY_JSON_TOKEN_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H
#include <grpc/support/slice.h>
#include <openssl/rsa.h>
@@ -43,10 +43,6 @@
#define GRPC_JWT_OAUTH2_AUDIENCE "https://www.googleapis.com/oauth2/v3/token"
-#define GRPC_AUTH_JSON_TYPE_INVALID "invalid"
-#define GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT "service_account"
-#define GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER "authorized_user"
-
/* --- auth_json_key parsing. --- */
typedef struct {
@@ -89,30 +85,4 @@ typedef char *(*grpc_jwt_encode_and_sign_override)(
void grpc_jwt_encode_and_sign_set_override(
grpc_jwt_encode_and_sign_override func);
-/* --- auth_refresh_token parsing. --- */
-
-typedef struct {
- const char *type;
- char *client_id;
- char *client_secret;
- char *refresh_token;
-} grpc_auth_refresh_token;
-
-/* Returns 1 if the object is valid, 0 otherwise. */
-int grpc_auth_refresh_token_is_valid(
- const grpc_auth_refresh_token *refresh_token);
-
-/* Creates a refresh token object from string. Returns an invalid object if a
- parsing error has been encountered. */
-grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
- const char *json_string);
-
-/* Creates a refresh token object from parsed json. Returns an invalid object if
- a parsing error has been encountered. */
-grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json(
- const grpc_json *json);
-
-/* Destructs the object. */
-void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token);
-
-#endif /* GRPC_CORE_LIB_SECURITY_JSON_TOKEN_H */
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H */
diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.c b/src/core/lib/security/credentials/jwt/jwt_credentials.c
new file mode 100644
index 0000000000000000000000000000000000000000..8755a96af4fbaf83c5da22d546efb2ca7a0057a7
--- /dev/null
+++ b/src/core/lib/security/credentials/jwt/jwt_credentials.c
@@ -0,0 +1,160 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+#include <grpc/support/sync.h>
+
+static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) {
+ if (c->cached.jwt_md != NULL) {
+ grpc_credentials_md_store_unref(c->cached.jwt_md);
+ c->cached.jwt_md = NULL;
+ }
+ if (c->cached.service_url != NULL) {
+ gpr_free(c->cached.service_url);
+ c->cached.service_url = NULL;
+ }
+ c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
+}
+
+static void jwt_destruct(grpc_call_credentials *creds) {
+ grpc_service_account_jwt_access_credentials *c =
+ (grpc_service_account_jwt_access_credentials *)creds;
+ grpc_auth_json_key_destruct(&c->key);
+ jwt_reset_cache(c);
+ gpr_mu_destroy(&c->cache_mu);
+}
+
+static void jwt_get_request_metadata(grpc_exec_ctx *exec_ctx,
+ grpc_call_credentials *creds,
+ grpc_pollset *pollset,
+ grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
+ grpc_service_account_jwt_access_credentials *c =
+ (grpc_service_account_jwt_access_credentials *)creds;
+ gpr_timespec refresh_threshold = gpr_time_from_seconds(
+ GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN);
+
+ /* See if we can return a cached jwt. */
+ grpc_credentials_md_store *jwt_md = NULL;
+ {
+ gpr_mu_lock(&c->cache_mu);
+ if (c->cached.service_url != NULL &&
+ strcmp(c->cached.service_url, context.service_url) == 0 &&
+ c->cached.jwt_md != NULL &&
+ (gpr_time_cmp(gpr_time_sub(c->cached.jwt_expiration,
+ gpr_now(GPR_CLOCK_REALTIME)),
+ refresh_threshold) > 0)) {
+ jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md);
+ }
+ gpr_mu_unlock(&c->cache_mu);
+ }
+
+ if (jwt_md == NULL) {
+ char *jwt = NULL;
+ /* Generate a new jwt. */
+ gpr_mu_lock(&c->cache_mu);
+ jwt_reset_cache(c);
+ jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url,
+ c->jwt_lifetime, NULL);
+ if (jwt != NULL) {
+ char *md_value;
+ gpr_asprintf(&md_value, "Bearer %s", jwt);
+ gpr_free(jwt);
+ c->cached.jwt_expiration =
+ gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), c->jwt_lifetime);
+ c->cached.service_url = gpr_strdup(context.service_url);
+ c->cached.jwt_md = grpc_credentials_md_store_create(1);
+ grpc_credentials_md_store_add_cstrings(
+ c->cached.jwt_md, GRPC_AUTHORIZATION_METADATA_KEY, md_value);
+ gpr_free(md_value);
+ jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md);
+ }
+ gpr_mu_unlock(&c->cache_mu);
+ }
+
+ if (jwt_md != NULL) {
+ cb(exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries,
+ GRPC_CREDENTIALS_OK);
+ grpc_credentials_md_store_unref(jwt_md);
+ } else {
+ cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR);
+ }
+}
+
+static grpc_call_credentials_vtable jwt_vtable = {jwt_destruct,
+ jwt_get_request_metadata};
+
+grpc_call_credentials *
+grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
+ grpc_auth_json_key key, gpr_timespec token_lifetime) {
+ grpc_service_account_jwt_access_credentials *c;
+ if (!grpc_auth_json_key_is_valid(&key)) {
+ gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation");
+ return NULL;
+ }
+ c = gpr_malloc(sizeof(grpc_service_account_jwt_access_credentials));
+ memset(c, 0, sizeof(grpc_service_account_jwt_access_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->base.vtable = &jwt_vtable;
+ c->key = key;
+ c->jwt_lifetime = token_lifetime;
+ gpr_mu_init(&c->cache_mu);
+ jwt_reset_cache(c);
+ return &c->base;
+}
+
+grpc_call_credentials *grpc_service_account_jwt_access_credentials_create(
+ const char *json_key, gpr_timespec token_lifetime, void *reserved) {
+ GRPC_API_TRACE(
+ "grpc_service_account_jwt_access_credentials_create("
+ "json_key=%s, "
+ "token_lifetime="
+ "gpr_timespec { tv_sec: %lld, tv_nsec: %d, clock_type: %d }, "
+ "reserved=%p)",
+ 5,
+ (json_key, (long long)token_lifetime.tv_sec, (int)token_lifetime.tv_nsec,
+ (int)token_lifetime.clock_type, reserved));
+ GPR_ASSERT(reserved == NULL);
+ return grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
+ grpc_auth_json_key_create_from_string(json_key), token_lifetime);
+}
diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.h b/src/core/lib/security/credentials/jwt/jwt_credentials.h
new file mode 100644
index 0000000000000000000000000000000000000000..d5726061794dbf54bc8e31c4f306394cbc70dc12
--- /dev/null
+++ b/src/core/lib/security/credentials/jwt/jwt_credentials.h
@@ -0,0 +1,62 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H
+
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/credentials/jwt/json_token.h"
+
+typedef struct {
+ grpc_call_credentials base;
+
+ // Have a simple cache for now with just 1 entry. We could have a map based on
+ // the service_url for a more sophisticated one.
+ gpr_mu cache_mu;
+ struct {
+ grpc_credentials_md_store *jwt_md;
+ char *service_url;
+ gpr_timespec jwt_expiration;
+ } cached;
+
+ grpc_auth_json_key key;
+ gpr_timespec jwt_lifetime;
+} grpc_service_account_jwt_access_credentials;
+
+// Private constructor for jwt credentials from an already parsed json key.
+// Takes ownership of the key.
+grpc_call_credentials *
+grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
+ grpc_auth_json_key key, gpr_timespec token_lifetime);
+
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H */
diff --git a/src/core/lib/security/jwt_verifier.c b/src/core/lib/security/credentials/jwt/jwt_verifier.c
similarity index 99%
rename from src/core/lib/security/jwt_verifier.c
rename to src/core/lib/security/credentials/jwt/jwt_verifier.c
index 0e012294de76cd15f5dbafed357ca23e3c324066..cd6c7ce39210e381e7309942f5cc2cde82cd1c3e 100644
--- a/src/core/lib/security/jwt_verifier.c
+++ b/src/core/lib/security/credentials/jwt/jwt_verifier.c
@@ -31,13 +31,13 @@
*
*/
-#include "src/core/lib/security/jwt_verifier.h"
+#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"
#include <limits.h>
#include <string.h>
#include "src/core/lib/http/httpcli.h"
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/util/b64.h"
#include "src/core/lib/tsi/ssl_types.h"
#include <grpc/support/alloc.h>
diff --git a/src/core/lib/security/jwt_verifier.h b/src/core/lib/security/credentials/jwt/jwt_verifier.h
similarity index 96%
rename from src/core/lib/security/jwt_verifier.h
rename to src/core/lib/security/credentials/jwt/jwt_verifier.h
index 98a4f6b1162880f19ffb02fa06d2589821adeb03..b0f6d1c240da6f36f88cfe9300baad08cee1cebb 100644
--- a/src/core/lib/security/jwt_verifier.h
+++ b/src/core/lib/security/credentials/jwt/jwt_verifier.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_JWT_VERIFIER_H
-#define GRPC_CORE_LIB_SECURITY_JWT_VERIFIER_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H
#include "src/core/lib/iomgr/pollset.h"
#include "src/core/lib/json/json.h"
@@ -133,4 +133,4 @@ grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, gpr_slice buffer);
grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims,
const char *audience);
-#endif /* GRPC_CORE_LIB_SECURITY_JWT_VERIFIER_H */
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H */
diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.c b/src/core/lib/security/credentials/oauth2/oauth2_credentials.c
new file mode 100644
index 0000000000000000000000000000000000000000..973c6e1d17f2c7c70be643b46cc9d44c1fc1c652
--- /dev/null
+++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.c
@@ -0,0 +1,428 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/security/util/json_util.h"
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+
+//
+// Auth Refresh Token.
+//
+
+int grpc_auth_refresh_token_is_valid(
+ const grpc_auth_refresh_token *refresh_token) {
+ return (refresh_token != NULL) &&
+ strcmp(refresh_token->type, GRPC_AUTH_JSON_TYPE_INVALID);
+}
+
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json(
+ const grpc_json *json) {
+ grpc_auth_refresh_token result;
+ const char *prop_value;
+ int success = 0;
+
+ memset(&result, 0, sizeof(grpc_auth_refresh_token));
+ result.type = GRPC_AUTH_JSON_TYPE_INVALID;
+ if (json == NULL) {
+ gpr_log(GPR_ERROR, "Invalid json.");
+ goto end;
+ }
+
+ prop_value = grpc_json_get_string_property(json, "type");
+ if (prop_value == NULL ||
+ strcmp(prop_value, GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER)) {
+ goto end;
+ }
+ result.type = GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER;
+
+ if (!grpc_copy_json_string_property(json, "client_secret",
+ &result.client_secret) ||
+ !grpc_copy_json_string_property(json, "client_id", &result.client_id) ||
+ !grpc_copy_json_string_property(json, "refresh_token",
+ &result.refresh_token)) {
+ goto end;
+ }
+ success = 1;
+
+end:
+ if (!success) grpc_auth_refresh_token_destruct(&result);
+ return result;
+}
+
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
+ const char *json_string) {
+ char *scratchpad = gpr_strdup(json_string);
+ grpc_json *json = grpc_json_parse_string(scratchpad);
+ grpc_auth_refresh_token result =
+ grpc_auth_refresh_token_create_from_json(json);
+ if (json != NULL) grpc_json_destroy(json);
+ gpr_free(scratchpad);
+ return result;
+}
+
+void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) {
+ if (refresh_token == NULL) return;
+ refresh_token->type = GRPC_AUTH_JSON_TYPE_INVALID;
+ if (refresh_token->client_id != NULL) {
+ gpr_free(refresh_token->client_id);
+ refresh_token->client_id = NULL;
+ }
+ if (refresh_token->client_secret != NULL) {
+ gpr_free(refresh_token->client_secret);
+ refresh_token->client_secret = NULL;
+ }
+ if (refresh_token->refresh_token != NULL) {
+ gpr_free(refresh_token->refresh_token);
+ refresh_token->refresh_token = NULL;
+ }
+}
+
+//
+// Oauth2 Token Fetcher credentials.
