Refactoring the core security code.
As opposed to a flat directory, we now have the following structure:
- security
-context
- credentials
- composite
- fake
- google_default
- iam
- jwt
- oauth2
- plugin
- ssl
- transport
- util
We have not refactored the test code yet but this PR is already large
enough...
diff --git a/BUILD b/BUILD
index b4b10b5..ac16f07 100644
--- a/BUILD
+++ b/BUILD
@@ -255,15 +255,24 @@
"src/core/ext/transport/chttp2/transport/timeout_encoding.h",
"src/core/ext/transport/chttp2/transport/varint.h",
"src/core/ext/transport/chttp2/alpn/alpn.h",
- "src/core/lib/security/auth_filters.h",
- "src/core/lib/security/b64.h",
- "src/core/lib/security/credentials.h",
- "src/core/lib/security/handshake.h",
- "src/core/lib/security/json_token.h",
- "src/core/lib/security/jwt_verifier.h",
- "src/core/lib/security/secure_endpoint.h",
- "src/core/lib/security/security_connector.h",
- "src/core/lib/security/security_context.h",
+ "src/core/lib/security/context/security_context.h",
+ "src/core/lib/security/credentials/composite/composite_credentials.h",
+ "src/core/lib/security/credentials/credentials.h",
+ "src/core/lib/security/credentials/fake/fake_credentials.h",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.h",
+ "src/core/lib/security/credentials/iam/iam_credentials.h",
+ "src/core/lib/security/credentials/jwt/json_token.h",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.h",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.h",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.h",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.h",
+ "src/core/lib/security/transport/auth_filters.h",
+ "src/core/lib/security/transport/handshake.h",
+ "src/core/lib/security/transport/secure_endpoint.h",
+ "src/core/lib/security/transport/security_connector.h",
+ "src/core/lib/security/util/b64.h",
+ "src/core/lib/security/util/json_util.h",
"src/core/lib/tsi/fake_transport_security.h",
"src/core/lib/tsi/ssl_transport_security.h",
"src/core/lib/tsi/ssl_types.h",
@@ -399,20 +408,28 @@
"src/core/ext/transport/chttp2/transport/writing.c",
"src/core/ext/transport/chttp2/alpn/alpn.c",
"src/core/lib/http/httpcli_security_connector.c",
- "src/core/lib/security/b64.c",
- "src/core/lib/security/client_auth_filter.c",
- "src/core/lib/security/credentials.c",
- "src/core/lib/security/credentials_metadata.c",
- "src/core/lib/security/credentials_posix.c",
- "src/core/lib/security/credentials_win32.c",
- "src/core/lib/security/google_default_credentials.c",
- "src/core/lib/security/handshake.c",
- "src/core/lib/security/json_token.c",
- "src/core/lib/security/jwt_verifier.c",
- "src/core/lib/security/secure_endpoint.c",
- "src/core/lib/security/security_connector.c",
- "src/core/lib/security/security_context.c",
- "src/core/lib/security/server_auth_filter.c",
+ "src/core/lib/security/context/security_context.c",
+ "src/core/lib/security/credentials/composite/composite_credentials.c",
+ "src/core/lib/security/credentials/credentials.c",
+ "src/core/lib/security/credentials/credentials_metadata.c",
+ "src/core/lib/security/credentials/fake/fake_credentials.c",
+ "src/core/lib/security/credentials/google_default/credentials_posix.c",
+ "src/core/lib/security/credentials/google_default/credentials_win32.c",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.c",
+ "src/core/lib/security/credentials/iam/iam_credentials.c",
+ "src/core/lib/security/credentials/jwt/json_token.c",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.c",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.c",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.c",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.c",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.c",
+ "src/core/lib/security/transport/client_auth_filter.c",
+ "src/core/lib/security/transport/handshake.c",
+ "src/core/lib/security/transport/secure_endpoint.c",
+ "src/core/lib/security/transport/security_connector.c",
+ "src/core/lib/security/transport/server_auth_filter.c",
+ "src/core/lib/security/util/b64.c",
+ "src/core/lib/security/util/json_util.c",
"src/core/lib/surface/init_secure.c",
"src/core/lib/tsi/fake_transport_security.c",
"src/core/lib/tsi/ssl_transport_security.c",
@@ -1416,20 +1433,28 @@
"src/core/ext/transport/chttp2/transport/writing.c",
"src/core/ext/transport/chttp2/alpn/alpn.c",
"src/core/lib/http/httpcli_security_connector.c",
- "src/core/lib/security/b64.c",
- "src/core/lib/security/client_auth_filter.c",
- "src/core/lib/security/credentials.c",
- "src/core/lib/security/credentials_metadata.c",
- "src/core/lib/security/credentials_posix.c",
- "src/core/lib/security/credentials_win32.c",
- "src/core/lib/security/google_default_credentials.c",
- "src/core/lib/security/handshake.c",
- "src/core/lib/security/json_token.c",
- "src/core/lib/security/jwt_verifier.c",
- "src/core/lib/security/secure_endpoint.c",
- "src/core/lib/security/security_connector.c",
- "src/core/lib/security/security_context.c",
- "src/core/lib/security/server_auth_filter.c",
+ "src/core/lib/security/context/security_context.c",
+ "src/core/lib/security/credentials/composite/composite_credentials.c",
+ "src/core/lib/security/credentials/credentials.c",
+ "src/core/lib/security/credentials/credentials_metadata.c",
+ "src/core/lib/security/credentials/fake/fake_credentials.c",
+ "src/core/lib/security/credentials/google_default/credentials_posix.c",
+ "src/core/lib/security/credentials/google_default/credentials_win32.c",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.c",
+ "src/core/lib/security/credentials/iam/iam_credentials.c",
+ "src/core/lib/security/credentials/jwt/json_token.c",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.c",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.c",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.c",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.c",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.c",
+ "src/core/lib/security/transport/client_auth_filter.c",
+ "src/core/lib/security/transport/handshake.c",
+ "src/core/lib/security/transport/secure_endpoint.c",
+ "src/core/lib/security/transport/security_connector.c",
+ "src/core/lib/security/transport/server_auth_filter.c",
+ "src/core/lib/security/util/b64.c",
+ "src/core/lib/security/util/json_util.c",
"src/core/lib/surface/init_secure.c",
"src/core/lib/tsi/fake_transport_security.c",
"src/core/lib/tsi/ssl_transport_security.c",
@@ -1596,15 +1621,24 @@
"src/core/ext/transport/chttp2/transport/timeout_encoding.h",
"src/core/ext/transport/chttp2/transport/varint.h",
"src/core/ext/transport/chttp2/alpn/alpn.h",
- "src/core/lib/security/auth_filters.h",
- "src/core/lib/security/b64.h",
- "src/core/lib/security/credentials.h",
- "src/core/lib/security/handshake.h",
- "src/core/lib/security/json_token.h",
- "src/core/lib/security/jwt_verifier.h",
- "src/core/lib/security/secure_endpoint.h",
- "src/core/lib/security/security_connector.h",
- "src/core/lib/security/security_context.h",
+ "src/core/lib/security/context/security_context.h",
+ "src/core/lib/security/credentials/composite/composite_credentials.h",
+ "src/core/lib/security/credentials/credentials.h",
+ "src/core/lib/security/credentials/fake/fake_credentials.h",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.h",
+ "src/core/lib/security/credentials/iam/iam_credentials.h",
+ "src/core/lib/security/credentials/jwt/json_token.h",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.h",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.h",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.h",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.h",
+ "src/core/lib/security/transport/auth_filters.h",
+ "src/core/lib/security/transport/handshake.h",
+ "src/core/lib/security/transport/secure_endpoint.h",
+ "src/core/lib/security/transport/security_connector.h",
+ "src/core/lib/security/util/b64.h",
+ "src/core/lib/security/util/json_util.h",
"src/core/lib/tsi/fake_transport_security.h",
"src/core/lib/tsi/ssl_transport_security.h",
"src/core/lib/tsi/ssl_types.h",
diff --git a/Makefile b/Makefile
index 922e0b0..64ecf38 100644
--- a/Makefile
+++ b/Makefile
@@ -2583,20 +2583,28 @@
src/core/ext/transport/chttp2/transport/writing.c \
src/core/ext/transport/chttp2/alpn/alpn.c \
src/core/lib/http/httpcli_security_connector.c \
- src/core/lib/security/b64.c \
- src/core/lib/security/client_auth_filter.c \
- src/core/lib/security/credentials.c \
- src/core/lib/security/credentials_metadata.c \
- src/core/lib/security/credentials_posix.c \
- src/core/lib/security/credentials_win32.c \
- src/core/lib/security/google_default_credentials.c \
- src/core/lib/security/handshake.c \
- src/core/lib/security/json_token.c \
- src/core/lib/security/jwt_verifier.c \
- src/core/lib/security/secure_endpoint.c \
- src/core/lib/security/security_connector.c \
- src/core/lib/security/security_context.c \
- src/core/lib/security/server_auth_filter.c \
+ src/core/lib/security/context/security_context.c \
+ src/core/lib/security/credentials/composite/composite_credentials.c \
+ src/core/lib/security/credentials/credentials.c \
+ src/core/lib/security/credentials/credentials_metadata.c \
+ src/core/lib/security/credentials/fake/fake_credentials.c \
+ src/core/lib/security/credentials/google_default/credentials_posix.c \
+ src/core/lib/security/credentials/google_default/credentials_win32.c \
+ src/core/lib/security/credentials/google_default/google_default_credentials.c \
+ src/core/lib/security/credentials/iam/iam_credentials.c \
+ src/core/lib/security/credentials/jwt/json_token.c \
+ src/core/lib/security/credentials/jwt/jwt_credentials.c \
+ src/core/lib/security/credentials/jwt/jwt_verifier.c \
+ src/core/lib/security/credentials/oauth2/oauth2_credentials.c \
+ src/core/lib/security/credentials/plugin/plugin_credentials.c \
+ src/core/lib/security/credentials/ssl/ssl_credentials.c \
+ src/core/lib/security/transport/client_auth_filter.c \
+ src/core/lib/security/transport/handshake.c \
+ src/core/lib/security/transport/secure_endpoint.c \
+ src/core/lib/security/transport/security_connector.c \
+ src/core/lib/security/transport/server_auth_filter.c \
+ src/core/lib/security/util/b64.c \
+ src/core/lib/security/util/json_util.c \
src/core/lib/surface/init_secure.c \
src/core/lib/tsi/fake_transport_security.c \
src/core/lib/tsi/ssl_transport_security.c \
@@ -14314,20 +14322,28 @@
src/core/ext/transport/chttp2/client/secure/secure_channel_create.c: $(OPENSSL_DEP)
src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c: $(OPENSSL_DEP)
src/core/lib/http/httpcli_security_connector.c: $(OPENSSL_DEP)
-src/core/lib/security/b64.c: $(OPENSSL_DEP)
-src/core/lib/security/client_auth_filter.c: $(OPENSSL_DEP)
-src/core/lib/security/credentials.c: $(OPENSSL_DEP)
-src/core/lib/security/credentials_metadata.c: $(OPENSSL_DEP)
-src/core/lib/security/credentials_posix.c: $(OPENSSL_DEP)
-src/core/lib/security/credentials_win32.c: $(OPENSSL_DEP)
-src/core/lib/security/google_default_credentials.c: $(OPENSSL_DEP)
-src/core/lib/security/handshake.c: $(OPENSSL_DEP)
-src/core/lib/security/json_token.c: $(OPENSSL_DEP)
-src/core/lib/security/jwt_verifier.c: $(OPENSSL_DEP)
-src/core/lib/security/secure_endpoint.c: $(OPENSSL_DEP)
-src/core/lib/security/security_connector.c: $(OPENSSL_DEP)
-src/core/lib/security/security_context.c: $(OPENSSL_DEP)
-src/core/lib/security/server_auth_filter.c: $(OPENSSL_DEP)
+src/core/lib/security/context/security_context.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/composite/composite_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/credentials_metadata.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/fake/fake_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/google_default/credentials_posix.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/google_default/credentials_win32.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/google_default/google_default_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/iam/iam_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/jwt/json_token.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/jwt/jwt_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/jwt/jwt_verifier.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/oauth2/oauth2_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/plugin/plugin_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/credentials/ssl/ssl_credentials.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/client_auth_filter.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/handshake.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/secure_endpoint.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/security_connector.c: $(OPENSSL_DEP)
+src/core/lib/security/transport/server_auth_filter.c: $(OPENSSL_DEP)
+src/core/lib/security/util/b64.c: $(OPENSSL_DEP)
+src/core/lib/security/util/json_util.c: $(OPENSSL_DEP)
src/core/lib/surface/init_secure.c: $(OPENSSL_DEP)
src/core/lib/tsi/fake_transport_security.c: $(OPENSSL_DEP)
src/core/lib/tsi/ssl_transport_security.c: $(OPENSSL_DEP)
diff --git a/binding.gyp b/binding.gyp
index 4314ab7..06e742c 100644
--- a/binding.gyp
+++ b/binding.gyp
@@ -669,20 +669,28 @@
'src/core/ext/transport/chttp2/transport/writing.c',
'src/core/ext/transport/chttp2/alpn/alpn.c',
'src/core/lib/http/httpcli_security_connector.c',
- 'src/core/lib/security/b64.c',
- 'src/core/lib/security/client_auth_filter.c',
- 'src/core/lib/security/credentials.c',
- 'src/core/lib/security/credentials_metadata.c',
- 'src/core/lib/security/credentials_posix.c',
- 'src/core/lib/security/credentials_win32.c',
- 'src/core/lib/security/google_default_credentials.c',
- 'src/core/lib/security/handshake.c',
- 'src/core/lib/security/json_token.c',
- 'src/core/lib/security/jwt_verifier.c',
- 'src/core/lib/security/secure_endpoint.c',
- 'src/core/lib/security/security_connector.c',
- 'src/core/lib/security/security_context.c',
- 'src/core/lib/security/server_auth_filter.c',
+ 'src/core/lib/security/context/security_context.c',
+ 'src/core/lib/security/credentials/composite/composite_credentials.c',
+ 'src/core/lib/security/credentials/credentials.c',
+ 'src/core/lib/security/credentials/credentials_metadata.c',
+ 'src/core/lib/security/credentials/fake/fake_credentials.c',
+ 'src/core/lib/security/credentials/google_default/credentials_posix.c',
+ 'src/core/lib/security/credentials/google_default/credentials_win32.c',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.c',
+ 'src/core/lib/security/credentials/iam/iam_credentials.c',
+ 'src/core/lib/security/credentials/jwt/json_token.c',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.c',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.c',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.c',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.c',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.c',
+ 'src/core/lib/security/transport/client_auth_filter.c',
+ 'src/core/lib/security/transport/handshake.c',
+ 'src/core/lib/security/transport/secure_endpoint.c',
+ 'src/core/lib/security/transport/security_connector.c',
+ 'src/core/lib/security/transport/server_auth_filter.c',
+ 'src/core/lib/security/util/b64.c',
+ 'src/core/lib/security/util/json_util.c',
'src/core/lib/surface/init_secure.c',
'src/core/lib/tsi/fake_transport_security.c',
'src/core/lib/tsi/ssl_transport_security.c',
diff --git a/build.yaml b/build.yaml
index 441752d..1d86900 100644
--- a/build.yaml
+++ b/build.yaml
@@ -402,31 +402,48 @@
- include/grpc/grpc_security.h
- include/grpc/grpc_security_constants.h
headers:
- - src/core/lib/security/auth_filters.h
- - src/core/lib/security/b64.h
- - src/core/lib/security/credentials.h
- - src/core/lib/security/handshake.h
- - src/core/lib/security/json_token.h
- - src/core/lib/security/jwt_verifier.h
- - src/core/lib/security/secure_endpoint.h
- - src/core/lib/security/security_connector.h
- - src/core/lib/security/security_context.h
+ - src/core/lib/security/context/security_context.h
+ - src/core/lib/security/credentials/composite/composite_credentials.h
+ - src/core/lib/security/credentials/credentials.h
+ - src/core/lib/security/credentials/fake/fake_credentials.h
+ - src/core/lib/security/credentials/google_default/google_default_credentials.h
+ - src/core/lib/security/credentials/iam/iam_credentials.h
+ - src/core/lib/security/credentials/jwt/json_token.h
+ - src/core/lib/security/credentials/jwt/jwt_credentials.h
+ - src/core/lib/security/credentials/jwt/jwt_verifier.h
+ - src/core/lib/security/credentials/oauth2/oauth2_credentials.h
+ - src/core/lib/security/credentials/plugin/plugin_credentials.h
+ - src/core/lib/security/credentials/ssl/ssl_credentials.h
+ - src/core/lib/security/transport/auth_filters.h
+ - src/core/lib/security/transport/handshake.h
+ - src/core/lib/security/transport/secure_endpoint.h
+ - src/core/lib/security/transport/security_connector.h
+ - src/core/lib/security/util/b64.h
+ - src/core/lib/security/util/json_util.h
src:
- src/core/lib/http/httpcli_security_connector.c
- - src/core/lib/security/b64.c
- - src/core/lib/security/client_auth_filter.c
- - src/core/lib/security/credentials.c
- - src/core/lib/security/credentials_metadata.c
- - src/core/lib/security/credentials_posix.c
- - src/core/lib/security/credentials_win32.c
- - src/core/lib/security/google_default_credentials.c
- - src/core/lib/security/handshake.c
- - src/core/lib/security/json_token.c
- - src/core/lib/security/jwt_verifier.c
- - src/core/lib/security/secure_endpoint.c
- - src/core/lib/security/security_connector.c
- - src/core/lib/security/security_context.c
- - src/core/lib/security/server_auth_filter.c
+ - src/core/lib/security/context/security_context.c
+ - src/core/lib/security/credentials/composite/composite_credentials.c
+ - src/core/lib/security/credentials/credentials.c
+ - src/core/lib/security/credentials/credentials_metadata.c
+ - src/core/lib/security/credentials/fake/fake_credentials.c
+ - src/core/lib/security/credentials/google_default/credentials_posix.c
+ - src/core/lib/security/credentials/google_default/credentials_win32.c
+ - src/core/lib/security/credentials/google_default/google_default_credentials.c
+ - src/core/lib/security/credentials/iam/iam_credentials.c
+ - src/core/lib/security/credentials/jwt/json_token.c
+ - src/core/lib/security/credentials/jwt/jwt_credentials.c
+ - src/core/lib/security/credentials/jwt/jwt_verifier.c
+ - src/core/lib/security/credentials/oauth2/oauth2_credentials.c
+ - src/core/lib/security/credentials/plugin/plugin_credentials.c
+ - src/core/lib/security/credentials/ssl/ssl_credentials.c
+ - src/core/lib/security/transport/client_auth_filter.c
+ - src/core/lib/security/transport/handshake.c
+ - src/core/lib/security/transport/secure_endpoint.c
+ - src/core/lib/security/transport/security_connector.c
+ - src/core/lib/security/transport/server_auth_filter.c
+ - src/core/lib/security/util/b64.c
+ - src/core/lib/security/util/json_util.c
- src/core/lib/surface/init_secure.c
secure: true
uses:
diff --git a/config.m4 b/config.m4
index 74f9ad2..40e827d 100644
--- a/config.m4
+++ b/config.m4
@@ -188,20 +188,28 @@
src/core/ext/transport/chttp2/transport/writing.c \
src/core/ext/transport/chttp2/alpn/alpn.c \
src/core/lib/http/httpcli_security_connector.c \
- src/core/lib/security/b64.c \
- src/core/lib/security/client_auth_filter.c \
- src/core/lib/security/credentials.c \
- src/core/lib/security/credentials_metadata.c \
- src/core/lib/security/credentials_posix.c \
- src/core/lib/security/credentials_win32.c \
- src/core/lib/security/google_default_credentials.c \
- src/core/lib/security/handshake.c \
- src/core/lib/security/json_token.c \
- src/core/lib/security/jwt_verifier.c \
- src/core/lib/security/secure_endpoint.c \
- src/core/lib/security/security_connector.c \
- src/core/lib/security/security_context.c \
- src/core/lib/security/server_auth_filter.c \
+ src/core/lib/security/context/security_context.c \
+ src/core/lib/security/credentials/composite/composite_credentials.c \
+ src/core/lib/security/credentials/credentials.c \
+ src/core/lib/security/credentials/credentials_metadata.c \
+ src/core/lib/security/credentials/fake/fake_credentials.c \
+ src/core/lib/security/credentials/google_default/credentials_posix.c \
+ src/core/lib/security/credentials/google_default/credentials_win32.c \
+ src/core/lib/security/credentials/google_default/google_default_credentials.c \
+ src/core/lib/security/credentials/iam/iam_credentials.c \
+ src/core/lib/security/credentials/jwt/json_token.c \
+ src/core/lib/security/credentials/jwt/jwt_credentials.c \
+ src/core/lib/security/credentials/jwt/jwt_verifier.c \
+ src/core/lib/security/credentials/oauth2/oauth2_credentials.c \
+ src/core/lib/security/credentials/plugin/plugin_credentials.c \
+ src/core/lib/security/credentials/ssl/ssl_credentials.c \
+ src/core/lib/security/transport/client_auth_filter.c \
+ src/core/lib/security/transport/handshake.c \
+ src/core/lib/security/transport/secure_endpoint.c \
+ src/core/lib/security/transport/security_connector.c \
+ src/core/lib/security/transport/server_auth_filter.c \
+ src/core/lib/security/util/b64.c \
+ src/core/lib/security/util/json_util.c \
src/core/lib/surface/init_secure.c \
src/core/lib/tsi/fake_transport_security.c \
src/core/lib/tsi/ssl_transport_security.c \
@@ -573,7 +581,18 @@
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/iomgr)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/json)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/profiling)
- PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/context)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/composite)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/fake)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/google_default)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/iam)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/jwt)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/oauth2)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/plugin)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/ssl)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/transport)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/util)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/support)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/surface)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/transport)
diff --git a/gRPC.podspec b/gRPC.podspec
index 77d35bd..9ae4ea7 100644
--- a/gRPC.podspec
+++ b/gRPC.podspec
@@ -257,15 +257,24 @@
'src/core/ext/transport/chttp2/transport/timeout_encoding.h',
'src/core/ext/transport/chttp2/transport/varint.h',
'src/core/ext/transport/chttp2/alpn/alpn.h',
- 'src/core/lib/security/auth_filters.h',
- 'src/core/lib/security/b64.h',
- 'src/core/lib/security/credentials.h',
- 'src/core/lib/security/handshake.h',
- 'src/core/lib/security/json_token.h',
- 'src/core/lib/security/jwt_verifier.h',
- 'src/core/lib/security/secure_endpoint.h',
- 'src/core/lib/security/security_connector.h',
- 'src/core/lib/security/security_context.h',
+ 'src/core/lib/security/context/security_context.h',
+ 'src/core/lib/security/credentials/composite/composite_credentials.h',
+ 'src/core/lib/security/credentials/credentials.h',
+ 'src/core/lib/security/credentials/fake/fake_credentials.h',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.h',
+ 'src/core/lib/security/credentials/iam/iam_credentials.h',
+ 'src/core/lib/security/credentials/jwt/json_token.h',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.h',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.h',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.h',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.h',
+ 'src/core/lib/security/transport/auth_filters.h',
+ 'src/core/lib/security/transport/handshake.h',
+ 'src/core/lib/security/transport/secure_endpoint.h',
+ 'src/core/lib/security/transport/security_connector.h',
+ 'src/core/lib/security/util/b64.h',
+ 'src/core/lib/security/util/json_util.h',
'src/core/lib/tsi/fake_transport_security.h',
'src/core/lib/tsi/ssl_transport_security.h',
'src/core/lib/tsi/ssl_types.h',
@@ -433,20 +442,28 @@
'src/core/ext/transport/chttp2/transport/writing.c',
'src/core/ext/transport/chttp2/alpn/alpn.c',
'src/core/lib/http/httpcli_security_connector.c',
- 'src/core/lib/security/b64.c',
- 'src/core/lib/security/client_auth_filter.c',
- 'src/core/lib/security/credentials.c',
- 'src/core/lib/security/credentials_metadata.c',
- 'src/core/lib/security/credentials_posix.c',
- 'src/core/lib/security/credentials_win32.c',
- 'src/core/lib/security/google_default_credentials.c',
- 'src/core/lib/security/handshake.c',
- 'src/core/lib/security/json_token.c',
- 'src/core/lib/security/jwt_verifier.c',
- 'src/core/lib/security/secure_endpoint.c',
- 'src/core/lib/security/security_connector.c',
- 'src/core/lib/security/security_context.c',
- 'src/core/lib/security/server_auth_filter.c',
+ 'src/core/lib/security/context/security_context.c',
+ 'src/core/lib/security/credentials/composite/composite_credentials.c',
+ 'src/core/lib/security/credentials/credentials.c',
+ 'src/core/lib/security/credentials/credentials_metadata.c',
+ 'src/core/lib/security/credentials/fake/fake_credentials.c',
+ 'src/core/lib/security/credentials/google_default/credentials_posix.c',
+ 'src/core/lib/security/credentials/google_default/credentials_win32.c',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.c',
+ 'src/core/lib/security/credentials/iam/iam_credentials.c',
+ 'src/core/lib/security/credentials/jwt/json_token.c',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.c',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.c',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.c',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.c',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.c',
+ 'src/core/lib/security/transport/client_auth_filter.c',
+ 'src/core/lib/security/transport/handshake.c',
+ 'src/core/lib/security/transport/secure_endpoint.c',
+ 'src/core/lib/security/transport/security_connector.c',
+ 'src/core/lib/security/transport/server_auth_filter.c',
+ 'src/core/lib/security/util/b64.c',
