diff options
| author | dvshkurko <dvshkurko@yandex-team.ru> | 2022-02-10 16:45:51 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:45:51 +0300 |
| commit | 321ee9bce31ec6e238be26dbcbe539cffa2c3309 (patch) | |
| tree | 14407a2757cbf29eb97e266b7f07e851f971000c /contrib/libs/grpc/src/cpp/client/secure_credentials.cc | |
| parent | 2f6ca198245aeffd5e2d82b65927c2465b68b4f5 (diff) | |
| download | ydb-321ee9bce31ec6e238be26dbcbe539cffa2c3309.tar.gz | |
Restoring authorship annotation for <dvshkurko@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/libs/grpc/src/cpp/client/secure_credentials.cc')
| -rw-r--r-- | contrib/libs/grpc/src/cpp/client/secure_credentials.cc | 380 |
1 files changed, 190 insertions, 190 deletions
diff --git a/contrib/libs/grpc/src/cpp/client/secure_credentials.cc b/contrib/libs/grpc/src/cpp/client/secure_credentials.cc index 0f6db3caa5..c31d8fef8e 100644 --- a/contrib/libs/grpc/src/cpp/client/secure_credentials.cc +++ b/contrib/libs/grpc/src/cpp/client/secure_credentials.cc @@ -17,53 +17,53 @@ */ #include "src/cpp/client/secure_credentials.h" - -#include <grpc/impl/codegen/slice.h> -#include <grpc/slice.h> + +#include <grpc/impl/codegen/slice.h> +#include <grpc/slice.h> #include <grpc/support/alloc.h> #include <grpc/support/log.h> #include <grpc/support/string_util.h> #include <grpcpp/channel.h> -#include <grpcpp/impl/codegen/status.h> +#include <grpcpp/impl/codegen/status.h> #include <grpcpp/impl/grpc_library.h> #include <grpcpp/support/channel_arguments.h> - -#include "src/core/lib/gpr/env.h" -#include "src/core/lib/iomgr/error.h" -#include "src/core/lib/iomgr/executor.h" -#include "src/core/lib/iomgr/load_file.h" -#include "src/core/lib/json/json.h" -#include "src/core/lib/security/transport/auth_filters.h" -#include "src/core/lib/security/util/json_util.h" + +#include "src/core/lib/gpr/env.h" +#include "src/core/lib/iomgr/error.h" +#include "src/core/lib/iomgr/executor.h" +#include "src/core/lib/iomgr/load_file.h" +#include "src/core/lib/json/json.h" +#include "src/core/lib/security/transport/auth_filters.h" +#include "src/core/lib/security/util/json_util.h" #include "src/cpp/client/create_channel_internal.h" #include "src/cpp/common/secure_auth_context.h" namespace grpc { -static grpc::internal::GrpcLibraryInitializer g_gli_initializer; +static grpc::internal::GrpcLibraryInitializer g_gli_initializer; SecureChannelCredentials::SecureChannelCredentials( grpc_channel_credentials* c_creds) : c_creds_(c_creds) { g_gli_initializer.summon(); } -std::shared_ptr<Channel> SecureChannelCredentials::CreateChannelImpl( +std::shared_ptr<Channel> SecureChannelCredentials::CreateChannelImpl( const TString& target, const ChannelArguments& args) { return CreateChannelWithInterceptors( target, args, - std::vector<std::unique_ptr< - grpc::experimental::ClientInterceptorFactoryInterface>>()); + std::vector<std::unique_ptr< + grpc::experimental::ClientInterceptorFactoryInterface>>()); } -std::shared_ptr<Channel> +std::shared_ptr<Channel> SecureChannelCredentials::CreateChannelWithInterceptors( const TString& target, const ChannelArguments& args, std::vector< - std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>> + std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>> interceptor_creators) { grpc_channel_args channel_args; args.SetChannelArgs(&channel_args); - return ::grpc::CreateChannelInternal( + return ::grpc::CreateChannelInternal( args.GetSslTargetNameOverride(), grpc_secure_channel_create(c_creds_, target.c_str(), &channel_args, nullptr), @@ -96,7 +96,7 @@ std::shared_ptr<CallCredentials> WrapCallCredentials( } // namespace std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials() { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). + grpc::GrpcLibraryCodegen