+//
+
+static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) {
+ grpc_oauth2_token_fetcher_credentials *c =
+ (grpc_oauth2_token_fetcher_credentials *)creds;
+ grpc_credentials_md_store_unref(c->access_token_md);
+ gpr_mu_destroy(&c->mu);
+ grpc_httpcli_context_destroy(&c->httpcli_context);
+}
+
+grpc_credentials_status
+grpc_oauth2_token_fetcher_credentials_parse_server_response(
+ const grpc_http_response *response, grpc_credentials_md_store **token_md,
+ gpr_timespec *token_lifetime) {
+ char *null_terminated_body = NULL;
+ char *new_access_token = NULL;
+ grpc_credentials_status status = GRPC_CREDENTIALS_OK;
+ grpc_json *json = NULL;
+
+ if (response == NULL) {
+ gpr_log(GPR_ERROR, "Received NULL response.");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+
+ if (response->body_length > 0) {
+ null_terminated_body = gpr_malloc(response->body_length + 1);
+ null_terminated_body[response->body_length] = '\0';
+ memcpy(null_terminated_body, response->body, response->body_length);
+ }
+
+ if (response->status != 200) {
+ gpr_log(GPR_ERROR, "Call to http server ended with error %d [%s].",
+ response->status,
+ null_terminated_body != NULL ? null_terminated_body : "");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ } else {
+ grpc_json *access_token = NULL;
+ grpc_json *token_type = NULL;
+ grpc_json *expires_in = NULL;
+ grpc_json *ptr;
+ json = grpc_json_parse_string(null_terminated_body);
+ if (json == NULL) {
+ gpr_log(GPR_ERROR, "Could not parse JSON from %s", null_terminated_body);
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ if (json->type != GRPC_JSON_OBJECT) {
+ gpr_log(GPR_ERROR, "Response should be a JSON object");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ for (ptr = json->child; ptr; ptr = ptr->next) {
+ if (strcmp(ptr->key, "access_token") == 0) {
+ access_token = ptr;
+ } else if (strcmp(ptr->key, "token_type") == 0) {
+ token_type = ptr;
+ } else if (strcmp(ptr->key, "expires_in") == 0) {
+ expires_in = ptr;
+ }
+ }
+ if (access_token == NULL || access_token->type != GRPC_JSON_STRING) {
+ gpr_log(GPR_ERROR, "Missing or invalid access_token in JSON.");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ if (token_type == NULL || token_type->type != GRPC_JSON_STRING) {
+ gpr_log(GPR_ERROR, "Missing or invalid token_type in JSON.");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ if (expires_in == NULL || expires_in->type != GRPC_JSON_NUMBER) {
+ gpr_log(GPR_ERROR, "Missing or invalid expires_in in JSON.");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ gpr_asprintf(&new_access_token, "%s %s", token_type->value,
+ access_token->value);
+ token_lifetime->tv_sec = strtol(expires_in->value, NULL, 10);
+ token_lifetime->tv_nsec = 0;
+ token_lifetime->clock_type = GPR_TIMESPAN;
+ if (*token_md != NULL) grpc_credentials_md_store_unref(*token_md);
+ *token_md = grpc_credentials_md_store_create(1);
+ grpc_credentials_md_store_add_cstrings(
+ *token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token);
+ status = GRPC_CREDENTIALS_OK;
+ }
+
+end:
+ if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) {
+ grpc_credentials_md_store_unref(*token_md);
+ *token_md = NULL;
+ }
+ if (null_terminated_body != NULL) gpr_free(null_terminated_body);
+ if (new_access_token != NULL) gpr_free(new_access_token);
+ if (json != NULL) grpc_json_destroy(json);
+ return status;
+}
+
+static void on_oauth2_token_fetcher_http_response(
+ grpc_exec_ctx *exec_ctx, void *user_data,
+ const grpc_http_response *response) {
+ grpc_credentials_metadata_request *r =
+ (grpc_credentials_metadata_request *)user_data;
+ grpc_oauth2_token_fetcher_credentials *c =
+ (grpc_oauth2_token_fetcher_credentials *)r->creds;
+ gpr_timespec token_lifetime;
+ grpc_credentials_status status;
+
+ gpr_mu_lock(&c->mu);
+ status = grpc_oauth2_token_fetcher_credentials_parse_server_response(
+ response, &c->access_token_md, &token_lifetime);
+ if (status == GRPC_CREDENTIALS_OK) {
+ c->token_expiration =
+ gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), token_lifetime);
+ r->cb(exec_ctx, r->user_data, c->access_token_md->entries,
+ c->access_token_md->num_entries, status);
+ } else {
+ c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
+ r->cb(exec_ctx, r->user_data, NULL, 0, status);
+ }
+ gpr_mu_unlock(&c->mu);
+ grpc_credentials_metadata_request_destroy(r);
+}
+
+static void oauth2_token_fetcher_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ grpc_oauth2_token_fetcher_credentials *c =
+ (grpc_oauth2_token_fetcher_credentials *)creds;
+ gpr_timespec refresh_threshold = gpr_time_from_seconds(
+ GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN);
+ grpc_credentials_md_store *cached_access_token_md = NULL;
+ {
+ gpr_mu_lock(&c->mu);
+ if (c->access_token_md != NULL &&
+ (gpr_time_cmp(
+ gpr_time_sub(c->token_expiration, gpr_now(GPR_CLOCK_REALTIME)),
+ refresh_threshold) > 0)) {
+ cached_access_token_md =
+ grpc_credentials_md_store_ref(c->access_token_md);
+ }
+ gpr_mu_unlock(&c->mu);
+ }
+ if (cached_access_token_md != NULL) {
+ cb(exec_ctx, user_data, cached_access_token_md->entries,
+ cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK);
+ grpc_credentials_md_store_unref(cached_access_token_md);
+ } else {
+ c->fetch_func(
+ exec_ctx,
+ grpc_credentials_metadata_request_create(creds, cb, user_data),
+ &c->httpcli_context, pollset, on_oauth2_token_fetcher_http_response,
+ gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), refresh_threshold));
+ }
+}
+
+static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c,
+ grpc_fetch_oauth2_func fetch_func) {
+ memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
+ gpr_ref_init(&c->base.refcount, 1);
+ gpr_mu_init(&c->mu);
+ c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
+ c->fetch_func = fetch_func;
+ grpc_httpcli_context_init(&c->httpcli_context);
+}
+
+//
+// Google Compute Engine credentials.
+//
+
+static grpc_call_credentials_vtable compute_engine_vtable = {
+ oauth2_token_fetcher_destruct, oauth2_token_fetcher_get_request_metadata};
+
+static void compute_engine_fetch_oauth2(
+ grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
+ grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
+ grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
+ grpc_http_header header = {"Metadata-Flavor", "Google"};
+ grpc_httpcli_request request;
+ memset(&request, 0, sizeof(grpc_httpcli_request));
+ request.host = GRPC_COMPUTE_ENGINE_METADATA_HOST;
+ request.http.path = GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH;
+ request.http.hdr_count = 1;
+ request.http.hdrs = &header;
+ grpc_httpcli_get(exec_ctx, httpcli_context, pollset, &request, deadline,
+ response_cb, metadata_req);
+}
+
+grpc_call_credentials *grpc_google_compute_engine_credentials_create(
+ void *reserved) {
+ grpc_oauth2_token_fetcher_credentials *c =
+ gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials));
+ GRPC_API_TRACE("grpc_compute_engine_credentials_create(reserved=%p)", 1,
+ (reserved));
+ GPR_ASSERT(reserved == NULL);
+ init_oauth2_token_fetcher(c, compute_engine_fetch_oauth2);
+ c->base.vtable = &compute_engine_vtable;
+ return &c->base;
+}
+
+//
+// Google Refresh Token credentials.
+//
+
+static void refresh_token_destruct(grpc_call_credentials *creds) {
+ grpc_google_refresh_token_credentials *c =
+ (grpc_google_refresh_token_credentials *)creds;
+ grpc_auth_refresh_token_destruct(&c->refresh_token);
+ oauth2_token_fetcher_destruct(&c->base.base);
+}
+
+static grpc_call_credentials_vtable refresh_token_vtable = {
+ refresh_token_destruct, oauth2_token_fetcher_get_request_metadata};
+
+static void refresh_token_fetch_oauth2(
+ grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
+ grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
+ grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
+ grpc_google_refresh_token_credentials *c =
+ (grpc_google_refresh_token_credentials *)metadata_req->creds;
+ grpc_http_header header = {"Content-Type",
+ "application/x-www-form-urlencoded"};
+ grpc_httpcli_request request;
+ char *body = NULL;
+ gpr_asprintf(&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING,
+ c->refresh_token.client_id, c->refresh_token.client_secret,
+ c->refresh_token.refresh_token);
+ memset(&request, 0, sizeof(grpc_httpcli_request));
+ request.host = GRPC_GOOGLE_OAUTH2_SERVICE_HOST;
+ request.http.path = GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH;
+ request.http.hdr_count = 1;
+ request.http.hdrs = &header;
+ request.handshaker = &grpc_httpcli_ssl;
+ grpc_httpcli_post(exec_ctx, httpcli_context, pollset, &request, body,
+ strlen(body), deadline, response_cb, metadata_req);
+ gpr_free(body);
+}
+
+grpc_call_credentials *
+grpc_refresh_token_credentials_create_from_auth_refresh_token(
+ grpc_auth_refresh_token refresh_token) {
+ grpc_google_refresh_token_credentials *c;
+ if (!grpc_auth_refresh_token_is_valid(&refresh_token)) {
+ gpr_log(GPR_ERROR, "Invalid input for refresh token credentials creation");
+ return NULL;
+ }
+ c = gpr_malloc(sizeof(grpc_google_refresh_token_credentials));
+ memset(c, 0, sizeof(grpc_google_refresh_token_credentials));
+ init_oauth2_token_fetcher(&c->base, refresh_token_fetch_oauth2);
+ c->base.base.vtable = &refresh_token_vtable;
+ c->refresh_token = refresh_token;
+ return &c->base.base;
+}
+
+grpc_call_credentials *grpc_google_refresh_token_credentials_create(
+ const char *json_refresh_token, void *reserved) {
+ GRPC_API_TRACE(
+ "grpc_refresh_token_credentials_create(json_refresh_token=%s, "
+ "reserved=%p)",
+ 2, (json_refresh_token, reserved));
+ GPR_ASSERT(reserved == NULL);
+ return grpc_refresh_token_credentials_create_from_auth_refresh_token(
+ grpc_auth_refresh_token_create_from_string(json_refresh_token));
+}
+
+//
+// Oauth2 Access Token credentials.
+//
+
+static void access_token_destruct(grpc_call_credentials *creds) {
+ grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
+ grpc_credentials_md_store_unref(c->access_token_md);
+}
+
+static void access_token_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
+ cb(exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK);
+}
+
+static grpc_call_credentials_vtable access_token_vtable = {
+ access_token_destruct, access_token_get_request_metadata};
+
+grpc_call_credentials *grpc_access_token_credentials_create(
+ const char *access_token, void *reserved) {
+ grpc_access_token_credentials *c =
+ gpr_malloc(sizeof(grpc_access_token_credentials));
+ char *token_md_value;
+ GRPC_API_TRACE(
+ "grpc_access_token_credentials_create(access_token=%s, "
+ "reserved=%p)",
+ 2, (access_token, reserved));
+ GPR_ASSERT(reserved == NULL);
+ memset(c, 0, sizeof(grpc_access_token_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
+ c->base.vtable = &access_token_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->access_token_md = grpc_credentials_md_store_create(1);
+ gpr_asprintf(&token_md_value, "Bearer %s", access_token);
+ grpc_credentials_md_store_add_cstrings(
+ c->access_token_md, GRPC_AUTHORIZATION_METADATA_KEY, token_md_value);
+ gpr_free(token_md_value);
+ return &c->base;
+}
diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.h b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h
new file mode 100644
index 0000000000000000000000000000000000000000..04915b333f457efd0a525c7a9ab45fdf1466528e
--- /dev/null
+++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h
@@ -0,0 +1,109 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_OAUTH2_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_OAUTH2_CREDENTIALS_H
+
+#include "src/core/lib/json/json.h"
+#include "src/core/lib/security/credentials/credentials.h"
+
+// auth_refresh_token parsing.