+ 'src/core/lib/security/util/json_util.c',
'src/core/lib/surface/init_secure.c',
'src/core/lib/tsi/fake_transport_security.c',
'src/core/lib/tsi/ssl_transport_security.c',
@@ -599,15 +616,24 @@
'src/core/ext/transport/chttp2/transport/timeout_encoding.h',
'src/core/ext/transport/chttp2/transport/varint.h',
'src/core/ext/transport/chttp2/alpn/alpn.h',
- 'src/core/lib/security/auth_filters.h',
- 'src/core/lib/security/b64.h',
- 'src/core/lib/security/credentials.h',
- 'src/core/lib/security/handshake.h',
- 'src/core/lib/security/json_token.h',
- 'src/core/lib/security/jwt_verifier.h',
- 'src/core/lib/security/secure_endpoint.h',
- 'src/core/lib/security/security_connector.h',
- 'src/core/lib/security/security_context.h',
+ 'src/core/lib/security/context/security_context.h',
+ 'src/core/lib/security/credentials/composite/composite_credentials.h',
+ 'src/core/lib/security/credentials/credentials.h',
+ 'src/core/lib/security/credentials/fake/fake_credentials.h',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.h',
+ 'src/core/lib/security/credentials/iam/iam_credentials.h',
+ 'src/core/lib/security/credentials/jwt/json_token.h',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.h',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.h',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.h',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.h',
+ 'src/core/lib/security/transport/auth_filters.h',
+ 'src/core/lib/security/transport/handshake.h',
+ 'src/core/lib/security/transport/secure_endpoint.h',
+ 'src/core/lib/security/transport/security_connector.h',
+ 'src/core/lib/security/util/b64.h',
+ 'src/core/lib/security/util/json_util.h',
'src/core/lib/tsi/fake_transport_security.h',
'src/core/lib/tsi/ssl_transport_security.h',
'src/core/lib/tsi/ssl_types.h',
diff --git a/grpc.gemspec b/grpc.gemspec
index e68cd81..ffdce9d 100755
--- a/grpc.gemspec
+++ b/grpc.gemspec
@@ -265,15 +265,24 @@
s.files += %w( src/core/ext/transport/chttp2/transport/timeout_encoding.h )
s.files += %w( src/core/ext/transport/chttp2/transport/varint.h )
s.files += %w( src/core/ext/transport/chttp2/alpn/alpn.h )
- s.files += %w( src/core/lib/security/auth_filters.h )
- s.files += %w( src/core/lib/security/b64.h )
- s.files += %w( src/core/lib/security/credentials.h )
- s.files += %w( src/core/lib/security/handshake.h )
- s.files += %w( src/core/lib/security/json_token.h )
- s.files += %w( src/core/lib/security/jwt_verifier.h )
- s.files += %w( src/core/lib/security/secure_endpoint.h )
- s.files += %w( src/core/lib/security/security_connector.h )
- s.files += %w( src/core/lib/security/security_context.h )
+ s.files += %w( src/core/lib/security/context/security_context.h )
+ s.files += %w( src/core/lib/security/credentials/composite/composite_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/credentials.h )
+ s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/iam/iam_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/jwt/json_token.h )
+ s.files += %w( src/core/lib/security/credentials/jwt/jwt_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/jwt/jwt_verifier.h )
+ s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.h )
+ s.files += %w( src/core/lib/security/transport/auth_filters.h )
+ s.files += %w( src/core/lib/security/transport/handshake.h )
+ s.files += %w( src/core/lib/security/transport/secure_endpoint.h )
+ s.files += %w( src/core/lib/security/transport/security_connector.h )
+ s.files += %w( src/core/lib/security/util/b64.h )
+ s.files += %w( src/core/lib/security/util/json_util.h )
s.files += %w( src/core/lib/tsi/fake_transport_security.h )
s.files += %w( src/core/lib/tsi/ssl_transport_security.h )
s.files += %w( src/core/lib/tsi/ssl_types.h )
@@ -413,20 +422,28 @@
s.files += %w( src/core/ext/transport/chttp2/transport/writing.c )
s.files += %w( src/core/ext/transport/chttp2/alpn/alpn.c )
s.files += %w( src/core/lib/http/httpcli_security_connector.c )
- s.files += %w( src/core/lib/security/b64.c )
- s.files += %w( src/core/lib/security/client_auth_filter.c )
- s.files += %w( src/core/lib/security/credentials.c )
- s.files += %w( src/core/lib/security/credentials_metadata.c )
- s.files += %w( src/core/lib/security/credentials_posix.c )
- s.files += %w( src/core/lib/security/credentials_win32.c )
- s.files += %w( src/core/lib/security/google_default_credentials.c )
- s.files += %w( src/core/lib/security/handshake.c )
- s.files += %w( src/core/lib/security/json_token.c )
- s.files += %w( src/core/lib/security/jwt_verifier.c )
- s.files += %w( src/core/lib/security/secure_endpoint.c )
- s.files += %w( src/core/lib/security/security_connector.c )
- s.files += %w( src/core/lib/security/security_context.c )
- s.files += %w( src/core/lib/security/server_auth_filter.c )
+ s.files += %w( src/core/lib/security/context/security_context.c )
+ s.files += %w( src/core/lib/security/credentials/composite/composite_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/credentials.c )
+ s.files += %w( src/core/lib/security/credentials/credentials_metadata.c )
+ s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/google_default/credentials_posix.c )
+ s.files += %w( src/core/lib/security/credentials/google_default/credentials_win32.c )
+ s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/iam/iam_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/jwt/json_token.c )
+ s.files += %w( src/core/lib/security/credentials/jwt/jwt_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/jwt/jwt_verifier.c )
+ s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.c )
+ s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.c )
+ s.files += %w( src/core/lib/security/transport/client_auth_filter.c )
+ s.files += %w( src/core/lib/security/transport/handshake.c )
+ s.files += %w( src/core/lib/security/transport/secure_endpoint.c )
+ s.files += %w( src/core/lib/security/transport/security_connector.c )
+ s.files += %w( src/core/lib/security/transport/server_auth_filter.c )
+ s.files += %w( src/core/lib/security/util/b64.c )
+ s.files += %w( src/core/lib/security/util/json_util.c )
s.files += %w( src/core/lib/surface/init_secure.c )
s.files += %w( src/core/lib/tsi/fake_transport_security.c )
s.files += %w( src/core/lib/tsi/ssl_transport_security.c )
diff --git a/package.xml b/package.xml
index ffb1c56..06c00bd 100644
--- a/package.xml
+++ b/package.xml
@@ -272,15 +272,24 @@
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/transport/timeout_encoding.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/transport/varint.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/alpn/alpn.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/auth_filters.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/b64.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/handshake.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/json_token.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/jwt_verifier.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/secure_endpoint.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_connector.h" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_context.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/context/security_context.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/composite/composite_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/fake/fake_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/google_default/google_default_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/iam/iam_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/json_token.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/jwt_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/jwt_verifier.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/auth_filters.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/handshake.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/security_connector.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/util/b64.h" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/util/json_util.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/fake_transport_security.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/ssl_transport_security.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/ssl_types.h" role="src" />
@@ -420,20 +429,28 @@
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/transport/writing.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/alpn/alpn.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/http/httpcli_security_connector.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/b64.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/client_auth_filter.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials_metadata.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials_posix.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/credentials_win32.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/google_default_credentials.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/handshake.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/json_token.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/jwt_verifier.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/secure_endpoint.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_connector.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/security_context.c" role="src" />
- <file baseinstalldir="/" name="src/core/lib/security/server_auth_filter.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/context/security_context.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/composite/composite_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/credentials_metadata.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/fake/fake_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/google_default/credentials_posix.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/google_default/credentials_win32.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/google_default/google_default_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/iam/iam_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/json_token.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/jwt_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/jwt/jwt_verifier.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/oauth2/oauth2_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/client_auth_filter.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/handshake.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/security_connector.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/transport/server_auth_filter.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/util/b64.c" role="src" />
+ <file baseinstalldir="/" name="src/core/lib/security/util/json_util.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/surface/init_secure.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/fake_transport_security.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/tsi/ssl_transport_security.c" role="src" />
diff --git a/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c b/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c
index 58af6f9..a262306 100644
--- a/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c
+++ b/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c
@@ -45,9 +45,9 @@
#include "src/core/ext/transport/chttp2/transport/chttp2_transport.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/iomgr/tcp_client.h"
-#include "src/core/lib/security/auth_filters.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/auth_filters.h"
#include "src/core/lib/surface/api_trace.h"
#include "src/core/lib/surface/channel.h"
#include "src/core/lib/tsi/transport_security_interface.h"
diff --git a/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c b/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c
index 698b2be..2c9f013 100644
--- a/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c
+++ b/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c
@@ -45,10 +45,10 @@
#include "src/core/lib/iomgr/endpoint.h"
#include "src/core/lib/iomgr/resolve_address.h"
#include "src/core/lib/iomgr/tcp_server.h"
-#include "src/core/lib/security/auth_filters.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_connector.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/auth_filters.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/surface/api_trace.h"
#include "src/core/lib/surface/server.h"
diff --git a/src/core/lib/http/httpcli_security_connector.c b/src/core/lib/http/httpcli_security_connector.c
index ea4bff3..5590928 100644
--- a/src/core/lib/http/httpcli_security_connector.c
+++ b/src/core/lib/http/httpcli_security_connector.c
@@ -38,7 +38,7 @@
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
-#include "src/core/lib/security/handshake.h"
+#include "src/core/lib/security/transport/handshake.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/tsi/ssl_transport_security.h"
diff --git a/src/core/lib/security/security_context.c b/src/core/lib/security/context/security_context.c
similarity index 99%
rename from src/core/lib/security/security_context.c
rename to src/core/lib/security/context/security_context.c
index 343e0b5..127b13e 100644
--- a/src/core/lib/security/security_context.c
+++ b/src/core/lib/security/context/security_context.c
@@ -33,7 +33,7 @@
#include <string.h>
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/surface/api_trace.h"
#include "src/core/lib/surface/call.h"
diff --git a/src/core/lib/security/security_context.h b/src/core/lib/security/context/security_context.h
similarity index 94%
rename from src/core/lib/security/security_context.h
rename to src/core/lib/security/context/security_context.h
index 81161ec..ef0c06b 100644
--- a/src/core/lib/security/security_context.h
+++ b/src/core/lib/security/context/security_context.h
@@ -31,11 +31,11 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONTEXT_H
-#define GRPC_CORE_LIB_SECURITY_SECURITY_CONTEXT_H
+#ifndef GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H
+#define GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H
#include "src/core/lib/iomgr/pollset.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
/* --- grpc_auth_context ---
@@ -111,4 +111,4 @@
grpc_auth_context *grpc_find_auth_context_in_args(
const grpc_channel_args *args);
-#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONTEXT_H */
+#endif /* GRPC_CORE_LIB_SECURITY_CONTEXT_SECURITY_CONTEXT_H */
diff --git a/src/core/lib/security/credentials.c b/src/core/lib/security/credentials.c
deleted file mode 100644
index fd5ad35..0000000
--- a/src/core/lib/security/credentials.c
+++ /dev/null
@@ -1,1296 +0,0 @@
-/*
- *
- * Copyright 2015, Google Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following disclaimer
- * in the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Google Inc. nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "src/core/lib/security/credentials.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/channel/http_client_filter.h"
-#include "src/core/lib/http/httpcli.h"
-#include "src/core/lib/http/parser.h"
-#include "src/core/lib/iomgr/executor.h"
-#include "src/core/lib/json/json.h"
-#include "src/core/lib/support/string.h"
-#include "src/core/lib/surface/api_trace.h"
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/log.h>
-#include <grpc/support/string_util.h>
-#include <grpc/support/sync.h>
-#include <grpc/support/time.h>
-
-/* -- Common. -- */
-
-struct grpc_credentials_metadata_request {
- grpc_call_credentials *creds;
- grpc_credentials_metadata_cb cb;
- void *user_data;
-};
-
-static grpc_credentials_metadata_request *
-grpc_credentials_metadata_request_create(grpc_call_credentials *creds,
- grpc_credentials_metadata_cb cb,
- void *user_data) {
- grpc_credentials_metadata_request *r =
- gpr_malloc(sizeof(grpc_credentials_metadata_request));
- r->creds = grpc_call_credentials_ref(creds);
- r->cb = cb;
- r->user_data = user_data;
- return r;
-}
-
-static void grpc_credentials_metadata_request_destroy(
- grpc_credentials_metadata_request *r) {
- grpc_call_credentials_unref(r->creds);
- gpr_free(r);
-}
-
-grpc_channel_credentials *grpc_channel_credentials_ref(
- grpc_channel_credentials *creds) {
- if (creds == NULL) return NULL;
- gpr_ref(&creds->refcount);
- return creds;
-}
-
-void grpc_channel_credentials_unref(grpc_channel_credentials *creds) {
- if (creds == NULL) return;
- if (gpr_unref(&creds->refcount)) {
- if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
- gpr_free(creds);
- }
-}
-
-void grpc_channel_credentials_release(grpc_channel_credentials *creds) {
- GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds));
- grpc_channel_credentials_unref(creds);
-}
-
-grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) {
- if (creds == NULL) return NULL;
- gpr_ref(&creds->refcount);
- return creds;
-}
-
-void grpc_call_credentials_unref(grpc_call_credentials *creds) {
- if (creds == NULL) return;
- if (gpr_unref(&creds->refcount)) {
- if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
- gpr_free(creds);
- }
-}
-
-void grpc_call_credentials_release(grpc_call_credentials *creds) {
- GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds));
- grpc_call_credentials_unref(creds);
-}
-
-void grpc_call_credentials_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- if (creds == NULL || creds->vtable->get_request_metadata == NULL) {
- if (cb != NULL) {
- cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
- }
- return;
- }
- creds->vtable->get_request_metadata(exec_ctx, creds, pollset, context, cb,
- user_data);
-}
-
-grpc_security_status grpc_channel_credentials_create_security_connector(
- grpc_channel_credentials *channel_creds, const char *target,
- const grpc_channel_args *args, grpc_channel_security_connector **sc,
- grpc_channel_args **new_args) {
- *new_args = NULL;
- if (channel_creds == NULL) {
- return GRPC_SECURITY_ERROR;
- }
- GPR_ASSERT(channel_creds->vtable->create_security_connector != NULL);
- return channel_creds->vtable->create_security_connector(
- channel_creds, NULL, target, args, sc, new_args);
-}
-
-grpc_server_credentials *grpc_server_credentials_ref(
- grpc_server_credentials *creds) {
- if (creds == NULL) return NULL;
- gpr_ref(&creds->refcount);
- return creds;
-}
-
-void grpc_server_credentials_unref(grpc_server_credentials *creds) {
- if (creds == NULL) return;
- if (gpr_unref(&creds->refcount)) {
- if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
- if (creds->processor.destroy != NULL && creds->processor.state != NULL) {
- creds->processor.destroy(creds->processor.state);
- }
- gpr_free(creds);
- }
-}
-
-void grpc_server_credentials_release(grpc_server_credentials *creds) {
- GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds));
- grpc_server_credentials_unref(creds);
-}
-
-grpc_security_status grpc_server_credentials_create_security_connector(
- grpc_server_credentials *creds, grpc_server_security_connector **sc) {
- if (creds == NULL || creds->vtable->create_security_connector == NULL) {
- gpr_log(GPR_ERROR, "Server credentials cannot create security context.");
- return GRPC_SECURITY_ERROR;
- }
- return creds->vtable->create_security_connector(creds, sc);
-}
-
-void grpc_server_credentials_set_auth_metadata_processor(
- grpc_server_credentials *creds, grpc_auth_metadata_processor processor) {
- GRPC_API_TRACE(
- "grpc_server_credentials_set_auth_metadata_processor("
- "creds=%p, "
- "processor=grpc_auth_metadata_processor { process: %p, state: %p })",
- 3, (creds, (void *)(intptr_t)processor.process, processor.state));
- if (creds == NULL) return;
- if (creds->processor.destroy != NULL && creds->processor.state != NULL) {
- creds->processor.destroy(creds->processor.state);
- }
- creds->processor = processor;
-}
-
-static void server_credentials_pointer_arg_destroy(void *p) {
- grpc_server_credentials_unref(p);
-}
-
-static void *server_credentials_pointer_arg_copy(void *p) {
- return grpc_server_credentials_ref(p);
-}
-
-static int server_credentials_pointer_cmp(void *a, void *b) {
- return GPR_ICMP(a, b);
-}
-
-static const grpc_arg_pointer_vtable cred_ptr_vtable = {
- server_credentials_pointer_arg_copy, server_credentials_pointer_arg_destroy,
- server_credentials_pointer_cmp};
-
-grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials *p) {
- grpc_arg arg;
- memset(&arg, 0, sizeof(grpc_arg));
- arg.type = GRPC_ARG_POINTER;
- arg.key = GRPC_SERVER_CREDENTIALS_ARG;
- arg.value.pointer.p = p;
- arg.value.pointer.vtable = &cred_ptr_vtable;
- return arg;
-}
-
-grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg) {
- if (strcmp(arg->key, GRPC_SERVER_CREDENTIALS_ARG) != 0) return NULL;
- if (arg->type != GRPC_ARG_POINTER) {
- gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
- GRPC_SERVER_CREDENTIALS_ARG);
- return NULL;
- }
- return arg->value.pointer.p;
-}
-
-grpc_server_credentials *grpc_find_server_credentials_in_args(
- const grpc_channel_args *args) {
- size_t i;
- if (args == NULL) return NULL;
- for (i = 0; i < args->num_args; i++) {
- grpc_server_credentials *p =
- grpc_server_credentials_from_arg(&args->args[i]);
- if (p != NULL) return p;
- }
- return NULL;
-}
-
-/* -- Ssl credentials. -- */
-
-static void ssl_destruct(grpc_channel_credentials *creds) {
- grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
- if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
- if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key);
- if (c->config.pem_cert_chain != NULL) gpr_free(c->config.pem_cert_chain);
-}
-
-static void ssl_server_destruct(grpc_server_credentials *creds) {
- grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
- size_t i;
- for (i = 0; i < c->config.num_key_cert_pairs; i++) {
- if (c->config.pem_private_keys[i] != NULL) {
- gpr_free(c->config.pem_private_keys[i]);
- }
- if (c->config.pem_cert_chains[i] != NULL) {
- gpr_free(c->config.pem_cert_chains[i]);
- }
- }
- if (c->config.pem_private_keys != NULL) gpr_free(c->config.pem_private_keys);
- if (c->config.pem_private_keys_sizes != NULL) {
- gpr_free(c->config.pem_private_keys_sizes);
- }
- if (c->config.pem_cert_chains != NULL) gpr_free(c->config.pem_cert_chains);
- if (c->config.pem_cert_chains_sizes != NULL) {
- gpr_free(c->config.pem_cert_chains_sizes);
- }
- if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
-}
-
-static grpc_security_status ssl_create_security_connector(
- grpc_channel_credentials *creds, grpc_call_credentials *call_creds,
- const char *target, const grpc_channel_args *args,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
- grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
- grpc_security_status status = GRPC_SECURITY_OK;
- size_t i = 0;
- const char *overridden_target_name = NULL;
- grpc_arg new_arg;
-
- for (i = 0; args && i < args->num_args; i++) {
- grpc_arg *arg = &args->args[i];
- if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 &&
- arg->type == GRPC_ARG_STRING) {
- overridden_target_name = arg->value.string;
- break;
- }
- }
- status = grpc_ssl_channel_security_connector_create(
- call_creds, &c->config, target, overridden_target_name, sc);
- if (status != GRPC_SECURITY_OK) {
- return status;
- }
- new_arg.type = GRPC_ARG_STRING;
- new_arg.key = GRPC_ARG_HTTP2_SCHEME;
- new_arg.value.string = "https";
- *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1);
- return status;
-}
-
-static grpc_security_status ssl_server_create_security_connector(
- grpc_server_credentials *creds, grpc_server_security_connector **sc) {
- grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
- return grpc_ssl_server_security_connector_create(&c->config, sc);
-}
-
-static grpc_channel_credentials_vtable ssl_vtable = {
- ssl_destruct, ssl_create_security_connector};
-
-static grpc_server_credentials_vtable ssl_server_vtable = {
- ssl_server_destruct, ssl_server_create_security_connector};
-
-static void ssl_copy_key_material(const char *input, unsigned char **output,
- size_t *output_size) {
- *output_size = strlen(input);
- *output = gpr_malloc(*output_size);
- memcpy(*output, input, *output_size);
-}
-
-static void ssl_build_config(const char *pem_root_certs,
- grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
- grpc_ssl_config *config) {
- if (pem_root_certs != NULL) {
- ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
- &config->pem_root_certs_size);
- }
- if (pem_key_cert_pair != NULL) {
- GPR_ASSERT(pem_key_cert_pair->private_key != NULL);
- GPR_ASSERT(pem_key_cert_pair->cert_chain != NULL);
- ssl_copy_key_material(pem_key_cert_pair->private_key,
- &config->pem_private_key,
- &config->pem_private_key_size);
- ssl_copy_key_material(pem_key_cert_pair->cert_chain,
- &config->pem_cert_chain,
- &config->pem_cert_chain_size);
- }
-}
-
-static void ssl_build_server_config(
- const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
- size_t num_key_cert_pairs,
- grpc_ssl_client_certificate_request_type client_certificate_request,
- grpc_ssl_server_config *config) {
- size_t i;
- config->client_certificate_request = client_certificate_request;
- if (pem_root_certs != NULL) {
- ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
- &config->pem_root_certs_size);
- }
- if (num_key_cert_pairs > 0) {
- GPR_ASSERT(pem_key_cert_pairs != NULL);
- config->pem_private_keys =
- gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
- config->pem_cert_chains =
- gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
- config->pem_private_keys_sizes =
- gpr_malloc(num_key_cert_pairs * sizeof(size_t));
- config->pem_cert_chains_sizes =
- gpr_malloc(num_key_cert_pairs * sizeof(size_t));
- }
- config->num_key_cert_pairs = num_key_cert_pairs;
- for (i = 0; i < num_key_cert_pairs; i++) {
- GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL);
- GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL);
- ssl_copy_key_material(pem_key_cert_pairs[i].private_key,
- &config->pem_private_keys[i],
- &config->pem_private_keys_sizes[i]);
- ssl_copy_key_material(pem_key_cert_pairs[i].cert_chain,
- &config->pem_cert_chains[i],
- &config->pem_cert_chains_sizes[i]);
- }
-}
-
-grpc_channel_credentials *grpc_ssl_credentials_create(
- const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
- void *reserved) {
- grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials));
- GRPC_API_TRACE(
- "grpc_ssl_credentials_create(pem_root_certs=%s, "
- "pem_key_cert_pair=%p, "
- "reserved=%p)",
- 3, (pem_root_certs, pem_key_cert_pair, reserved));
- GPR_ASSERT(reserved == NULL);
- memset(c, 0, sizeof(grpc_ssl_credentials));
- c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
- c->base.vtable = &ssl_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config);
- return &c->base;
-}
-
-grpc_server_credentials *grpc_ssl_server_credentials_create(
- const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
- size_t num_key_cert_pairs, int force_client_auth, void *reserved) {
- return grpc_ssl_server_credentials_create_ex(
- pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs,
- force_client_auth
- ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
- : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
- reserved);
-}
-
-grpc_server_credentials *grpc_ssl_server_credentials_create_ex(
- const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
- size_t num_key_cert_pairs,
- grpc_ssl_client_certificate_request_type client_certificate_request,
- void *reserved) {
- grpc_ssl_server_credentials *c =
- gpr_malloc(sizeof(grpc_ssl_server_credentials));
- GRPC_API_TRACE(
- "grpc_ssl_server_credentials_create_ex("
- "pem_root_certs=%s, pem_key_cert_pairs=%p, num_key_cert_pairs=%lu, "
- "client_certificate_request=%d, reserved=%p)",
- 5, (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs,
- client_certificate_request, reserved));
- GPR_ASSERT(reserved == NULL);
- memset(c, 0, sizeof(grpc_ssl_server_credentials));
- c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
- gpr_ref_init(&c->base.refcount, 1);
- c->base.vtable = &ssl_server_vtable;
- ssl_build_server_config(pem_root_certs, pem_key_cert_pairs,
- num_key_cert_pairs, client_certificate_request,
- &c->config);
- return &c->base;
-}
-
-/* -- Jwt credentials -- */
-
-static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) {
- if (c->cached.jwt_md != NULL) {
- grpc_credentials_md_store_unref(c->cached.jwt_md);
- c->cached.jwt_md = NULL;
- }
- if (c->cached.service_url != NULL) {
- gpr_free(c->cached.service_url);
- c->cached.service_url = NULL;
- }
- c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
-}
-
-static void jwt_destruct(grpc_call_credentials *creds) {
- grpc_service_account_jwt_access_credentials *c =
- (grpc_service_account_jwt_access_credentials *)creds;
- grpc_auth_json_key_destruct(&c->key);
- jwt_reset_cache(c);
- gpr_mu_destroy(&c->cache_mu);
-}
-
-static void jwt_get_request_metadata(grpc_exec_ctx *exec_ctx,
- grpc_call_credentials *creds,
- grpc_pollset *pollset,
- grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb,
- void *user_data) {
- grpc_service_account_jwt_access_credentials *c =
- (grpc_service_account_jwt_access_credentials *)creds;
- gpr_timespec refresh_threshold = gpr_time_from_seconds(
- GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN);
-
- /* See if we can return a cached jwt. */
- grpc_credentials_md_store *jwt_md = NULL;
- {
- gpr_mu_lock(&c->cache_mu);
- if (c->cached.service_url != NULL &&
- strcmp(c->cached.service_url, context.service_url) == 0 &&
- c->cached.jwt_md != NULL &&
- (gpr_time_cmp(gpr_time_sub(c->cached.jwt_expiration,
- gpr_now(GPR_CLOCK_REALTIME)),
- refresh_threshold) > 0)) {
- jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md);
- }
- gpr_mu_unlock(&c->cache_mu);
- }
-
- if (jwt_md == NULL) {
- char *jwt = NULL;
- /* Generate a new jwt. */
- gpr_mu_lock(&c->cache_mu);
- jwt_reset_cache(c);
- jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url,
- c->jwt_lifetime, NULL);
- if (jwt != NULL) {
- char *md_value;
- gpr_asprintf(&md_value, "Bearer %s", jwt);
- gpr_free(jwt);
- c->cached.jwt_expiration =
- gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), c->jwt_lifetime);
- c->cached.service_url = gpr_strdup(context.service_url);
- c->cached.jwt_md = grpc_credentials_md_store_create(1);
- grpc_credentials_md_store_add_cstrings(
- c->cached.jwt_md, GRPC_AUTHORIZATION_METADATA_KEY, md_value);
- gpr_free(md_value);
- jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md);
- }
- gpr_mu_unlock(&c->cache_mu);
- }
-
- if (jwt_md != NULL) {
- cb(exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries,
- GRPC_CREDENTIALS_OK);
- grpc_credentials_md_store_unref(jwt_md);
- } else {
- cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR);
- }
-}
-
-static grpc_call_credentials_vtable jwt_vtable = {jwt_destruct,
- jwt_get_request_metadata};
-
-grpc_call_credentials *
-grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
- grpc_auth_json_key key, gpr_timespec token_lifetime) {
- grpc_service_account_jwt_access_credentials *c;
- if (!grpc_auth_json_key_is_valid(&key)) {
- gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation");
- return NULL;
- }
- c = gpr_malloc(sizeof(grpc_service_account_jwt_access_credentials));
- memset(c, 0, sizeof(grpc_service_account_jwt_access_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT;
- gpr_ref_init(&c->base.refcount, 1);
- c->base.vtable = &jwt_vtable;
- c->key = key;
- c->jwt_lifetime = token_lifetime;
- gpr_mu_init(&c->cache_mu);
- jwt_reset_cache(c);
- return &c->base;
-}
-
-grpc_call_credentials *grpc_service_account_jwt_access_credentials_create(
- const char *json_key, gpr_timespec token_lifetime, void *reserved) {
- GRPC_API_TRACE(
- "grpc_service_account_jwt_access_credentials_create("
- "json_key=%s, "
- "token_lifetime="
- "gpr_timespec { tv_sec: %lld, tv_nsec: %d, clock_type: %d }, "
- "reserved=%p)",
- 5,
- (json_key, (long long)token_lifetime.tv_sec, (int)token_lifetime.tv_nsec,
- (int)token_lifetime.clock_type, reserved));
- GPR_ASSERT(reserved == NULL);
- return grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
- grpc_auth_json_key_create_from_string(json_key), token_lifetime);
-}
-
-/* -- Oauth2TokenFetcher credentials -- */
-
-static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) {
- grpc_oauth2_token_fetcher_credentials *c =
- (grpc_oauth2_token_fetcher_credentials *)creds;
- grpc_credentials_md_store_unref(c->access_token_md);
- gpr_mu_destroy(&c->mu);
- grpc_httpcli_context_destroy(&c->httpcli_context);
-}
-
-grpc_credentials_status
-grpc_oauth2_token_fetcher_credentials_parse_server_response(
- const grpc_http_response *response, grpc_credentials_md_store **token_md,
- gpr_timespec *token_lifetime) {
- char *null_terminated_body = NULL;
- char *new_access_token = NULL;
- grpc_credentials_status status = GRPC_CREDENTIALS_OK;
- grpc_json *json = NULL;
-
- if (response == NULL) {
- gpr_log(GPR_ERROR, "Received NULL response.");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
-
- if (response->body_length > 0) {
- null_terminated_body = gpr_malloc(response->body_length + 1);
- null_terminated_body[response->body_length] = '\0';
- memcpy(null_terminated_body, response->body, response->body_length);
- }
-
- if (response->status != 200) {
- gpr_log(GPR_ERROR, "Call to http server ended with error %d [%s].",
- response->status,
- null_terminated_body != NULL ? null_terminated_body : "");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- } else {
- grpc_json *access_token = NULL;
- grpc_json *token_type = NULL;
- grpc_json *expires_in = NULL;
- grpc_json *ptr;
- json = grpc_json_parse_string(null_terminated_body);
- if (json == NULL) {
- gpr_log(GPR_ERROR, "Could not parse JSON from %s", null_terminated_body);
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- if (json->type != GRPC_JSON_OBJECT) {
- gpr_log(GPR_ERROR, "Response should be a JSON object");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- for (ptr = json->child; ptr; ptr = ptr->next) {
- if (strcmp(ptr->key, "access_token") == 0) {
- access_token = ptr;
- } else if (strcmp(ptr->key, "token_type") == 0) {
- token_type = ptr;
- } else if (strcmp(ptr->key, "expires_in") == 0) {
- expires_in = ptr;
- }
- }
- if (access_token == NULL || access_token->type != GRPC_JSON_STRING) {
- gpr_log(GPR_ERROR, "Missing or invalid access_token in JSON.");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- if (token_type == NULL || token_type->type != GRPC_JSON_STRING) {
- gpr_log(GPR_ERROR, "Missing or invalid token_type in JSON.");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- if (expires_in == NULL || expires_in->type != GRPC_JSON_NUMBER) {
- gpr_log(GPR_ERROR, "Missing or invalid expires_in in JSON.");
- status = GRPC_CREDENTIALS_ERROR;
- goto end;
- }
- gpr_asprintf(&new_access_token, "%s %s", token_type->value,
- access_token->value);
- token_lifetime->tv_sec = strtol(expires_in->value, NULL, 10);
- token_lifetime->tv_nsec = 0;
- token_lifetime->clock_type = GPR_TIMESPAN;
- if (*token_md != NULL) grpc_credentials_md_store_unref(*token_md);
- *token_md = grpc_credentials_md_store_create(1);
- grpc_credentials_md_store_add_cstrings(
- *token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token);
- status = GRPC_CREDENTIALS_OK;
- }
-
-end:
- if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) {
- grpc_credentials_md_store_unref(*token_md);
- *token_md = NULL;
- }
- if (null_terminated_body != NULL) gpr_free(null_terminated_body);
- if (new_access_token != NULL) gpr_free(new_access_token);
- if (json != NULL) grpc_json_destroy(json);
- return status;
-}
-
-static void on_oauth2_token_fetcher_http_response(
- grpc_exec_ctx *exec_ctx, void *user_data,
- const grpc_http_response *response) {
- grpc_credentials_metadata_request *r =
- (grpc_credentials_metadata_request *)user_data;
- grpc_oauth2_token_fetcher_credentials *c =
- (grpc_oauth2_token_fetcher_credentials *)r->creds;
- gpr_timespec token_lifetime;
- grpc_credentials_status status;
-
- gpr_mu_lock(&c->mu);
- status = grpc_oauth2_token_fetcher_credentials_parse_server_response(
- response, &c->access_token_md, &token_lifetime);
- if (status == GRPC_CREDENTIALS_OK) {
- c->token_expiration =
- gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), token_lifetime);
- r->cb(exec_ctx, r->user_data, c->access_token_md->entries,
- c->access_token_md->num_entries, status);
- } else {
- c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
- r->cb(exec_ctx, r->user_data, NULL, 0, status);
- }
- gpr_mu_unlock(&c->mu);
- grpc_credentials_metadata_request_destroy(r);
-}
-
-static void oauth2_token_fetcher_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- grpc_oauth2_token_fetcher_credentials *c =
- (grpc_oauth2_token_fetcher_credentials *)creds;
- gpr_timespec refresh_threshold = gpr_time_from_seconds(
- GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN);
- grpc_credentials_md_store *cached_access_token_md = NULL;
- {
- gpr_mu_lock(&c->mu);
- if (c->access_token_md != NULL &&
- (gpr_time_cmp(
- gpr_time_sub(c->token_expiration, gpr_now(GPR_CLOCK_REALTIME)),
- refresh_threshold) > 0)) {
- cached_access_token_md =
- grpc_credentials_md_store_ref(c->access_token_md);
- }
- gpr_mu_unlock(&c->mu);
- }
- if (cached_access_token_md != NULL) {
- cb(exec_ctx, user_data, cached_access_token_md->entries,
- cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK);
- grpc_credentials_md_store_unref(cached_access_token_md);
- } else {
- c->fetch_func(
- exec_ctx,
- grpc_credentials_metadata_request_create(creds, cb, user_data),
- &c->httpcli_context, pollset, on_oauth2_token_fetcher_http_response,
- gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), refresh_threshold));
- }
-}
-
-static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c,
- grpc_fetch_oauth2_func fetch_func) {
- memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
- gpr_ref_init(&c->base.refcount, 1);
- gpr_mu_init(&c->mu);
- c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
- c->fetch_func = fetch_func;
- grpc_httpcli_context_init(&c->httpcli_context);
-}
-
-/* -- GoogleComputeEngine credentials. -- */
-
-static grpc_call_credentials_vtable compute_engine_vtable = {
- oauth2_token_fetcher_destruct, oauth2_token_fetcher_get_request_metadata};
-
-static void compute_engine_fetch_oauth2(
- grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
- grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
- grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
- grpc_http_header header = {"Metadata-Flavor", "Google"};
- grpc_httpcli_request request;
- memset(&request, 0, sizeof(grpc_httpcli_request));
- request.host = GRPC_COMPUTE_ENGINE_METADATA_HOST;
- request.http.path = GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH;
- request.http.hdr_count = 1;
- request.http.hdrs = &header;
- grpc_httpcli_get(exec_ctx, httpcli_context, pollset, &request, deadline,
- response_cb, metadata_req);
-}
-
-grpc_call_credentials *grpc_google_compute_engine_credentials_create(
- void *reserved) {
- grpc_oauth2_token_fetcher_credentials *c =
- gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials));
- GRPC_API_TRACE("grpc_compute_engine_credentials_create(reserved=%p)", 1,
- (reserved));
- GPR_ASSERT(reserved == NULL);
- init_oauth2_token_fetcher(c, compute_engine_fetch_oauth2);
- c->base.vtable = &compute_engine_vtable;
- return &c->base;
-}
-
-/* -- GoogleRefreshToken credentials. -- */
-
-static void refresh_token_destruct(grpc_call_credentials *creds) {
- grpc_google_refresh_token_credentials *c =
- (grpc_google_refresh_token_credentials *)creds;
- grpc_auth_refresh_token_destruct(&c->refresh_token);
- oauth2_token_fetcher_destruct(&c->base.base);
-}
-
-static grpc_call_credentials_vtable refresh_token_vtable = {
- refresh_token_destruct, oauth2_token_fetcher_get_request_metadata};
-
-static void refresh_token_fetch_oauth2(
- grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
- grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
- grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
- grpc_google_refresh_token_credentials *c =
- (grpc_google_refresh_token_credentials *)metadata_req->creds;
- grpc_http_header header = {"Content-Type",
- "application/x-www-form-urlencoded"};
- grpc_httpcli_request request;
- char *body = NULL;
- gpr_asprintf(&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING,
- c->refresh_token.client_id, c->refresh_token.client_secret,
- c->refresh_token.refresh_token);
- memset(&request, 0, sizeof(grpc_httpcli_request));
- request.host = GRPC_GOOGLE_OAUTH2_SERVICE_HOST;
- request.http.path = GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH;
- request.http.hdr_count = 1;
- request.http.hdrs = &header;
- request.handshaker = &grpc_httpcli_ssl;
- grpc_httpcli_post(exec_ctx, httpcli_context, pollset, &request, body,
- strlen(body), deadline, response_cb, metadata_req);
- gpr_free(body);
-}
-
-grpc_call_credentials *
-grpc_refresh_token_credentials_create_from_auth_refresh_token(
- grpc_auth_refresh_token refresh_token) {
- grpc_google_refresh_token_credentials *c;
- if (!grpc_auth_refresh_token_is_valid(&refresh_token)) {
- gpr_log(GPR_ERROR, "Invalid input for refresh token credentials creation");
- return NULL;
- }
- c = gpr_malloc(sizeof(grpc_google_refresh_token_credentials));
- memset(c, 0, sizeof(grpc_google_refresh_token_credentials));
- init_oauth2_token_fetcher(&c->base, refresh_token_fetch_oauth2);
- c->base.base.vtable = &refresh_token_vtable;
- c->refresh_token = refresh_token;
- return &c->base.base;
-}
-
-grpc_call_credentials *grpc_google_refresh_token_credentials_create(
- const char *json_refresh_token, void *reserved) {
- GRPC_API_TRACE(
- "grpc_refresh_token_credentials_create(json_refresh_token=%s, "
- "reserved=%p)",
- 2, (json_refresh_token, reserved));
- GPR_ASSERT(reserved == NULL);
- return grpc_refresh_token_credentials_create_from_auth_refresh_token(
- grpc_auth_refresh_token_create_from_string(json_refresh_token));
-}
-
-/* -- Metadata-only credentials. -- */
-
-static void md_only_test_destruct(grpc_call_credentials *creds) {
- grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
- grpc_credentials_md_store_unref(c->md_store);
-}
-
-static void on_simulated_token_fetch_done(grpc_exec_ctx *exec_ctx,
- void *user_data, bool success) {
- grpc_credentials_metadata_request *r =
- (grpc_credentials_metadata_request *)user_data;
- grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)r->creds;
- r->cb(exec_ctx, r->user_data, c->md_store->entries, c->md_store->num_entries,
- GRPC_CREDENTIALS_OK);
- grpc_credentials_metadata_request_destroy(r);
-}
-
-static void md_only_test_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
-
- if (c->is_async) {
- grpc_credentials_metadata_request *cb_arg =
- grpc_credentials_metadata_request_create(creds, cb, user_data);
- grpc_executor_enqueue(
- grpc_closure_create(on_simulated_token_fetch_done, cb_arg), true);
- } else {
- cb(exec_ctx, user_data, c->md_store->entries, 1, GRPC_CREDENTIALS_OK);
- }
-}
-
-static grpc_call_credentials_vtable md_only_test_vtable = {
- md_only_test_destruct, md_only_test_get_request_metadata};
-
-grpc_call_credentials *grpc_md_only_test_credentials_create(
- const char *md_key, const char *md_value, int is_async) {
- grpc_md_only_test_credentials *c =
- gpr_malloc(sizeof(grpc_md_only_test_credentials));
- memset(c, 0, sizeof(grpc_md_only_test_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
- c->base.vtable = &md_only_test_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->md_store = grpc_credentials_md_store_create(1);
- grpc_credentials_md_store_add_cstrings(c->md_store, md_key, md_value);
- c->is_async = is_async;
- return &c->base;
-}
-
-/* -- Oauth2 Access Token credentials. -- */
-
-static void access_token_destruct(grpc_call_credentials *creds) {
- grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
- grpc_credentials_md_store_unref(c->access_token_md);
-}
-
-static void access_token_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
- cb(exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK);
-}
-
-static grpc_call_credentials_vtable access_token_vtable = {
- access_token_destruct, access_token_get_request_metadata};
-
-grpc_call_credentials *grpc_access_token_credentials_create(
- const char *access_token, void *reserved) {
- grpc_access_token_credentials *c =
- gpr_malloc(sizeof(grpc_access_token_credentials));
- char *token_md_value;
- GRPC_API_TRACE(
- "grpc_access_token_credentials_create(access_token=%s, "
- "reserved=%p)",
- 2, (access_token, reserved));
- GPR_ASSERT(reserved == NULL);
- memset(c, 0, sizeof(grpc_access_token_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
- c->base.vtable = &access_token_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->access_token_md = grpc_credentials_md_store_create(1);
- gpr_asprintf(&token_md_value, "Bearer %s", access_token);
- grpc_credentials_md_store_add_cstrings(
- c->access_token_md, GRPC_AUTHORIZATION_METADATA_KEY, token_md_value);
- gpr_free(token_md_value);
- return &c->base;
-}
-
-/* -- Fake transport security credentials. -- */
-
-static grpc_security_status fake_transport_security_create_security_connector(
- grpc_channel_credentials *c, grpc_call_credentials *call_creds,
- const char *target, const grpc_channel_args *args,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
- *sc = grpc_fake_channel_security_connector_create(call_creds);
- return GRPC_SECURITY_OK;
-}
-
-static grpc_security_status
-fake_transport_security_server_create_security_connector(
- grpc_server_credentials *c, grpc_server_security_connector **sc) {
- *sc = grpc_fake_server_security_connector_create();
- return GRPC_SECURITY_OK;
-}
-
-static grpc_channel_credentials_vtable
- fake_transport_security_credentials_vtable = {
- NULL, fake_transport_security_create_security_connector};
-
-static grpc_server_credentials_vtable
- fake_transport_security_server_credentials_vtable = {
- NULL, fake_transport_security_server_create_security_connector};
-
-grpc_channel_credentials *grpc_fake_transport_security_credentials_create(
- void) {
- grpc_channel_credentials *c = gpr_malloc(sizeof(grpc_channel_credentials));
- memset(c, 0, sizeof(grpc_channel_credentials));
- c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
- c->vtable = &fake_transport_security_credentials_vtable;
- gpr_ref_init(&c->refcount, 1);
- return c;
-}
-
-grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
- void) {
- grpc_server_credentials *c = gpr_malloc(sizeof(grpc_server_credentials));
- memset(c, 0, sizeof(grpc_server_credentials));
- c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
- gpr_ref_init(&c->refcount, 1);
- c->vtable = &fake_transport_security_server_credentials_vtable;
- return c;
-}
-
-/* -- Composite call credentials. -- */
-
-typedef struct {
- grpc_composite_call_credentials *composite_creds;
- size_t creds_index;
- grpc_credentials_md_store *md_elems;
- grpc_auth_metadata_context auth_md_context;
- void *user_data;
- grpc_pollset *pollset;
- grpc_credentials_metadata_cb cb;
-} grpc_composite_call_credentials_metadata_context;
-
-static void composite_call_destruct(grpc_call_credentials *creds) {
- grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
- size_t i;
- for (i = 0; i < c->inner.num_creds; i++) {
- grpc_call_credentials_unref(c->inner.creds_array[i]);
- }
- gpr_free(c->inner.creds_array);
-}
-
-static void composite_call_md_context_destroy(
- grpc_composite_call_credentials_metadata_context *ctx) {
- grpc_credentials_md_store_unref(ctx->md_elems);
- gpr_free(ctx);
-}
-
-static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data,
- grpc_credentials_md *md_elems,
- size_t num_md,
- grpc_credentials_status status) {
- grpc_composite_call_credentials_metadata_context *ctx =
- (grpc_composite_call_credentials_metadata_context *)user_data;
- if (status != GRPC_CREDENTIALS_OK) {
- ctx->cb(exec_ctx, ctx->user_data, NULL, 0, status);
- return;
- }
-
- /* Copy the metadata in the context. */
- if (num_md > 0) {
- size_t i;
- for (i = 0; i < num_md; i++) {
- grpc_credentials_md_store_add(ctx->md_elems, md_elems[i].key,
- md_elems[i].value);
- }
- }
-
- /* See if we need to get some more metadata. */
- if (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
- grpc_call_credentials *inner_creds =
- ctx->composite_creds->inner.creds_array[ctx->creds_index++];
- grpc_call_credentials_get_request_metadata(
- exec_ctx, inner_creds, ctx->pollset, ctx->auth_md_context,
- composite_call_metadata_cb, ctx);
- return;
- }
-
- /* We're done!. */
- ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries,
- ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK);
- composite_call_md_context_destroy(ctx);
-}
-
-static void composite_call_get_request_metadata(
- grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
- grpc_pollset *pollset, grpc_auth_metadata_context auth_md_context,
- grpc_credentials_metadata_cb cb, void *user_data) {
- grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
- grpc_composite_call_credentials_metadata_context *ctx;
-
- ctx = gpr_malloc(sizeof(grpc_composite_call_credentials_metadata_context));
- memset(ctx, 0, sizeof(grpc_composite_call_credentials_metadata_context));
- ctx->auth_md_context = auth_md_context;
- ctx->user_data = user_data;
- ctx->cb = cb;
- ctx->composite_creds = c;
- ctx->pollset = pollset;
- ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds);
- grpc_call_credentials_get_request_metadata(
- exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset,
- auth_md_context, composite_call_metadata_cb, ctx);
-}
-
-static grpc_call_credentials_vtable composite_call_credentials_vtable = {
- composite_call_destruct, composite_call_get_request_metadata};
-
-static grpc_call_credentials_array get_creds_array(
- grpc_call_credentials **creds_addr) {
- grpc_call_credentials_array result;
- grpc_call_credentials *creds = *creds_addr;
- result.creds_array = creds_addr;
- result.num_creds = 1;
- if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
- result = *grpc_composite_call_credentials_get_credentials(creds);
- }
- return result;
-}
-
-grpc_call_credentials *grpc_composite_call_credentials_create(
- grpc_call_credentials *creds1, grpc_call_credentials *creds2,
- void *reserved) {
- size_t i;
- size_t creds_array_byte_size;
- grpc_call_credentials_array creds1_array;
- grpc_call_credentials_array creds2_array;
- grpc_composite_call_credentials *c;
- GRPC_API_TRACE(
- "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, "
- "reserved=%p)",
- 3, (creds1, creds2, reserved));
- GPR_ASSERT(reserved == NULL);
- GPR_ASSERT(creds1 != NULL);
- GPR_ASSERT(creds2 != NULL);
- c = gpr_malloc(sizeof(grpc_composite_call_credentials));
- memset(c, 0, sizeof(grpc_composite_call_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE;
- c->base.vtable = &composite_call_credentials_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- creds1_array = get_creds_array(&creds1);
- creds2_array = get_creds_array(&creds2);
- c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds;
- creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *);
- c->inner.creds_array = gpr_malloc(creds_array_byte_size);
- memset(c->inner.creds_array, 0, creds_array_byte_size);
- for (i = 0; i < creds1_array.num_creds; i++) {
- grpc_call_credentials *cur_creds = creds1_array.creds_array[i];
- c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds);
- }
- for (i = 0; i < creds2_array.num_creds; i++) {
- grpc_call_credentials *cur_creds = creds2_array.creds_array[i];
- c->inner.creds_array[i + creds1_array.num_creds] =
- grpc_call_credentials_ref(cur_creds);
- }
- return &c->base;
-}
-
-const grpc_call_credentials_array *
-grpc_composite_call_credentials_get_credentials(grpc_call_credentials *creds) {
- const grpc_composite_call_credentials *c =
- (const grpc_composite_call_credentials *)creds;
- GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0);
- return &c->inner;
-}
-
-grpc_call_credentials *grpc_credentials_contains_type(
- grpc_call_credentials *creds, const char *type,
- grpc_call_credentials **composite_creds) {
- size_t i;
- if (strcmp(creds->type, type) == 0) {
- if (composite_creds != NULL) *composite_creds = NULL;
- return creds;
- } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
- const grpc_call_credentials_array *inner_creds_array =
- grpc_composite_call_credentials_get_credentials(creds);
