static grpc_security_status composite_channel_create_security_connector(
grpc_channel_credentials *creds, grpc_call_credentials *call_creds,
const char *target, const grpc_channel_args *args,
grpc_channel_security_connector **sc, grpc_channel_args **new_args) {
grpc_composite_channel_credentials *c =
(grpc_composite_channel_credentials *)creds;
grpc_security_status status = GRPC_SECURITY_ERROR;
GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL &&
c->inner_creds->vtable != NULL &&
c->inner_creds->vtable->create_security_connector != NULL);
/* If we are passed a call_creds, create a call composite to pass it
downstream. */
if (call_creds != NULL) {
grpc_call_credentials *composite_call_creds =
grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL);
status = c->inner_creds->vtable->create_security_connector(
c->inner_creds, composite_call_creds, target, args, sc, new_args);
grpc_call_credentials_unref(composite_call_creds);
} else {
status = c->inner_creds->vtable->create_security_connector(
c->inner_creds, c->call_creds, target, args, sc, new_args);
}
return status;
}
static void composite_channel_destruct(grpc_exec_ctx *exec_ctx,
grpc_channel_credentials *creds) {
grpc_composite_channel_credentials *c =
(grpc_composite_channel_credentials *)creds;
grpc_channel_credentials_unref(exec_ctx, c->inner_creds);
grpc_call_credentials_unref(exec_ctx, c->call_creds);
}
static void composite_call_destruct(grpc_call_credentials *creds) {
grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds;
size_t i;
for (i = 0; i < c->inner.num_creds; i++) {
grpc_call_credentials_unref(c->inner.creds_array[i]);
}
gpr_free(c->inner.creds_array);
}
grpc_channel_credentials *grpc_google_default_credentials_create(void) {
grpc_channel_credentials *result = NULL;
grpc_call_credentials *call_creds = NULL;
GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ());
gpr_once_init(&g_once, init_default_credentials);
gpr_mu_lock(&g_mu);
if (default_credentials != NULL) {
result = grpc_channel_credentials_ref(default_credentials);
goto end;
}
/* First, try the environment variable. */
call_creds = create_default_creds_from_path(
gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR));
if (call_creds != NULL) goto end;
/* Then the well-known file. */
call_creds = create_default_creds_from_path(
grpc_get_well_known_google_credentials_file_path());
if (call_creds != NULL) goto end;
/* At last try to see if we're on compute engine (do the detection only once
since it requires a network test). */
if (!compute_engine_detection_done) {
int need_compute_engine_creds = is_stack_running_on_compute_engine();
compute_engine_detection_done = 1;
if (need_compute_engine_creds) {
call_creds = grpc_google_compute_engine_credentials_create(NULL);
}
}
end:
if (result == NULL) {
if (call_creds != NULL) {
/* Blend with default ssl credentials and add a global reference so that
it
can be cached and re-served. */
grpc_channel_credentials *ssl_creds =
grpc_ssl_credentials_create(NULL, NULL, NULL);
default_credentials = grpc_channel_credentials_ref(
grpc_composite_channel_credentials_create(ssl_creds, call_creds,
NULL));
GPR_ASSERT(default_credentials != NULL);
grpc_channel_credentials_unref(ssl_creds);
grpc_call_credentials_unref(call_creds);
result = default_credentials;
} else {
gpr_log(GPR_ERROR, "Could not create google default credentials.");
}
}
gpr_mu_unlock(&g_mu);
return result;
}
void grpc_client_security_context_destroy(void *ctx) {
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
grpc_client_security_context *c = (grpc_client_security_context *)ctx;
grpc_call_credentials_unref(&exec_ctx, c->creds);
GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context");
if (c->extension.instance != NULL && c->extension.destroy != NULL) {
c->extension.destroy(c->extension.instance);
}
gpr_free(ctx);
grpc_exec_ctx_finish(&exec_ctx);
}
static void ssl_channel_destroy(grpc_security_connector *sc) {
grpc_ssl_channel_security_connector *c =
(grpc_ssl_channel_security_connector *)sc;
grpc_call_credentials_unref(c->base.request_metadata_creds);
if (c->handshaker_factory != NULL) {
tsi_ssl_handshaker_factory_destroy(c->handshaker_factory);
}
if (c->target_name != NULL) gpr_free(c->target_name);
if (c->overridden_target_name != NULL) gpr_free(c->overridden_target_name);
gpr_free(sc);
}
/* Destructor for call_data */
static void destroy_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
const grpc_call_stats *stats, void *ignored) {
call_data *calld = elem->call_data;
grpc_call_credentials_unref(calld->creds);
if (calld->host != NULL) {
GRPC_MDSTR_UNREF(calld->host);
}
if (calld->method != NULL) {
GRPC_MDSTR_UNREF(calld->method);
}
reset_auth_metadata_context(&calld->auth_md_context);
}
/* Destructor for call_data */
static void destroy_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
const grpc_call_final_info *final_info,
void *ignored) {
call_data *calld = elem->call_data;
grpc_call_credentials_unref(exec_ctx, calld->creds);
if (calld->have_host) {