init; // To call grpc_init(). return WrapChannelCredentials( grpc_google_default_credentials_create(nullptr)); } @@ -104,7 +104,7 @@ std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials() { // Builds SSL Credentials given SSL specific options std::shared_ptr<ChannelCredentials> SslCredentials( const SslCredentialsOptions& options) { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). + grpc::GrpcLibraryCodegen init; // To call grpc_init(). grpc_ssl_pem_key_cert_pair pem_key_cert_pair = { options.pem_private_key.c_str(), options.pem_cert_chain.c_str()}; @@ -117,139 +117,139 @@ std::shared_ptr<ChannelCredentials> SslCredentials( namespace experimental { -namespace { - -void ClearStsCredentialsOptions(StsCredentialsOptions* options) { - if (options == nullptr) return; - options->token_exchange_service_uri.clear(); - options->resource.clear(); - options->audience.clear(); - options->scope.clear(); - options->requested_token_type.clear(); - options->subject_token_path.clear(); - options->subject_token_type.clear(); - options->actor_token_path.clear(); - options->actor_token_type.clear(); -} - -} // namespace - -// Builds STS credentials options from JSON. +namespace { + +void ClearStsCredentialsOptions(StsCredentialsOptions* options) { + if (options == nullptr) return; + options->token_exchange_service_uri.clear(); + options->resource.clear(); + options->audience.clear(); + options->scope.clear(); + options->requested_token_type.clear(); + options->subject_token_path.clear(); + options->subject_token_type.clear(); + options->actor_token_path.clear(); + options->actor_token_type.clear(); +} + +} // namespace + +// Builds STS credentials options from JSON. grpc::Status StsCredentialsOptionsFromJson(const TString& json_string, - StsCredentialsOptions* options) { - if (options == nullptr) { - return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, - "options cannot be nullptr."); - } - ClearStsCredentialsOptions(options); + StsCredentialsOptions* options) { + if (options == nullptr) { + return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, + "options cannot be nullptr."); + } + ClearStsCredentialsOptions(options); grpc_error* error = GRPC_ERROR_NONE; grpc_core::Json json = grpc_core::Json::Parse(json_string.c_str(), &error); if (error != GRPC_ERROR_NONE || json.type() != grpc_core::Json::Type::OBJECT) { GRPC_ERROR_UNREF(error); - return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid json."); - } - - // Required fields. - const char* value = grpc_json_get_string_property( + return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, "Invalid json."); + } + + // Required fields. + const char* value = grpc_json_get_string_property( json, "token_exchange_service_uri", nullptr); - if (value == nullptr) { - ClearStsCredentialsOptions(options); - return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, - "token_exchange_service_uri must be specified."); - } - options->token_exchange_service_uri.assign(value); + if (value == nullptr) { + ClearStsCredentialsOptions(options); + return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, + "token_exchange_service_uri must be specified."); + } + options->token_exchange_service_uri.assign(value); value = grpc_json_get_string_property(json, "subject_token_path", nullptr); - if (value == nullptr) { - ClearStsCredentialsOptions(options); - return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, - "subject_token_path must be specified."); - } - options->subject_token_path.assign(value); + if (value == nullptr) { + ClearStsCredentialsOptions(options); + return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, + "subject_token_path