+typedef struct {
+ const char *type;
+ char *client_id;
+ char *client_secret;
+ char *refresh_token;
+} grpc_auth_refresh_token;
+
+/// Returns 1 if the object is valid, 0 otherwise.
+int grpc_auth_refresh_token_is_valid(
+ const grpc_auth_refresh_token *refresh_token);
+
+/// Creates a refresh token object from string. Returns an invalid object if a
+/// parsing error has been encountered.
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
+ const char *json_string);
+
+/// Creates a refresh token object from parsed json. Returns an invalid object
+/// if a parsing error has been encountered.
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json(
+ const grpc_json *json);
+
+/// Destructs the object.
+void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token);
+
+// -- Oauth2 Token Fetcher credentials --
+//
+// This object is a base for credentials that need to acquire an oauth2 token
+// from an http service.
+
+typedef void (*grpc_fetch_oauth2_func)(grpc_exec_ctx *exec_ctx,
+ grpc_credentials_metadata_request *req,
+ grpc_httpcli_context *http_context,
+ grpc_pollset *pollset,
+ grpc_httpcli_response_cb response_cb,
+ gpr_timespec deadline);
+typedef struct {
+ grpc_call_credentials base;
+ gpr_mu mu;
+ grpc_credentials_md_store *access_token_md;
+ gpr_timespec token_expiration;
+ grpc_httpcli_context httpcli_context;
+ grpc_fetch_oauth2_func fetch_func;
+} grpc_oauth2_token_fetcher_credentials;
+
+// Google refresh token credentials.
+typedef struct {
+ grpc_oauth2_token_fetcher_credentials base;
+ grpc_auth_refresh_token refresh_token;
+} grpc_google_refresh_token_credentials;
+
+// Access token credentials.
+typedef struct {
+ grpc_call_credentials base;
+ grpc_credentials_md_store *access_token_md;
+} grpc_access_token_credentials;
+
+// Private constructor for refresh token credentials from an already parsed
+// refresh token. Takes ownership of the refresh token.
+grpc_call_credentials *
+grpc_refresh_token_credentials_create_from_auth_refresh_token(
+ grpc_auth_refresh_token token);
+
+// Exposed for testing only.
+grpc_credentials_status
+grpc_oauth2_token_fetcher_credentials_parse_server_response(
+ const struct grpc_http_response *response,
+ grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime);
+
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_OAUTH2_CREDENTIALS_H */
diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.c b/src/core/lib/security/credentials/plugin/plugin_credentials.c
new file mode 100644
index 0000000000000000000000000000000000000000..bae357321eaa7bf8daabddf04bf8875c2da5c74e
--- /dev/null
+++ b/src/core/lib/security/credentials/plugin/plugin_credentials.c
@@ -0,0 +1,129 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/plugin/plugin_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+#include <grpc/support/sync.h>
+
+typedef struct {
+ void *user_data;
+ grpc_credentials_metadata_cb cb;
+} grpc_metadata_plugin_request;
+
+static void plugin_destruct(grpc_call_credentials *creds) {
+ grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
+ if (c->plugin.state != NULL && c->plugin.destroy != NULL) {
+ c->plugin.destroy(c->plugin.state);
+ }
+}
+
+static void plugin_md_request_metadata_ready(void *request,
+ const grpc_metadata *md,
+ size_t num_md,
+ grpc_status_code status,
+ const char *error_details) {
+ /* called from application code */
+ grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
+ grpc_metadata_plugin_request *r = (grpc_metadata_plugin_request *)request;
+ if (status != GRPC_STATUS_OK) {
+ if (error_details != NULL) {
+ gpr_log(GPR_ERROR, "Getting metadata from plugin failed with error: %s",
+ error_details);
+ }
+ r->cb(&exec_ctx, r->user_data, NULL, 0, GRPC_CREDENTIALS_ERROR);
+ } else {
+ size_t i;
+ grpc_credentials_md *md_array = NULL;
+ if (num_md > 0) {
+ md_array = gpr_malloc(num_md * sizeof(grpc_credentials_md));
+ for (i = 0; i < num_md; i++) {
+ md_array[i].key = gpr_slice_from_copied_string(md[i].key);
+ md_array[i].value =
+ gpr_slice_from_copied_buffer(md[i].value, md[i].value_length);
+ }
+ }
+ r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK);
+ if (md_array != NULL) {
+ for (i = 0; i < num_md; i++) {
+ gpr_slice_unref(md_array[i].key);
+ gpr_slice_unref(md_array[i].value);
+ }
+ gpr_free(md_array);
+ }
+ }
+ gpr_free(r);
+ grpc_exec_ctx_finish(&exec_ctx);
+}
+
+static void plugin_get_request_metadata(grpc_exec_ctx *exec_ctx,
+ grpc_call_credentials *creds,
+ grpc_pollset *pollset,
+ grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
+ grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
+ if (c->plugin.get_metadata != NULL) {
+ grpc_metadata_plugin_request *request = gpr_malloc(sizeof(*request));
+ memset(request, 0, sizeof(*request));
+ request->user_data = user_data;
+ request->cb = cb;
+ c->plugin.get_metadata(c->plugin.state, context,
+ plugin_md_request_metadata_ready, request);
+ } else {
+ cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
+ }
+}
+
+static grpc_call_credentials_vtable plugin_vtable = {
+ plugin_destruct, plugin_get_request_metadata};
+
+grpc_call_credentials *grpc_metadata_credentials_create_from_plugin(
+ grpc_metadata_credentials_plugin plugin, void *reserved) {
+ grpc_plugin_credentials *c = gpr_malloc(sizeof(*c));
+ GRPC_API_TRACE("grpc_metadata_credentials_create_from_plugin(reserved=%p)", 1,
+ (reserved));
+ GPR_ASSERT(reserved == NULL);
+ memset(c, 0, sizeof(*c));
+ c->base.type = plugin.type;
+ c->base.vtable = &plugin_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->plugin = plugin;
+ return &c->base;
+}
diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.h b/src/core/lib/security/credentials/plugin/plugin_credentials.h
new file mode 100644
index 0000000000000000000000000000000000000000..89073cb3d1b75ab0cb2fc41c60ab3266f660f07a
--- /dev/null
+++ b/src/core/lib/security/credentials/plugin/plugin_credentials.h
@@ -0,0 +1,45 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_PLUGIN_PLUGIN_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_PLUGIN_PLUGIN_CREDENTIALS_H
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+typedef struct {
+ grpc_call_credentials base;
+ grpc_metadata_credentials_plugin plugin;
+ grpc_credentials_md_store *plugin_md;
+} grpc_plugin_credentials;
+
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_PLUGIN_PLUGIN_CREDENTIALS_H */
diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.c b/src/core/lib/security/credentials/ssl/ssl_credentials.c
new file mode 100644
index 0000000000000000000000000000000000000000..545bca9d98b6886bfc5f506bb27eba91e8622183
--- /dev/null
+++ b/src/core/lib/security/credentials/ssl/ssl_credentials.c
@@ -0,0 +1,240 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/ssl/ssl_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/channel/channel_args.h"
+#include "src/core/lib/channel/http_client_filter.h"
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+
+//
+// Utils
+//
+
+static void ssl_copy_key_material(const char *input, unsigned char **output,
+ size_t *output_size) {
+ *output_size = strlen(input);
+ *output = gpr_malloc(*output_size);
+ memcpy(*output, input, *output_size);
+}
+
+//
+// SSL Channel Credentials.
+//
+
+static void ssl_destruct(grpc_channel_credentials *creds) {
+ grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
+ if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
+ if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key);
+ if (c->config.pem_cert_chain != NULL) gpr_free(c->config.pem_cert_chain);
+}
+
+static grpc_security_status ssl_create_security_connector(
+ grpc_channel_credentials *creds, grpc_call_credentials *call_creds,
+ const char *target, const grpc_channel_args *args,
+ grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
+ grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
+ grpc_security_status status = GRPC_SECURITY_OK;
+ size_t i = 0;
+ const char *overridden_target_name = NULL;
+ grpc_arg new_arg;
+
+ for (i = 0; args && i < args->num_args; i++) {
+ grpc_arg *arg = &args->args[i];
+ if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 &&
+ arg->type == GRPC_ARG_STRING) {
+ overridden_target_name = arg->value.string;
+ break;
+ }
+ }
+ status = grpc_ssl_channel_security_connector_create(
+ call_creds, &c->config, target, overridden_target_name, sc);
+ if (status != GRPC_SECURITY_OK) {
+ return status;
+ }
+ new_arg.type = GRPC_ARG_STRING;
+ new_arg.key = GRPC_ARG_HTTP2_SCHEME;
+ new_arg.value.string = "https";
+ *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1);
+ return status;
+}
+
+static grpc_channel_credentials_vtable ssl_vtable = {
+ ssl_destruct, ssl_create_security_connector};
+
+static void ssl_build_config(const char *pem_root_certs,
+ grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
+ grpc_ssl_config *config) {
+ if (pem_root_certs != NULL) {
+ ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
+ &config->pem_root_certs_size);
+ }
+ if (pem_key_cert_pair != NULL) {
+ GPR_ASSERT(pem_key_cert_pair->private_key != NULL);
+ GPR_ASSERT(pem_key_cert_pair->cert_chain != NULL);
+ ssl_copy_key_material(pem_key_cert_pair->private_key,
+ &config->pem_private_key,
+ &config->pem_private_key_size);
+ ssl_copy_key_material(pem_key_cert_pair->cert_chain,
+ &config->pem_cert_chain,
+ &config->pem_cert_chain_size);
+ }
+}
+
+grpc_channel_credentials *grpc_ssl_credentials_create(
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
+ void *reserved) {
+ grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials));
+ GRPC_API_TRACE(
+ "grpc_ssl_credentials_create(pem_root_certs=%s, "
+ "pem_key_cert_pair=%p, "
+ "reserved=%p)",
+ 3, (pem_root_certs, pem_key_cert_pair, reserved));
+ GPR_ASSERT(reserved == NULL);
+ memset(c, 0, sizeof(grpc_ssl_credentials));
+ c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
+ c->base.vtable = &ssl_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config);
+ return &c->base;
+}
+
+//
+// SSL Server Credentials.