- for (i = 0; i < inner_creds_array->num_creds; i++) {
- if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) {
- if (composite_creds != NULL) *composite_creds = creds;
- return inner_creds_array->creds_array[i];
- }
- }
- }
- return NULL;
-}
-
-/* -- IAM credentials. -- */
-
-static void iam_destruct(grpc_call_credentials *creds) {
- grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
- grpc_credentials_md_store_unref(c->iam_md);
-}
-
-static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx,
- grpc_call_credentials *creds,
- grpc_pollset *pollset,
- grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb,
- void *user_data) {
- grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
- cb(exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries,
- GRPC_CREDENTIALS_OK);
-}
-
-static grpc_call_credentials_vtable iam_vtable = {iam_destruct,
- iam_get_request_metadata};
-
-grpc_call_credentials *grpc_google_iam_credentials_create(
- const char *token, const char *authority_selector, void *reserved) {
- grpc_google_iam_credentials *c;
- GRPC_API_TRACE(
- "grpc_iam_credentials_create(token=%s, authority_selector=%s, "
- "reserved=%p)",
- 3, (token, authority_selector, reserved));
- GPR_ASSERT(reserved == NULL);
- GPR_ASSERT(token != NULL);
- GPR_ASSERT(authority_selector != NULL);
- c = gpr_malloc(sizeof(grpc_google_iam_credentials));
- memset(c, 0, sizeof(grpc_google_iam_credentials));
- c->base.type = GRPC_CALL_CREDENTIALS_TYPE_IAM;
- c->base.vtable = &iam_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->iam_md = grpc_credentials_md_store_create(2);
- grpc_credentials_md_store_add_cstrings(
- c->iam_md, GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, token);
- grpc_credentials_md_store_add_cstrings(
- c->iam_md, GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, authority_selector);
- return &c->base;
-}
-
-/* -- Plugin credentials. -- */
-
-typedef struct {
- void *user_data;
- grpc_credentials_metadata_cb cb;
-} grpc_metadata_plugin_request;
-
-static void plugin_destruct(grpc_call_credentials *creds) {
- grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
- if (c->plugin.state != NULL && c->plugin.destroy != NULL) {
- c->plugin.destroy(c->plugin.state);
- }
-}
-
-static void plugin_md_request_metadata_ready(void *request,
- const grpc_metadata *md,
- size_t num_md,
- grpc_status_code status,
- const char *error_details) {
- /* called from application code */
- grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
- grpc_metadata_plugin_request *r = (grpc_metadata_plugin_request *)request;
- if (status != GRPC_STATUS_OK) {
- if (error_details != NULL) {
- gpr_log(GPR_ERROR, "Getting metadata from plugin failed with error: %s",
- error_details);
- }
- r->cb(&exec_ctx, r->user_data, NULL, 0, GRPC_CREDENTIALS_ERROR);
- } else {
- size_t i;
- grpc_credentials_md *md_array = NULL;
- if (num_md > 0) {
- md_array = gpr_malloc(num_md * sizeof(grpc_credentials_md));
- for (i = 0; i < num_md; i++) {
- md_array[i].key = gpr_slice_from_copied_string(md[i].key);
- md_array[i].value =
- gpr_slice_from_copied_buffer(md[i].value, md[i].value_length);
- }
- }
- r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK);
- if (md_array != NULL) {
- for (i = 0; i < num_md; i++) {
- gpr_slice_unref(md_array[i].key);
- gpr_slice_unref(md_array[i].value);
- }
- gpr_free(md_array);
- }
- }
- gpr_free(r);
- grpc_exec_ctx_finish(&exec_ctx);
-}
-
-static void plugin_get_request_metadata(grpc_exec_ctx *exec_ctx,
- grpc_call_credentials *creds,
- grpc_pollset *pollset,
- grpc_auth_metadata_context context,
- grpc_credentials_metadata_cb cb,
- void *user_data) {
- grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
- if (c->plugin.get_metadata != NULL) {
- grpc_metadata_plugin_request *request = gpr_malloc(sizeof(*request));
- memset(request, 0, sizeof(*request));
- request->user_data = user_data;
- request->cb = cb;
- c->plugin.get_metadata(c->plugin.state, context,
- plugin_md_request_metadata_ready, request);
- } else {
- cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
- }
-}
-
-static grpc_call_credentials_vtable plugin_vtable = {
- plugin_destruct, plugin_get_request_metadata};
-
-grpc_call_credentials *grpc_metadata_credentials_create_from_plugin(
- grpc_metadata_credentials_plugin plugin, void *reserved) {
- grpc_plugin_credentials *c = gpr_malloc(sizeof(*c));
- GRPC_API_TRACE("grpc_metadata_credentials_create_from_plugin(reserved=%p)", 1,
- (reserved));
- GPR_ASSERT(reserved == NULL);
- memset(c, 0, sizeof(*c));
- c->base.type = plugin.type;
- c->base.vtable = &plugin_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->plugin = plugin;
- return &c->base;
-}
-
-/* -- Composite channel credentials. -- */
-
-static void composite_channel_destruct(grpc_channel_credentials *creds) {
- grpc_composite_channel_credentials *c =
- (grpc_composite_channel_credentials *)creds;
- grpc_channel_credentials_unref(c->inner_creds);
- grpc_call_credentials_unref(c->call_creds);
-}
-
-static grpc_security_status composite_channel_create_security_connector(
- grpc_channel_credentials *creds, grpc_call_credentials *call_creds,
- const char *target, const grpc_channel_args *args,
- grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
- grpc_composite_channel_credentials *c =
- (grpc_composite_channel_credentials *)creds;
- grpc_security_status status = GRPC_SECURITY_ERROR;
-
- GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL &&
- c->inner_creds->vtable != NULL &&
- c->inner_creds->vtable->create_security_connector != NULL);
- /* If we are passed a call_creds, create a call composite to pass it
- downstream. */
- if (call_creds != NULL) {
- grpc_call_credentials *composite_call_creds =
- grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL);
- status = c->inner_creds->vtable->create_security_connector(
- c->inner_creds, composite_call_creds, target, args, sc, new_args);
- grpc_call_credentials_unref(composite_call_creds);
- } else {
- status = c->inner_creds->vtable->create_security_connector(
- c->inner_creds, c->call_creds, target, args, sc, new_args);
- }
- return status;
-}
-
-static grpc_channel_credentials_vtable composite_channel_credentials_vtable = {
- composite_channel_destruct, composite_channel_create_security_connector};
-
-grpc_channel_credentials *grpc_composite_channel_credentials_create(
- grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds,
- void *reserved) {
- grpc_composite_channel_credentials *c = gpr_malloc(sizeof(*c));
- memset(c, 0, sizeof(*c));
- GPR_ASSERT(channel_creds != NULL && call_creds != NULL && reserved == NULL);
- GRPC_API_TRACE(
- "grpc_composite_channel_credentials_create(channel_creds=%p, "
- "call_creds=%p, reserved=%p)",
- 3, (channel_creds, call_creds, reserved));
- c->base.type = channel_creds->type;
- c->base.vtable = &composite_channel_credentials_vtable;
- gpr_ref_init(&c->base.refcount, 1);
- c->inner_creds = grpc_channel_credentials_ref(channel_creds);
- c->call_creds = grpc_call_credentials_ref(call_creds);
- return &c->base;
-}
diff --git a/src/core/lib/security/credentials/composite/composite_credentials.c b/src/core/lib/security/credentials/composite/composite_credentials.c
new file mode 100644
index 0000000..4a17f7c
--- /dev/null
+++ b/src/core/lib/security/credentials/composite/composite_credentials.c
@@ -0,0 +1,263 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/composite/composite_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+
+/* -- Composite call credentials. -- */
+
+typedef struct {
+ grpc_composite_call_credentials *composite_creds;
+ size_t creds_index;
+ grpc_credentials_md_store *md_elems;
+ grpc_auth_metadata_context auth_md_context;
+ void *user_data;
+ grpc_pollset *pollset;
+ grpc_credentials_metadata_cb cb;
+} grpc_composite_call_credentials_metadata_context;
+
+static void composite_call_destruct(grpc_call_credentials *creds) {
+ grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
+ size_t i;
+ for (i = 0; i < c->inner.num_creds; i++) {
+ grpc_call_credentials_unref(c->inner.creds_array[i]);
+ }
+ gpr_free(c->inner.creds_array);
+}
+
+static void composite_call_md_context_destroy(
+ grpc_composite_call_credentials_metadata_context *ctx) {
+ grpc_credentials_md_store_unref(ctx->md_elems);
+ gpr_free(ctx);
+}
+
+static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data,
+ grpc_credentials_md *md_elems,
+ size_t num_md,
+ grpc_credentials_status status) {
+ grpc_composite_call_credentials_metadata_context *ctx =
+ (grpc_composite_call_credentials_metadata_context *)user_data;
+ if (status != GRPC_CREDENTIALS_OK) {
+ ctx->cb(exec_ctx, ctx->user_data, NULL, 0, status);
+ return;
+ }
+
+ /* Copy the metadata in the context. */
+ if (num_md > 0) {
+ size_t i;
+ for (i = 0; i < num_md; i++) {
+ grpc_credentials_md_store_add(ctx->md_elems, md_elems[i].key,
+ md_elems[i].value);
+ }
+ }
+
+ /* See if we need to get some more metadata. */
+ if (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
+ grpc_call_credentials *inner_creds =
+ ctx->composite_creds->inner.creds_array[ctx->creds_index++];
+ grpc_call_credentials_get_request_metadata(
+ exec_ctx, inner_creds, ctx->pollset, ctx->auth_md_context,
+ composite_call_metadata_cb, ctx);
+ return;
+ }
+
+ /* We're done!. */
+ ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries,
+ ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK);
+ composite_call_md_context_destroy(ctx);
+}
+
+static void composite_call_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context auth_md_context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
+ grpc_composite_call_credentials_metadata_context *ctx;
+
+ ctx = gpr_malloc(sizeof(grpc_composite_call_credentials_metadata_context));
+ memset(ctx, 0, sizeof(grpc_composite_call_credentials_metadata_context));
+ ctx->auth_md_context = auth_md_context;
+ ctx->user_data = user_data;
+ ctx->cb = cb;
+ ctx->composite_creds = c;
+ ctx->pollset = pollset;
+ ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds);
+ grpc_call_credentials_get_request_metadata(
+ exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset,
+ auth_md_context, composite_call_metadata_cb, ctx);
+}
+
+static grpc_call_credentials_vtable composite_call_credentials_vtable = {
+ composite_call_destruct, composite_call_get_request_metadata};
+
+static grpc_call_credentials_array get_creds_array(
+ grpc_call_credentials **creds_addr) {
+ grpc_call_credentials_array result;
+ grpc_call_credentials *creds = *creds_addr;
+ result.creds_array = creds_addr;
+ result.num_creds = 1;
+ if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
+ result = *grpc_composite_call_credentials_get_credentials(creds);
+ }
+ return result;
+}
+
+grpc_call_credentials *grpc_composite_call_credentials_create(
+ grpc_call_credentials *creds1, grpc_call_credentials *creds2,
+ void *reserved) {
+ size_t i;
+ size_t creds_array_byte_size;
+ grpc_call_credentials_array creds1_array;
+ grpc_call_credentials_array creds2_array;
+ grpc_composite_call_credentials *c;
+ GRPC_API_TRACE(
+ "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, "
+ "reserved=%p)",
+ 3, (creds1, creds2, reserved));
+ GPR_ASSERT(reserved == NULL);
+ GPR_ASSERT(creds1 != NULL);
+ GPR_ASSERT(creds2 != NULL);
+ c = gpr_malloc(sizeof(grpc_composite_call_credentials));
+ memset(c, 0, sizeof(grpc_composite_call_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE;
+ c->base.vtable = &composite_call_credentials_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ creds1_array = get_creds_array(&creds1);
+ creds2_array = get_creds_array(&creds2);
+ c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds;
+ creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *);
+ c->inner.creds_array = gpr_malloc(creds_array_byte_size);
+ memset(c->inner.creds_array, 0, creds_array_byte_size);
+ for (i = 0; i < creds1_array.num_creds; i++) {
+ grpc_call_credentials *cur_creds = creds1_array.creds_array[i];
+ c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds);
+ }
+ for (i = 0; i < creds2_array.num_creds; i++) {
+ grpc_call_credentials *cur_creds = creds2_array.creds_array[i];
+ c->inner.creds_array[i + creds1_array.num_creds] =
+ grpc_call_credentials_ref(cur_creds);
+ }
+ return &c->base;
+}
+
+const grpc_call_credentials_array *
+grpc_composite_call_credentials_get_credentials(grpc_call_credentials *creds) {
+ const grpc_composite_call_credentials *c =
+ (const grpc_composite_call_credentials *)creds;
+ GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0);
+ return &c->inner;
+}
+
+grpc_call_credentials *grpc_credentials_contains_type(
+ grpc_call_credentials *creds, const char *type,
+ grpc_call_credentials **composite_creds) {
+ size_t i;
+ if (strcmp(creds->type, type) == 0) {
+ if (composite_creds != NULL) *composite_creds = NULL;
+ return creds;
+ } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) {
+ const grpc_call_credentials_array *inner_creds_array =
+ grpc_composite_call_credentials_get_credentials(creds);
+ for (i = 0; i < inner_creds_array->num_creds; i++) {
+ if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) {
+ if (composite_creds != NULL) *composite_creds = creds;
+ return inner_creds_array->creds_array[i];
+ }
+ }
+ }
+ return NULL;
+}
+
+/* -- Composite channel credentials. -- */
+
+static void composite_channel_destruct(grpc_channel_credentials *creds) {
+ grpc_composite_channel_credentials *c =
+ (grpc_composite_channel_credentials *)creds;
+ grpc_channel_credentials_unref(c->inner_creds);
+ grpc_call_credentials_unref(c->call_creds);
+}
+
+static grpc_security_status composite_channel_create_security_connector(
+ grpc_channel_credentials *creds, grpc_call_credentials *call_creds,
+ const char *target, const grpc_channel_args *args,
+ grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
+ grpc_composite_channel_credentials *c =
+ (grpc_composite_channel_credentials *)creds;
+ grpc_security_status status = GRPC_SECURITY_ERROR;
+
+ GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL &&
+ c->inner_creds->vtable != NULL &&
+ c->inner_creds->vtable->create_security_connector != NULL);
+ /* If we are passed a call_creds, create a call composite to pass it
+ downstream. */
+ if (call_creds != NULL) {
+ grpc_call_credentials *composite_call_creds =
+ grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL);
+ status = c->inner_creds->vtable->create_security_connector(
+ c->inner_creds, composite_call_creds, target, args, sc, new_args);
+ grpc_call_credentials_unref(composite_call_creds);
+ } else {
+ status = c->inner_creds->vtable->create_security_connector(
+ c->inner_creds, c->call_creds, target, args, sc, new_args);
+ }
+ return status;
+}
+
+static grpc_channel_credentials_vtable composite_channel_credentials_vtable = {
+ composite_channel_destruct, composite_channel_create_security_connector};
+
+grpc_channel_credentials *grpc_composite_channel_credentials_create(
+ grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds,
+ void *reserved) {
+ grpc_composite_channel_credentials *c = gpr_malloc(sizeof(*c));
+ memset(c, 0, sizeof(*c));
+ GPR_ASSERT(channel_creds != NULL && call_creds != NULL && reserved == NULL);
+ GRPC_API_TRACE(
+ "grpc_composite_channel_credentials_create(channel_creds=%p, "
+ "call_creds=%p, reserved=%p)",
+ 3, (channel_creds, call_creds, reserved));
+ c->base.type = channel_creds->type;
+ c->base.vtable = &composite_channel_credentials_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->inner_creds = grpc_channel_credentials_ref(channel_creds);
+ c->call_creds = grpc_call_credentials_ref(call_creds);
+ return &c->base;
+}
+
diff --git a/src/core/lib/security/credentials/composite/composite_credentials.h b/src/core/lib/security/credentials/composite/composite_credentials.h
new file mode 100644
index 0000000..c83f744
--- /dev/null
+++ b/src/core/lib/security/credentials/composite/composite_credentials.h
@@ -0,0 +1,72 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_COMPOSITE_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_COMPOSITE_CREDENTIALS_H
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+typedef struct {
+ grpc_call_credentials **creds_array;
+ size_t num_creds;
+} grpc_call_credentials_array;
+
+const grpc_call_credentials_array *
+grpc_composite_call_credentials_get_credentials(
+ grpc_call_credentials *composite_creds);
+
+/* Returns creds if creds is of the specified type or the inner creds of the
+ specified type (if found), if the creds is of type COMPOSITE.
+ If composite_creds is not NULL, *composite_creds will point to creds if of
+ type COMPOSITE in case of success. */
+grpc_call_credentials *grpc_credentials_contains_type(
+ grpc_call_credentials *creds, const char *type,
+ grpc_call_credentials **composite_creds);
+
+/* -- Channel composite credentials. -- */
+
+typedef struct {
+ grpc_channel_credentials base;
+ grpc_channel_credentials *inner_creds;
+ grpc_call_credentials *call_creds;
+} grpc_composite_channel_credentials;
+
+/* -- Composite credentials. -- */
+
+typedef struct {
+ grpc_call_credentials base;
+ grpc_call_credentials_array inner;
+} grpc_composite_call_credentials;
+
+#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_COMPOSITE_CREDENTIALS_H
+
diff --git a/src/core/lib/security/credentials/credentials.c b/src/core/lib/security/credentials/credentials.c
new file mode 100644
index 0000000..29cf9ee
--- /dev/null
+++ b/src/core/lib/security/credentials/credentials.c
@@ -0,0 +1,233 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#include "src/core/lib/channel/channel_args.h"
+#include "src/core/lib/channel/http_client_filter.h"
+#include "src/core/lib/http/httpcli.h"
+#include "src/core/lib/http/parser.h"
+#include "src/core/lib/iomgr/executor.h"
+#include "src/core/lib/json/json.h"
+#include "src/core/lib/support/string.h"
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+#include <grpc/support/sync.h>
+#include <grpc/support/time.h>
+
+/* -- Common. -- */
+
+grpc_credentials_metadata_request *
+grpc_credentials_metadata_request_create(grpc_call_credentials *creds,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
+ grpc_credentials_metadata_request *r =
+ gpr_malloc(sizeof(grpc_credentials_metadata_request));
+ r->creds = grpc_call_credentials_ref(creds);
+ r->cb = cb;
+ r->user_data = user_data;
+ return r;
+}
+
+void grpc_credentials_metadata_request_destroy(
+ grpc_credentials_metadata_request *r) {
+ grpc_call_credentials_unref(r->creds);
+ gpr_free(r);
+}
+
+grpc_channel_credentials *grpc_channel_credentials_ref(
+ grpc_channel_credentials *creds) {
+ if (creds == NULL) return NULL;
+ gpr_ref(&creds->refcount);
+ return creds;
+}
+
+void grpc_channel_credentials_unref(grpc_channel_credentials *creds) {
+ if (creds == NULL) return;
+ if (gpr_unref(&creds->refcount)) {
+ if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
+ gpr_free(creds);
+ }
+}
+
+void grpc_channel_credentials_release(grpc_channel_credentials *creds) {
+ GRPC_API_TRACE("grpc_channel_credentials_release(creds=%p)", 1, (creds));
+ grpc_channel_credentials_unref(creds);
+}
+
+grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) {
+ if (creds == NULL) return NULL;
+ gpr_ref(&creds->refcount);
+ return creds;
+}
+
+void grpc_call_credentials_unref(grpc_call_credentials *creds) {
+ if (creds == NULL) return;
+ if (gpr_unref(&creds->refcount)) {
+ if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
+ gpr_free(creds);
+ }
+}
+
+void grpc_call_credentials_release(grpc_call_credentials *creds) {
+ GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds));
+ grpc_call_credentials_unref(creds);
+}
+
+void grpc_call_credentials_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ if (creds == NULL || creds->vtable->get_request_metadata == NULL) {
+ if (cb != NULL) {
+ cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
+ }
+ return;
+ }
+ creds->vtable->get_request_metadata(exec_ctx, creds, pollset, context, cb,
+ user_data);
+}
+
+grpc_security_status grpc_channel_credentials_create_security_connector(
+ grpc_channel_credentials *channel_creds, const char *target,
+ const grpc_channel_args *args, grpc_channel_security_connector **sc,
+ grpc_channel_args **new_args) {
+ *new_args = NULL;
+ if (channel_creds == NULL) {
+ return GRPC_SECURITY_ERROR;
+ }
+ GPR_ASSERT(channel_creds->vtable->create_security_connector != NULL);
+ return channel_creds->vtable->create_security_connector(
+ channel_creds, NULL, target, args, sc, new_args);
+}
+
+grpc_server_credentials *grpc_server_credentials_ref(
+ grpc_server_credentials *creds) {
+ if (creds == NULL) return NULL;
+ gpr_ref(&creds->refcount);
+ return creds;
+}
+
+void grpc_server_credentials_unref(grpc_server_credentials *creds) {
+ if (creds == NULL) return;
+ if (gpr_unref(&creds->refcount)) {
+ if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds);
+ if (creds->processor.destroy != NULL && creds->processor.state != NULL) {
+ creds->processor.destroy(creds->processor.state);
+ }
+ gpr_free(creds);
+ }
+}
+
+void grpc_server_credentials_release(grpc_server_credentials *creds) {
+ GRPC_API_TRACE("grpc_server_credentials_release(creds=%p)", 1, (creds));
+ grpc_server_credentials_unref(creds);
+}
+
+grpc_security_status grpc_server_credentials_create_security_connector(
+ grpc_server_credentials *creds, grpc_server_security_connector **sc) {
+ if (creds == NULL || creds->vtable->create_security_connector == NULL) {
+ gpr_log(GPR_ERROR, "Server credentials cannot create security context.");
+ return GRPC_SECURITY_ERROR;
+ }
+ return creds->vtable->create_security_connector(creds, sc);
+}
+
+void grpc_server_credentials_set_auth_metadata_processor(
+ grpc_server_credentials *creds, grpc_auth_metadata_processor processor) {
+ GRPC_API_TRACE(
+ "grpc_server_credentials_set_auth_metadata_processor("
+ "creds=%p, "
+ "processor=grpc_auth_metadata_processor { process: %p, state: %p })",
+ 3, (creds, (void *)(intptr_t)processor.process, processor.state));
+ if (creds == NULL) return;
+ if (creds->processor.destroy != NULL && creds->processor.state != NULL) {
+ creds->processor.destroy(creds->processor.state);
+ }
+ creds->processor = processor;
+}
+
+static void server_credentials_pointer_arg_destroy(void *p) {
+ grpc_server_credentials_unref(p);
+}
+
+static void *server_credentials_pointer_arg_copy(void *p) {
+ return grpc_server_credentials_ref(p);
+}
+
+static int server_credentials_pointer_cmp(void *a, void *b) {
+ return GPR_ICMP(a, b);
+}
+
+static const grpc_arg_pointer_vtable cred_ptr_vtable = {
+ server_credentials_pointer_arg_copy, server_credentials_pointer_arg_destroy,
+ server_credentials_pointer_cmp};
+
+grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials *p) {
+ grpc_arg arg;
+ memset(&arg, 0, sizeof(grpc_arg));
+ arg.type = GRPC_ARG_POINTER;
+ arg.key = GRPC_SERVER_CREDENTIALS_ARG;
+ arg.value.pointer.p = p;
+ arg.value.pointer.vtable = &cred_ptr_vtable;
+ return arg;
+}
+
+grpc_server_credentials *grpc_server_credentials_from_arg(const grpc_arg *arg) {
+ if (strcmp(arg->key, GRPC_SERVER_CREDENTIALS_ARG) != 0) return NULL;
+ if (arg->type != GRPC_ARG_POINTER) {
+ gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
+ GRPC_SERVER_CREDENTIALS_ARG);
+ return NULL;
+ }
+ return arg->value.pointer.p;
+}
+
+grpc_server_credentials *grpc_find_server_credentials_in_args(
+ const grpc_channel_args *args) {
+ size_t i;
+ if (args == NULL) return NULL;
+ for (i = 0; i < args->num_args; i++) {
+ grpc_server_credentials *p =
+ grpc_server_credentials_from_arg(&args->args[i]);
+ if (p != NULL) return p;
+ }
+ return NULL;
+}
+
diff --git a/src/core/lib/security/credentials.h b/src/core/lib/security/credentials/credentials.h
similarity index 62%
rename from src/core/lib/security/credentials.h
rename to src/core/lib/security/credentials/credentials.h
index 0373cea..5f44c7c 100644
--- a/src/core/lib/security/credentials.h
+++ b/src/core/lib/security/credentials/credentials.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_H
-#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H
#include <grpc/grpc.h>
#include <grpc/grpc_security.h>
@@ -41,8 +41,7 @@
#include "src/core/lib/http/httpcli.h"
#include "src/core/lib/http/parser.h"
-#include "src/core/lib/security/json_token.h"
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/transport/security_connector.h"
struct grpc_http_response;
@@ -69,10 +68,6 @@
"x-goog-iam-authorization-token"
#define GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY "x-goog-iam-authority-selector"
-#define GRPC_GOOGLE_CLOUD_SDK_CONFIG_DIRECTORY "gcloud"
-#define GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE \
- "application_default_credentials.json"
-
#define GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS 60
#define GRPC_COMPUTE_ENGINE_METADATA_HOST "metadata"
@@ -188,48 +183,11 @@
grpc_pollset *pollset, grpc_auth_metadata_context context,
grpc_credentials_metadata_cb cb, void *user_data);
-typedef struct {
- grpc_call_credentials **creds_array;
- size_t num_creds;
-} grpc_call_credentials_array;
-
-const grpc_call_credentials_array *
-grpc_composite_call_credentials_get_credentials(
- grpc_call_credentials *composite_creds);
-
-/* Returns creds if creds is of the specified type or the inner creds of the
- specified type (if found), if the creds is of type COMPOSITE.
- If composite_creds is not NULL, *composite_creds will point to creds if of
- type COMPOSITE in case of success. */
-grpc_call_credentials *grpc_credentials_contains_type(
- grpc_call_credentials *creds, const char *type,
- grpc_call_credentials **composite_creds);
-
-/* Exposed for testing only. */
-grpc_credentials_status
-grpc_oauth2_token_fetcher_credentials_parse_server_response(
- const struct grpc_http_response *response,
- grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime);
-
-void grpc_flush_cached_google_default_credentials(void);
-
/* Metadata-only credentials with the specified key and value where
asynchronicity can be simulated for testing. */
grpc_call_credentials *grpc_md_only_test_credentials_create(
const char *md_key, const char *md_value, int is_async);
-/* Private constructor for jwt credentials from an already parsed json key.
