diff --git a/src/core/credentials/transport/tls/grpc_tls_certificate_distributor.cc b/src/core/credentials/transport/tls/grpc_tls_certificate_distributor.cc index d50988af90bb9..af9a0bbf2b350 100644 --- a/src/core/credentials/transport/tls/grpc_tls_certificate_distributor.cc +++ b/src/core/credentials/transport/tls/grpc_tls_certificate_distributor.cc @@ -20,9 +20,9 @@ #include #include +#include "src/core/credentials/transport/tls/ssl_utils.h" #include "src/core/tsi/ssl_transport_security.h" #include "src/core/util/grpc_check.h" -#include "ssl_utils.h" #include "absl/status/status.h" bool grpc_tls_certificate_distributor::CertificateInfo::AreRootsEmpty() { diff --git a/src/core/credentials/transport/tls/grpc_tls_certificate_provider.cc b/src/core/credentials/transport/tls/grpc_tls_certificate_provider.cc index 9695aca50672b..5e966c63819d8 100644 --- a/src/core/credentials/transport/tls/grpc_tls_certificate_provider.cc +++ b/src/core/credentials/transport/tls/grpc_tls_certificate_provider.cc @@ -29,7 +29,7 @@ #include #include -#include "grpc_tls_certificate_selector.h" +#include "src/core/credentials/transport/tls/grpc_tls_certificate_selector.h" #include "src/core/credentials/transport/tls/spiffe_utils.h" #include "src/core/credentials/transport/tls/ssl_utils.h" #include "src/core/lib/debug/trace.h" @@ -234,19 +234,22 @@ absl::Status FileWatcherCertificateProvider::ValidateCredentials() const { if (!status.ok()) { return status; } - return Match(pem_key_cert_pairs_, [](const std::vector& pem_pairs) { - for (const PemKeyCertPair& pair : pem_pairs) { - absl::Status status = - ValidatePemKeyCertPair(pair.cert_chain(), pair.private_key()); - if (!status.ok()) { - return status; - } - } - return absl::OkStatus(); - }, [](const std::shared_ptr& cert_selector){ - // We should never be able to get this from files. - return absl::InternalError("Invalid pem key cert pairs"); - }); + return Match( + pem_key_cert_pairs_, + [](const std::vector& pem_pairs) { + for (const PemKeyCertPair& pair : pem_pairs) { + absl::Status status = + ValidatePemKeyCertPair(pair.cert_chain(), pair.private_key()); + if (!status.ok()) { + return status; + } + } + return absl::OkStatus(); + }, + [](const std::shared_ptr& cert_selector) { + // We should never be able to get this from files. + return absl::InternalError("Invalid pem key cert pairs"); + }); } void FileWatcherCertificateProvider::ForceUpdate() { @@ -532,21 +535,24 @@ absl::Status InMemoryCertificateProvider::ValidateCredentials() const { if (!status.ok()) { return status; } - return Match(pem_key_cert_pairs_, [](const std::vector& pem_pairs) { - for (const PemKeyCertPair& pair : pem_pairs) { - absl::Status status = - ValidatePemKeyCertPair(pair.cert_chain(), pair.private_key()); - if (!status.ok()) { - return status; - } - } - return absl::OkStatus(); - }, [](const std::shared_ptr& cert_selector){ - if (cert_selector == nullptr) { - return absl::InvalidArgumentError("Certificiate selector is nullptr"); - } - return absl::OkStatus(); - }); + return Match( + pem_key_cert_pairs_, + [](const std::vector& pem_pairs) { + for (const PemKeyCertPair& pair : pem_pairs) { + absl::Status status = + ValidatePemKeyCertPair(pair.cert_chain(), pair.private_key()); + if (!status.ok()) { + return status; + } + } + return absl::OkStatus(); + }, + [](const std::shared_ptr& cert_selector) { + if (cert_selector == nullptr) { + return absl::InvalidArgumentError("Certificiate selector is nullptr"); + } + return absl::OkStatus(); + }); } absl::Status InMemoryCertificateProvider::UpdateRoot( diff --git a/src/core/credentials/transport/tls/ssl_utils.cc b/src/core/credentials/transport/tls/ssl_utils.cc