+//
+
+static void ssl_server_destruct(grpc_server_credentials *creds) {
+ grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
+ size_t i;
+ for (i = 0; i < c->config.num_key_cert_pairs; i++) {
+ if (c->config.pem_private_keys[i] != NULL) {
+ gpr_free(c->config.pem_private_keys[i]);
+ }
+ if (c->config.pem_cert_chains[i] != NULL) {
+ gpr_free(c->config.pem_cert_chains[i]);
+ }
+ }
+ if (c->config.pem_private_keys != NULL) gpr_free(c->config.pem_private_keys);
+ if (c->config.pem_private_keys_sizes != NULL) {
+ gpr_free(c->config.pem_private_keys_sizes);
+ }
+ if (c->config.pem_cert_chains != NULL) gpr_free(c->config.pem_cert_chains);
+ if (c->config.pem_cert_chains_sizes != NULL) {
+ gpr_free(c->config.pem_cert_chains_sizes);
+ }
+ if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
+}
+
+static grpc_security_status ssl_server_create_security_connector(
+ grpc_server_credentials *creds, grpc_server_security_connector **sc) {
+ grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
+ return grpc_ssl_server_security_connector_create(&c->config, sc);
+}
+
+static grpc_server_credentials_vtable ssl_server_vtable = {
+ ssl_server_destruct, ssl_server_create_security_connector};
+
+static void ssl_build_server_config(
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
+ size_t num_key_cert_pairs,
+ grpc_ssl_client_certificate_request_type client_certificate_request,
+ grpc_ssl_server_config *config) {
+ size_t i;
+ config->client_certificate_request = client_certificate_request;
+ if (pem_root_certs != NULL) {
+ ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
+ &config->pem_root_certs_size);
+ }
+ if (num_key_cert_pairs > 0) {
+ GPR_ASSERT(pem_key_cert_pairs != NULL);
+ config->pem_private_keys =
+ gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
+ config->pem_cert_chains =
+ gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
+ config->pem_private_keys_sizes =
+ gpr_malloc(num_key_cert_pairs * sizeof(size_t));
+ config->pem_cert_chains_sizes =
+ gpr_malloc(num_key_cert_pairs * sizeof(size_t));
+ }
+ config->num_key_cert_pairs = num_key_cert_pairs;
+ for (i = 0; i < num_key_cert_pairs; i++) {
+ GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL);
+ GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL);
+ ssl_copy_key_material(pem_key_cert_pairs[i].private_key,
+ &config->pem_private_keys[i],
+ &config->pem_private_keys_sizes[i]);
+ ssl_copy_key_material(pem_key_cert_pairs[i].cert_chain,
+ &config->pem_cert_chains[i],
+ &config->pem_cert_chains_sizes[i]);
+ }
+}
+
+grpc_server_credentials *grpc_ssl_server_credentials_create(
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
+ size_t num_key_cert_pairs, int force_client_auth, void *reserved) {
+ return grpc_ssl_server_credentials_create_ex(
+ pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs,
+ force_client_auth
+ ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
+ : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
+ reserved);
+}
+
+grpc_server_credentials *grpc_ssl_server_credentials_create_ex(
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
+ size_t num_key_cert_pairs,
+ grpc_ssl_client_certificate_request_type client_certificate_request,
+ void *reserved) {
+ grpc_ssl_server_credentials *c =
+ gpr_malloc(sizeof(grpc_ssl_server_credentials));
+ GRPC_API_TRACE(
+ "grpc_ssl_server_credentials_create_ex("
+ "pem_root_certs=%s, pem_key_cert_pairs=%p, num_key_cert_pairs=%lu, "
+ "client_certificate_request=%d, reserved=%p)",
+ 5, (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs,
+ client_certificate_request, reserved));
+ GPR_ASSERT(reserved == NULL);
+ memset(c, 0, sizeof(grpc_ssl_server_credentials));
+ c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->base.vtable = &ssl_server_vtable;
+ ssl_build_server_config(pem_root_certs, pem_key_cert_pairs,
+ num_key_cert_pairs, client_certificate_request,
+ &c->config);
+ return &c->base;
+}
diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.h b/src/core/lib/security/credentials/ssl/ssl_credentials.h
new file mode 100644
index 0000000000000000000000000000000000000000..f23dbdbe4941f262894724ffe9a9d323c1ec219f
--- /dev/null
+++ b/src/core/lib/security/credentials/ssl/ssl_credentials.h
@@ -0,0 +1,48 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+typedef struct {
+ grpc_channel_credentials base;
+ grpc_ssl_config config;
+} grpc_ssl_credentials;
+
+typedef struct {
+ grpc_server_credentials base;
+ grpc_ssl_server_config config;
+} grpc_ssl_server_credentials;
+
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H */
diff --git a/src/core/lib/security/auth_filters.h b/src/core/lib/security/transport/auth_filters.h
similarity index 90%
rename from src/core/lib/security/auth_filters.h
rename to src/core/lib/security/transport/auth_filters.h
index 7fb56c3f3afb27c0c38f8cb6d67e3d450b85a675..f688d4ed2183355944f37531fd0f7ef983de3724 100644
--- a/src/core/lib/security/auth_filters.h
+++ b/src/core/lib/security/transport/auth_filters.h
@@ -31,12 +31,12 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
-#define GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
+#ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H
+#define GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H
#include "src/core/lib/channel/channel_stack.h"
extern const grpc_channel_filter grpc_client_auth_filter;
extern const grpc_channel_filter grpc_server_auth_filter;
-#endif /* GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H */
+#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H */
diff --git a/src/core/lib/security/client_auth_filter.c b/src/core/lib/security/transport/client_auth_filter.c
similarity index 98%
rename from src/core/lib/security/client_auth_filter.c
rename to src/core/lib/security/transport/client_auth_filter.c
index 8b58cb86bf92f8e0cb436a0f65303b3457da8a63..e3cbcb44338503ff38951182c0c448dc64be6cee 100644
--- a/src/core/lib/security/client_auth_filter.c
+++ b/src/core/lib/security/transport/client_auth_filter.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/auth_filters.h"
+#include "src/core/lib/security/transport/auth_filters.h"
#include <string.h>
@@ -40,9 +40,9 @@
#include <grpc/support/string_util.h>
#include "src/core/lib/channel/channel_stack.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_connector.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/surface/call.h"
#include "src/core/lib/transport/static_metadata.h"
diff --git a/src/core/lib/security/handshake.c b/src/core/lib/security/transport/handshake.c
similarity index 98%
rename from src/core/lib/security/handshake.c
rename to src/core/lib/security/transport/handshake.c
index d5fe0c7b7d93560284ed82585205a0c4e1d82f37..6561f4b47d5c8801ec42bf1974a18b317922f737 100644
--- a/src/core/lib/security/handshake.c
+++ b/src/core/lib/security/transport/handshake.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/handshake.h"
+#include "src/core/lib/security/transport/handshake.h"
#include <stdbool.h>
#include <string.h>
@@ -39,8 +39,8 @@
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/slice_buffer.h>
-#include "src/core/lib/security/secure_endpoint.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
#define GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE 256
diff --git a/src/core/lib/security/handshake.h b/src/core/lib/security/transport/handshake.h
similarity index 90%
rename from src/core/lib/security/handshake.h
rename to src/core/lib/security/transport/handshake.h
index f34476ed49d777d65d55c6ff0ead98d37d4120a3..6ed850b31530ca41410a554f668ef279e307ff9d 100644
--- a/src/core/lib/security/handshake.h
+++ b/src/core/lib/security/transport/handshake.h
@@ -31,11 +31,11 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_HANDSHAKE_H
-#define GRPC_CORE_LIB_SECURITY_HANDSHAKE_H
+#ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_HANDSHAKE_H
+#define GRPC_CORE_LIB_SECURITY_TRANSPORT_HANDSHAKE_H
#include "src/core/lib/iomgr/endpoint.h"
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/transport/security_connector.h"
/* Calls the callback upon completion. Takes owership of handshaker. */
void grpc_do_security_handshake(grpc_exec_ctx *exec_ctx,
@@ -48,4 +48,4 @@ void grpc_do_security_handshake(grpc_exec_ctx *exec_ctx,
void grpc_security_handshake_shutdown(grpc_exec_ctx *exec_ctx, void *handshake);
-#endif /* GRPC_CORE_LIB_SECURITY_HANDSHAKE_H */
+#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_HANDSHAKE_H */
diff --git a/src/core/lib/security/secure_endpoint.c b/src/core/lib/security/transport/secure_endpoint.c
similarity index 99%
rename from src/core/lib/security/secure_endpoint.c
rename to src/core/lib/security/transport/secure_endpoint.c
index 27b0e989107bcf938f537629e36d808dae0ce2a3..4438c8e559602c85c074a0c114bdab419b42915c 100644
--- a/src/core/lib/security/secure_endpoint.c
+++ b/src/core/lib/security/transport/secure_endpoint.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/secure_endpoint.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/slice.h>
diff --git a/src/core/lib/security/secure_endpoint.h b/src/core/lib/security/transport/secure_endpoint.h
similarity index 91%
rename from src/core/lib/security/secure_endpoint.h
rename to src/core/lib/security/transport/secure_endpoint.h
index ff1c6639de6f185199cc9f4f6982037fdba5b0d9..d00075b769277dd806ab3a5aad599e64f09fc613 100644
--- a/src/core/lib/security/secure_endpoint.h
+++ b/src/core/lib/security/transport/secure_endpoint.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H
-#define GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H
+#ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURE_ENDPOINT_H
+#define GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURE_ENDPOINT_H
#include <grpc/support/slice.h>
#include "src/core/lib/iomgr/endpoint.h"
@@ -46,4 +46,4 @@ grpc_endpoint *grpc_secure_endpoint_create(
struct tsi_frame_protector *protector, grpc_endpoint *to_wrap,
gpr_slice *leftover_slices, size_t leftover_nslices);
-#endif /* GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H */
+#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURE_ENDPOINT_H */
diff --git a/src/core/lib/security/security_connector.c b/src/core/lib/security/transport/security_connector.c
similarity index 99%
rename from src/core/lib/security/security_connector.c
rename to src/core/lib/security/transport/security_connector.c
index 2d2023bdf5b942077c0208ad324fc6bfaf1b7df4..72173e7c9dc7edf735e2c4ec95031b667133a1cd 100644
--- a/src/core/lib/security/security_connector.c
+++ b/src/core/lib/security/transport/security_connector.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include <stdbool.h>
#include <string.h>
@@ -43,10 +43,10 @@
#include <grpc/support/string_util.h>
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/handshake.h"
-#include "src/core/lib/security/secure_endpoint.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/handshake.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/load_file.h"
#include "src/core/lib/support/string.h"
diff --git a/src/core/lib/security/security_connector.h b/src/core/lib/security/transport/security_connector.h
similarity index 98%
rename from src/core/lib/security/security_connector.h
rename to src/core/lib/security/transport/security_connector.h
index 2c893cd5e99f73fc606d63d1c4b259db912a05e3..84e586deaa01baf6e59ed9001dec50b49c8d9071 100644
--- a/src/core/lib/security/security_connector.h
+++ b/src/core/lib/security/transport/security_connector.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_H
-#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_H
+#ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURITY_CONNECTOR_H
+#define GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURITY_CONNECTOR_H
#include <grpc/grpc_security.h>
#include "src/core/lib/iomgr/endpoint.h"
@@ -263,4 +263,4 @@ tsi_peer tsi_shallow_peer_from_ssl_auth_context(
const grpc_auth_context *auth_context);
void tsi_shallow_peer_destruct(tsi_peer *peer);
-#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_H */
+#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURITY_CONNECTOR_H */
diff --git a/src/core/lib/security/server_auth_filter.c b/src/core/lib/security/transport/server_auth_filter.c
similarity index 98%
rename from src/core/lib/security/server_auth_filter.c
rename to src/core/lib/security/transport/server_auth_filter.c
index 3320497d21484bb5382dc0a8f80fdcf04d5a5caf..006a30f0c697bffae9ce309227c73f657e4a1fae 100644
--- a/src/core/lib/security/server_auth_filter.c
+++ b/src/core/lib/security/transport/server_auth_filter.c
@@ -33,9 +33,9 @@
#include <string.h>
-#include "src/core/lib/security/auth_filters.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/auth_filters.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
diff --git a/src/core/lib/security/b64.c b/src/core/lib/security/util/b64.c
similarity index 99%
rename from src/core/lib/security/b64.c
rename to src/core/lib/security/util/b64.c
index 87f0e05280e5ba9b0776706c2d5ce3bdc72677d4..9da42e4e73449c860fcefd685d54fc92d6c7215b 100644
--- a/src/core/lib/security/b64.c
+++ b/src/core/lib/security/util/b64.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/util/b64.h"
#include <stdint.h>
#include <string.h>
diff --git a/src/core/lib/security/b64.h b/src/core/lib/security/util/b64.h
similarity index 94%
rename from src/core/lib/security/b64.h
rename to src/core/lib/security/util/b64.h
index c515e7af2c99adab6b92e21d275f5e3d30d50e84..69080952873dc7800376f814a1de7c866cdfa694 100644
--- a/src/core/lib/security/b64.h
+++ b/src/core/lib/security/util/b64.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_B64_H
-#define GRPC_CORE_LIB_SECURITY_B64_H
+#ifndef GRPC_CORE_LIB_SECURITY_UTIL_B64_H
+#define GRPC_CORE_LIB_SECURITY_UTIL_B64_H
#include <grpc/support/slice.h>
@@ -49,4 +49,4 @@ gpr_slice grpc_base64_decode(const char *b64, int url_safe);
gpr_slice grpc_base64_decode_with_len(const char *b64, size_t b64_len,
int url_safe);
-#endif /* GRPC_CORE_LIB_SECURITY_B64_H */
+#endif /* GRPC_CORE_LIB_SECURITY_UTIL_B64_H */
diff --git a/src/core/lib/security/util/json_util.c b/src/core/lib/security/util/json_util.c
new file mode 100644
index 0000000000000000000000000000000000000000..7eed039baa0871bbddc64395fe486f02528a2104
--- /dev/null
+++ b/src/core/lib/security/util/json_util.c
@@ -0,0 +1,61 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/util/json_util.h"
+
+#include <string.h>
+
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+
+const char *grpc_json_get_string_property(const grpc_json *json,
+ const char *prop_name) {
+ grpc_json *child;
+ for (child = json->child; child != NULL; child = child->next) {
+ if (strcmp(child->key, prop_name) == 0) break;
+ }
+ if (child == NULL || child->type != GRPC_JSON_STRING) {
+ gpr_log(GPR_ERROR, "Invalid or missing %s property.", prop_name);
+ return NULL;
+ }
+ return child->value;
+}
+
+bool grpc_copy_json_string_property(const grpc_json *json,
+ const char *prop_name,
+ char **copied_value) {
+ const char *prop_value = grpc_json_get_string_property(json, prop_name);
+ if (prop_value == NULL) return false;
+ *copied_value = gpr_strdup(prop_value);
+ return true;
+}
diff --git a/src/core/lib/security/util/json_util.h b/src/core/lib/security/util/json_util.h
new file mode 100644
index 0000000000000000000000000000000000000000..137900593f697e3ee46bd4608de3756f67a51c6b
--- /dev/null
+++ b/src/core/lib/security/util/json_util.h
@@ -0,0 +1,55 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_UTIL_JSON_UTIL_H
+#define GRPC_CORE_LIB_SECURITY_UTIL_JSON_UTIL_H
+
+#include <stdbool.h>
+
+#include "src/core/lib/json/json.h"
+
+// Constants.