- Takes ownership of the key. */
-grpc_call_credentials *
-grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
- grpc_auth_json_key key, gpr_timespec token_lifetime);
-
-/* Private constructor for refresh token credentials from an already parsed
- refresh token. Takes ownership of the refresh token. */
-grpc_call_credentials *
-grpc_refresh_token_credentials_create_from_auth_refresh_token(
- grpc_auth_refresh_token token);
-
/* --- grpc_server_credentials. --- */
typedef struct {
@@ -260,118 +218,19 @@
grpc_server_credentials *grpc_find_server_credentials_in_args(
const grpc_channel_args *args);
-/* -- Fake transport security credentials. -- */
-
-/* Creates a fake transport security credentials object for testing. */
-grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void);
-/* Creates a fake server transport security credentials object for testing. */
-grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
- void);
-
-/* -- Ssl credentials. -- */
+/* -- Credentials Metadata Request. -- */
typedef struct {
- grpc_channel_credentials base;
- grpc_ssl_config config;
-} grpc_ssl_credentials;
+ grpc_call_credentials *creds;
+ grpc_credentials_metadata_cb cb;
+ void *user_data;
+} grpc_credentials_metadata_request;
-typedef struct {
- grpc_server_credentials base;
- grpc_ssl_server_config config;
-} grpc_ssl_server_credentials;
+grpc_credentials_metadata_request *grpc_credentials_metadata_request_create(
+ grpc_call_credentials *creds, grpc_credentials_metadata_cb cb,
+ void *user_data);
-/* -- Channel composite credentials. -- */
+void grpc_credentials_metadata_request_destroy(
+ grpc_credentials_metadata_request *r);
-typedef struct {
- grpc_channel_credentials base;
- grpc_channel_credentials *inner_creds;
- grpc_call_credentials *call_creds;
-} grpc_composite_channel_credentials;
-
-/* -- Jwt credentials -- */
-
-typedef struct {
- grpc_call_credentials base;
-
- /* Have a simple cache for now with just 1 entry. We could have a map based on
- the service_url for a more sophisticated one. */
- gpr_mu cache_mu;
- struct {
- grpc_credentials_md_store *jwt_md;
- char *service_url;
- gpr_timespec jwt_expiration;
- } cached;
-
- grpc_auth_json_key key;
- gpr_timespec jwt_lifetime;
-} grpc_service_account_jwt_access_credentials;
-
-/* -- Oauth2TokenFetcher credentials --
-
- This object is a base for credentials that need to acquire an oauth2 token
- from an http service. */
-
-typedef struct grpc_credentials_metadata_request
- grpc_credentials_metadata_request;
-
-typedef void (*grpc_fetch_oauth2_func)(grpc_exec_ctx *exec_ctx,
- grpc_credentials_metadata_request *req,
- grpc_httpcli_context *http_context,
- grpc_pollset *pollset,
- grpc_httpcli_response_cb response_cb,
- gpr_timespec deadline);
-
-typedef struct {
- grpc_call_credentials base;
- gpr_mu mu;
- grpc_credentials_md_store *access_token_md;
- gpr_timespec token_expiration;
- grpc_httpcli_context httpcli_context;
- grpc_fetch_oauth2_func fetch_func;
-} grpc_oauth2_token_fetcher_credentials;
-
-/* -- GoogleRefreshToken credentials. -- */
-
-typedef struct {
- grpc_oauth2_token_fetcher_credentials base;
- grpc_auth_refresh_token refresh_token;
-} grpc_google_refresh_token_credentials;
-
-/* -- Oauth2 Access Token credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_credentials_md_store *access_token_md;
-} grpc_access_token_credentials;
-
-/* -- Metadata-only Test credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_credentials_md_store *md_store;
- int is_async;
-} grpc_md_only_test_credentials;
-
-/* -- GoogleIAM credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_credentials_md_store *iam_md;
-} grpc_google_iam_credentials;
-
-/* -- Composite credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_call_credentials_array inner;
-} grpc_composite_call_credentials;
-
-/* -- Plugin credentials. -- */
-
-typedef struct {
- grpc_call_credentials base;
- grpc_metadata_credentials_plugin plugin;
- grpc_credentials_md_store *plugin_md;
-} grpc_plugin_credentials;
-
-#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_H */
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H */
diff --git a/src/core/lib/security/credentials_metadata.c b/src/core/lib/security/credentials/credentials_metadata.c
similarity index 98%
rename from src/core/lib/security/credentials_metadata.c
rename to src/core/lib/security/credentials/credentials_metadata.c
index bd00194..6a352aa 100644
--- a/src/core/lib/security/credentials_metadata.c
+++ b/src/core/lib/security/credentials/credentials_metadata.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include <grpc/support/alloc.h>
diff --git a/src/core/lib/security/credentials/fake/fake_credentials.c b/src/core/lib/security/credentials/fake/fake_credentials.c
new file mode 100644
index 0000000..2a5d225
--- /dev/null
+++ b/src/core/lib/security/credentials/fake/fake_credentials.c
@@ -0,0 +1,139 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/channel/channel_args.h"
+#include "src/core/lib/iomgr/executor.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+
+/* -- Fake transport security credentials. -- */
+
+static grpc_security_status fake_transport_security_create_security_connector(
+ grpc_channel_credentials *c, grpc_call_credentials *call_creds,
+ const char *target, const grpc_channel_args *args,
+ grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
+ *sc = grpc_fake_channel_security_connector_create(call_creds);
+ return GRPC_SECURITY_OK;
+}
+
+static grpc_security_status
+fake_transport_security_server_create_security_connector(
+ grpc_server_credentials *c, grpc_server_security_connector **sc) {
+ *sc = grpc_fake_server_security_connector_create();
+ return GRPC_SECURITY_OK;
+}
+
+static grpc_channel_credentials_vtable
+ fake_transport_security_credentials_vtable = {
+ NULL, fake_transport_security_create_security_connector};
+
+static grpc_server_credentials_vtable
+ fake_transport_security_server_credentials_vtable = {
+ NULL, fake_transport_security_server_create_security_connector};
+
+grpc_channel_credentials *grpc_fake_transport_security_credentials_create(
+ void) {
+ grpc_channel_credentials *c = gpr_malloc(sizeof(grpc_channel_credentials));
+ memset(c, 0, sizeof(grpc_channel_credentials));
+ c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
+ c->vtable = &fake_transport_security_credentials_vtable;
+ gpr_ref_init(&c->refcount, 1);
+ return c;
+}
+
+grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
+ void) {
+ grpc_server_credentials *c = gpr_malloc(sizeof(grpc_server_credentials));
+ memset(c, 0, sizeof(grpc_server_credentials));
+ c->type = GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY;
+ gpr_ref_init(&c->refcount, 1);
+ c->vtable = &fake_transport_security_server_credentials_vtable;
+ return c;
+}
+
+/* -- Metadata-only test credentials. -- */
+
+static void md_only_test_destruct(grpc_call_credentials *creds) {
+ grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
+ grpc_credentials_md_store_unref(c->md_store);
+}
+
+static void on_simulated_token_fetch_done(grpc_exec_ctx *exec_ctx,
+ void *user_data, bool success) {
+ grpc_credentials_metadata_request *r =
+ (grpc_credentials_metadata_request *)user_data;
+ grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)r->creds;
+ r->cb(exec_ctx, r->user_data, c->md_store->entries, c->md_store->num_entries,
+ GRPC_CREDENTIALS_OK);
+ grpc_credentials_metadata_request_destroy(r);
+}
+
+static void md_only_test_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *)creds;
+
+ if (c->is_async) {
+ grpc_credentials_metadata_request *cb_arg =
+ grpc_credentials_metadata_request_create(creds, cb, user_data);
+ grpc_executor_enqueue(
+ grpc_closure_create(on_simulated_token_fetch_done, cb_arg), true);
+ } else {
+ cb(exec_ctx, user_data, c->md_store->entries, 1, GRPC_CREDENTIALS_OK);
+ }
+}
+
+static grpc_call_credentials_vtable md_only_test_vtable = {
+ md_only_test_destruct, md_only_test_get_request_metadata};
+
+grpc_call_credentials *grpc_md_only_test_credentials_create(
+ const char *md_key, const char *md_value, int is_async) {
+ grpc_md_only_test_credentials *c =
+ gpr_malloc(sizeof(grpc_md_only_test_credentials));
+ memset(c, 0, sizeof(grpc_md_only_test_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
+ c->base.vtable = &md_only_test_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->md_store = grpc_credentials_md_store_create(1);
+ grpc_credentials_md_store_add_cstrings(c->md_store, md_key, md_value);
+ c->is_async = is_async;
+ return &c->base;
+}
+
diff --git a/src/core/lib/security/secure_endpoint.h b/src/core/lib/security/credentials/fake/fake_credentials.h
similarity index 64%
copy from src/core/lib/security/secure_endpoint.h
copy to src/core/lib/security/credentials/fake/fake_credentials.h
index ff1c663..10c2a0b 100644
--- a/src/core/lib/security/secure_endpoint.h
+++ b/src/core/lib/security/credentials/fake/fake_credentials.h
@@ -1,6 +1,6 @@
/*
*
- * Copyright 2015, Google Inc.
+ * Copyright 2016, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -31,19 +31,26 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H
-#define GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_FAKE_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_FAKE_CREDENTIALS_H
-#include <grpc/support/slice.h>
-#include "src/core/lib/iomgr/endpoint.h"
+#include "src/core/lib/security/credentials/credentials.h"
-struct tsi_frame_protector;
+/* -- Fake transport security credentials. -- */
-extern int grpc_trace_secure_endpoint;
+/* Creates a fake transport security credentials object for testing. */
+grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void);
+/* Creates a fake server transport security credentials object for testing. */
+grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
+ void);
-/* Takes ownership of protector and to_wrap, and refs leftover_slices. */
-grpc_endpoint *grpc_secure_endpoint_create(
- struct tsi_frame_protector *protector, grpc_endpoint *to_wrap,
- gpr_slice *leftover_slices, size_t leftover_nslices);
+/* -- Metadata-only Test credentials. -- */
-#endif /* GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H */
+typedef struct {
+ grpc_call_credentials base;
+ grpc_credentials_md_store *md_store;
+ int is_async;
+} grpc_md_only_test_credentials;
+
+#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_FAKE_CREDENTIALS_H
+
diff --git a/src/core/lib/security/credentials_posix.c b/src/core/lib/security/credentials/google_default/credentials_posix.c
similarity index 95%
rename from src/core/lib/security/credentials_posix.c
rename to src/core/lib/security/credentials/google_default/credentials_posix.c
index a07de18..42c9d7f 100644
--- a/src/core/lib/security/credentials_posix.c
+++ b/src/core/lib/security/credentials/google_default/credentials_posix.c
@@ -35,7 +35,7 @@
#ifdef GPR_POSIX_FILE
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
diff --git a/src/core/lib/security/credentials_win32.c b/src/core/lib/security/credentials/google_default/credentials_win32.c
similarity index 95%
rename from src/core/lib/security/credentials_win32.c
rename to src/core/lib/security/credentials/google_default/credentials_win32.c
index d29847a..cd8b480 100644
--- a/src/core/lib/security/credentials_win32.c
+++ b/src/core/lib/security/credentials/google_default/credentials_win32.c
@@ -35,7 +35,7 @@
#ifdef GPR_WIN32
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
diff --git a/src/core/lib/security/google_default_credentials.c b/src/core/lib/security/credentials/google_default/google_default_credentials.c
similarity index 97%
rename from src/core/lib/security/google_default_credentials.c
rename to src/core/lib/security/credentials/google_default/google_default_credentials.c
index 236f1d7..da23bba 100644
--- a/src/core/lib/security/google_default_credentials.c
+++ b/src/core/lib/security/credentials/google_default/google_default_credentials.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include <string.h>
@@ -41,6 +41,8 @@
#include "src/core/lib/http/httpcli.h"
#include "src/core/lib/http/parser.h"
+#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
+#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/load_file.h"
#include "src/core/lib/surface/api_trace.h"
diff --git a/src/core/lib/security/auth_filters.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h
similarity index 74%
copy from src/core/lib/security/auth_filters.h
copy to src/core/lib/security/credentials/google_default/google_default_credentials.h
index 7fb56c3..33e8c2e 100644
--- a/src/core/lib/security/auth_filters.h
+++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h
@@ -1,6 +1,6 @@
/*
*
- * Copyright 2015, Google Inc.
+ * Copyright 2016, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -31,12 +31,17 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
-#define GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_CREDENTIALS_H
-#include "src/core/lib/channel/channel_stack.h"
+#include "src/core/lib/security/credentials/credentials.h"
-extern const grpc_channel_filter grpc_client_auth_filter;
-extern const grpc_channel_filter grpc_server_auth_filter;
+#define GRPC_GOOGLE_CLOUD_SDK_CONFIG_DIRECTORY "gcloud"
+#define GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE \
+ "application_default_credentials.json"
-#endif /* GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H */
+void grpc_flush_cached_google_default_credentials(void);
+
+#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_CREDENTIALS_H
+
+
diff --git a/src/core/lib/security/credentials/iam/iam_credentials.c b/src/core/lib/security/credentials/iam/iam_credentials.c
new file mode 100644
index 0000000..ec0f284
--- /dev/null
+++ b/src/core/lib/security/credentials/iam/iam_credentials.c
@@ -0,0 +1,87 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/iam/iam_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+#include <grpc/support/sync.h>
+
+static void iam_destruct(grpc_call_credentials *creds) {
+ grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
+ grpc_credentials_md_store_unref(c->iam_md);
+}
+
+static void iam_get_request_metadata(grpc_exec_ctx *exec_ctx,
+ grpc_call_credentials *creds,
+ grpc_pollset *pollset,
+ grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
+ grpc_google_iam_credentials *c = (grpc_google_iam_credentials *)creds;
+ cb(exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries,
+ GRPC_CREDENTIALS_OK);
+}
+
+static grpc_call_credentials_vtable iam_vtable = {iam_destruct,
+ iam_get_request_metadata};
+
+grpc_call_credentials *grpc_google_iam_credentials_create(
+ const char *token, const char *authority_selector, void *reserved) {
+ grpc_google_iam_credentials *c;
+ GRPC_API_TRACE(
+ "grpc_iam_credentials_create(token=%s, authority_selector=%s, "
+ "reserved=%p)",
+ 3, (token, authority_selector, reserved));
+ GPR_ASSERT(reserved == NULL);
+ GPR_ASSERT(token != NULL);
+ GPR_ASSERT(authority_selector != NULL);
+ c = gpr_malloc(sizeof(grpc_google_iam_credentials));
+ memset(c, 0, sizeof(grpc_google_iam_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_IAM;
+ c->base.vtable = &iam_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->iam_md = grpc_credentials_md_store_create(2);
+ grpc_credentials_md_store_add_cstrings(
+ c->iam_md, GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, token);
+ grpc_credentials_md_store_add_cstrings(
+ c->iam_md, GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, authority_selector);
+ return &c->base;
+}
+
+
diff --git a/src/core/lib/security/auth_filters.h b/src/core/lib/security/credentials/iam/iam_credentials.h
similarity index 79%
copy from src/core/lib/security/auth_filters.h
copy to src/core/lib/security/credentials/iam/iam_credentials.h
index 7fb56c3..7110eaf 100644
--- a/src/core/lib/security/auth_filters.h
+++ b/src/core/lib/security/credentials/iam/iam_credentials.h
@@ -1,6 +1,6 @@
/*
*
- * Copyright 2015, Google Inc.
+ * Copyright 2016, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -31,12 +31,17 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
-#define GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_IAM_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_IAM_CREDENTIALS_H
-#include "src/core/lib/channel/channel_stack.h"
+#include "src/core/lib/security/credentials/credentials.h"
-extern const grpc_channel_filter grpc_client_auth_filter;
-extern const grpc_channel_filter grpc_server_auth_filter;
+typedef struct {
+ grpc_call_credentials base;
+ grpc_credentials_md_store *iam_md;
+} grpc_google_iam_credentials;
-#endif /* GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H */
+#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_IAM_CREDENTIALS_H
+
+
+
diff --git a/src/core/lib/security/json_token.c b/src/core/lib/security/credentials/jwt/json_token.c
similarity index 74%
rename from src/core/lib/security/json_token.c
rename to src/core/lib/security/credentials/jwt/json_token.c
index d5bc2c8..fd3d0d6 100644
--- a/src/core/lib/security/json_token.c
+++ b/src/core/lib/security/credentials/jwt/json_token.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/credentials/jwt/json_token.h"
#include <string.h>
@@ -39,7 +39,8 @@
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/util/b64.h"
+#include "src/core/lib/security/util/json_util.h"
#include "src/core/lib/support/string.h"
#include <openssl/bio.h>
@@ -66,28 +67,6 @@
/* --- grpc_auth_json_key. --- */
-static const char *json_get_string_property(const grpc_json *json,
- const char *prop_name) {
- grpc_json *child;
- for (child = json->child; child != NULL; child = child->next) {
- if (strcmp(child->key, prop_name) == 0) break;
- }
- if (child == NULL || child->type != GRPC_JSON_STRING) {
- gpr_log(GPR_ERROR, "Invalid or missing %s property.", prop_name);
- return NULL;
- }
- return child->value;
-}
-
-static int set_json_key_string_property(const grpc_json *json,
- const char *prop_name,
- char **json_key_field) {
- const char *prop_value = json_get_string_property(json, prop_name);
- if (prop_value == NULL) return 0;
- *json_key_field = gpr_strdup(prop_value);
- return 1;
-}
-
int grpc_auth_json_key_is_valid(const grpc_auth_json_key *json_key) {
return (json_key != NULL) &&
strcmp(json_key->type, GRPC_AUTH_JSON_TYPE_INVALID);
@@ -106,22 +85,22 @@
goto end;
}
- prop_value = json_get_string_property(json, "type");
+ prop_value = grpc_json_get_string_property(json, "type");
if (prop_value == NULL ||
strcmp(prop_value, GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT)) {
goto end;
}
result.type = GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT;
- if (!set_json_key_string_property(json, "private_key_id",
- &result.private_key_id) ||
- !set_json_key_string_property(json, "client_id", &result.client_id) ||
- !set_json_key_string_property(json, "client_email",
- &result.client_email)) {
+ if (!grpc_copy_json_string_property(json, "private_key_id",
+ &result.private_key_id) ||
+ !grpc_copy_json_string_property(json, "client_id", &result.client_id) ||
+ !grpc_copy_json_string_property(json, "client_email",
+ &result.client_email)) {
goto end;
}
- prop_value = json_get_string_property(json, "private_key");
+ prop_value = grpc_json_get_string_property(json, "private_key");
if (prop_value == NULL) {
goto end;
}
@@ -340,72 +319,3 @@
g_jwt_encode_and_sign_override = func;
}
-/* --- grpc_auth_refresh_token --- */
-
-int grpc_auth_refresh_token_is_valid(
- const grpc_auth_refresh_token *refresh_token) {
- return (refresh_token != NULL) &&
- strcmp(refresh_token->type, GRPC_AUTH_JSON_TYPE_INVALID);
-}
-
-grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json(
- const grpc_json *json) {
- grpc_auth_refresh_token result;
- const char *prop_value;
- int success = 0;
-
- memset(&result, 0, sizeof(grpc_auth_refresh_token));
- result.type = GRPC_AUTH_JSON_TYPE_INVALID;
- if (json == NULL) {
- gpr_log(GPR_ERROR, "Invalid json.");
- goto end;
- }
-
- prop_value = json_get_string_property(json, "type");
- if (prop_value == NULL ||
- strcmp(prop_value, GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER)) {
- goto end;
- }
- result.type = GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER;
-
- if (!set_json_key_string_property(json, "client_secret",
- &result.client_secret) ||
- !set_json_key_string_property(json, "client_id", &result.client_id) ||
- !set_json_key_string_property(json, "refresh_token",
- &result.refresh_token)) {
- goto end;
- }
- success = 1;
-
-end:
- if (!success) grpc_auth_refresh_token_destruct(&result);
- return result;
-}
-
-grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
- const char *json_string) {
- char *scratchpad = gpr_strdup(json_string);
- grpc_json *json = grpc_json_parse_string(scratchpad);
- grpc_auth_refresh_token result =
- grpc_auth_refresh_token_create_from_json(json);
- if (json != NULL) grpc_json_destroy(json);
- gpr_free(scratchpad);
- return result;
-}
-
-void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) {
- if (refresh_token == NULL) return;
- refresh_token->type = GRPC_AUTH_JSON_TYPE_INVALID;
- if (refresh_token->client_id != NULL) {
- gpr_free(refresh_token->client_id);
- refresh_token->client_id = NULL;
- }
- if (refresh_token->client_secret != NULL) {
- gpr_free(refresh_token->client_secret);
- refresh_token->client_secret = NULL;
- }
- if (refresh_token->refresh_token != NULL) {
- gpr_free(refresh_token->refresh_token);
- refresh_token->refresh_token = NULL;
- }
-}
diff --git a/src/core/lib/security/json_token.h b/src/core/lib/security/credentials/jwt/json_token.h
similarity index 73%
rename from src/core/lib/security/json_token.h
rename to src/core/lib/security/credentials/jwt/json_token.h
index 123fa65..07fc5bf 100644
--- a/src/core/lib/security/json_token.h
+++ b/src/core/lib/security/credentials/jwt/json_token.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_JSON_TOKEN_H
-#define GRPC_CORE_LIB_SECURITY_JSON_TOKEN_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H
#include <grpc/support/slice.h>
#include <openssl/rsa.h>
@@ -43,10 +43,6 @@
#define GRPC_JWT_OAUTH2_AUDIENCE "https://www.googleapis.com/oauth2/v3/token"
-#define GRPC_AUTH_JSON_TYPE_INVALID "invalid"
-#define GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT "service_account"
-#define GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER "authorized_user"
-
/* --- auth_json_key parsing. --- */
typedef struct {
@@ -89,30 +85,4 @@
void grpc_jwt_encode_and_sign_set_override(
grpc_jwt_encode_and_sign_override func);
-/* --- auth_refresh_token parsing. --- */
-
-typedef struct {
- const char *type;
- char *client_id;
- char *client_secret;
- char *refresh_token;
-} grpc_auth_refresh_token;
-
-/* Returns 1 if the object is valid, 0 otherwise. */
-int grpc_auth_refresh_token_is_valid(
- const grpc_auth_refresh_token *refresh_token);
-
-/* Creates a refresh token object from string. Returns an invalid object if a
- parsing error has been encountered. */
-grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
- const char *json_string);
-
-/* Creates a refresh token object from parsed json. Returns an invalid object if
- a parsing error has been encountered. */
-grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json(
- const grpc_json *json);
-
-/* Destructs the object. */
-void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token);
-
-#endif /* GRPC_CORE_LIB_SECURITY_JSON_TOKEN_H */
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H */
diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.c b/src/core/lib/security/credentials/jwt/jwt_credentials.c
new file mode 100644
index 0000000..9fd0527
--- /dev/null
+++ b/src/core/lib/security/credentials/jwt/jwt_credentials.c
@@ -0,0 +1,161 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+#include <grpc/support/sync.h>
+
+static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) {
+ if (c->cached.jwt_md != NULL) {
+ grpc_credentials_md_store_unref(c->cached.jwt_md);
+ c->cached.jwt_md = NULL;
+ }
+ if (c->cached.service_url != NULL) {
+ gpr_free(c->cached.service_url);
+ c->cached.service_url = NULL;
+ }
+ c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
+}
+
+static void jwt_destruct(grpc_call_credentials *creds) {
+ grpc_service_account_jwt_access_credentials *c =
+ (grpc_service_account_jwt_access_credentials *)creds;
+ grpc_auth_json_key_destruct(&c->key);
+ jwt_reset_cache(c);
+ gpr_mu_destroy(&c->cache_mu);
+}
+
+static void jwt_get_request_metadata(grpc_exec_ctx *exec_ctx,
+ grpc_call_credentials *creds,
+ grpc_pollset *pollset,
+ grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
+ grpc_service_account_jwt_access_credentials *c =
+ (grpc_service_account_jwt_access_credentials *)creds;
+ gpr_timespec refresh_threshold = gpr_time_from_seconds(
+ GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN);
+
+ /* See if we can return a cached jwt. */
+ grpc_credentials_md_store *jwt_md = NULL;
+ {
+ gpr_mu_lock(&c->cache_mu);
+ if (c->cached.service_url != NULL &&
+ strcmp(c->cached.service_url, context.service_url) == 0 &&
+ c->cached.jwt_md != NULL &&
+ (gpr_time_cmp(gpr_time_sub(c->cached.jwt_expiration,
+ gpr_now(GPR_CLOCK_REALTIME)),
+ refresh_threshold) > 0)) {
+ jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md);
+ }
+ gpr_mu_unlock(&c->cache_mu);
+ }
+
+ if (jwt_md == NULL) {
+ char *jwt = NULL;
+ /* Generate a new jwt. */
+ gpr_mu_lock(&c->cache_mu);
+ jwt_reset_cache(c);
+ jwt = grpc_jwt_encode_and_sign(&c->key, context.service_url,
+ c->jwt_lifetime, NULL);
+ if (jwt != NULL) {
+ char *md_value;
+ gpr_asprintf(&md_value, "Bearer %s", jwt);
+ gpr_free(jwt);
+ c->cached.jwt_expiration =
+ gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), c->jwt_lifetime);
+ c->cached.service_url = gpr_strdup(context.service_url);
+ c->cached.jwt_md = grpc_credentials_md_store_create(1);
+ grpc_credentials_md_store_add_cstrings(
+ c->cached.jwt_md, GRPC_AUTHORIZATION_METADATA_KEY, md_value);
+ gpr_free(md_value);
+ jwt_md = grpc_credentials_md_store_ref(c->cached.jwt_md);
+ }
+ gpr_mu_unlock(&c->cache_mu);
+ }
+
+ if (jwt_md != NULL) {
+ cb(exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries,
+ GRPC_CREDENTIALS_OK);
+ grpc_credentials_md_store_unref(jwt_md);
+ } else {
+ cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR);
+ }
+}
+
+static grpc_call_credentials_vtable jwt_vtable = {jwt_destruct,
+ jwt_get_request_metadata};
+
+grpc_call_credentials *
+grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
+ grpc_auth_json_key key, gpr_timespec token_lifetime) {
+ grpc_service_account_jwt_access_credentials *c;
+ if (!grpc_auth_json_key_is_valid(&key)) {
+ gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation");
+ return NULL;
+ }
+ c = gpr_malloc(sizeof(grpc_service_account_jwt_access_credentials));
+ memset(c, 0, sizeof(grpc_service_account_jwt_access_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->base.vtable = &jwt_vtable;
+ c->key = key;
+ c->jwt_lifetime = token_lifetime;
+ gpr_mu_init(&c->cache_mu);
+ jwt_reset_cache(c);
+ return &c->base;
+}
+
+grpc_call_credentials *grpc_service_account_jwt_access_credentials_create(
+ const char *json_key, gpr_timespec token_lifetime, void *reserved) {
+ GRPC_API_TRACE(
+ "grpc_service_account_jwt_access_credentials_create("
+ "json_key=%s, "
+ "token_lifetime="
+ "gpr_timespec { tv_sec: %lld, tv_nsec: %d, clock_type: %d }, "
+ "reserved=%p)",
+ 5,
+ (json_key, (long long)token_lifetime.tv_sec, (int)token_lifetime.tv_nsec,
+ (int)token_lifetime.clock_type, reserved));
+ GPR_ASSERT(reserved == NULL);
+ return grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
+ grpc_auth_json_key_create_from_string(json_key), token_lifetime);
+}
+
diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.h b/src/core/lib/security/credentials/jwt/jwt_credentials.h
new file mode 100644
index 0000000..6faf676
--- /dev/null
+++ b/src/core/lib/security/credentials/jwt/jwt_credentials.h
@@ -0,0 +1,63 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_CREDENTIALS_H
+
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/credentials/jwt/json_token.h"
+
+typedef struct {
+ grpc_call_credentials base;
+
+ // Have a simple cache for now with just 1 entry. We could have a map based on
+ // the service_url for a more sophisticated one.