must be specified."); + } + options->subject_token_path.assign(value); value = grpc_json_get_string_property(json, "subject_token_type", nullptr); - if (value == nullptr) { - ClearStsCredentialsOptions(options); - return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, - "subject_token_type must be specified."); - } - options->subject_token_type.assign(value); - - // Optional fields. + if (value == nullptr) { + ClearStsCredentialsOptions(options); + return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, + "subject_token_type must be specified."); + } + options->subject_token_type.assign(value); + + // Optional fields. value = grpc_json_get_string_property(json, "resource", nullptr); - if (value != nullptr) options->resource.assign(value); + if (value != nullptr) options->resource.assign(value); value = grpc_json_get_string_property(json, "audience", nullptr); - if (value != nullptr) options->audience.assign(value); + if (value != nullptr) options->audience.assign(value); value = grpc_json_get_string_property(json, "scope", nullptr); - if (value != nullptr) options->scope.assign(value); + if (value != nullptr) options->scope.assign(value); value = grpc_json_get_string_property(json, "requested_token_type", nullptr); - if (value != nullptr) options->requested_token_type.assign(value); + if (value != nullptr) options->requested_token_type.assign(value); value = grpc_json_get_string_property(json, "actor_token_path", nullptr); - if (value != nullptr) options->actor_token_path.assign(value); + if (value != nullptr) options->actor_token_path.assign(value); value = grpc_json_get_string_property(json, "actor_token_type", nullptr); - if (value != nullptr) options->actor_token_type.assign(value); - - return grpc::Status(); -} - -// Builds STS credentials Options from the $STS_CREDENTIALS env var. -grpc::Status StsCredentialsOptionsFromEnv(StsCredentialsOptions* options) { - if (options == nullptr) { - return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, - "options cannot be nullptr."); - } - ClearStsCredentialsOptions(options); - grpc_slice json_string = grpc_empty_slice(); - char* sts_creds_path = gpr_getenv("STS_CREDENTIALS"); - grpc_error* error = GRPC_ERROR_NONE; - grpc::Status status; - auto cleanup = [&json_string, &sts_creds_path, &error, &status]() { - grpc_slice_unref_internal(json_string); - gpr_free(sts_creds_path); - GRPC_ERROR_UNREF(error); - return status; - }; - - if (sts_creds_path == nullptr) { - status = grpc::Status(grpc::StatusCode::NOT_FOUND, - "STS_CREDENTIALS environment variable not set."); - return cleanup(); - } - error = grpc_load_file(sts_creds_path, 1, &json_string); - if (error != GRPC_ERROR_NONE) { - status = - grpc::Status(grpc::StatusCode::NOT_FOUND, grpc_error_string(error)); - return cleanup(); - } - status = StsCredentialsOptionsFromJson( - reinterpret_cast<const char*>(GRPC_SLICE_START_PTR(json_string)), - options); - return cleanup(); -} - -// C++ to Core STS Credentials options. -grpc_sts_credentials_options StsCredentialsCppToCoreOptions( - const StsCredentialsOptions& options) { - grpc_sts_credentials_options opts; - memset(&opts, 0, sizeof(opts)); - opts.token_exchange_service_uri = options.token_exchange_service_uri.c_str(); - opts.resource = options.resource.c_str(); - opts.audience = options.audience.c_str(); - opts.scope = options.scope.c_str(); - opts.requested_token_type = options.requested_token_type.c_str(); - opts.subject_token_path = options.subject_token_path.c_str(); - opts.subject_token_type = options.subject_token_type.c_str(); - opts.actor_token_path = options.actor_token_path.c_str(); - opts.actor_token_type = options.actor_token_type.c_str(); - return opts; -} - -// Builds