Update contrib/libs/grpc to 1.45.2

4 files changed, 43 insertions, 19 deletions

diff --git a/contrib/libs/grpc/include/grpcpp/security/authorization_policy_provider.h b/contrib/libs/grpc/include/grpcpp/security/authorization_policy_provider.h
index 1d18f700ca..6a1193c593 100644
--- a/contrib/libs/grpc/include/grpcpp/security/authorization_policy_provider.h
+++ b/contrib/libs/grpc/include/grpcpp/security/authorization_policy_provider.h
@@ -17,14 +17,10 @@
 
 #include <memory>
 
+#include <grpc/grpc_security.h>
 #include <grpc/status.h>
 #include <grpcpp/impl/codegen/grpc_library.h>
 
-// TODO(yihuazhang): remove the forward declarations here and include
-// <grpc/grpc_security.h> directly once the insecure builds are cleaned up.
-typedef struct grpc_authorization_policy_provider
-    grpc_authorization_policy_provider;
-
 namespace grpc {
 namespace experimental {
 
diff --git a/contrib/libs/grpc/include/grpcpp/security/binder_security_policy.h b/contrib/libs/grpc/include/grpcpp/security/binder_security_policy.h
index 9b825e759b..fa14a98f79 100644
--- a/contrib/libs/grpc/include/grpcpp/security/binder_security_policy.h
+++ b/contrib/libs/grpc/include/grpcpp/security/binder_security_policy.h
@@ -17,6 +17,12 @@
 
 #include <memory>
 
+#ifdef GPR_ANDROID
+
+#error #include <jni.h>
+
+#endif
+
 namespace grpc {
 namespace experimental {
 namespace binder {
@@ -51,6 +57,24 @@ class InternalOnlySecurityPolicy : public SecurityPolicy {
   bool IsAuthorized(int uid) override;
 };
 
+#ifdef GPR_ANDROID
+
+// EXPERIMENTAL Only allows the connections from the APK that have the same
+// signature.
+class SameSignatureSecurityPolicy : public SecurityPolicy {
+ public:
+  // `context` is required for getting PackageManager Java class
+  SameSignatureSecurityPolicy(JavaVM* jvm, jobject context);
+  ~SameSignatureSecurityPolicy() override;
+  bool IsAuthorized(int uid) override;
+
+ private:
+  JavaVM* jvm_;
+  jobject context_;
+};
+
+#endif
+
 }  // namespace binder
 }  // namespace experimental
 }  // namespace grpc
diff --git a/contrib/libs/grpc/include/grpcpp/security/tls_certificate_provider.h b/contrib/libs/grpc/include/grpcpp/security/tls_certificate_provider.h
index 80bc668d8a..1e1027afe9 100644
--- a/contrib/libs/grpc/include/grpcpp/security/tls_certificate_provider.h
+++ b/contrib/libs/grpc/include/grpcpp/security/tls_certificate_provider.h
@@ -20,16 +20,13 @@
 #include <memory>
 #include <vector>
 
+#include <grpc/grpc_security.h>
 #include <grpc/grpc_security_constants.h>
 #include <grpc/status.h>
 #include <grpc/support/log.h>
 #include <grpcpp/impl/codegen/grpc_library.h>
 #include <grpcpp/support/config.h>
 
-// TODO(yihuazhang): remove the forward declaration here and include
-// <grpc/grpc_security.h> directly once the insecure builds are cleaned up.
-typedef struct grpc_tls_certificate_provider grpc_tls_certificate_provider;
-
 namespace grpc {
 namespace experimental {
 
diff --git a/contrib/libs/grpc/include/grpcpp/security/tls_credentials_options.h b/contrib/libs/grpc/include/grpcpp/security/tls_credentials_options.h
index 471e23be0a..fcb5c3f4bf 100644
--- a/contrib/libs/grpc/include/grpcpp/security/tls_credentials_options.h
+++ b/contrib/libs/grpc/include/grpcpp/security/tls_credentials_options.h
@@ -22,6 +22,7 @@
 #include <memory>
 #include <vector>
 
+#include <grpc/grpc_security.h>
 #include <grpc/grpc_security_constants.h>
 #include <grpc/status.h>
 #include <grpc/support/log.h>
@@ -29,16 +30,6 @@
 #include <grpcpp/security/tls_certificate_verifier.h>
 #include <grpcpp/support/config.h>
 
-// TODO(yihuazhang): remove the forward declaration here and include
-// <grpc/grpc_security.h> directly once the insecure builds are cleaned up.
-typedef struct grpc_tls_server_authorization_check_arg
-    grpc_tls_server_authorization_check_arg;
-typedef struct grpc_tls_server_authorization_check_config
-    grpc_tls_server_authorization_check_config;
-typedef struct grpc_tls_credentials_options grpc_tls_credentials_options;
-typedef struct grpc_tls_certificate_provider grpc_tls_certificate_provider;
-typedef struct grpc_tls_certificate_verifier grpc_tls_certificate_verifier;
-
 namespace grpc {
 namespace experimental {
 
@@ -83,6 +74,15 @@ class TlsCredentialsOptions {
   //
   // @param identity_cert_name the name of identity key-cert pairs being set.
   void set_identity_cert_name(const TString& identity_cert_name);
+  // Sets the Tls session key logging configuration. If not set, tls
+  // session key logging is disabled. Note that this should be used only for
+  // debugging purposes. It should never be used in a production environment
+  // due to security concerns.
+  //
+  // @param tls_session_key_log_file_path: Path where tls session keys would
+  // be logged.
+  void set_tls_session_key_log_file_path(
+      const TString& tls_session_key_log_file_path);
   // Sets the certificate verifier used to perform post-handshake peer identity
   // checks.
   void set_certificate_verifier(
@@ -97,6 +97,13 @@ class TlsCredentialsOptions {
   // verifiers other than the host name verifier is used.
   void set_check_call_host(bool check_call_host);
 
+  // TODO(zhenlian): This is an experimental API is likely to change in the
+  // future. Before de-experiementalizing, verify the API is up to date.
+  // If set, gRPC will read all hashed x.509 CRL files in the directory and
+  // enforce the CRL files on all TLS handshakes. Only supported for OpenSSL
+  // version > 1.1.
+  void set_crl_directory(const TString& path);
+
   // ----- Getters for member fields ----
   // Get the internal c options. This function shall be used only internally.
   grpc_tls_credentials_options* c_credentials_options() const {