+ gpr_mu cache_mu;
+ struct {
+ grpc_credentials_md_store *jwt_md;
+ char *service_url;
+ gpr_timespec jwt_expiration;
+ } cached;
+
+ grpc_auth_json_key key;
+ gpr_timespec jwt_lifetime;
+} grpc_service_account_jwt_access_credentials;
+
+// Private constructor for jwt credentials from an already parsed json key.
+// Takes ownership of the key.
+grpc_call_credentials *
+grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
+ grpc_auth_json_key key, gpr_timespec token_lifetime);
+
+#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_CREDENTIALS_H
+
diff --git a/src/core/lib/security/jwt_verifier.c b/src/core/lib/security/credentials/jwt/jwt_verifier.c
similarity index 99%
rename from src/core/lib/security/jwt_verifier.c
rename to src/core/lib/security/credentials/jwt/jwt_verifier.c
index 0e01229..cd6c7ce 100644
--- a/src/core/lib/security/jwt_verifier.c
+++ b/src/core/lib/security/credentials/jwt/jwt_verifier.c
@@ -31,13 +31,13 @@
*
*/
-#include "src/core/lib/security/jwt_verifier.h"
+#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"
#include <limits.h>
#include <string.h>
#include "src/core/lib/http/httpcli.h"
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/util/b64.h"
#include "src/core/lib/tsi/ssl_types.h"
#include <grpc/support/alloc.h>
diff --git a/src/core/lib/security/jwt_verifier.h b/src/core/lib/security/credentials/jwt/jwt_verifier.h
similarity index 96%
rename from src/core/lib/security/jwt_verifier.h
rename to src/core/lib/security/credentials/jwt/jwt_verifier.h
index 98a4f6b..b0f6d1c 100644
--- a/src/core/lib/security/jwt_verifier.h
+++ b/src/core/lib/security/credentials/jwt/jwt_verifier.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_JWT_VERIFIER_H
-#define GRPC_CORE_LIB_SECURITY_JWT_VERIFIER_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H
#include "src/core/lib/iomgr/pollset.h"
#include "src/core/lib/json/json.h"
@@ -133,4 +133,4 @@
grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims,
const char *audience);
-#endif /* GRPC_CORE_LIB_SECURITY_JWT_VERIFIER_H */
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H */
diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.c b/src/core/lib/security/credentials/oauth2/oauth2_credentials.c
new file mode 100644
index 0000000..0984d1f
--- /dev/null
+++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.c
@@ -0,0 +1,430 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/security/util/json_util.h"
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+
+//
+// Auth Refresh Token.
+//
+
+int grpc_auth_refresh_token_is_valid(
+ const grpc_auth_refresh_token *refresh_token) {
+ return (refresh_token != NULL) &&
+ strcmp(refresh_token->type, GRPC_AUTH_JSON_TYPE_INVALID);
+}
+
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json(
+ const grpc_json *json) {
+ grpc_auth_refresh_token result;
+ const char *prop_value;
+ int success = 0;
+
+ memset(&result, 0, sizeof(grpc_auth_refresh_token));
+ result.type = GRPC_AUTH_JSON_TYPE_INVALID;
+ if (json == NULL) {
+ gpr_log(GPR_ERROR, "Invalid json.");
+ goto end;
+ }
+
+ prop_value = grpc_json_get_string_property(json, "type");
+ if (prop_value == NULL ||
+ strcmp(prop_value, GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER)) {
+ goto end;
+ }
+ result.type = GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER;
+
+ if (!grpc_copy_json_string_property(json, "client_secret",
+ &result.client_secret) ||
+ !grpc_copy_json_string_property(json, "client_id", &result.client_id) ||
+ !grpc_copy_json_string_property(json, "refresh_token",
+ &result.refresh_token)) {
+ goto end;
+ }
+ success = 1;
+
+end:
+ if (!success) grpc_auth_refresh_token_destruct(&result);
+ return result;
+}
+
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
+ const char *json_string) {
+ char *scratchpad = gpr_strdup(json_string);
+ grpc_json *json = grpc_json_parse_string(scratchpad);
+ grpc_auth_refresh_token result =
+ grpc_auth_refresh_token_create_from_json(json);
+ if (json != NULL) grpc_json_destroy(json);
+ gpr_free(scratchpad);
+ return result;
+}
+
+void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) {
+ if (refresh_token == NULL) return;
+ refresh_token->type = GRPC_AUTH_JSON_TYPE_INVALID;
+ if (refresh_token->client_id != NULL) {
+ gpr_free(refresh_token->client_id);
+ refresh_token->client_id = NULL;
+ }
+ if (refresh_token->client_secret != NULL) {
+ gpr_free(refresh_token->client_secret);
+ refresh_token->client_secret = NULL;
+ }
+ if (refresh_token->refresh_token != NULL) {
+ gpr_free(refresh_token->refresh_token);
+ refresh_token->refresh_token = NULL;
+ }
+}
+
+//
+// Oauth2 Token Fetcher credentials.
+//
+
+static void oauth2_token_fetcher_destruct(grpc_call_credentials *creds) {
+ grpc_oauth2_token_fetcher_credentials *c =
+ (grpc_oauth2_token_fetcher_credentials *)creds;
+ grpc_credentials_md_store_unref(c->access_token_md);
+ gpr_mu_destroy(&c->mu);
+ grpc_httpcli_context_destroy(&c->httpcli_context);
+}
+
+grpc_credentials_status
+grpc_oauth2_token_fetcher_credentials_parse_server_response(
+ const grpc_http_response *response, grpc_credentials_md_store **token_md,
+ gpr_timespec *token_lifetime) {
+ char *null_terminated_body = NULL;
+ char *new_access_token = NULL;
+ grpc_credentials_status status = GRPC_CREDENTIALS_OK;
+ grpc_json *json = NULL;
+
+ if (response == NULL) {
+ gpr_log(GPR_ERROR, "Received NULL response.");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+
+ if (response->body_length > 0) {
+ null_terminated_body = gpr_malloc(response->body_length + 1);
+ null_terminated_body[response->body_length] = '\0';
+ memcpy(null_terminated_body, response->body, response->body_length);
+ }
+
+ if (response->status != 200) {
+ gpr_log(GPR_ERROR, "Call to http server ended with error %d [%s].",
+ response->status,
+ null_terminated_body != NULL ? null_terminated_body : "");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ } else {
+ grpc_json *access_token = NULL;
+ grpc_json *token_type = NULL;
+ grpc_json *expires_in = NULL;
+ grpc_json *ptr;
+ json = grpc_json_parse_string(null_terminated_body);
+ if (json == NULL) {
+ gpr_log(GPR_ERROR, "Could not parse JSON from %s", null_terminated_body);
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ if (json->type != GRPC_JSON_OBJECT) {
+ gpr_log(GPR_ERROR, "Response should be a JSON object");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ for (ptr = json->child; ptr; ptr = ptr->next) {
+ if (strcmp(ptr->key, "access_token") == 0) {
+ access_token = ptr;
+ } else if (strcmp(ptr->key, "token_type") == 0) {
+ token_type = ptr;
+ } else if (strcmp(ptr->key, "expires_in") == 0) {
+ expires_in = ptr;
+ }
+ }
+ if (access_token == NULL || access_token->type != GRPC_JSON_STRING) {
+ gpr_log(GPR_ERROR, "Missing or invalid access_token in JSON.");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ if (token_type == NULL || token_type->type != GRPC_JSON_STRING) {
+ gpr_log(GPR_ERROR, "Missing or invalid token_type in JSON.");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ if (expires_in == NULL || expires_in->type != GRPC_JSON_NUMBER) {
+ gpr_log(GPR_ERROR, "Missing or invalid expires_in in JSON.");
+ status = GRPC_CREDENTIALS_ERROR;
+ goto end;
+ }
+ gpr_asprintf(&new_access_token, "%s %s", token_type->value,
+ access_token->value);
+ token_lifetime->tv_sec = strtol(expires_in->value, NULL, 10);
+ token_lifetime->tv_nsec = 0;
+ token_lifetime->clock_type = GPR_TIMESPAN;
+ if (*token_md != NULL) grpc_credentials_md_store_unref(*token_md);
+ *token_md = grpc_credentials_md_store_create(1);
+ grpc_credentials_md_store_add_cstrings(
+ *token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token);
+ status = GRPC_CREDENTIALS_OK;
+ }
+
+end:
+ if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) {
+ grpc_credentials_md_store_unref(*token_md);
+ *token_md = NULL;
+ }
+ if (null_terminated_body != NULL) gpr_free(null_terminated_body);
+ if (new_access_token != NULL) gpr_free(new_access_token);
+ if (json != NULL) grpc_json_destroy(json);
+ return status;
+}
+
+static void on_oauth2_token_fetcher_http_response(
+ grpc_exec_ctx *exec_ctx, void *user_data,
+ const grpc_http_response *response) {
+ grpc_credentials_metadata_request *r =
+ (grpc_credentials_metadata_request *)user_data;
+ grpc_oauth2_token_fetcher_credentials *c =
+ (grpc_oauth2_token_fetcher_credentials *)r->creds;
+ gpr_timespec token_lifetime;
+ grpc_credentials_status status;
+
+ gpr_mu_lock(&c->mu);
+ status = grpc_oauth2_token_fetcher_credentials_parse_server_response(
+ response, &c->access_token_md, &token_lifetime);
+ if (status == GRPC_CREDENTIALS_OK) {
+ c->token_expiration =
+ gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), token_lifetime);
+ r->cb(exec_ctx, r->user_data, c->access_token_md->entries,
+ c->access_token_md->num_entries, status);
+ } else {
+ c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
+ r->cb(exec_ctx, r->user_data, NULL, 0, status);
+ }
+ gpr_mu_unlock(&c->mu);
+ grpc_credentials_metadata_request_destroy(r);
+}
+
+static void oauth2_token_fetcher_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ grpc_oauth2_token_fetcher_credentials *c =
+ (grpc_oauth2_token_fetcher_credentials *)creds;
+ gpr_timespec refresh_threshold = gpr_time_from_seconds(
+ GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN);
+ grpc_credentials_md_store *cached_access_token_md = NULL;
+ {
+ gpr_mu_lock(&c->mu);
+ if (c->access_token_md != NULL &&
+ (gpr_time_cmp(
+ gpr_time_sub(c->token_expiration, gpr_now(GPR_CLOCK_REALTIME)),
+ refresh_threshold) > 0)) {
+ cached_access_token_md =
+ grpc_credentials_md_store_ref(c->access_token_md);
+ }
+ gpr_mu_unlock(&c->mu);
+ }
+ if (cached_access_token_md != NULL) {
+ cb(exec_ctx, user_data, cached_access_token_md->entries,
+ cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK);
+ grpc_credentials_md_store_unref(cached_access_token_md);
+ } else {
+ c->fetch_func(
+ exec_ctx,
+ grpc_credentials_metadata_request_create(creds, cb, user_data),
+ &c->httpcli_context, pollset, on_oauth2_token_fetcher_http_response,
+ gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), refresh_threshold));
+ }
+}
+
+static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c,
+ grpc_fetch_oauth2_func fetch_func) {
+ memset(c, 0, sizeof(grpc_oauth2_token_fetcher_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
+ gpr_ref_init(&c->base.refcount, 1);
+ gpr_mu_init(&c->mu);
+ c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME);
+ c->fetch_func = fetch_func;
+ grpc_httpcli_context_init(&c->httpcli_context);
+}
+
+//
+// Google Compute Engine credentials.
+//
+
+static grpc_call_credentials_vtable compute_engine_vtable = {
+ oauth2_token_fetcher_destruct, oauth2_token_fetcher_get_request_metadata};
+
+static void compute_engine_fetch_oauth2(
+ grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
+ grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
+ grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
+ grpc_http_header header = {"Metadata-Flavor", "Google"};
+ grpc_httpcli_request request;
+ memset(&request, 0, sizeof(grpc_httpcli_request));
+ request.host = GRPC_COMPUTE_ENGINE_METADATA_HOST;
+ request.http.path = GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH;
+ request.http.hdr_count = 1;
+ request.http.hdrs = &header;
+ grpc_httpcli_get(exec_ctx, httpcli_context, pollset, &request, deadline,
+ response_cb, metadata_req);
+}
+
+grpc_call_credentials *grpc_google_compute_engine_credentials_create(
+ void *reserved) {
+ grpc_oauth2_token_fetcher_credentials *c =
+ gpr_malloc(sizeof(grpc_oauth2_token_fetcher_credentials));
+ GRPC_API_TRACE("grpc_compute_engine_credentials_create(reserved=%p)", 1,
+ (reserved));
+ GPR_ASSERT(reserved == NULL);
+ init_oauth2_token_fetcher(c, compute_engine_fetch_oauth2);
+ c->base.vtable = &compute_engine_vtable;
+ return &c->base;
+}
+
+//
+// Google Refresh Token credentials.
+//
+
+static void refresh_token_destruct(grpc_call_credentials *creds) {
+ grpc_google_refresh_token_credentials *c =
+ (grpc_google_refresh_token_credentials *)creds;
+ grpc_auth_refresh_token_destruct(&c->refresh_token);
+ oauth2_token_fetcher_destruct(&c->base.base);
+}
+
+static grpc_call_credentials_vtable refresh_token_vtable = {
+ refresh_token_destruct, oauth2_token_fetcher_get_request_metadata};
+
+static void refresh_token_fetch_oauth2(
+ grpc_exec_ctx *exec_ctx, grpc_credentials_metadata_request *metadata_req,
+ grpc_httpcli_context *httpcli_context, grpc_pollset *pollset,
+ grpc_httpcli_response_cb response_cb, gpr_timespec deadline) {
+ grpc_google_refresh_token_credentials *c =
+ (grpc_google_refresh_token_credentials *)metadata_req->creds;
+ grpc_http_header header = {"Content-Type",
+ "application/x-www-form-urlencoded"};
+ grpc_httpcli_request request;
+ char *body = NULL;
+ gpr_asprintf(&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING,
+ c->refresh_token.client_id, c->refresh_token.client_secret,
+ c->refresh_token.refresh_token);
+ memset(&request, 0, sizeof(grpc_httpcli_request));
+ request.host = GRPC_GOOGLE_OAUTH2_SERVICE_HOST;
+ request.http.path = GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH;
+ request.http.hdr_count = 1;
+ request.http.hdrs = &header;
+ request.handshaker = &grpc_httpcli_ssl;
+ grpc_httpcli_post(exec_ctx, httpcli_context, pollset, &request, body,
+ strlen(body), deadline, response_cb, metadata_req);
+ gpr_free(body);
+}
+
+grpc_call_credentials *
+grpc_refresh_token_credentials_create_from_auth_refresh_token(
+ grpc_auth_refresh_token refresh_token) {
+ grpc_google_refresh_token_credentials *c;
+ if (!grpc_auth_refresh_token_is_valid(&refresh_token)) {
+ gpr_log(GPR_ERROR, "Invalid input for refresh token credentials creation");
+ return NULL;
+ }
+ c = gpr_malloc(sizeof(grpc_google_refresh_token_credentials));
+ memset(c, 0, sizeof(grpc_google_refresh_token_credentials));
+ init_oauth2_token_fetcher(&c->base, refresh_token_fetch_oauth2);
+ c->base.base.vtable = &refresh_token_vtable;
+ c->refresh_token = refresh_token;
+ return &c->base.base;
+}
+
+grpc_call_credentials *grpc_google_refresh_token_credentials_create(
+ const char *json_refresh_token, void *reserved) {
+ GRPC_API_TRACE(
+ "grpc_refresh_token_credentials_create(json_refresh_token=%s, "
+ "reserved=%p)",
+ 2, (json_refresh_token, reserved));
+ GPR_ASSERT(reserved == NULL);
+ return grpc_refresh_token_credentials_create_from_auth_refresh_token(
+ grpc_auth_refresh_token_create_from_string(json_refresh_token));
+}
+
+//
+// Oauth2 Access Token credentials.
+//
+
+static void access_token_destruct(grpc_call_credentials *creds) {
+ grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
+ grpc_credentials_md_store_unref(c->access_token_md);
+}
+
+static void access_token_get_request_metadata(
+ grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds,
+ grpc_pollset *pollset, grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb, void *user_data) {
+ grpc_access_token_credentials *c = (grpc_access_token_credentials *)creds;
+ cb(exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK);
+}
+
+static grpc_call_credentials_vtable access_token_vtable = {
+ access_token_destruct, access_token_get_request_metadata};
+
+grpc_call_credentials *grpc_access_token_credentials_create(
+ const char *access_token, void *reserved) {
+ grpc_access_token_credentials *c =
+ gpr_malloc(sizeof(grpc_access_token_credentials));
+ char *token_md_value;
+ GRPC_API_TRACE(
+ "grpc_access_token_credentials_create(access_token=%s, "
+ "reserved=%p)",
+ 2, (access_token, reserved));
+ GPR_ASSERT(reserved == NULL);
+ memset(c, 0, sizeof(grpc_access_token_credentials));
+ c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
+ c->base.vtable = &access_token_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->access_token_md = grpc_credentials_md_store_create(1);
+ gpr_asprintf(&token_md_value, "Bearer %s", access_token);
+ grpc_credentials_md_store_add_cstrings(
+ c->access_token_md, GRPC_AUTHORIZATION_METADATA_KEY, token_md_value);
+ gpr_free(token_md_value);
+ return &c->base;
+}
+
+
diff --git a/src/core/lib/security/credentials/oauth2/oauth2_credentials.h b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h
new file mode 100644
index 0000000..6cdcc68
--- /dev/null
+++ b/src/core/lib/security/credentials/oauth2/oauth2_credentials.h
@@ -0,0 +1,111 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_CREDENTIALS_H
+
+#include "src/core/lib/json/json.h"
+#include "src/core/lib/security/credentials/credentials.h"
+
+// auth_refresh_token parsing.
+typedef struct {
+ const char *type;
+ char *client_id;
+ char *client_secret;
+ char *refresh_token;
+} grpc_auth_refresh_token;
+
+/// Returns 1 if the object is valid, 0 otherwise.
+int grpc_auth_refresh_token_is_valid(
+ const grpc_auth_refresh_token *refresh_token);
+
+/// Creates a refresh token object from string. Returns an invalid object if a
+/// parsing error has been encountered.
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
+ const char *json_string);
+
+/// Creates a refresh token object from parsed json. Returns an invalid object
+/// if a parsing error has been encountered.
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_json(
+ const grpc_json *json);
+
+/// Destructs the object.
+void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token);
+
+// -- Oauth2 Token Fetcher credentials --
+//
+// This object is a base for credentials that need to acquire an oauth2 token
+// from an http service.
+
+typedef void (*grpc_fetch_oauth2_func)(grpc_exec_ctx *exec_ctx,
+ grpc_credentials_metadata_request *req,
+ grpc_httpcli_context *http_context,
+ grpc_pollset *pollset,
+ grpc_httpcli_response_cb response_cb,
+ gpr_timespec deadline);
+typedef struct {
+ grpc_call_credentials base;
+ gpr_mu mu;
+ grpc_credentials_md_store *access_token_md;
+ gpr_timespec token_expiration;
+ grpc_httpcli_context httpcli_context;
+ grpc_fetch_oauth2_func fetch_func;
+} grpc_oauth2_token_fetcher_credentials;
+
+
+// Google refresh token credentials.
+typedef struct {
+ grpc_oauth2_token_fetcher_credentials base;
+ grpc_auth_refresh_token refresh_token;
+} grpc_google_refresh_token_credentials;
+
+// Access token credentials.
+typedef struct {
+ grpc_call_credentials base;
+ grpc_credentials_md_store *access_token_md;
+} grpc_access_token_credentials;
+
+// Private constructor for refresh token credentials from an already parsed
+// refresh token. Takes ownership of the refresh token.
+grpc_call_credentials *
+grpc_refresh_token_credentials_create_from_auth_refresh_token(
+ grpc_auth_refresh_token token);
+
+// Exposed for testing only.
+grpc_credentials_status
+grpc_oauth2_token_fetcher_credentials_parse_server_response(
+ const struct grpc_http_response *response,
+ grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime);
+
+#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_OAUTH2_CREDENTIALS_H
+
diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.c b/src/core/lib/security/credentials/plugin/plugin_credentials.c
new file mode 100644
index 0000000..b075e14
--- /dev/null
+++ b/src/core/lib/security/credentials/plugin/plugin_credentials.c
@@ -0,0 +1,131 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/plugin/plugin_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/string_util.h>
+#include <grpc/support/sync.h>
+
+typedef struct {
+ void *user_data;
+ grpc_credentials_metadata_cb cb;
+} grpc_metadata_plugin_request;
+
+static void plugin_destruct(grpc_call_credentials *creds) {
+ grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
+ if (c->plugin.state != NULL && c->plugin.destroy != NULL) {
+ c->plugin.destroy(c->plugin.state);
+ }
+}
+
+static void plugin_md_request_metadata_ready(void *request,
+ const grpc_metadata *md,
+ size_t num_md,
+ grpc_status_code status,
+ const char *error_details) {
+ /* called from application code */
+ grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
+ grpc_metadata_plugin_request *r = (grpc_metadata_plugin_request *)request;
+ if (status != GRPC_STATUS_OK) {
+ if (error_details != NULL) {
+ gpr_log(GPR_ERROR, "Getting metadata from plugin failed with error: %s",
+ error_details);
+ }
+ r->cb(&exec_ctx, r->user_data, NULL, 0, GRPC_CREDENTIALS_ERROR);
+ } else {
+ size_t i;
+ grpc_credentials_md *md_array = NULL;
+ if (num_md > 0) {
+ md_array = gpr_malloc(num_md * sizeof(grpc_credentials_md));
+ for (i = 0; i < num_md; i++) {
+ md_array[i].key = gpr_slice_from_copied_string(md[i].key);
+ md_array[i].value =
+ gpr_slice_from_copied_buffer(md[i].value, md[i].value_length);
+ }
+ }
+ r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK);
+ if (md_array != NULL) {
+ for (i = 0; i < num_md; i++) {
+ gpr_slice_unref(md_array[i].key);
+ gpr_slice_unref(md_array[i].value);
+ }
+ gpr_free(md_array);
+ }
+ }
+ gpr_free(r);
+ grpc_exec_ctx_finish(&exec_ctx);
+}
+
+static void plugin_get_request_metadata(grpc_exec_ctx *exec_ctx,
+ grpc_call_credentials *creds,
+ grpc_pollset *pollset,
+ grpc_auth_metadata_context context,
+ grpc_credentials_metadata_cb cb,
+ void *user_data) {
+ grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds;
+ if (c->plugin.get_metadata != NULL) {
+ grpc_metadata_plugin_request *request = gpr_malloc(sizeof(*request));
+ memset(request, 0, sizeof(*request));
+ request->user_data = user_data;
+ request->cb = cb;
+ c->plugin.get_metadata(c->plugin.state, context,
+ plugin_md_request_metadata_ready, request);
+ } else {
+ cb(exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK);
+ }
+}
+
+static grpc_call_credentials_vtable plugin_vtable = {
+ plugin_destruct, plugin_get_request_metadata};
+
+grpc_call_credentials *grpc_metadata_credentials_create_from_plugin(
+ grpc_metadata_credentials_plugin plugin, void *reserved) {
+ grpc_plugin_credentials *c = gpr_malloc(sizeof(*c));
+ GRPC_API_TRACE("grpc_metadata_credentials_create_from_plugin(reserved=%p)", 1,
+ (reserved));
+ GPR_ASSERT(reserved == NULL);
+ memset(c, 0, sizeof(*c));
+ c->base.type = plugin.type;
+ c->base.vtable = &plugin_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->plugin = plugin;
+ return &c->base;
+}
+
+
diff --git a/src/core/lib/security/auth_filters.h b/src/core/lib/security/credentials/plugin/plugin_credentials.h
similarity index 77%
copy from src/core/lib/security/auth_filters.h
copy to src/core/lib/security/credentials/plugin/plugin_credentials.h
index 7fb56c3..cdabbbd 100644
--- a/src/core/lib/security/auth_filters.h
+++ b/src/core/lib/security/credentials/plugin/plugin_credentials.h
@@ -1,6 +1,6 @@
/*
*
- * Copyright 2015, Google Inc.
+ * Copyright 2016, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -31,12 +31,18 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
-#define GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_PLUGIN_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_PLUGIN_CREDENTIALS_H
-#include "src/core/lib/channel/channel_stack.h"
+#include "src/core/lib/security/credentials/credentials.h"
-extern const grpc_channel_filter grpc_client_auth_filter;
-extern const grpc_channel_filter grpc_server_auth_filter;
+typedef struct {
+ grpc_call_credentials base;
+ grpc_metadata_credentials_plugin plugin;
+ grpc_credentials_md_store *plugin_md;
+} grpc_plugin_credentials;
-#endif /* GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H */
+#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_PLUGIN_CREDENTIALS_H
+
+
+
diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.c b/src/core/lib/security/credentials/ssl/ssl_credentials.c
new file mode 100644
index 0000000..ee8d2e4
--- /dev/null
+++ b/src/core/lib/security/credentials/ssl/ssl_credentials.c
@@ -0,0 +1,244 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "src/core/lib/security/credentials/ssl/ssl_credentials.h"
+
+#include <string.h>
+
+#include "src/core/lib/channel/channel_args.h"
+#include "src/core/lib/channel/http_client_filter.h"
+#include "src/core/lib/surface/api_trace.h"
+
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+
+//
+// Utils
+//
+
+static void ssl_copy_key_material(const char *input, unsigned char **output,
+ size_t *output_size) {
+ *output_size = strlen(input);
+ *output = gpr_malloc(*output_size);
+ memcpy(*output, input, *output_size);
+}
+
+//
+// SSL Channel Credentials.