+#define GRPC_AUTH_JSON_TYPE_INVALID "invalid"
+#define GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT "service_account"
+#define GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER "authorized_user"
+
+// Gets a child property from a json node.
+const char *grpc_json_get_string_property(const grpc_json *json,
+ const char *prop_name);
+
+// Copies the value of the json child property specified by prop_name.
+// Returns false if the property was not found.
+bool grpc_copy_json_string_property(const grpc_json *json,
+ const char *prop_name, char **copied_value);
+
+#endif /* GRPC_CORE_LIB_SECURITY_UTIL_JSON_UTIL_H */
diff --git a/src/core/lib/support/murmur_hash.c b/src/core/lib/support/murmur_hash.c
index 5711fff0c0fc207257c00bf60af51f1c2d4c1be1..7137c1f31332c3ea2eff64840be341849c2a6b29 100644
--- a/src/core/lib/support/murmur_hash.c
+++ b/src/core/lib/support/murmur_hash.c
@@ -33,6 +33,8 @@
#include "src/core/lib/support/murmur_hash.h"
+#include <string.h>
+
#define ROTL32(x, r) ((x) << (r)) | ((x) >> (32 - (r)))
#define FMIX32(h) \
@@ -42,10 +44,6 @@
(h) *= 0xc2b2ae35; \
(h) ^= (h) >> 16;
-/* Block read - if your platform needs to do endian-swapping or can only
- handle aligned reads, do the conversion here */
-#define GETBLOCK32(p, i) (p)[(i)]
-
uint32_t gpr_murmur_hash3(const void *key, size_t len, uint32_t seed) {
const uint8_t *data = (const uint8_t *)key;
const size_t nblocks = len / 4;
@@ -62,7 +60,7 @@ uint32_t gpr_murmur_hash3(const void *key, size_t len, uint32_t seed) {
/* body */
for (i = -(int)nblocks; i; i++) {
- k1 = GETBLOCK32(blocks, i);
+ memcpy(&k1, blocks + i, sizeof(uint32_t));
k1 *= c1;
k1 = ROTL32(k1, 15);
diff --git a/src/core/lib/surface/init_secure.c b/src/core/lib/surface/init_secure.c
index 3fda2c9e1e45e6305338cf98fa6a317a3445d818..7ee7b51568ede51b16913f0564cbc0e7a72b64eb 100644
--- a/src/core/lib/surface/init_secure.c
+++ b/src/core/lib/surface/init_secure.c
@@ -37,10 +37,10 @@
#include <string.h>
#include "src/core/lib/debug/trace.h"
-#include "src/core/lib/security/auth_filters.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/secure_endpoint.h"
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/auth_filters.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/surface/channel_init.h"
#include "src/core/lib/tsi/transport_security_interface.h"
diff --git a/src/core/lib/transport/metadata.c b/src/core/lib/transport/metadata.c
index 5847ec9053d6a24fbf801a1f420703f6b7de6e56..82c8e239f6870c53bbee2dc5792c2d4cd5b52d40 100644
--- a/src/core/lib/transport/metadata.c
+++ b/src/core/lib/transport/metadata.c
@@ -373,7 +373,8 @@ grpc_mdstr *grpc_mdstr_from_buffer(const uint8_t *buf, size_t length) {
ss = g_static_strtab[idx];
if (ss == NULL) break;
if (ss->hash == hash && GPR_SLICE_LENGTH(ss->slice) == length &&
- 0 == memcmp(buf, GPR_SLICE_START_PTR(ss->slice), length)) {
+ (length == 0 ||
+ 0 == memcmp(buf, GPR_SLICE_START_PTR(ss->slice), length))) {
GPR_TIMER_END("grpc_mdstr_from_buffer", 0);
return ss;
}
diff --git a/src/python/grpcio/grpc/framework/foundation/future.py b/src/python/grpcio/grpc/framework/foundation/future.py
index 92106161504941452f31978117052a5a2722460e..6fb58eadb60922c42476de27a848ad3a28ef9531 100644
--- a/src/python/grpcio/grpc/framework/foundation/future.py
+++ b/src/python/grpcio/grpc/framework/foundation/future.py
@@ -232,6 +232,6 @@ class Future(six.with_metaclass(abc.ABCMeta)):
immediately.
Args:
- fn: A callable taking a this Future object as its single parameter.
+ fn: A callable taking this Future object as its single parameter.
"""
raise NotImplementedError()
diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py
index aa79c8c2a890e88284464c9c1a5097da44a8240a..be24dc7cf02b41b004417c83d7317a677bae18c8 100644
--- a/src/python/grpcio/grpc_core_dependencies.py
+++ b/src/python/grpcio/grpc_core_dependencies.py
@@ -182,20 +182,28 @@ CORE_SOURCE_FILES = [
'src/core/ext/transport/chttp2/transport/writing.c',
'src/core/ext/transport/chttp2/alpn/alpn.c',
'src/core/lib/http/httpcli_security_connector.c',
- 'src/core/lib/security/b64.c',
- 'src/core/lib/security/client_auth_filter.c',
- 'src/core/lib/security/credentials.c',
- 'src/core/lib/security/credentials_metadata.c',
- 'src/core/lib/security/credentials_posix.c',
- 'src/core/lib/security/credentials_win32.c',
- 'src/core/lib/security/google_default_credentials.c',
- 'src/core/lib/security/handshake.c',
- 'src/core/lib/security/json_token.c',
- 'src/core/lib/security/jwt_verifier.c',
- 'src/core/lib/security/secure_endpoint.c',
- 'src/core/lib/security/security_connector.c',
- 'src/core/lib/security/security_context.c',
- 'src/core/lib/security/server_auth_filter.c',
+ 'src/core/lib/security/context/security_context.c',
+ 'src/core/lib/security/credentials/composite/composite_credentials.c',
+ 'src/core/lib/security/credentials/credentials.c',
+ 'src/core/lib/security/credentials/credentials_metadata.c',
+ 'src/core/lib/security/credentials/fake/fake_credentials.c',
+ 'src/core/lib/security/credentials/google_default/credentials_posix.c',
+ 'src/core/lib/security/credentials/google_default/credentials_win32.c',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.c',
+ 'src/core/lib/security/credentials/iam/iam_credentials.c',
+ 'src/core/lib/security/credentials/jwt/json_token.c',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.c',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.c',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.c',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.c',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.c',
+ 'src/core/lib/security/transport/client_auth_filter.c',
+ 'src/core/lib/security/transport/handshake.c',
+ 'src/core/lib/security/transport/secure_endpoint.c',
+ 'src/core/lib/security/transport/security_connector.c',
+ 'src/core/lib/security/transport/server_auth_filter.c',
+ 'src/core/lib/security/util/b64.c',
+ 'src/core/lib/security/util/json_util.c',
'src/core/lib/surface/init_secure.c',
'src/core/lib/tsi/fake_transport_security.c',
'src/core/lib/tsi/ssl_transport_security.c',
diff --git a/templates/tools/dockerfile/test/sanity/Dockerfile.template b/templates/tools/dockerfile/test/sanity/Dockerfile.template
index 8e2140e648bb2ebca5d36271a30d958f1d01051f..9987e3526085634e228568ecdc1ad4536f44e27f 100644
--- a/templates/tools/dockerfile/test/sanity/Dockerfile.template
+++ b/templates/tools/dockerfile/test/sanity/Dockerfile.template
@@ -29,7 +29,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- FROM debian:jessie
