Imported Upstream version 1.36.0

[platform/upstream/grpc.git] / src / core / ext / transport / chttp2 / server / secure / server_secure_chttp2.cc

diff --git a/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc b/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc
index a181db4..563c303 100644 (file)
--- a/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc
+++ b/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc
@@ -18,12 +18,11 @@
 
 #include <grpc/support/port_platform.h>
 
-#include <grpc/grpc.h>
-
 #include <string.h>
 
 #include "absl/strings/str_cat.h"
 
+#include <grpc/grpc.h>
 #include <grpc/support/alloc.h>
 #include <grpc/support/log.h>
 
@@ -38,6 +37,35 @@
 #include "src/core/lib/surface/api_trace.h"
 #include "src/core/lib/surface/server.h"
 
+namespace {
+
+grpc_channel_args* ModifyArgsForConnection(grpc_channel_args* args,
+                                           grpc_error** error) {
+  grpc_server_credentials* server_credentials =
+      grpc_find_server_credentials_in_args(args);
+  if (server_credentials == nullptr) {
+    *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+        "Could not find server credentials");
+    return args;
+  }
+  auto security_connector = server_credentials->create_security_connector(args);
+  if (security_connector == nullptr) {
+    *error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
+        absl::StrCat("Unable to create secure server with credentials of type ",
+                     server_credentials->type())
+            .c_str());
+    return args;
+  }
+  grpc_arg arg_to_add =
+      grpc_security_connector_to_arg(security_connector.get());
+  grpc_channel_args* new_args =
+      grpc_channel_args_copy_and_add(args, &arg_to_add, 1);
+  grpc_channel_args_destroy(args);
+  return new_args;
+}
+
+}  // namespace
+
 int grpc_server_add_secure_http2_port(grpc_server* server, const char* addr,
                                       grpc_server_credentials* creds) {
   grpc_core::ExecCtx exec_ctx;
@@ -55,27 +83,43 @@ int grpc_server_add_secure_http2_port(grpc_server* server, const char* addr,
         "No credentials specified for secure server port (creds==NULL)");
     goto done;
   }
-  sc = creds->create_security_connector();
-  if (sc == nullptr) {
-    err = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
-        absl::StrCat("Unable to create secure server with credentials of type ",
-                     creds->type())
-            .c_str());
-    goto done;
+  // TODO(yashykt): Ideally, we would not want to have different behavior here
+  // based on whether a config fetcher is configured or not. Currently, we have
+  // a feature for SSL credentials reloading with an application callback that
+  // assumes that there is a single security connector. If we delay the creation
+  // of the security connector to after the creation of the listener(s), we
+  // would have potentially multiple security connectors which breaks the
+  // assumption for SSL creds reloading. When the API for SSL creds reloading is
+  // rewritten, we would be able to make this workaround go away by removing
+  // that assumption. As an immediate drawback of this workaround, config
+  // fetchers need to be registered before adding ports to the server.
+  if (server->core_server->config_fetcher() != nullptr) {
+    // Create channel args.
+    grpc_arg arg_to_add = grpc_server_credentials_to_arg(creds);
+    args = grpc_channel_args_copy_and_add(server->core_server->channel_args(),
+                                          &arg_to_add, 1);
+  } else {
+    sc = creds->create_security_connector(nullptr);
+    if (sc == nullptr) {
+      err = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
+          absl::StrCat(
+              "Unable to create secure server with credentials of type ",
+              creds->type())
+              .c_str());
+      goto done;
+    }
+    grpc_arg args_to_add[2];
+    args_to_add[0] = grpc_server_credentials_to_arg(creds);
+    args_to_add[1] = grpc_security_connector_to_arg(sc.get());
+    args = grpc_channel_args_copy_and_add(server->core_server->channel_args(),
+                                          args_to_add,
+                                          GPR_ARRAY_SIZE(args_to_add));
   }
-  // Create channel args.
-  grpc_arg args_to_add[2];
-  args_to_add[0] = grpc_server_credentials_to_arg(creds);
-  args_to_add[1] = grpc_security_connector_to_arg(sc.get());
-  args =
-      grpc_channel_args_copy_and_add(server->core_server->channel_args(),
-                                     args_to_add, GPR_ARRAY_SIZE(args_to_add));
   // Add server port.
   err = grpc_core::Chttp2ServerAddPort(server->core_server.get(), addr, args,
-                                       &port_num);
+                                       ModifyArgsForConnection, &port_num);
 done:
   sc.reset(DEBUG_LOCATION, "server");
-
   if (err != GRPC_ERROR_NONE) {
     const char* msg = grpc_error_string(err);
     gpr_log(GPR_ERROR, "%s", msg);