STS credentials. -std::shared_ptr<CallCredentials> StsCredentials( - const StsCredentialsOptions& options) { - auto opts = StsCredentialsCppToCoreOptions(options); - return WrapCallCredentials(grpc_sts_credentials_create(&opts, nullptr)); -} - + if (value != nullptr) options->actor_token_type.assign(value); + + return grpc::Status(); +} + +// Builds STS credentials Options from the $STS_CREDENTIALS env var. +grpc::Status StsCredentialsOptionsFromEnv(StsCredentialsOptions* options) { + if (options == nullptr) { + return grpc::Status(grpc::StatusCode::INVALID_ARGUMENT, + "options cannot be nullptr."); + } + ClearStsCredentialsOptions(options); + grpc_slice json_string = grpc_empty_slice(); + char* sts_creds_path = gpr_getenv("STS_CREDENTIALS"); + grpc_error* error = GRPC_ERROR_NONE; + grpc::Status status; + auto cleanup = [&json_string, &sts_creds_path, &error, &status]() { + grpc_slice_unref_internal(json_string); + gpr_free(sts_creds_path); + GRPC_ERROR_UNREF(error); + return status; + }; + + if (sts_creds_path == nullptr) { + status = grpc::Status(grpc::StatusCode::NOT_FOUND, + "STS_CREDENTIALS environment variable not set."); + return cleanup(); + } + error = grpc_load_file(sts_creds_path, 1, &json_string); + if (error != GRPC_ERROR_NONE) { + status = + grpc::Status(grpc::StatusCode::NOT_FOUND, grpc_error_string(error)); + return cleanup(); + } + status = StsCredentialsOptionsFromJson( + reinterpret_cast<const char*>(GRPC_SLICE_START_PTR(json_string)), + options); + return cleanup(); +} + +// C++ to Core STS Credentials options. +grpc_sts_credentials_options StsCredentialsCppToCoreOptions( + const StsCredentialsOptions& options) { + grpc_sts_credentials_options opts; + memset(&opts, 0, sizeof(opts)); + opts.token_exchange_service_uri = options.token_exchange_service_uri.c_str(); + opts.resource = options.resource.c_str(); + opts.audience = options.audience.c_str(); + opts.scope = options.scope.c_str(); + opts.requested_token_type = options.requested_token_type.c_str(); + opts.subject_token_path = options.subject_token_path.c_str(); + opts.subject_token_type = options.subject_token_type.c_str(); + opts.actor_token_path = options.actor_token_path.c_str(); + opts.actor_token_type = options.actor_token_type.c_str(); + return opts; +} + +// Builds STS credentials. +std::shared_ptr<CallCredentials> StsCredentials( + const StsCredentialsOptions& options) { + auto opts = StsCredentialsCppToCoreOptions(options); + return WrapCallCredentials(grpc_sts_credentials_create(&opts, nullptr)); +} + std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin( std::unique_ptr<MetadataCredentialsPlugin> plugin, grpc_security_level min_security_level) { @@ -268,12 +268,12 @@ std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin( // Builds ALTS Credentials given ALTS specific options std::shared_ptr<ChannelCredentials> AltsCredentials( const AltsCredentialsOptions& options) { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). + grpc::GrpcLibraryCodegen init; // To call grpc_init(). grpc_alts_credentials_options* c_options = grpc_alts_credentials_client_options_create(); - for (const auto& service_account : options.target_service_accounts) { + for (const auto& service_account : options.target_service_accounts) { grpc_alts_credentials_client_options_add_target_service_account( - c_options, service_account.c_str()); + c_options, service_account.c_str()); } grpc_channel_credentials* c_creds = grpc_alts_credentials_create(c_options); grpc_alts_credentials_options_destroy(c_options); @@ -283,22 +283,22 @@ std::shared_ptr<ChannelCredentials> AltsCredentials( // Builds Local Credentials std::shared_ptr<ChannelCredentials> LocalCredentials( grpc_local_connect_type type) { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). + grpc::GrpcLibraryCodegen init; // To call grpc_init(). return WrapChannelCredentials(grpc_local_credentials_create(type)); } -// Builds TLS Credentials given TLS options. -std::shared_ptr<ChannelCredentials> TlsCredentials( - const TlsCredentialsOptions& options) { - return WrapChannelCredentials( +// Builds TLS Credentials given TLS options. +std::shared_ptr<ChannelCredentials> TlsCredentials( + const TlsCredentialsOptions& options) { + return WrapChannelCredentials( grpc_tls_credentials_create(options.c_credentials_options())); -} - +} + } // namespace experimental // Builds credentials for use when running in GCE std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials() { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). + grpc::GrpcLibraryCodegen init; // To call grpc_init(). return WrapCallCredentials( grpc_google_compute_engine_credentials_create(nullptr)); } @@ -306,7 +306,7 @@ std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials() { // Builds JWT credentials. std::shared_ptr<CallCredentials> ServiceAccountJWTAccessCredentials( const TString& json_key, long token_lifetime_seconds) { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). + grpc::GrpcLibraryCodegen init; // To call grpc_init(). if (token_lifetime_seconds <= 0) { gpr_log(GPR_ERROR, "Trying to create JWTCredentials with non-positive lifetime"); @@ -321,7 +321,7 @@ std::shared_ptr<CallCredentials> ServiceAccountJWTAccessCredentials( // Builds refresh token credentials. std::shared_ptr<CallCredentials> GoogleRefreshTokenCredentials( const TString& json_refresh_token) { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). + grpc::GrpcLibraryCodegen init; // To call grpc_init(). return WrapCallCredentials(grpc_google_refresh_token_credentials_create( json_refresh_token.c_str(), nullptr)); } @@ -329,7 +329,7 @@ std::shared_ptr<CallCredentials> GoogleRefreshTokenCredentials( // Builds access token credentials. std::shared_ptr<CallCredentials> AccessTokenCredentials( const TString& access_token) { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). + grpc::GrpcLibraryCodegen init; // To call grpc_init(). return WrapCallCredentials( grpc_access_token_credentials_create(access_token.c_str(), nullptr)); } @@ -338,7 +338,7 @@ std::shared_ptr<CallCredentials> AccessTokenCredentials( std::shared_ptr<CallCredentials> GoogleIAMCredentials( const TString& authorization_token, const TString& authority_selector) { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). + grpc::GrpcLibraryCodegen init; // To call grpc_init(). return WrapCallCredentials(grpc_google_iam_credentials_create( authorization_token.c_str(), authority_selector.c_str(), nullptr)); } @@ -374,27 +374,27 @@ std::shared_ptr<CallCredentials> CompositeCallCredentials( return nullptr; } -std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin( - std::unique_ptr<MetadataCredentialsPlugin> plugin) { - grpc::GrpcLibraryCodegen init; // To call grpc_init(). - const char* type = plugin->GetType(); - grpc::MetadataCredentialsPluginWrapper* wrapper = - new grpc::MetadataCredentialsPluginWrapper(std::move(plugin)); - grpc_metadata_credentials_plugin c_plugin = { - grpc::MetadataCredentialsPluginWrapper::GetMetadata, +std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin( + std::unique_ptr<MetadataCredentialsPlugin> plugin) { + grpc::GrpcLibraryCodegen init; // To call grpc_init(). + const char* type = plugin->GetType(); + grpc::MetadataCredentialsPluginWrapper* wrapper = + new grpc::MetadataCredentialsPluginWrapper(std::move(plugin)); + grpc_metadata_credentials_plugin c_plugin = { + grpc::MetadataCredentialsPluginWrapper::GetMetadata, grpc::MetadataCredentialsPluginWrapper::DebugString, - grpc::MetadataCredentialsPluginWrapper::Destroy, wrapper, type}; + grpc::MetadataCredentialsPluginWrapper::Destroy, wrapper, type}; return WrapCallCredentials(grpc_metadata_credentials_create_from_plugin( c_plugin, GRPC_PRIVACY_AND_INTEGRITY, nullptr)); -} - -namespace { -void DeleteWrapper(void* wrapper, grpc_error* /*ignored*/) { +} + +namespace { +void DeleteWrapper(void* wrapper, grpc_error* /*ignored*/) { MetadataCredentialsPluginWrapper* w = static_cast<MetadataCredentialsPluginWrapper*>(wrapper); delete w; } -} // namespace +} // namespace char* MetadataCredentialsPluginWrapper::DebugString(void* wrapper) { GPR_ASSERT(wrapper); @@ -403,14 +403,14 @@ char* MetadataCredentialsPluginWrapper::DebugString(void* wrapper) { return gpr_strdup(w->plugin_->DebugString().c_str()); } -void MetadataCredentialsPluginWrapper::Destroy(void* wrapper) { - if (wrapper == nullptr) return; - grpc_core::ApplicationCallbackExecCtx callback_exec_ctx; - grpc_core::ExecCtx exec_ctx; - grpc_core::Executor::Run(GRPC_CLOSURE_CREATE(DeleteWrapper, wrapper, nullptr), - GRPC_ERROR_NONE); -} - +void MetadataCredentialsPluginWrapper::Destroy(void* wrapper) { + if (wrapper == nullptr) return; + grpc_core::ApplicationCallbackExecCtx callback_exec_ctx; + grpc_core::ExecCtx exec_ctx; + grpc_core::Executor::Run(GRPC_CLOSURE_CREATE(DeleteWrapper, wrapper, nullptr), + GRPC_ERROR_NONE); +} + int MetadataCredentialsPluginWrapper::GetMetadata( void* wrapper, grpc_auth_metadata_context context, grpc_credentials_plugin_metadata_cb cb, void* user_data, @@ -424,18 +424,18 @@ int MetadataCredentialsPluginWrapper::GetMetadata( *num_creds_md = 0; *status = GRPC_STATUS_OK; *error_details = nullptr; - return 1; + return 1; } if (w->plugin_->IsBlocking()) { - // The internals of context may be destroyed if GetMetadata is cancelled. - // Make a copy for InvokePlugin. - grpc_auth_metadata_context context_copy = grpc_auth_metadata_context(); - grpc_auth_metadata_context_copy(&context, &context_copy); + // The internals of context may be destroyed if GetMetadata is cancelled. + // Make a copy for InvokePlugin. + grpc_auth_metadata_context context_copy = grpc_auth_metadata_context(); + grpc_auth_metadata_context_copy(&context, &context_copy); // Asynchronous return. - w->thread_pool_->Add([w, context_copy, cb, user_data]() mutable { + w->thread_pool_->Add([w, context_copy, cb, user_data]() mutable { w->MetadataCredentialsPluginWrapper::InvokePlugin( - context_copy, cb, user_data, nullptr, nullptr, nullptr, nullptr); - grpc_auth_metadata_context_reset(&context_copy); + context_copy, cb, user_data, nullptr, nullptr, nullptr, nullptr); + grpc_auth_metadata_context_reset(&context_copy); }); return 0; } else { @@ -449,9 +449,9 @@ int MetadataCredentialsPluginWrapper::GetMetadata( namespace { void UnrefMetadata(const std::vector<grpc_metadata>& md) { - for (const auto& metadatum : md) { - grpc_slice_unref(metadatum.key); - grpc_slice_unref(metadatum.value); + for (const auto& metadatum : md) { + grpc_slice_unref(metadatum.key); + grpc_slice_unref(metadatum.value); } } @@ -471,10 +471,10 @@ void MetadataCredentialsPluginWrapper::InvokePlugin( Status status = plugin_->GetMetadata(context.service_url, context.method_name, cpp_channel_auth_context, &metadata); std::vector<grpc_metadata> md; - for (auto& metadatum : metadata) { + for (auto& metadatum : metadata) { grpc_metadata md_entry; - md_entry.key = SliceFromCopiedString(metadatum.first); - md_entry.value = SliceFromCopiedString(metadatum.second); + md_entry.key = SliceFromCopiedString(metadatum.first); + md_entry.value = SliceFromCopiedString(metadatum.second); md_entry.flags = 0; md.push_back(md_entry); } |