+ FROM ubuntu:15.10
<%include file="../../apt_get_basic.include"/>
#========================
@@ -46,10 +46,8 @@
#======================================
# More sanity test dependencies (bazel)
- RUN echo "deb http://httpredir.debian.org/debian jessie-backports main" > \
- /etc/apt/sources.list.d/backports.list
- RUN apt-get update
- RUN apt-get -t jessie-backports install -y openjdk-8-jdk
+ RUN apt-get install -y openjdk-8-jdk
+ # TOOD(jtattermusch): pin the bazel version
RUN git clone https://github.com/bazelbuild/bazel.git /bazel
RUN cd /bazel && ./compile.sh
RUN ln -s /bazel/output/bazel /bin/
@@ -58,7 +56,6 @@
# Docker "inception"
# Note this is quite the ugly hack.
# This makes sure that the docker binary we inject has its dependencies.
- RUN apt-get install libsystemd-journal0
RUN curl https://get.docker.com/ | sh
RUN apt-get remove --purge -y docker-engine
diff --git a/test/core/client_config/set_initial_connect_string_test.c b/test/core/client_config/set_initial_connect_string_test.c
index 7eb5a01bf1ed4c69c33a95babbdafbadc6a47d79..d4efc937320f4fe4c26d5664f770473af7a815ad 100644
--- a/test/core/client_config/set_initial_connect_string_test.c
+++ b/test/core/client_config/set_initial_connect_string_test.c
@@ -41,7 +41,7 @@
#include "src/core/ext/client_config/initial_connect_string.h"
#include "src/core/lib/iomgr/sockaddr.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "src/core/lib/support/string.h"
#include "test/core/util/port.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/end2end/fixtures/h2_fakesec.c b/test/core/end2end/fixtures/h2_fakesec.c
index 246619bf685ebaaa3bd0a35c50615adb4aa0b0d5..44408b28afa9916d57be0d89d89b5d9809605110 100644
--- a/test/core/end2end/fixtures/h2_fakesec.c
+++ b/test/core/end2end/fixtures/h2_fakesec.c
@@ -40,7 +40,7 @@
#include <grpc/support/host_port.h>
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include "test/core/util/port.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/end2end/fixtures/h2_oauth2.c b/test/core/end2end/fixtures/h2_oauth2.c
index 550ff331408932c058d6b1d0fef689c177f308f6..fc56998cdb42ac9914c72f542cab107d999d77d1 100644
--- a/test/core/end2end/fixtures/h2_oauth2.c
+++ b/test/core/end2end/fixtures/h2_oauth2.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/iomgr/iomgr.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include "test/core/util/port.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/end2end/fixtures/h2_ssl.c b/test/core/end2end/fixtures/h2_ssl.c
index 69f761607461d2ca876c4a88a6afc6d6ffc9a9a5..eb28623264a4f5ee76908cf42a131e1710bb9f73 100644
--- a/test/core/end2end/fixtures/h2_ssl.c
+++ b/test/core/end2end/fixtures/h2_ssl.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/end2end/fixtures/h2_ssl_cert.c b/test/core/end2end/fixtures/h2_ssl_cert.c
index f4dea2cc01a7b002c04f6f22c83b488949bee690..0fa525175ba558a76bc237902887d797527f2a03 100644
--- a/test/core/end2end/fixtures/h2_ssl_cert.c
+++ b/test/core/end2end/fixtures/h2_ssl_cert.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/end2end/fixtures/h2_ssl_proxy.c b/test/core/end2end/fixtures/h2_ssl_proxy.c
index 151a86cb8f5aee04783754d0fb28b0e6f0c3eedc..238e6bca4611b8d4f66450677b3c74de128b814c 100644
--- a/test/core/end2end/fixtures/h2_ssl_proxy.c
+++ b/test/core/end2end/fixtures/h2_ssl_proxy.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/end2end/fixtures/proxy.c b/test/core/end2end/fixtures/proxy.c
index f6e01ec41c5a5a236434072694bd9f1aeac5a81a..7f10649fa696cadf7cd4b13feae6f5b50a5023d8 100644
--- a/test/core/end2end/fixtures/proxy.c
+++ b/test/core/end2end/fixtures/proxy.c
@@ -282,6 +282,8 @@ static void on_p2s_recv_msg(void *arg, int success) {
err = grpc_call_start_batch(pc->c2p, &op, 1,
new_closure(on_c2p_sent_message, pc), NULL);
GPR_ASSERT(err == GRPC_CALL_OK);
+ } else {
+ grpc_byte_buffer_destroy(pc->p2s_msg);
}
unrefpc(pc, "on_p2s_recv_msg");
}
diff --git a/test/core/end2end/fuzzers/api_fuzzer.c b/test/core/end2end/fuzzers/api_fuzzer.c
index e79aeb80f65e0ae428cf39a1ca9c079b9b692be4..e6cd88acee43c74b6d11ba8525462f08ab0717a1 100644
--- a/test/core/end2end/fuzzers/api_fuzzer.c
+++ b/test/core/end2end/fuzzers/api_fuzzer.c
@@ -424,15 +424,19 @@ static void add_to_free(call_state *call, void *p) {
static void read_metadata(input_stream *inp, size_t *count,
grpc_metadata **metadata, call_state *cs) {
*count = next_byte(inp);
- *metadata = gpr_malloc(*count * sizeof(**metadata));
- memset(*metadata, 0, *count * sizeof(**metadata));
- for (size_t i = 0; i < *count; i++) {
- (*metadata)[i].key = read_string(inp);
- read_buffer(inp, (char **)&(*metadata)[i].value,
- &(*metadata)[i].value_length);
- (*metadata)[i].flags = read_uint32(inp);
- add_to_free(cs, (void *)(*metadata)[i].key);
- add_to_free(cs, (void *)(*metadata)[i].value);
+ if (*count) {
+ *metadata = gpr_malloc(*count * sizeof(**metadata));
+ memset(*metadata, 0, *count * sizeof(**metadata));
+ for (size_t i = 0; i < *count; i++) {
+ (*metadata)[i].key = read_string(inp);
+ read_buffer(inp, (char **)&(*metadata)[i].value,
+ &(*metadata)[i].value_length);
+ (*metadata)[i].flags = read_uint32(inp);
+ add_to_free(cs, (void *)(*metadata)[i].key);
+ add_to_free(cs, (void *)(*metadata)[i].value);
+ }
+ } else {
+ *metadata = gpr_malloc(1);
}
add_to_free(cs, *metadata);
}
diff --git a/test/core/end2end/tests/call_creds.c b/test/core/end2end/tests/call_creds.c
index b555bea740b60e64281bf67f33bac62de74306e1..5c6791f6f78e34e7319f72c791402e670d1704b0 100644
--- a/test/core/end2end/tests/call_creds.c
+++ b/test/core/end2end/tests/call_creds.c
@@ -42,7 +42,7 @@
#include <grpc/support/log.h>
#include <grpc/support/time.h>
#include <grpc/support/useful.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/string.h"
#include "test/core/end2end/cq_verifier.h"
diff --git a/test/core/security/auth_context_test.c b/test/core/security/auth_context_test.c
index d1ead162359d43ff802b42e5e668e33d3d693b8a..e2f44ebe249873c6fb1bd0ca95d322e83cca65bb 100644
--- a/test/core/security/auth_context_test.c
+++ b/test/core/security/auth_context_test.c
@@ -33,7 +33,7 @@
#include <string.h>
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/support/string.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/security/b64_test.c b/test/core/security/b64_test.c
index cea870321d3bc2f2dc6c4c5e679fb967fa6040ec..b26bd026fdfd6eed655286b46816e2aa47b46670 100644
--- a/test/core/security/b64_test.c
+++ b/test/core/security/b64_test.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/util/b64.h"
#include <string.h>
diff --git a/test/core/security/create_jwt.c b/test/core/security/create_jwt.c
index 6d4707f3c7674422e4de381fc5bf9a86ad985ba5..3c36b767d302079121e231237f62d506c7faeca8 100644
--- a/test/core/security/create_jwt.c
+++ b/test/core/security/create_jwt.c
@@ -34,8 +34,7 @@
#include <stdio.h>
#include <string.h>
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
#include "src/core/lib/support/load_file.h"
#include <grpc/support/alloc.h>
diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c
index 786729327872b8a17b5280ab491fd15788dfa626..31e06372b9397e313d586aa2bedd5759c8509e69 100644
--- a/test/core/security/credentials_test.c
+++ b/test/core/security/credentials_test.c
@@ -33,7 +33,7 @@
#include <grpc/support/port_platform.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include <openssl/rsa.h>
#include <stdlib.h>
@@ -45,7 +45,10 @@
#include <grpc/support/time.h>
#include "src/core/lib/http/httpcli.h"
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/credentials/composite/composite_credentials.h"
+#include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
+#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
+#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c
index bd314e90d8e42347035d77c6acfa163d093d3721..2a102fb139bb4b5b6dee5ce3d0b4ca91023deacc 100644
--- a/test/core/security/fetch_oauth2.c
+++ b/test/core/security/fetch_oauth2.c
@@ -42,7 +42,7 @@
#include <grpc/support/slice.h>
#include <grpc/support/sync.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/load_file.h"
#include "test/core/security/oauth2_utils.h"
diff --git a/test/core/security/json_token_test.c b/test/core/security/json_token_test.c
index 3aee52ee5c6ff6d8fd8c961cf3f99bbee157f8f3..405fe56c46034d585236247aeb0b1eab47ea67bc 100644
--- a/test/core/security/json_token_test.c
+++ b/test/core/security/json_token_test.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/credentials/jwt/json_token.h"
#include <openssl/evp.h>
#include <string.h>
@@ -42,7 +42,8 @@
#include <grpc/support/slice.h>
#include "src/core/lib/json/json.h"
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
+#include "src/core/lib/security/util/b64.h"
#include "test/core/util/test_config.h"
/* This JSON key was generated with the GCE console and revoked immediately.
diff --git a/test/core/security/jwt_verifier_test.c b/test/core/security/jwt_verifier_test.c
index 077f44d1d667a0e6ab72bfb022ff510d630243e0..7f4f4ffadfc4d13dbdca0eac715d06a634c281dc 100644
--- a/test/core/security/jwt_verifier_test.c
+++ b/test/core/security/jwt_verifier_test.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/jwt_verifier.h"
+#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"
#include <string.h>
@@ -43,8 +43,8 @@
#include <grpc/support/string_util.h>
#include "src/core/lib/http/httpcli.h"
-#include "src/core/lib/security/b64.h"
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/credentials/jwt/json_token.h"
+#include "src/core/lib/security/util/b64.h"
#include "test/core/util/test_config.h"
/* This JSON key was generated with the GCE console and revoked immediately.