+//
+
+static void ssl_destruct(grpc_channel_credentials *creds) {
+ grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
+ if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
+ if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key);
+ if (c->config.pem_cert_chain != NULL) gpr_free(c->config.pem_cert_chain);
+}
+
+static grpc_security_status ssl_create_security_connector(
+ grpc_channel_credentials *creds, grpc_call_credentials *call_creds,
+ const char *target, const grpc_channel_args *args,
+ grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
+ grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds;
+ grpc_security_status status = GRPC_SECURITY_OK;
+ size_t i = 0;
+ const char *overridden_target_name = NULL;
+ grpc_arg new_arg;
+
+ for (i = 0; args && i < args->num_args; i++) {
+ grpc_arg *arg = &args->args[i];
+ if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 &&
+ arg->type == GRPC_ARG_STRING) {
+ overridden_target_name = arg->value.string;
+ break;
+ }
+ }
+ status = grpc_ssl_channel_security_connector_create(
+ call_creds, &c->config, target, overridden_target_name, sc);
+ if (status != GRPC_SECURITY_OK) {
+ return status;
+ }
+ new_arg.type = GRPC_ARG_STRING;
+ new_arg.key = GRPC_ARG_HTTP2_SCHEME;
+ new_arg.value.string = "https";
+ *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1);
+ return status;
+}
+
+static grpc_channel_credentials_vtable ssl_vtable = {
+ ssl_destruct, ssl_create_security_connector};
+
+static void ssl_build_config(const char *pem_root_certs,
+ grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
+ grpc_ssl_config *config) {
+ if (pem_root_certs != NULL) {
+ ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
+ &config->pem_root_certs_size);
+ }
+ if (pem_key_cert_pair != NULL) {
+ GPR_ASSERT(pem_key_cert_pair->private_key != NULL);
+ GPR_ASSERT(pem_key_cert_pair->cert_chain != NULL);
+ ssl_copy_key_material(pem_key_cert_pair->private_key,
+ &config->pem_private_key,
+ &config->pem_private_key_size);
+ ssl_copy_key_material(pem_key_cert_pair->cert_chain,
+ &config->pem_cert_chain,
+ &config->pem_cert_chain_size);
+ }
+}
+
+grpc_channel_credentials *grpc_ssl_credentials_create(
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
+ void *reserved) {
+ grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials));
+ GRPC_API_TRACE(
+ "grpc_ssl_credentials_create(pem_root_certs=%s, "
+ "pem_key_cert_pair=%p, "
+ "reserved=%p)",
+ 3, (pem_root_certs, pem_key_cert_pair, reserved));
+ GPR_ASSERT(reserved == NULL);
+ memset(c, 0, sizeof(grpc_ssl_credentials));
+ c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
+ c->base.vtable = &ssl_vtable;
+ gpr_ref_init(&c->base.refcount, 1);
+ ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config);
+ return &c->base;
+}
+
+//
+// SSL Server Credentials.
+//
+
+static void ssl_server_destruct(grpc_server_credentials *creds) {
+ grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
+ size_t i;
+ for (i = 0; i < c->config.num_key_cert_pairs; i++) {
+ if (c->config.pem_private_keys[i] != NULL) {
+ gpr_free(c->config.pem_private_keys[i]);
+ }
+ if (c->config.pem_cert_chains[i] != NULL) {
+ gpr_free(c->config.pem_cert_chains[i]);
+ }
+ }
+ if (c->config.pem_private_keys != NULL) gpr_free(c->config.pem_private_keys);
+ if (c->config.pem_private_keys_sizes != NULL) {
+ gpr_free(c->config.pem_private_keys_sizes);
+ }
+ if (c->config.pem_cert_chains != NULL) gpr_free(c->config.pem_cert_chains);
+ if (c->config.pem_cert_chains_sizes != NULL) {
+ gpr_free(c->config.pem_cert_chains_sizes);
+ }
+ if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
+}
+
+
+static grpc_security_status ssl_server_create_security_connector(
+ grpc_server_credentials *creds, grpc_server_security_connector **sc) {
+ grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
+ return grpc_ssl_server_security_connector_create(&c->config, sc);
+}
+
+static grpc_server_credentials_vtable ssl_server_vtable = {
+ ssl_server_destruct, ssl_server_create_security_connector};
+
+
+static void ssl_build_server_config(
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
+ size_t num_key_cert_pairs,
+ grpc_ssl_client_certificate_request_type client_certificate_request,
+ grpc_ssl_server_config *config) {
+ size_t i;
+ config->client_certificate_request = client_certificate_request;
+ if (pem_root_certs != NULL) {
+ ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
+ &config->pem_root_certs_size);
+ }
+ if (num_key_cert_pairs > 0) {
+ GPR_ASSERT(pem_key_cert_pairs != NULL);
+ config->pem_private_keys =
+ gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
+ config->pem_cert_chains =
+ gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
+ config->pem_private_keys_sizes =
+ gpr_malloc(num_key_cert_pairs * sizeof(size_t));
+ config->pem_cert_chains_sizes =
+ gpr_malloc(num_key_cert_pairs * sizeof(size_t));
+ }
+ config->num_key_cert_pairs = num_key_cert_pairs;
+ for (i = 0; i < num_key_cert_pairs; i++) {
+ GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL);
+ GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL);
+ ssl_copy_key_material(pem_key_cert_pairs[i].private_key,
+ &config->pem_private_keys[i],
+ &config->pem_private_keys_sizes[i]);
+ ssl_copy_key_material(pem_key_cert_pairs[i].cert_chain,
+ &config->pem_cert_chains[i],
+ &config->pem_cert_chains_sizes[i]);
+ }
+}
+
+
+grpc_server_credentials *grpc_ssl_server_credentials_create(
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
+ size_t num_key_cert_pairs, int force_client_auth, void *reserved) {
+ return grpc_ssl_server_credentials_create_ex(
+ pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs,
+ force_client_auth
+ ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
+ : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
+ reserved);
+}
+
+grpc_server_credentials *grpc_ssl_server_credentials_create_ex(
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
+ size_t num_key_cert_pairs,
+ grpc_ssl_client_certificate_request_type client_certificate_request,
+ void *reserved) {
+ grpc_ssl_server_credentials *c =
+ gpr_malloc(sizeof(grpc_ssl_server_credentials));
+ GRPC_API_TRACE(
+ "grpc_ssl_server_credentials_create_ex("
+ "pem_root_certs=%s, pem_key_cert_pairs=%p, num_key_cert_pairs=%lu, "
+ "client_certificate_request=%d, reserved=%p)",
+ 5, (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs,
+ client_certificate_request, reserved));
+ GPR_ASSERT(reserved == NULL);
+ memset(c, 0, sizeof(grpc_ssl_server_credentials));
+ c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
+ gpr_ref_init(&c->base.refcount, 1);
+ c->base.vtable = &ssl_server_vtable;
+ ssl_build_server_config(pem_root_certs, pem_key_cert_pairs,
+ num_key_cert_pairs, client_certificate_request,
+ &c->config);
+ return &c->base;
+}
+
diff --git a/src/core/lib/security/auth_filters.h b/src/core/lib/security/credentials/ssl/ssl_credentials.h
similarity index 74%
copy from src/core/lib/security/auth_filters.h
copy to src/core/lib/security/credentials/ssl/ssl_credentials.h
index 7fb56c3..ea4bdab 100644
--- a/src/core/lib/security/auth_filters.h
+++ b/src/core/lib/security/credentials/ssl/ssl_credentials.h
@@ -1,6 +1,6 @@
/*
*
- * Copyright 2015, Google Inc.
+ * Copyright 2016, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -30,13 +30,20 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H
-#ifndef GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
-#define GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
+#include "src/core/lib/security/credentials/credentials.h"
-#include "src/core/lib/channel/channel_stack.h"
+typedef struct {
+ grpc_channel_credentials base;
+ grpc_ssl_config config;
+} grpc_ssl_credentials;
-extern const grpc_channel_filter grpc_client_auth_filter;
-extern const grpc_channel_filter grpc_server_auth_filter;
+typedef struct {
+ grpc_server_credentials base;
+ grpc_ssl_server_config config;
+} grpc_ssl_server_credentials;
-#endif /* GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H */
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H */
+
diff --git a/src/core/lib/security/auth_filters.h b/src/core/lib/security/transport/auth_filters.h
similarity index 90%
rename from src/core/lib/security/auth_filters.h
rename to src/core/lib/security/transport/auth_filters.h
index 7fb56c3..f688d4e 100644
--- a/src/core/lib/security/auth_filters.h
+++ b/src/core/lib/security/transport/auth_filters.h
@@ -31,12 +31,12 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
-#define GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H
+#ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H
+#define GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H
#include "src/core/lib/channel/channel_stack.h"
extern const grpc_channel_filter grpc_client_auth_filter;
extern const grpc_channel_filter grpc_server_auth_filter;
-#endif /* GRPC_CORE_LIB_SECURITY_AUTH_FILTERS_H */
+#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H */
diff --git a/src/core/lib/security/client_auth_filter.c b/src/core/lib/security/transport/client_auth_filter.c
similarity index 97%
rename from src/core/lib/security/client_auth_filter.c
rename to src/core/lib/security/transport/client_auth_filter.c
index 8b58cb8..e3cbcb4 100644
--- a/src/core/lib/security/client_auth_filter.c
+++ b/src/core/lib/security/transport/client_auth_filter.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/auth_filters.h"
+#include "src/core/lib/security/transport/auth_filters.h"
#include <string.h>
@@ -40,9 +40,9 @@
#include <grpc/support/string_util.h>
#include "src/core/lib/channel/channel_stack.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_connector.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/surface/call.h"
#include "src/core/lib/transport/static_metadata.h"
diff --git a/src/core/lib/security/handshake.c b/src/core/lib/security/transport/handshake.c
similarity index 98%
rename from src/core/lib/security/handshake.c
rename to src/core/lib/security/transport/handshake.c
index d5fe0c7..6561f4b 100644
--- a/src/core/lib/security/handshake.c
+++ b/src/core/lib/security/transport/handshake.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/handshake.h"
+#include "src/core/lib/security/transport/handshake.h"
#include <stdbool.h>
#include <string.h>
@@ -39,8 +39,8 @@
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/slice_buffer.h>
-#include "src/core/lib/security/secure_endpoint.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
#define GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE 256
diff --git a/src/core/lib/security/handshake.h b/src/core/lib/security/transport/handshake.h
similarity index 90%
rename from src/core/lib/security/handshake.h
rename to src/core/lib/security/transport/handshake.h
index f34476e..6ed850b 100644
--- a/src/core/lib/security/handshake.h
+++ b/src/core/lib/security/transport/handshake.h
@@ -31,11 +31,11 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_HANDSHAKE_H
-#define GRPC_CORE_LIB_SECURITY_HANDSHAKE_H
+#ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_HANDSHAKE_H
+#define GRPC_CORE_LIB_SECURITY_TRANSPORT_HANDSHAKE_H
#include "src/core/lib/iomgr/endpoint.h"
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/transport/security_connector.h"
/* Calls the callback upon completion. Takes owership of handshaker. */
void grpc_do_security_handshake(grpc_exec_ctx *exec_ctx,
@@ -48,4 +48,4 @@
void grpc_security_handshake_shutdown(grpc_exec_ctx *exec_ctx, void *handshake);
-#endif /* GRPC_CORE_LIB_SECURITY_HANDSHAKE_H */
+#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_HANDSHAKE_H */
diff --git a/src/core/lib/security/secure_endpoint.c b/src/core/lib/security/transport/secure_endpoint.c
similarity index 99%
rename from src/core/lib/security/secure_endpoint.c
rename to src/core/lib/security/transport/secure_endpoint.c
index 27b0e98..4438c8e 100644
--- a/src/core/lib/security/secure_endpoint.c
+++ b/src/core/lib/security/transport/secure_endpoint.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/secure_endpoint.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/slice.h>
diff --git a/src/core/lib/security/secure_endpoint.h b/src/core/lib/security/transport/secure_endpoint.h
similarity index 91%
rename from src/core/lib/security/secure_endpoint.h
rename to src/core/lib/security/transport/secure_endpoint.h
index ff1c663..d00075b 100644
--- a/src/core/lib/security/secure_endpoint.h
+++ b/src/core/lib/security/transport/secure_endpoint.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H
-#define GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H
+#ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURE_ENDPOINT_H
+#define GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURE_ENDPOINT_H
#include <grpc/support/slice.h>
#include "src/core/lib/iomgr/endpoint.h"
@@ -46,4 +46,4 @@
struct tsi_frame_protector *protector, grpc_endpoint *to_wrap,
gpr_slice *leftover_slices, size_t leftover_nslices);
-#endif /* GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H */
+#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURE_ENDPOINT_H */
diff --git a/src/core/lib/security/security_connector.c b/src/core/lib/security/transport/security_connector.c
similarity index 98%
rename from src/core/lib/security/security_connector.c
rename to src/core/lib/security/transport/security_connector.c
index 2d2023b..72173e7 100644
--- a/src/core/lib/security/security_connector.c
+++ b/src/core/lib/security/transport/security_connector.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include <stdbool.h>
#include <string.h>
@@ -43,10 +43,10 @@
#include <grpc/support/string_util.h>
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/handshake.h"
-#include "src/core/lib/security/secure_endpoint.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/handshake.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/load_file.h"
#include "src/core/lib/support/string.h"
diff --git a/src/core/lib/security/security_connector.h b/src/core/lib/security/transport/security_connector.h
similarity index 97%
rename from src/core/lib/security/security_connector.h
rename to src/core/lib/security/transport/security_connector.h
index 2c893cd..84e586d 100644
--- a/src/core/lib/security/security_connector.h
+++ b/src/core/lib/security/transport/security_connector.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_H
-#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_H
+#ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURITY_CONNECTOR_H
+#define GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURITY_CONNECTOR_H
#include <grpc/grpc_security.h>
#include "src/core/lib/iomgr/endpoint.h"
@@ -263,4 +263,4 @@
const grpc_auth_context *auth_context);
void tsi_shallow_peer_destruct(tsi_peer *peer);
-#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_H */
+#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_SECURITY_CONNECTOR_H */
diff --git a/src/core/lib/security/server_auth_filter.c b/src/core/lib/security/transport/server_auth_filter.c
similarity index 98%
rename from src/core/lib/security/server_auth_filter.c
rename to src/core/lib/security/transport/server_auth_filter.c
index 3320497..006a30f 100644
--- a/src/core/lib/security/server_auth_filter.c
+++ b/src/core/lib/security/transport/server_auth_filter.c
@@ -33,9 +33,9 @@
#include <string.h>
-#include "src/core/lib/security/auth_filters.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/auth_filters.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
diff --git a/src/core/lib/security/b64.c b/src/core/lib/security/util/b64.c
similarity index 99%
rename from src/core/lib/security/b64.c
rename to src/core/lib/security/util/b64.c
index 87f0e05..9da42e4 100644
--- a/src/core/lib/security/b64.c
+++ b/src/core/lib/security/util/b64.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/util/b64.h"
#include <stdint.h>
#include <string.h>
diff --git a/src/core/lib/security/b64.h b/src/core/lib/security/util/b64.h
similarity index 94%
rename from src/core/lib/security/b64.h
rename to src/core/lib/security/util/b64.h
index c515e7a..6908095 100644
--- a/src/core/lib/security/b64.h
+++ b/src/core/lib/security/util/b64.h
@@ -31,8 +31,8 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_B64_H
-#define GRPC_CORE_LIB_SECURITY_B64_H
+#ifndef GRPC_CORE_LIB_SECURITY_UTIL_B64_H
+#define GRPC_CORE_LIB_SECURITY_UTIL_B64_H
#include <grpc/support/slice.h>
@@ -49,4 +49,4 @@
gpr_slice grpc_base64_decode_with_len(const char *b64, size_t b64_len,
int url_safe);
-#endif /* GRPC_CORE_LIB_SECURITY_B64_H */
+#endif /* GRPC_CORE_LIB_SECURITY_UTIL_B64_H */
diff --git a/src/core/lib/security/credentials_win32.c b/src/core/lib/security/util/json_util.c
similarity index 65%
copy from src/core/lib/security/credentials_win32.c
copy to src/core/lib/security/util/json_util.c
index d29847a..9eda12c 100644
--- a/src/core/lib/security/credentials_win32.c
+++ b/src/core/lib/security/util/json_util.c
@@ -31,31 +31,32 @@
*
*/
-#include <grpc/support/port_platform.h>
+#include "src/core/lib/security/util/json_util.h"
-#ifdef GPR_WIN32
+#include <string.h>
-#include "src/core/lib/security/credentials.h"
-
-#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
-#include "src/core/lib/support/env.h"
-#include "src/core/lib/support/string.h"
-
-char *grpc_get_well_known_google_credentials_file_path_impl(void) {
- char *result = NULL;
- char *appdata_path = gpr_getenv("APPDATA");
- if (appdata_path == NULL) {
- gpr_log(GPR_ERROR, "Could not get APPDATA environment variable.");
+const char *grpc_json_get_string_property(const grpc_json *json,
+ const char *prop_name) {
+ grpc_json *child;
+ for (child = json->child; child != NULL; child = child->next) {
+ if (strcmp(child->key, prop_name) == 0) break;
+ }
+ if (child == NULL || child->type != GRPC_JSON_STRING) {
+ gpr_log(GPR_ERROR, "Invalid or missing %s property.", prop_name);
return NULL;
}
- gpr_asprintf(&result, "%s/%s/%s", appdata_path,
- GRPC_GOOGLE_CLOUD_SDK_CONFIG_DIRECTORY,
- GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE);
- gpr_free(appdata_path);
- return result;
+ return child->value;
}
-#endif /* GPR_WIN32 */
+bool grpc_copy_json_string_property(const grpc_json *json,
+ const char *prop_name,
+ char **copied_value) {
+ const char *prop_value = grpc_json_get_string_property(json, prop_name);
+ if (prop_value == NULL) return false;
+ *copied_value = gpr_strdup(prop_value);
+ return true;
+}
+
diff --git a/src/core/lib/security/secure_endpoint.h b/src/core/lib/security/util/json_util.h
similarity index 64%
copy from src/core/lib/security/secure_endpoint.h
copy to src/core/lib/security/util/json_util.h
index ff1c663..3046412 100644
--- a/src/core/lib/security/secure_endpoint.h
+++ b/src/core/lib/security/util/json_util.h
@@ -31,19 +31,27 @@
*
*/
-#ifndef GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H
-#define GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H
+#ifndef GRPC_CORE_LIB_SECURITY_UTIL_JSON_UTIL_H
+#define GRPC_CORE_LIB_SECURITY_UTIL_JSON_UTIL_H
-#include <grpc/support/slice.h>
-#include "src/core/lib/iomgr/endpoint.h"
+#include <stdbool.h>
-struct tsi_frame_protector;
+#include "src/core/lib/json/json.h"
-extern int grpc_trace_secure_endpoint;
+// Constants.
+#define GRPC_AUTH_JSON_TYPE_INVALID "invalid"
+#define GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT "service_account"
+#define GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER "authorized_user"
-/* Takes ownership of protector and to_wrap, and refs leftover_slices. */
-grpc_endpoint *grpc_secure_endpoint_create(
- struct tsi_frame_protector *protector, grpc_endpoint *to_wrap,
- gpr_slice *leftover_slices, size_t leftover_nslices);
+// Gets a child property from a json node.
+const char *grpc_json_get_string_property(const grpc_json *json,
+ const char *prop_name);
-#endif /* GRPC_CORE_LIB_SECURITY_SECURE_ENDPOINT_H */
+// Copies the value of the json child property specified by prop_name.
+// Returns false if the property was not found.
+bool grpc_copy_json_string_property(const grpc_json *json,
+ const char *prop_name,
+ char **copied_value);
+
+#endif // GRPC_CORE_LIB_SECURITY_UTIL_JSON_UTIL_H
+
diff --git a/src/core/lib/surface/init_secure.c b/src/core/lib/surface/init_secure.c
index 3fda2c9..7ee7b51 100644
--- a/src/core/lib/surface/init_secure.c
+++ b/src/core/lib/surface/init_secure.c
@@ -37,10 +37,10 @@
#include <string.h>
#include "src/core/lib/debug/trace.h"
-#include "src/core/lib/security/auth_filters.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/secure_endpoint.h"
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/transport/auth_filters.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/surface/channel_init.h"
#include "src/core/lib/tsi/transport_security_interface.h"
diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py
index dab6253..0f0678a 100644
--- a/src/python/grpcio/grpc_core_dependencies.py
+++ b/src/python/grpcio/grpc_core_dependencies.py
@@ -182,20 +182,28 @@
'src/core/ext/transport/chttp2/transport/writing.c',
'src/core/ext/transport/chttp2/alpn/alpn.c',
'src/core/lib/http/httpcli_security_connector.c',
- 'src/core/lib/security/b64.c',
- 'src/core/lib/security/client_auth_filter.c',
- 'src/core/lib/security/credentials.c',
- 'src/core/lib/security/credentials_metadata.c',
- 'src/core/lib/security/credentials_posix.c',
- 'src/core/lib/security/credentials_win32.c',
- 'src/core/lib/security/google_default_credentials.c',
- 'src/core/lib/security/handshake.c',
- 'src/core/lib/security/json_token.c',
- 'src/core/lib/security/jwt_verifier.c',
- 'src/core/lib/security/secure_endpoint.c',
- 'src/core/lib/security/security_connector.c',
- 'src/core/lib/security/security_context.c',
- 'src/core/lib/security/server_auth_filter.c',
+ 'src/core/lib/security/context/security_context.c',
+ 'src/core/lib/security/credentials/composite/composite_credentials.c',
+ 'src/core/lib/security/credentials/credentials.c',
+ 'src/core/lib/security/credentials/credentials_metadata.c',
+ 'src/core/lib/security/credentials/fake/fake_credentials.c',
+ 'src/core/lib/security/credentials/google_default/credentials_posix.c',
+ 'src/core/lib/security/credentials/google_default/credentials_win32.c',
+ 'src/core/lib/security/credentials/google_default/google_default_credentials.c',
+ 'src/core/lib/security/credentials/iam/iam_credentials.c',
+ 'src/core/lib/security/credentials/jwt/json_token.c',
+ 'src/core/lib/security/credentials/jwt/jwt_credentials.c',
+ 'src/core/lib/security/credentials/jwt/jwt_verifier.c',
+ 'src/core/lib/security/credentials/oauth2/oauth2_credentials.c',
+ 'src/core/lib/security/credentials/plugin/plugin_credentials.c',
+ 'src/core/lib/security/credentials/ssl/ssl_credentials.c',
+ 'src/core/lib/security/transport/client_auth_filter.c',
+ 'src/core/lib/security/transport/handshake.c',
+ 'src/core/lib/security/transport/secure_endpoint.c',
+ 'src/core/lib/security/transport/security_connector.c',
+ 'src/core/lib/security/transport/server_auth_filter.c',
+ 'src/core/lib/security/util/b64.c',
+ 'src/core/lib/security/util/json_util.c',
'src/core/lib/surface/init_secure.c',
'src/core/lib/tsi/fake_transport_security.c',
'src/core/lib/tsi/ssl_transport_security.c',
diff --git a/test/core/client_config/set_initial_connect_string_test.c b/test/core/client_config/set_initial_connect_string_test.c
index 83058d9..3ad8ce9 100644
--- a/test/core/client_config/set_initial_connect_string_test.c
+++ b/test/core/client_config/set_initial_connect_string_test.c
@@ -40,7 +40,7 @@
#include "src/core/ext/client_config/initial_connect_string.h"
#include "src/core/lib/iomgr/sockaddr.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "src/core/lib/support/string.h"
#include "test/core/util/port.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/end2end/fixtures/h2_fakesec.c b/test/core/end2end/fixtures/h2_fakesec.c
index 246619b..44408b2 100644
--- a/test/core/end2end/fixtures/h2_fakesec.c
+++ b/test/core/end2end/fixtures/h2_fakesec.c
@@ -40,7 +40,7 @@
#include <grpc/support/host_port.h>
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include "test/core/util/port.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/end2end/fixtures/h2_oauth2.c b/test/core/end2end/fixtures/h2_oauth2.c
index 550ff33..fc56998 100644
--- a/test/core/end2end/fixtures/h2_oauth2.c
+++ b/test/core/end2end/fixtures/h2_oauth2.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/iomgr/iomgr.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include "test/core/util/port.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/end2end/fixtures/h2_ssl.c b/test/core/end2end/fixtures/h2_ssl.c
index 69f7616..eb28623 100644
--- a/test/core/end2end/fixtures/h2_ssl.c
+++ b/test/core/end2end/fixtures/h2_ssl.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/end2end/fixtures/h2_ssl_cert.c b/test/core/end2end/fixtures/h2_ssl_cert.c
index cd031ca..2a6d0d1 100644
--- a/test/core/end2end/fixtures/h2_ssl_cert.c
+++ b/test/core/end2end/fixtures/h2_ssl_cert.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/end2end/fixtures/h2_ssl_proxy.c b/test/core/end2end/fixtures/h2_ssl_proxy.c
index 1403b76..8f8c081 100644
--- a/test/core/end2end/fixtures/h2_ssl_proxy.c
+++ b/test/core/end2end/fixtures/h2_ssl_proxy.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/end2end/tests/call_creds.c b/test/core/end2end/tests/call_creds.c
index b555bea..5c6791f 100644
--- a/test/core/end2end/tests/call_creds.c
+++ b/test/core/end2end/tests/call_creds.c
@@ -42,7 +42,7 @@
#include <grpc/support/log.h>
#include <grpc/support/time.h>
#include <grpc/support/useful.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/string.h"
#include "test/core/end2end/cq_verifier.h"
diff --git a/test/core/security/auth_context_test.c b/test/core/security/auth_context_test.c
index d1ead16..e2f44eb 100644
--- a/test/core/security/auth_context_test.c
+++ b/test/core/security/auth_context_test.c
@@ -33,7 +33,7 @@
#include <string.h>
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/support/string.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/security/b64_test.c b/test/core/security/b64_test.c
index cea8703..b26bd02 100644
--- a/test/core/security/b64_test.c
+++ b/test/core/security/b64_test.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/util/b64.h"
#include <string.h>
diff --git a/test/core/security/create_jwt.c b/test/core/security/create_jwt.c
index 6d4707f..3c36b76 100644
--- a/test/core/security/create_jwt.c
+++ b/test/core/security/create_jwt.c
@@ -34,8 +34,7 @@
#include <stdio.h>
#include <string.h>
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
#include "src/core/lib/support/load_file.h"
#include <grpc/support/alloc.h>
diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c
index 7867293..31e0637 100644
--- a/test/core/security/credentials_test.c
+++ b/test/core/security/credentials_test.c
@@ -33,7 +33,7 @@
#include <grpc/support/port_platform.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include <openssl/rsa.h>
#include <stdlib.h>
@@ -45,7 +45,10 @@
#include <grpc/support/time.h>
#include "src/core/lib/http/httpcli.h"
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/credentials/composite/composite_credentials.h"
+#include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
+#include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
+#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c
index bd314e9..2a102fb 100644
--- a/test/core/security/fetch_oauth2.c
+++ b/test/core/security/fetch_oauth2.c
@@ -42,7 +42,7 @@
#include <grpc/support/slice.h>
#include <grpc/support/sync.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/support/load_file.h"
#include "test/core/security/oauth2_utils.h"
diff --git a/test/core/security/json_token_test.c b/test/core/security/json_token_test.c
index 3aee52e..405fe56 100644
--- a/test/core/security/json_token_test.c
+++ b/test/core/security/json_token_test.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/credentials/jwt/json_token.h"
#include <openssl/evp.h>
#include <string.h>
@@ -42,7 +42,8 @@
#include <grpc/support/slice.h>
#include "src/core/lib/json/json.h"
-#include "src/core/lib/security/b64.h"
+#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
+#include "src/core/lib/security/util/b64.h"
#include "test/core/util/test_config.h"
/* This JSON key was generated with the GCE console and revoked immediately.