grpc_slice_unref_internal(exec_ctx, calld->host);
}
if (calld->have_method) {
grpc_slice_unref_internal(exec_ctx, calld->method);
}
reset_auth_metadata_context(&calld->auth_md_context);
}
/* Destructor for call_data */
static void destroy_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
const grpc_call_final_info *final_info,
grpc_closure *ignored) {
call_data *calld = elem->call_data;
grpc_credentials_mdelem_array_destroy(exec_ctx, &calld->md_array);
grpc_call_credentials_unref(exec_ctx, calld->creds);
if (calld->have_host) {
grpc_slice_unref_internal(exec_ctx, calld->host);
}
if (calld->have_method) {
grpc_slice_unref_internal(exec_ctx, calld->method);
}
reset_auth_metadata_context(&calld->auth_md_context);
gpr_mu_destroy(&calld->security_context_mu);
gpr_atm cancel_state = gpr_atm_acq_load(&calld->cancellation_state);
grpc_error *cancel_error = GRPC_ERROR_NONE;
grpc_closure *cancel_func = NULL;
decode_cancel_state(cancel_state, &cancel_func, &cancel_error);
GRPC_ERROR_UNREF(cancel_error);
}
grpc_call_error grpc_call_set_credentials(grpc_call *call,
grpc_call_credentials *creds) {
grpc_client_security_context *ctx = NULL;
GRPC_API_TRACE("grpc_call_set_credentials(call=%p, creds=%p)", 2,
(call, creds));
if (!grpc_call_is_client(call)) {
gpr_log(GPR_ERROR, "Method is client-side only.");
return GRPC_CALL_ERROR_NOT_ON_SERVER;
}
ctx = (grpc_client_security_context *)grpc_call_context_get(
call, GRPC_CONTEXT_SECURITY);
if (ctx == NULL) {
ctx = grpc_client_security_context_create();
ctx->creds = grpc_call_credentials_ref(creds);
grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx,
grpc_client_security_context_destroy);
} else {
grpc_call_credentials_unref(ctx->creds);
ctx->creds = grpc_call_credentials_ref(creds);
}
return GRPC_CALL_OK;
}
static void fake_channel_destroy(grpc_security_connector *sc) {
grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc;
grpc_call_credentials_unref(c->request_metadata_creds);
gpr_free(sc);
}
grpc_channel_credentials *grpc_google_default_credentials_create(void) {
grpc_channel_credentials *result = NULL;
grpc_call_credentials *call_creds = NULL;
grpc_error *error = GRPC_ERROR_CREATE("Failed to create Google credentials");
grpc_error *err;
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ());
gpr_once_init(&g_once, init_default_credentials);
gpr_mu_lock(&g_state_mu);
if (default_credentials != NULL) {
result = grpc_channel_credentials_ref(default_credentials);
goto end;
}
/* First, try the environment variable. */
err = create_default_creds_from_path(
&exec_ctx, gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds);
if (err == GRPC_ERROR_NONE) goto end;
error = grpc_error_add_child(error, err);
/* Then the well-known file. */
err = create_default_creds_from_path(
&exec_ctx, grpc_get_well_known_google_credentials_file_path(),
&call_creds);
if (err == GRPC_ERROR_NONE) goto end;
error = grpc_error_add_child(error, err);
/* At last try to see if we're on compute engine (do the detection only once
since it requires a network test). */
if (!compute_engine_detection_done) {
int need_compute_engine_creds =
is_stack_running_on_compute_engine(&exec_ctx);
compute_engine_detection_done = 1;
if (need_compute_engine_creds) {
call_creds = grpc_google_compute_engine_credentials_create(NULL);
if (call_creds == NULL) {
error = grpc_error_add_child(
error, GRPC_ERROR_CREATE("Failed to get credentials from network"));
}
}
}
end:
if (result == NULL) {
if (call_creds != NULL) {
/* Blend with default ssl credentials and add a global reference so that
it
can be cached and re-served. */
grpc_channel_credentials *ssl_creds =
grpc_ssl_credentials_create(NULL, NULL, NULL);
default_credentials = grpc_channel_credentials_ref(
grpc_composite_channel_credentials_create(ssl_creds, call_creds,
NULL));
GPR_ASSERT(default_credentials != NULL);
grpc_channel_credentials_unref(&exec_ctx, ssl_creds);
grpc_call_credentials_unref(&exec_ctx, call_creds);
result = default_credentials;
} else {
gpr_log(GPR_ERROR, "Could not create google default credentials.");
}
}
gpr_mu_unlock(&g_state_mu);
if (result == NULL) {
GRPC_LOG_IF_ERROR("grpc_google_default_credentials_create", error);
} else {
GRPC_ERROR_UNREF(error);
}
grpc_exec_ctx_finish(&exec_ctx);
return result;
}
static void grpc_credentials_metadata_request_destroy(
grpc_credentials_metadata_request *r) {
grpc_call_credentials_unref(r->creds);
gpr_free(r);
}
void grpc_call_credentials_release(grpc_call_credentials *creds) {
GRPC_API_TRACE("grpc_call_credentials_release(creds=%p)", 1, (creds));
grpc_call_credentials_unref(creds);
}
void grpc_credentials_metadata_request_destroy(
grpc_credentials_metadata_request *r) {
grpc_call_credentials_unref(r->creds);
grpc_http_response_destroy(&r->response);
gpr_free(r);
}
void grpc_client_security_context_destroy(void *ctx) {
grpc_client_security_context *c = (grpc_client_security_context *)ctx;
grpc_call_credentials_unref(c->creds);
GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context");
gpr_free(ctx);
}