diff --git a/test/core/security/oauth2_utils.c b/test/core/security/oauth2_utils.c
index 20815d184cdbfb7f34d003caefe29932ff68632b..80d21cc602741c09a1a6e9fbf5fe7bbce2b410b0 100644
--- a/test/core/security/oauth2_utils.c
+++ b/test/core/security/oauth2_utils.c
@@ -42,7 +42,7 @@
#include <grpc/support/slice.h>
#include <grpc/support/sync.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
typedef struct {
gpr_mu *mu;
diff --git a/test/core/security/oauth2_utils.h b/test/core/security/oauth2_utils.h
index eff98270c8a30894d615dfd05f4059d2bb6480f3..0f4e8857b0fb562b445bfedeb77d6ac2a9a119f5 100644
--- a/test/core/security/oauth2_utils.h
+++ b/test/core/security/oauth2_utils.h
@@ -34,7 +34,7 @@
#ifndef GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H
#define GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#ifdef __cplusplus
extern "C" {
diff --git a/test/core/security/print_google_default_creds_token.c b/test/core/security/print_google_default_creds_token.c
index 99bce4fbdfbae8c3893be69b699c762cebe2ca80..1b7036cf9ea3288f9f10da83496a461be5abad35 100644
--- a/test/core/security/print_google_default_creds_token.c
+++ b/test/core/security/print_google_default_creds_token.c
@@ -42,7 +42,8 @@
#include <grpc/support/slice.h>
#include <grpc/support/sync.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/composite/composite_credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/string.h"
typedef struct {
diff --git a/test/core/security/secure_endpoint_test.c b/test/core/security/secure_endpoint_test.c
index aeaf38209bb3bc5066ac946e7b8f60776b71fdff..6aba21a98c2977df82b94f0894f6c15eea6449b6 100644
--- a/test/core/security/secure_endpoint_test.c
+++ b/test/core/security/secure_endpoint_test.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/iomgr/endpoint_pair.h"
#include "src/core/lib/iomgr/iomgr.h"
-#include "src/core/lib/security/secure_endpoint.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
#include "src/core/lib/tsi/fake_transport_security.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/security/security_connector_test.c b/test/core/security/security_connector_test.c
index 1a4e64b30c71a46f1cb12f6f182735233cccd8ac..6106bec9d3f90b7969b60b717d7d40dce2b1ab1c 100644
--- a/test/core/security/security_connector_test.c
+++ b/test/core/security/security_connector_test.c
@@ -40,8 +40,8 @@
#include <grpc/support/string_util.h>
#include <grpc/support/useful.h>
-#include "src/core/lib/security/security_connector.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/security/verify_jwt.c b/test/core/security/verify_jwt.c
index 2274fe18d82d39e7f96a5564765fa1ec21aba827..ecb873b655c5a399ea9b7693bc30b1b205f1fddd 100644
--- a/test/core/security/verify_jwt.c
+++ b/test/core/security/verify_jwt.c
@@ -42,7 +42,7 @@
#include <grpc/support/slice.h>
#include <grpc/support/sync.h>
-#include "src/core/lib/security/jwt_verifier.h"
+#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"
typedef struct {
grpc_pollset *pollset;
diff --git a/test/core/surface/secure_channel_create_test.c b/test/core/surface/secure_channel_create_test.c
index 80419efce4bf46abe0d620c8cd35d95dcb7769ea..b9525031678eb3957ecf8a79812d1f6b53451ef9 100644
--- a/test/core/surface/secure_channel_create_test.c
+++ b/test/core/surface/secure_channel_create_test.c
@@ -37,8 +37,8 @@
#include <grpc/grpc_security.h>
#include <grpc/support/log.h>
#include "src/core/ext/client_config/resolver_registry.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/surface/channel.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/surface/server_chttp2_test.c b/test/core/surface/server_chttp2_test.c
index d22c16497213ff6746f36ebca7f253a5a867f8b7..f42ca9f9cdfb87d8847f2743108b36511655e4ac 100644
--- a/test/core/surface/server_chttp2_test.c
+++ b/test/core/surface/server_chttp2_test.c
@@ -37,7 +37,8 @@
#include <grpc/support/host_port.h>
#include <grpc/support/log.h>
#include <grpc/support/time.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "src/core/lib/tsi/fake_transport_security.h"
#include "test/core/util/port.h"
#include "test/core/util/test_config.h"
diff --git a/test/cpp/common/auth_property_iterator_test.cc b/test/cpp/common/auth_property_iterator_test.cc
index 0e43d4e1e0dd5b6c0fd4ba4314615b86ace76b33..66225ff335cf34019eac153b50753f713e95e034 100644
--- a/test/cpp/common/auth_property_iterator_test.cc
+++ b/test/cpp/common/auth_property_iterator_test.cc
@@ -38,7 +38,7 @@
#include "test/cpp/util/string_ref_helper.h"
extern "C" {
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
}
using ::grpc::testing::ToString;
diff --git a/test/cpp/common/secure_auth_context_test.cc b/test/cpp/common/secure_auth_context_test.cc
index 067361334d911a9fb90d74b66237fae09587a3ca..b131452f7361cc5bb2e236dca4bc1c972a758098 100644
--- a/test/cpp/common/secure_auth_context_test.cc
+++ b/test/cpp/common/secure_auth_context_test.cc
@@ -38,7 +38,7 @@
#include "test/cpp/util/string_ref_helper.h"
extern "C" {
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
}
using grpc::testing::ToString;
diff --git a/test/cpp/end2end/end2end_test.cc b/test/cpp/end2end/end2end_test.cc
index e3408bff75eda5d32b5ceaf8d69cee69ea6d859c..f52aa52f39ffb261e319885f493fbfb15ce5073a 100644
--- a/test/cpp/end2end/end2end_test.cc
+++ b/test/cpp/end2end/end2end_test.cc
@@ -48,7 +48,7 @@
#include <grpc/support/time.h>
#include <gtest/gtest.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/proto/grpc/testing/duplicate/echo_duplicate.grpc.pb.h"
#include "src/proto/grpc/testing/echo.grpc.pb.h"
#include "test/core/util/port.h"
diff --git a/tools/dockerfile/test/sanity/Dockerfile b/tools/dockerfile/test/sanity/Dockerfile
index 43b2a0c3d96544e0137dc2df75e47d37e556b3e7..70a32c5586ad37dd6229523e9cb3ec73918b2122 100644
--- a/tools/dockerfile/test/sanity/Dockerfile
+++ b/tools/dockerfile/test/sanity/Dockerfile
@@ -27,7 +27,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-FROM debian:jessie
+FROM ubuntu:15.10
# Install Git and basic packages.
RUN apt-get update && apt-get install -y \
@@ -77,9 +77,8 @@ RUN pip install simplejson mako
#======================================
# More sanity test dependencies (bazel)
-RUN echo "deb http://httpredir.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list
-RUN apt-get update
-RUN apt-get -t jessie-backports install -y openjdk-8-jdk
+RUN apt-get install -y openjdk-8-jdk
+# TOOD(jtattermusch): pin the bazel version
RUN git clone https://github.com/bazelbuild/bazel.git /bazel
RUN cd /bazel && ./compile.sh
RUN ln -s /bazel/output/bazel /bin/
@@ -88,7 +87,6 @@ RUN ln -s /bazel/output/bazel /bin/
# Docker "inception"
# Note this is quite the ugly hack.
# This makes sure that the docker binary we inject has its dependencies.
-RUN apt-get install libsystemd-journal0
RUN curl https://get.docker.com/ | sh
RUN apt-get remove --purge -y docker-engine
diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal
index 5afed4201a7c4687ef45a2f38608457438966496..c3fd59b3c231f3cc648920612c43e4671d4910d0 100644
--- a/tools/doxygen/Doxyfile.core.internal
+++ b/tools/doxygen/Doxyfile.core.internal
@@ -884,15 +884,24 @@ src/core/ext/transport/chttp2/transport/stream_map.h \
src/core/ext/transport/chttp2/transport/timeout_encoding.h \
src/core/ext/transport/chttp2/transport/varint.h \
src/core/ext/transport/chttp2/alpn/alpn.h \
-src/core/lib/security/auth_filters.h \
-src/core/lib/security/b64.h \
-src/core/lib/security/credentials.h \
-src/core/lib/security/handshake.h \
-src/core/lib/security/json_token.h \
-src/core/lib/security/jwt_verifier.h \
-src/core/lib/security/secure_endpoint.h \
-src/core/lib/security/security_connector.h \
-src/core/lib/security/security_context.h \
+src/core/lib/security/context/security_context.h \
+src/core/lib/security/credentials/composite/composite_credentials.h \
+src/core/lib/security/credentials/credentials.h \
+src/core/lib/security/credentials/fake/fake_credentials.h \
+src/core/lib/security/credentials/google_default/google_default_credentials.h \
+src/core/lib/security/credentials/iam/iam_credentials.h \
+src/core/lib/security/credentials/jwt/json_token.h \
+src/core/lib/security/credentials/jwt/jwt_credentials.h \
+src/core/lib/security/credentials/jwt/jwt_verifier.h \
+src/core/lib/security/credentials/oauth2/oauth2_credentials.h \
+src/core/lib/security/credentials/plugin/plugin_credentials.h \
+src/core/lib/security/credentials/ssl/ssl_credentials.h \
+src/core/lib/security/transport/auth_filters.h \
+src/core/lib/security/transport/handshake.h \
+src/core/lib/security/transport/secure_endpoint.h \
+src/core/lib/security/transport/security_connector.h \
+src/core/lib/security/util/b64.h \
+src/core/lib/security/util/json_util.h \
src/core/lib/tsi/fake_transport_security.h \
src/core/lib/tsi/ssl_transport_security.h \
src/core/lib/tsi/ssl_types.h \
@@ -1033,20 +1042,28 @@ src/core/ext/transport/chttp2/transport/varint.c \
src/core/ext/transport/chttp2/transport/writing.c \
src/core/ext/transport/chttp2/alpn/alpn.c \
src/core/lib/http/httpcli_security_connector.c \
-src/core/lib/security/b64.c \
-src/core/lib/security/client_auth_filter.c \
-src/core/lib/security/credentials.c \
-src/core/lib/security/credentials_metadata.c \
-src/core/lib/security/credentials_posix.c \
-src/core/lib/security/credentials_win32.c \
-src/core/lib/security/google_default_credentials.c \
-src/core/lib/security/handshake.c \
-src/core/lib/security/json_token.c \
-src/core/lib/security/jwt_verifier.c \
-src/core/lib/security/secure_endpoint.c \
-src/core/lib/security/security_connector.c \
-src/core/lib/security/security_context.c \
-src/core/lib/security/server_auth_filter.c \
+src/core/lib/security/context/security_context.c \
+src/core/lib/security/credentials/composite/composite_credentials.c \
+src/core/lib/security/credentials/credentials.c \
+src/core/lib/security/credentials/credentials_metadata.c \
+src/core/lib/security/credentials/fake/fake_credentials.c \
+src/core/lib/security/credentials/google_default/credentials_posix.c \
+src/core/lib/security/credentials/google_default/credentials_win32.c \
+src/core/lib/security/credentials/google_default/google_default_credentials.c \
+src/core/lib/security/credentials/iam/iam_credentials.c \
+src/core/lib/security/credentials/jwt/json_token.c \
+src/core/lib/security/credentials/jwt/jwt_credentials.c \
+src/core/lib/security/credentials/jwt/jwt_verifier.c \
+src/core/lib/security/credentials/oauth2/oauth2_credentials.c \
+src/core/lib/security/credentials/plugin/plugin_credentials.c \
+src/core/lib/security/credentials/ssl/ssl_credentials.c \
+src/core/lib/security/transport/client_auth_filter.c \
+src/core/lib/security/transport/handshake.c \
+src/core/lib/security/transport/secure_endpoint.c \
+src/core/lib/security/transport/security_connector.c \
+src/core/lib/security/transport/server_auth_filter.c \
+src/core/lib/security/util/b64.c \
+src/core/lib/security/util/json_util.c \
src/core/lib/surface/init_secure.c \
src/core/lib/tsi/fake_transport_security.c \
src/core/lib/tsi/ssl_transport_security.c \
diff --git a/tools/jenkins/run_full_performance.sh b/tools/jenkins/run_full_performance.sh
index ad7172d9c29e69dcce6c29a4841bd39f086d91dc..bb1f79ff2c26611f5462d664afcfadc64a134cd9 100755
--- a/tools/jenkins/run_full_performance.sh
+++ b/tools/jenkins/run_full_performance.sh
@@ -40,13 +40,17 @@ tools/run_tests/run_performance_tests.py \
--netperf \
--category all \
--bq_result_table performance_test.performance_experiment \
- --remote_worker_host grpc-performance-server-8core grpc-performance-client-8core
+ --remote_worker_host grpc-performance-server-8core grpc-performance-client-8core \
+ || EXIT_CODE=1
# scalability with 32cores (and upload to a different BQ table)
tools/run_tests/run_performance_tests.py \
-l c++ java csharp go \
- --netperf
+ --netperf \
--category scalable \
- --bq_result_table performance_test.performance_experiment_32core
- --remote_worker_host grpc-performance-server-32core grpc-performance-client-32core
+ --bq_result_table performance_test.performance_experiment_32core \
+ --remote_worker_host grpc-performance-server-32core grpc-performance-client-32core \
+ || EXIT_CODE=1
+
+exit $EXIT_CODE
diff --git a/tools/run_tests/configs.json b/tools/run_tests/configs.json
index bcc4118d2f3a64c553c8414b8e6923b04b10af89..b0839ef026a5af61412b050d94aa568e6680eb48 100644
--- a/tools/run_tests/configs.json
+++ b/tools/run_tests/configs.json
@@ -57,7 +57,7 @@
{
"config": "ubsan",
"environ": {
- "UBSAN_OPTIONS": "print_stacktrace=1"
+ "UBSAN_OPTIONS": "halt_on_error=1:print_stacktrace=1"
},
"timeout_multiplier": 1.5
},
diff --git a/tools/run_tests/sources_and_headers.json b/tools/run_tests/sources_and_headers.json
index 64a49f5f7661ab26da1fb421db14ff7489c1dedf..913cd5a15db9302079d14fa61b1dee7a07e2599d 100644
--- a/tools/run_tests/sources_and_headers.json
+++ b/tools/run_tests/sources_and_headers.json
@@ -6053,15 +6053,24 @@
"include/grpc/grpc_cronet.h",
"include/grpc/grpc_security.h",
"include/grpc/grpc_security_constants.h",
- "src/core/lib/security/auth_filters.h",
- "src/core/lib/security/b64.h",
- "src/core/lib/security/credentials.h",
- "src/core/lib/security/handshake.h",
- "src/core/lib/security/json_token.h",
- "src/core/lib/security/jwt_verifier.h",
- "src/core/lib/security/secure_endpoint.h",
- "src/core/lib/security/security_connector.h",
- "src/core/lib/security/security_context.h"
+ "src/core/lib/security/context/security_context.h",
+ "src/core/lib/security/credentials/composite/composite_credentials.h",
+ "src/core/lib/security/credentials/credentials.h",
+ "src/core/lib/security/credentials/fake/fake_credentials.h",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.h",
+ "src/core/lib/security/credentials/iam/iam_credentials.h",
+ "src/core/lib/security/credentials/jwt/json_token.h",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.h",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.h",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.h",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.h",
+ "src/core/lib/security/transport/auth_filters.h",
+ "src/core/lib/security/transport/handshake.h",
+ "src/core/lib/security/transport/secure_endpoint.h",
+ "src/core/lib/security/transport/security_connector.h",
+ "src/core/lib/security/util/b64.h",
+ "src/core/lib/security/util/json_util.h"
],
"language": "c",
"name": "grpc_secure",
@@ -6070,29 +6079,46 @@
"include/grpc/grpc_security.h",
"include/grpc/grpc_security_constants.h",
"src/core/lib/http/httpcli_security_connector.c",
- "src/core/lib/security/auth_filters.h",
- "src/core/lib/security/b64.c",
- "src/core/lib/security/b64.h",
- "src/core/lib/security/client_auth_filter.c",
- "src/core/lib/security/credentials.c",
- "src/core/lib/security/credentials.h",
- "src/core/lib/security/credentials_metadata.c",
- "src/core/lib/security/credentials_posix.c",
- "src/core/lib/security/credentials_win32.c",
- "src/core/lib/security/google_default_credentials.c",
- "src/core/lib/security/handshake.c",
- "src/core/lib/security/handshake.h",
- "src/core/lib/security/json_token.c",
- "src/core/lib/security/json_token.h",
- "src/core/lib/security/jwt_verifier.c",
- "src/core/lib/security/jwt_verifier.h",
- "src/core/lib/security/secure_endpoint.c",
- "src/core/lib/security/secure_endpoint.h",