diff --git a/test/core/security/jwt_verifier_test.c b/test/core/security/jwt_verifier_test.c
index 077f44d..50bf251 100644
--- a/test/core/security/jwt_verifier_test.c
+++ b/test/core/security/jwt_verifier_test.c
@@ -31,7 +31,7 @@
*
*/
-#include "src/core/lib/security/jwt_verifier.h"
+#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"
#include <string.h>
@@ -43,8 +43,8 @@
#include <grpc/support/string_util.h>
#include "src/core/lib/http/httpcli.h"
-#include "src/core/lib/security/b64.h"
-#include "src/core/lib/security/json_token.h"
+#include "src/core/lib/security/util/b64.h"
+#include "src/core/lib/security/credentials/jwt/json_token.h"
#include "test/core/util/test_config.h"
/* This JSON key was generated with the GCE console and revoked immediately.
diff --git a/test/core/security/oauth2_utils.c b/test/core/security/oauth2_utils.c
index 20815d1..80d21cc 100644
--- a/test/core/security/oauth2_utils.c
+++ b/test/core/security/oauth2_utils.c
@@ -42,7 +42,7 @@
#include <grpc/support/slice.h>
#include <grpc/support/sync.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
typedef struct {
gpr_mu *mu;
diff --git a/test/core/security/oauth2_utils.h b/test/core/security/oauth2_utils.h
index eff9827..0f4e885 100644
--- a/test/core/security/oauth2_utils.h
+++ b/test/core/security/oauth2_utils.h
@@ -34,7 +34,7 @@
#ifndef GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H
#define GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#ifdef __cplusplus
extern "C" {
diff --git a/test/core/security/print_google_default_creds_token.c b/test/core/security/print_google_default_creds_token.c
index 99bce4f..10a5e52 100644
--- a/test/core/security/print_google_default_creds_token.c
+++ b/test/core/security/print_google_default_creds_token.c
@@ -42,7 +42,8 @@
#include <grpc/support/slice.h>
#include <grpc/support/sync.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/credentials/composite/composite_credentials.h"
#include "src/core/lib/support/string.h"
typedef struct {
diff --git a/test/core/security/secure_endpoint_test.c b/test/core/security/secure_endpoint_test.c
index aeaf382..6aba21a 100644
--- a/test/core/security/secure_endpoint_test.c
+++ b/test/core/security/secure_endpoint_test.c
@@ -41,7 +41,7 @@
#include <grpc/support/log.h>
#include "src/core/lib/iomgr/endpoint_pair.h"
#include "src/core/lib/iomgr/iomgr.h"
-#include "src/core/lib/security/secure_endpoint.h"
+#include "src/core/lib/security/transport/secure_endpoint.h"
#include "src/core/lib/tsi/fake_transport_security.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/security/security_connector_test.c b/test/core/security/security_connector_test.c
index 1a4e64b..6106bec 100644
--- a/test/core/security/security_connector_test.c
+++ b/test/core/security/security_connector_test.c
@@ -40,8 +40,8 @@
#include <grpc/support/string_util.h>
#include <grpc/support/useful.h>
-#include "src/core/lib/security/security_connector.h"
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/support/env.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
diff --git a/test/core/security/verify_jwt.c b/test/core/security/verify_jwt.c
index 2274fe1..ecb873b 100644
--- a/test/core/security/verify_jwt.c
+++ b/test/core/security/verify_jwt.c
@@ -42,7 +42,7 @@
#include <grpc/support/slice.h>
#include <grpc/support/sync.h>
-#include "src/core/lib/security/jwt_verifier.h"
+#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"
typedef struct {
grpc_pollset *pollset;
diff --git a/test/core/surface/secure_channel_create_test.c b/test/core/surface/secure_channel_create_test.c
index 80419ef..b952503 100644
--- a/test/core/surface/secure_channel_create_test.c
+++ b/test/core/surface/secure_channel_create_test.c
@@ -37,8 +37,8 @@
#include <grpc/grpc_security.h>
#include <grpc/support/log.h>
#include "src/core/ext/client_config/resolver_registry.h"
-#include "src/core/lib/security/credentials.h"
-#include "src/core/lib/security/security_connector.h"
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
+#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/surface/channel.h"
#include "test/core/util/test_config.h"
diff --git a/test/core/surface/server_chttp2_test.c b/test/core/surface/server_chttp2_test.c
index d22c164..f42ca9f 100644
--- a/test/core/surface/server_chttp2_test.c
+++ b/test/core/surface/server_chttp2_test.c
@@ -37,7 +37,8 @@
#include <grpc/support/host_port.h>
#include <grpc/support/log.h>
#include <grpc/support/time.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
+#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "src/core/lib/tsi/fake_transport_security.h"
#include "test/core/util/port.h"
#include "test/core/util/test_config.h"
diff --git a/test/cpp/common/auth_property_iterator_test.cc b/test/cpp/common/auth_property_iterator_test.cc
index 0e43d4e..66225ff 100644
--- a/test/cpp/common/auth_property_iterator_test.cc
+++ b/test/cpp/common/auth_property_iterator_test.cc
@@ -38,7 +38,7 @@
#include "test/cpp/util/string_ref_helper.h"
extern "C" {
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
}
using ::grpc::testing::ToString;
diff --git a/test/cpp/common/secure_auth_context_test.cc b/test/cpp/common/secure_auth_context_test.cc
index 0673613..b131452 100644
--- a/test/cpp/common/secure_auth_context_test.cc
+++ b/test/cpp/common/secure_auth_context_test.cc
@@ -38,7 +38,7 @@
#include "test/cpp/util/string_ref_helper.h"
extern "C" {
-#include "src/core/lib/security/security_context.h"
+#include "src/core/lib/security/context/security_context.h"
}
using grpc::testing::ToString;
diff --git a/test/cpp/end2end/end2end_test.cc b/test/cpp/end2end/end2end_test.cc
index 0c9313f..0311864 100644
--- a/test/cpp/end2end/end2end_test.cc
+++ b/test/cpp/end2end/end2end_test.cc
@@ -48,7 +48,7 @@
#include <grpc/support/time.h>
#include <gtest/gtest.h>
-#include "src/core/lib/security/credentials.h"
+#include "src/core/lib/security/credentials/credentials.h"
#include "src/proto/grpc/testing/duplicate/echo_duplicate.grpc.pb.h"
#include "src/proto/grpc/testing/echo.grpc.pb.h"
#include "test/core/util/port.h"
diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal
index 1b1453f..260e688 100644
--- a/tools/doxygen/Doxyfile.core.internal
+++ b/tools/doxygen/Doxyfile.core.internal
@@ -882,15 +882,24 @@
src/core/ext/transport/chttp2/transport/timeout_encoding.h \
src/core/ext/transport/chttp2/transport/varint.h \
src/core/ext/transport/chttp2/alpn/alpn.h \
-src/core/lib/security/auth_filters.h \
-src/core/lib/security/b64.h \
-src/core/lib/security/credentials.h \
-src/core/lib/security/handshake.h \
-src/core/lib/security/json_token.h \
-src/core/lib/security/jwt_verifier.h \
-src/core/lib/security/secure_endpoint.h \
-src/core/lib/security/security_connector.h \
-src/core/lib/security/security_context.h \
+src/core/lib/security/context/security_context.h \
+src/core/lib/security/credentials/composite/composite_credentials.h \
+src/core/lib/security/credentials/credentials.h \
+src/core/lib/security/credentials/fake/fake_credentials.h \
+src/core/lib/security/credentials/google_default/google_default_credentials.h \
+src/core/lib/security/credentials/iam/iam_credentials.h \
+src/core/lib/security/credentials/jwt/json_token.h \
+src/core/lib/security/credentials/jwt/jwt_credentials.h \
+src/core/lib/security/credentials/jwt/jwt_verifier.h \
+src/core/lib/security/credentials/oauth2/oauth2_credentials.h \
+src/core/lib/security/credentials/plugin/plugin_credentials.h \
+src/core/lib/security/credentials/ssl/ssl_credentials.h \
+src/core/lib/security/transport/auth_filters.h \
+src/core/lib/security/transport/handshake.h \
+src/core/lib/security/transport/secure_endpoint.h \
+src/core/lib/security/transport/security_connector.h \
+src/core/lib/security/util/b64.h \
+src/core/lib/security/util/json_util.h \
src/core/lib/tsi/fake_transport_security.h \
src/core/lib/tsi/ssl_transport_security.h \
src/core/lib/tsi/ssl_types.h \
@@ -1030,20 +1039,28 @@
src/core/ext/transport/chttp2/transport/writing.c \
src/core/ext/transport/chttp2/alpn/alpn.c \
src/core/lib/http/httpcli_security_connector.c \
-src/core/lib/security/b64.c \
-src/core/lib/security/client_auth_filter.c \
-src/core/lib/security/credentials.c \
-src/core/lib/security/credentials_metadata.c \
-src/core/lib/security/credentials_posix.c \
-src/core/lib/security/credentials_win32.c \
-src/core/lib/security/google_default_credentials.c \
-src/core/lib/security/handshake.c \
-src/core/lib/security/json_token.c \
-src/core/lib/security/jwt_verifier.c \
-src/core/lib/security/secure_endpoint.c \
-src/core/lib/security/security_connector.c \
-src/core/lib/security/security_context.c \
-src/core/lib/security/server_auth_filter.c \
+src/core/lib/security/context/security_context.c \
+src/core/lib/security/credentials/composite/composite_credentials.c \
+src/core/lib/security/credentials/credentials.c \
+src/core/lib/security/credentials/credentials_metadata.c \
+src/core/lib/security/credentials/fake/fake_credentials.c \
+src/core/lib/security/credentials/google_default/credentials_posix.c \
+src/core/lib/security/credentials/google_default/credentials_win32.c \
+src/core/lib/security/credentials/google_default/google_default_credentials.c \
+src/core/lib/security/credentials/iam/iam_credentials.c \
+src/core/lib/security/credentials/jwt/json_token.c \
+src/core/lib/security/credentials/jwt/jwt_credentials.c \
+src/core/lib/security/credentials/jwt/jwt_verifier.c \
+src/core/lib/security/credentials/oauth2/oauth2_credentials.c \
+src/core/lib/security/credentials/plugin/plugin_credentials.c \
+src/core/lib/security/credentials/ssl/ssl_credentials.c \
+src/core/lib/security/transport/client_auth_filter.c \
+src/core/lib/security/transport/handshake.c \
+src/core/lib/security/transport/secure_endpoint.c \
+src/core/lib/security/transport/security_connector.c \
+src/core/lib/security/transport/server_auth_filter.c \
+src/core/lib/security/util/b64.c \
+src/core/lib/security/util/json_util.c \
src/core/lib/surface/init_secure.c \
src/core/lib/tsi/fake_transport_security.c \
src/core/lib/tsi/ssl_transport_security.c \
diff --git a/tools/run_tests/sources_and_headers.json b/tools/run_tests/sources_and_headers.json
index f546f3b..6c08a80 100644
--- a/tools/run_tests/sources_and_headers.json
+++ b/tools/run_tests/sources_and_headers.json
@@ -6014,15 +6014,24 @@
"headers": [
"include/grpc/grpc_security.h",
"include/grpc/grpc_security_constants.h",
- "src/core/lib/security/auth_filters.h",
- "src/core/lib/security/b64.h",
- "src/core/lib/security/credentials.h",
- "src/core/lib/security/handshake.h",
- "src/core/lib/security/json_token.h",
- "src/core/lib/security/jwt_verifier.h",
- "src/core/lib/security/secure_endpoint.h",
- "src/core/lib/security/security_connector.h",
- "src/core/lib/security/security_context.h"
+ "src/core/lib/security/context/security_context.h",
+ "src/core/lib/security/credentials/composite/composite_credentials.h",
+ "src/core/lib/security/credentials/credentials.h",
+ "src/core/lib/security/credentials/fake/fake_credentials.h",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.h",
+ "src/core/lib/security/credentials/iam/iam_credentials.h",
+ "src/core/lib/security/credentials/jwt/json_token.h",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.h",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.h",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.h",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.h",
+ "src/core/lib/security/transport/auth_filters.h",
+ "src/core/lib/security/transport/handshake.h",
+ "src/core/lib/security/transport/secure_endpoint.h",
+ "src/core/lib/security/transport/security_connector.h",
+ "src/core/lib/security/util/b64.h",
+ "src/core/lib/security/util/json_util.h"
],
"language": "c",
"name": "grpc_secure",
@@ -6030,29 +6039,46 @@
"include/grpc/grpc_security.h",
"include/grpc/grpc_security_constants.h",
"src/core/lib/http/httpcli_security_connector.c",
- "src/core/lib/security/auth_filters.h",
- "src/core/lib/security/b64.c",
- "src/core/lib/security/b64.h",
- "src/core/lib/security/client_auth_filter.c",
- "src/core/lib/security/credentials.c",
- "src/core/lib/security/credentials.h",
- "src/core/lib/security/credentials_metadata.c",
- "src/core/lib/security/credentials_posix.c",
- "src/core/lib/security/credentials_win32.c",
- "src/core/lib/security/google_default_credentials.c",
- "src/core/lib/security/handshake.c",
- "src/core/lib/security/handshake.h",
- "src/core/lib/security/json_token.c",
- "src/core/lib/security/json_token.h",
- "src/core/lib/security/jwt_verifier.c",
- "src/core/lib/security/jwt_verifier.h",
- "src/core/lib/security/secure_endpoint.c",
- "src/core/lib/security/secure_endpoint.h",
- "src/core/lib/security/security_connector.c",
- "src/core/lib/security/security_connector.h",
- "src/core/lib/security/security_context.c",
- "src/core/lib/security/security_context.h",
- "src/core/lib/security/server_auth_filter.c",
+ "src/core/lib/security/context/security_context.c",
+ "src/core/lib/security/context/security_context.h",
+ "src/core/lib/security/credentials/composite/composite_credentials.c",
+ "src/core/lib/security/credentials/composite/composite_credentials.h",
+ "src/core/lib/security/credentials/credentials.c",
+ "src/core/lib/security/credentials/credentials.h",
+ "src/core/lib/security/credentials/credentials_metadata.c",
+ "src/core/lib/security/credentials/fake/fake_credentials.c",
+ "src/core/lib/security/credentials/fake/fake_credentials.h",
+ "src/core/lib/security/credentials/google_default/credentials_posix.c",
+ "src/core/lib/security/credentials/google_default/credentials_win32.c",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.c",
+ "src/core/lib/security/credentials/google_default/google_default_credentials.h",
+ "src/core/lib/security/credentials/iam/iam_credentials.c",
+ "src/core/lib/security/credentials/iam/iam_credentials.h",
+ "src/core/lib/security/credentials/jwt/json_token.c",
+ "src/core/lib/security/credentials/jwt/json_token.h",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.c",
+ "src/core/lib/security/credentials/jwt/jwt_credentials.h",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.c",
+ "src/core/lib/security/credentials/jwt/jwt_verifier.h",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.c",
+ "src/core/lib/security/credentials/oauth2/oauth2_credentials.h",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.c",
+ "src/core/lib/security/credentials/plugin/plugin_credentials.h",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.c",
+ "src/core/lib/security/credentials/ssl/ssl_credentials.h",
+ "src/core/lib/security/transport/auth_filters.h",
+ "src/core/lib/security/transport/client_auth_filter.c",
+ "src/core/lib/security/transport/handshake.c",
+ "src/core/lib/security/transport/handshake.h",
+ "src/core/lib/security/transport/secure_endpoint.c",
+ "src/core/lib/security/transport/secure_endpoint.h",
+ "src/core/lib/security/transport/security_connector.c",
+ "src/core/lib/security/transport/security_connector.h",
+ "src/core/lib/security/transport/server_auth_filter.c",
+ "src/core/lib/security/util/b64.c",
+ "src/core/lib/security/util/b64.h",
+ "src/core/lib/security/util/json_util.c",
+ "src/core/lib/security/util/json_util.h",
"src/core/lib/surface/init_secure.c"
],
"third_party": false,
diff --git a/vsprojects/vcxproj/grpc/grpc.vcxproj b/vsprojects/vcxproj/grpc/grpc.vcxproj
index 4eec05a..8b8212e 100644
--- a/vsprojects/vcxproj/grpc/grpc.vcxproj
+++ b/vsprojects/vcxproj/grpc/grpc.vcxproj
@@ -391,15 +391,24 @@
<ClInclude Include="$(SolutionDir)\..\src\core\ext\transport\chttp2\transport\timeout_encoding.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\transport\chttp2\transport\varint.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\transport\chttp2\alpn\alpn.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\auth_filters.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\b64.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\handshake.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\json_token.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\jwt_verifier.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\secure_endpoint.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\security_connector.h" />
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\security_context.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\context\security_context.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\composite\composite_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\fake\fake_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\google_default_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\iam\iam_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\json_token.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_verifier.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\oauth2\oauth2_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\plugin\plugin_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\ssl\ssl_credentials.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\auth_filters.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\handshake.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\util\b64.h" />
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\util\json_util.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\tsi\fake_transport_security.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\tsi\ssl_transport_security.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\tsi\ssl_types.h" />
@@ -647,33 +656,49 @@
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\http\httpcli_security_connector.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\b64.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\context\security_context.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\client_auth_filter.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\composite\composite_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_metadata.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials_metadata.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_posix.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\fake\fake_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_win32.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\credentials_posix.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\google_default_credentials.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\credentials_win32.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\handshake.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\google_default_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\json_token.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\iam\iam_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\jwt_verifier.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\json_token.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\secure_endpoint.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\security_connector.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_verifier.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\security_context.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\oauth2\oauth2_credentials.c">
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\server_auth_filter.c">
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\plugin\plugin_credentials.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\ssl\ssl_credentials.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\client_auth_filter.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\handshake.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\server_auth_filter.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\util\b64.c">
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\util\json_util.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\surface\init_secure.c">
</ClCompile>
diff --git a/vsprojects/vcxproj/grpc/grpc.vcxproj.filters b/vsprojects/vcxproj/grpc/grpc.vcxproj.filters
index 17c88c4..f5f91a9 100644
--- a/vsprojects/vcxproj/grpc/grpc.vcxproj.filters
+++ b/vsprojects/vcxproj/grpc/grpc.vcxproj.filters
@@ -319,47 +319,71 @@
<ClCompile Include="$(SolutionDir)\..\src\core\lib\http\httpcli_security_connector.c">
<Filter>src\core\lib\http</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\b64.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\context\security_context.c">
+ <Filter>src\core\lib\security\context</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\client_auth_filter.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\composite\composite_credentials.c">
+ <Filter>src\core\lib\security\credentials\composite</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials.c">
+ <Filter>src\core\lib\security\credentials</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_metadata.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials_metadata.c">
+ <Filter>src\core\lib\security\credentials</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_posix.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\fake\fake_credentials.c">
+ <Filter>src\core\lib\security\credentials\fake</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials_win32.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\credentials_posix.c">
+ <Filter>src\core\lib\security\credentials\google_default</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\google_default_credentials.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\credentials_win32.c">
+ <Filter>src\core\lib\security\credentials\google_default</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\handshake.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\google_default_credentials.c">
+ <Filter>src\core\lib\security\credentials\google_default</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\json_token.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\iam\iam_credentials.c">
+ <Filter>src\core\lib\security\credentials\iam</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\jwt_verifier.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\json_token.c">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\secure_endpoint.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_credentials.c">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\security_connector.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_verifier.c">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\security_context.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\oauth2\oauth2_credentials.c">
+ <Filter>src\core\lib\security\credentials\oauth2</Filter>
</ClCompile>
- <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\server_auth_filter.c">
- <Filter>src\core\lib\security</Filter>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\plugin\plugin_credentials.c">
+ <Filter>src\core\lib\security\credentials\plugin</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\credentials\ssl\ssl_credentials.c">
+ <Filter>src\core\lib\security\credentials\ssl</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\client_auth_filter.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\handshake.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\server_auth_filter.c">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\util\b64.c">
+ <Filter>src\core\lib\security\util</Filter>
+ </ClCompile>
+ <ClCompile Include="$(SolutionDir)\..\src\core\lib\security\util\json_util.c">
+ <Filter>src\core\lib\security\util</Filter>
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\surface\init_secure.c">
<Filter>src\core\lib\surface</Filter>
@@ -866,32 +890,59 @@
<ClInclude Include="$(SolutionDir)\..\src\core\ext\transport\chttp2\alpn\alpn.h">
<Filter>src\core\ext\transport\chttp2\alpn</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\auth_filters.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\context\security_context.h">
+ <Filter>src\core\lib\security\context</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\b64.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\composite\composite_credentials.h">
+ <Filter>src\core\lib\security\credentials\composite</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\credentials.h">
+ <Filter>src\core\lib\security\credentials</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\handshake.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\fake\fake_credentials.h">
+ <Filter>src\core\lib\security\credentials\fake</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\json_token.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\google_default\google_default_credentials.h">
+ <Filter>src\core\lib\security\credentials\google_default</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\jwt_verifier.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\iam\iam_credentials.h">
+ <Filter>src\core\lib\security\credentials\iam</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\secure_endpoint.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\json_token.h">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\security_connector.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_credentials.h">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
</ClInclude>
- <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\security_context.h">
- <Filter>src\core\lib\security</Filter>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\jwt\jwt_verifier.h">
+ <Filter>src\core\lib\security\credentials\jwt</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\oauth2\oauth2_credentials.h">
+ <Filter>src\core\lib\security\credentials\oauth2</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\plugin\plugin_credentials.h">
+ <Filter>src\core\lib\security\credentials\plugin</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\ssl\ssl_credentials.h">
+ <Filter>src\core\lib\security\credentials\ssl</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\auth_filters.h">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\handshake.h">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.h">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.h">
+ <Filter>src\core\lib\security\transport</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\util\b64.h">
+ <Filter>src\core\lib\security\util</Filter>
+ </ClInclude>
+ <ClInclude Include="$(SolutionDir)\..\src\core\lib\security\util\json_util.h">
+ <Filter>src\core\lib\security\util</Filter>
</ClInclude>
<ClInclude Include="$(SolutionDir)\..\src\core\lib\tsi\fake_transport_security.h">
<Filter>src\core\lib\tsi</Filter>
@@ -1112,6 +1163,42 @@
<Filter Include="src\core\lib\security">
<UniqueIdentifier>{c4661d64-349f-01c1-1ba8-0602f9047595}</UniqueIdentifier>
</Filter>
+ <Filter Include="src\core\lib\security\context">
+ <UniqueIdentifier>{187b52e3-bc78-6c62-3e68-4eb19a257661}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials">
+ <UniqueIdentifier>{c8af33b1-f786-001d-3e92-140872dc9829}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\composite">
+ <UniqueIdentifier>{197ed135-5f84-9f6a-6751-38dc5e9dd38c}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\fake">
+ <UniqueIdentifier>{6d391299-53d7-ee6a-55aa-d4c46cd86e82}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\google_default">
+ <UniqueIdentifier>{412c7418-e90a-de77-5705-7890ba960911}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\iam">
+ <UniqueIdentifier>{718f826c-994b-7dd4-3042-0e999c5c22ba}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\jwt">
+ <UniqueIdentifier>{ab21bcdf-de99-5838-699a-19ecb0c4aa14}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\oauth2">
+ <UniqueIdentifier>{f47a7a32-3166-b899-3622-f062f372feea}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\plugin">
+ <UniqueIdentifier>{46120bcc-03e3-1aaa-fc61-9cef786bd70c}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\credentials\ssl">
+ <UniqueIdentifier>{9d7802bc-d459-1a9b-3c97-868cddcca1d1}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\transport">
+ <UniqueIdentifier>{b22e611f-8272-9914-24a5-8107ebf51eeb}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="src\core\lib\security\util">
+ <UniqueIdentifier>{fcd7b397-aadd-556a-8aae-0cb7c893fbe0}</UniqueIdentifier>
+ </Filter>
<Filter Include="src\core\lib\surface">
<UniqueIdentifier>{a21971fb-304f-da08-b1b2-7bd8df8ac373}</UniqueIdentifier>
</Filter>