index 668183d75678b..198c39306747f 100644 --- a/src/core/credentials/transport/tls/ssl_utils.cc +++ b/src/core/credentials/transport/tls/ssl_utils.cc @@ -33,8 +33,8 @@ #include #include -#include "grpc_tls_certificate_selector.h" #include "src/core/config/config_vars.h" +#include "src/core/credentials/transport/tls/grpc_tls_certificate_selector.h" #include "src/core/credentials/transport/tls/load_system_roots.h" #include "src/core/ext/transport/chttp2/alpn/alpn.h" #include "src/core/lib/channel/channel_args.h" diff --git a/src/core/credentials/transport/tls/tls_security_connector.cc b/src/core/credentials/transport/tls/tls_security_connector.cc index 35328dbb23fd9..d1a56a5ab0e46 100644 --- a/src/core/credentials/transport/tls/tls_security_connector.cc +++ b/src/core/credentials/transport/tls/tls_security_connector.cc @@ -31,7 +31,7 @@ #include #include -#include "grpc_tls_certificate_selector.h" +#include "src/core/credentials/transport/tls/grpc_tls_certificate_selector.h" #include "src/core/credentials/transport/tls/grpc_tls_certificate_verifier.h" #include "src/core/credentials/transport/tls/grpc_tls_credentials_options.h" #include "src/core/credentials/transport/tls/ssl_utils.h" @@ -573,8 +573,7 @@ TlsChannelSecurityConnector::UpdateHandshakerFactoryLocked() { [](std::shared_ptr*) {}); bool use_default_roots = options_->root_certificate_distributor() == nullptr; return grpc_ssl_tsi_client_handshaker_factory_init( - pem_key_cert_pair, - use_default_roots ? nullptr : root_cert_info_, + pem_key_cert_pair, use_default_roots ? nullptr : root_cert_info_, skip_server_certificate_verification, grpc_get_tsi_tls_version(options_->min_tls_version()), grpc_get_tsi_tls_version(options_->max_tls_version()), ssl_session_cache_, diff --git a/test/cpp/end2end/tls_cert_selection_offload_end2end_test.cc b/test/cpp/end2end/tls_cert_selection_offload_end2end_test.cc index 4513e987a30a0..0cdef6d7c4594 100644 --- a/test/cpp/end2end/tls_cert_selection_offload_end2end_test.cc +++ b/test/cpp/end2end/tls_cert_selection_offload_end2end_test.cc @@ -45,7 +45,7 @@ #include "test/core/test_util/test_config.h" #include "test/core/test_util/tls_utils.h" #include "test/cpp/end2end/test_service_impl.h" -#include "tls_test_certificate_selector.h" +#include "test/cpp/end2end/tls_test_certificate_selector.h" #include "gmock/gmock.h" #include "gtest/gtest.h" #include "absl/log/check.h" diff --git a/test/cpp/end2end/tls_test_certificate_selector.h b/test/cpp/end2end/tls_test_certificate_selector.h index 994a91cea8927..5a6b6b565a245 100644 --- a/test/cpp/end2end/tls_test_certificate_selector.h +++ b/test/cpp/end2end/tls_test_certificate_selector.h @@ -22,6 +22,7 @@ #include #include #include +#include #include #include @@ -29,9 +30,8 @@ #include "absl/log/check.h" #include "absl/status/statusor.h" #include "absl/strings/string_view.h" -#include -#if defined(OPENSSL_IS_BORINGSSL) +#if defined(GRPC_TEST_CPP_END2END_TLS_TEST_CERTIFICATE_SELECTOR_H) #include "src/core/credentials/transport/tls/grpc_tls_certificate_selector.h" @@ -78,8 +78,7 @@ class AsyncTestCertificateSelector : public grpc_core::CertificateSelector { std::variant> pem_private_key, - absl::string_view sni, - absl::Duration delay = absl::ZeroDuration()) + absl::string_view sni, absl::Duration delay = absl::ZeroDuration()) : pem_cert_chain_(pem_cert_chain), pem_private_key_(std::move(pem_private_key)), sni_(sni), @@ -107,5 +106,5 @@ class AsyncTestCertificateSelector : public grpc_core::CertificateSelector { } // namespace testing } // namespace grpc -#endif // OPENSSL_IS_BORINGSSL +#endif // GRPC_TEST_CPP_END2END_TLS_TEST_CERTIFICATE_SELECTOR_H #endif //