- "src/core/lib/security/security_connector.c",
- "src/core/lib/security/security_connector.h",
- "src/core/lib/security/security_context.c",
- "src/core/lib/security/security_context.h",
- "src/core/lib/security/server_auth_filter.c",
+ "src/core/lib/security/context/security_context.c",
+ "src/core/lib/security/context/security_context.h",
+ "src/core/lib/security/credentials/composite/composite_credentials.c",
+ "src/core/lib/security/credentials/composite/composite_credentials.h",
+ "src/core/lib/security/credentials/credentials.c",
+ "src/core/lib/security/credentials/credentials.h",
+ "src/core/lib/security/credentials/credentials_metadata.c",
+ "src/core/lib/security/credentials/fake/fake_credentials.c",
+ "src/core/lib/security/credentials/fake/fake_credentials.h",
+ "src/core/lib/security/credentials/google_default/credentials_posix.c",
+ "src/core/lib/security/credentials/google_default/credentials_win32.c",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.c",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.h",
+ "src/core/lib/security/credentials/iam/iam_credentials.c",
+ "src/core/lib/security/credentials/iam/iam_credentials.h",
+ "src/core/lib/security/credentials/jwt/json_token.c",
+ "src/core/lib/security/credentials/jwt/json_token.h",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.c",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.h",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.c",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.h",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.c",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.c",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.h",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.c",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.h",
+ "src/core/lib/security/transport/auth_filters.h",
+ "src/core/lib/security/transport/client_auth_filter.c",
+ "src/core/lib/security/transport/handshake.c",
+ "src/core/lib/security/transport/handshake.h",
+ "src/core/lib/security/transport/secure_endpoint.c",
+ "src/core/lib/security/transport/secure_endpoint.h",
+ "src/core/lib/security/transport/security_connector.c",
+ "src/core/lib/security/transport/security_connector.h",
+ "src/core/lib/security/transport/server_auth_filter.c",
+ "src/core/lib/security/util/b64.c",
+ "src/core/lib/security/util/b64.h",
+ "src/core/lib/security/util/json_util.c",
+ "src/core/lib/security/util/json_util.h",
"src/core/lib/surface/init_secure.c"
],
"third_party": false,
diff --git a/vsprojects/vcxproj/grpc/grpc.vcxproj b/vsprojects/vcxproj/grpc/grpc.vcxproj
index 2dba1de384c6f3b9ffa9ef504320a455a4e6e640..e5379dc6a494ee1d5ab1a1a8d0d04d39a9964c7b 100644
--- a/vsprojects/vcxproj/grpc/grpc.vcxproj
+++ b/vsprojects/vcxproj/grpc/grpc.vcxproj
@@ -393,15 +393,24 @@
<ClInclude Include="$(SolutionDir)\..\src\core\ext\transport\chttp2\transport\timeout_encoding.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\transport\chttp2\transport\varint.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\transport\chttp2\alpn\alpn.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\auth_filters.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\b64.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\handshake.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\json_token.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\jwt_verifier.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\secure_endpoint.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\security_connector.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\security_context.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\context\security_context.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\composite\composite_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\fake\fake_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\google_default_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\iam\iam_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\json_token.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_verifier.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\oauth2\oauth2_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\plugin\plugin_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\ssl\ssl_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\auth_filters.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\handshake.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\util\b64.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\util\json_util.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\tsi\fake_transport_security.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\tsi\ssl_transport_security.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\tsi\ssl_types.h" />
@@ -650,33 +659,49 @@
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\http\httpcli_security_connector.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\b64.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\context\security_context.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\client_auth_filter.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\composite\composite_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_metadata.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials_metadata.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_posix.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\fake\fake_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_win32.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\credentials_posix.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\google_default_credentials.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\credentials_win32.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\handshake.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\google_default_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\json_token.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\iam\iam_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\jwt_verifier.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\json_token.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\secure_endpoint.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\security_connector.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_verifier.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\security_context.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\oauth2\oauth2_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\server_auth_filter.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\plugin\plugin_credentials.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\ssl\ssl_credentials.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\client_auth_filter.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\handshake.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\server_auth_filter.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\util\b64.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\util\json_util.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\surface\init_secure.c">
</ClCompile>
diff --git a/vsprojects/vcxproj/grpc/grpc.vcxproj.filters b/vsprojects/vcxproj/grpc/grpc.vcxproj.filters
index 1c789193705198fa949ca469f662de8165a81d7b..95a5a73d268d4b0f1aaf7c27dd81e33dc5b46778 100644
--- a/vsprojects/vcxproj/grpc/grpc.vcxproj.filters
+++ b/vsprojects/vcxproj/grpc/grpc.vcxproj.filters
@@ -319,47 +319,71 @@
<ClCompile Include="$(SolutionDir)\..\src\core\lib\http\httpcli_security_connector.c">
<Filter>src\core\lib\http</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\b64.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\context\security_context.c">
+ <Filter>src\core\lib\security\context</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\client_auth_filter.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\composite\composite_credentials.c">
+ <Filter>src\core\lib\security\credentials\composite</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials.c">
+ <Filter>src\core\lib\security\credentials</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_metadata.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials_metadata.c">
+ <Filter>src\core\lib\security\credentials</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_posix.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\fake\fake_credentials.c">
+ <Filter>src\core\lib\security\credentials\fake</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_win32.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\credentials_posix.c">
+ <Filter>src\core\lib\security\credentials\google_default</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\google_default_credentials.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\credentials_win32.c">
+ <Filter>src\core\lib\security\credentials\google_default</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\handshake.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\google_default_credentials.c">
+ <Filter>src\core\lib\security\credentials\google_default</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\json_token.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\iam\iam_credentials.c">
+ <Filter>src\core\lib\security\credentials\iam</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\jwt_verifier.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\json_token.c">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\secure_endpoint.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_credentials.c">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\security_connector.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_verifier.c">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\security_context.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\oauth2\oauth2_credentials.c">
+ <Filter>src\core\lib\security\credentials\oauth2</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\server_auth_filter.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\plugin\plugin_credentials.c">
+ <Filter>src\core\lib\security\credentials\plugin</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\ssl\ssl_credentials.c">
+ <Filter>src\core\lib\security\credentials\ssl</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\client_auth_filter.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\handshake.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\server_auth_filter.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\util\b64.c">
+ <Filter>src\core\lib\security\util</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\util\json_util.c">
+ <Filter>src\core\lib\security\util</Filter>
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\surface\init_secure.c">
<Filter>src\core\lib\surface</Filter>
@@ -881,32 +905,59 @@
<ClInclude Include="$(SolutionDir)\..\src\core\ext\transport\chttp2\alpn\alpn.h">
<Filter>src\core\ext\transport\chttp2\alpn</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\auth_filters.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\context\security_context.h">
+ <Filter>src\core\lib\security\context</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\composite\composite_credentials.h">
+ <Filter>src\core\lib\security\credentials\composite</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials.h">
+ <Filter>src\core\lib\security\credentials</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\fake\fake_credentials.h">
+ <Filter>src\core\lib\security\credentials\fake</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\google_default_credentials.h">
+ <Filter>src\core\lib\security\credentials\google_default</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\iam\iam_credentials.h">
+ <Filter>src\core\lib\security\credentials\iam</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\json_token.h">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_credentials.h">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\b64.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_verifier.h">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\oauth2\oauth2_credentials.h">
+ <Filter>src\core\lib\security\credentials\oauth2</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\handshake.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\plugin\plugin_credentials.h">
+ <Filter>src\core\lib\security\credentials\plugin</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\json_token.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\ssl\ssl_credentials.h">
+ <Filter>src\core\lib\security\credentials\ssl</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\jwt_verifier.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\auth_filters.h">
+ <Filter>src\core\lib\security\transport</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\secure_endpoint.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\handshake.h">
+ <Filter>src\core\lib\security\transport</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\security_connector.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.h">
+ <Filter>src\core\lib\security\transport</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\security_context.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.h">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\util\b64.h">
+ <Filter>src\core\lib\security\util</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\util\json_util.h">
+ <Filter>src\core\lib\security\util</Filter>
</ClInclude>
<ClInclude Include="$(SolutionDir)\..\src\core\lib\tsi\fake_transport_security.h">
<Filter>src\core\lib\tsi</Filter>
@@ -1142,6 +1193,42 @@
<Filter Include="src\core\lib\security">
<UniqueIdentifier>{c4661d64-349f-01c1-1ba8-0602f9047595}</UniqueIdentifier>
</Filter>
+ <Filter Include="src\core\lib\security\context">
+ <UniqueIdentifier>{187b52e3-bc78-6c62-3e68-4eb19a257661}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials">
+ <UniqueIdentifier>{c8af33b1-f786-001d-3e92-140872dc9829}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\composite">
+ <UniqueIdentifier>{197ed135-5f84-9f6a-6751-38dc5e9dd38c}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\fake">
+ <UniqueIdentifier>{6d391299-53d7-ee6a-55aa-d4c46cd86e82}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\google_default">
+ <UniqueIdentifier>{412c7418-e90a-de77-5705-7890ba960911}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\iam">
+ <UniqueIdentifier>{718f826c-994b-7dd4-3042-0e999c5c22ba}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\jwt">
+ <UniqueIdentifier>{ab21bcdf-de99-5838-699a-19ecb0c4aa14}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\oauth2">
+ <UniqueIdentifier>{f47a7a32-3166-b899-3622-f062f372feea}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\plugin">
+ <UniqueIdentifier>{46120bcc-03e3-1aaa-fc61-9cef786bd70c}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\ssl">
+ <UniqueIdentifier>{9d7802bc-d459-1a9b-3c97-868cddcca1d1}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\transport">
+ <UniqueIdentifier>{b22e611f-8272-9914-24a5-8107ebf51eeb}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\util">
+ <UniqueIdentifier>{fcd7b397-aadd-556a-8aae-0cb7c893fbe0}</UniqueIdentifier>
+ </Filter>
<Filter Include="src\core\lib\surface">
<UniqueIdentifier>{a21971fb-304f-da08-b1b2-7bd8df8ac373}</UniqueIdentifier>
</Filter>