Skip to content

[Security - Revocation] Crl Directory Watcher Implementation#34749

Merged
gtcooke94 merged 233 commits intogrpc:masterfrom
gtcooke94:CRLWatcher
Nov 3, 2023
Merged

[Security - Revocation] Crl Directory Watcher Implementation#34749
gtcooke94 merged 233 commits intogrpc:masterfrom
gtcooke94:CRLWatcher

Conversation

@gtcooke94
Copy link
Copy Markdown
Contributor

@gtcooke94 gtcooke94 commented Oct 19, 2023
edited
Loading

This adds the directory reloader implementation of the CrlProvider. This will periodically reload CRL files in a directory per gRFC A69

Included in this is the following:

  • A public API to create the DirectoryReloaderCrlProvider
  • A basic directory interface in gprpp and platform specific impls for getting the list of files in a directory (unfortunately prior C++17, there is no std::filesystem, so we have to have platform specific impls)
  • The implementation of DirectoryReloaderCrlProvider takes an event_engine and a directory interface. This allows us to test using the fuzzing event engine for time mocking, and to implement a test directory interface so we avoid having to make temporary directories and files in the tests. This is notably not in include, and the CreateDirectoryReloaderCrlProvider is the only way to construct one from the public API, so we don't expose the event engine and directory details to the user.

gtcooke94 added 30 commits June 28, 2023 18:04
@gtcooke94
basic shell of API
668ea71
@gtcooke94
continuing on shell
8caadd0
@gtcooke94
continuing to make the shell, working on where everything needs to be
896faa5
@gtcooke94
CRL provider APIs
12d1748
@gtcooke94
remove accidental import
52b6c8b
@gtcooke94
changes to cpp interface:
a59719a
@gtcooke94
new crl_provider files in src tree
d91c544
@gtcooke94
CrlImpl
e2e8281
@gtcooke94
remove cruft
b5e978d
@gtcooke94
Beginning work on test
74016e2
@gtcooke94
Super basic test working
96b1d34
@gtcooke94
Address PR comments
caa01ce
@gtcooke94
Swap Cert to CertificateInfo
2c74924
@gtcooke94
Made CertificateInfo abstract and simplified test
59a686b
@gtcooke94
Fixed test
26e7fdb
@gtcooke94
Cleanup
50c30a9
@gtcooke94
cleanup
a8c2dca
@gtcooke94
Expanded tests
bac0ae4
@gtcooke94
make tests cleaner
01673c0
@gtcooke94
tidy using
a5399e5
@gtcooke94
remove unnecessary assert
dcb5ef2
@gtcooke94
build and format
853cce2
@gtcooke94
Asan issuer
7497eb5
@gtcooke94
generate_projects.sh
865e600
@gtcooke94
check_include_guards
e549380
@gtcooke94
iwyu
d4cef7f
@gtcooke94
fix dependency
154f95f
@gtcooke94
build gen
fe3c257
@gtcooke94
merge master
5efa637
@gtcooke94
basic static provider with test
4054546
@gtcooke94 gtcooke94 enabled auto-merge (squash) November 3, 2023 20:46
@gtcooke94 gtcooke94 merged commit 0d4e1ef into grpc:master Nov 3, 2023
@copybara-service copybara-service bot added the imported Specifies if the PR has been imported to the internal repository label Nov 3, 2023
gtcooke94 added a commit to gtcooke94/grpc that referenced this pull request Nov 13, 2023
@gtcooke94
[Security - Revocation] Crl Directory Watcher Implementation (grpc#34749
ba6a723 
)

This adds the directory reloader implementation of the CrlProvider. This
will periodically reload CRL files in a directory per [gRFC
A69](grpc/proposal#382)

Included in this is the following:
* A public API to create the `DirectoryReloaderCrlProvider`
* A basic directory interface in gprpp and platform specific impls for
getting the list of files in a directory (unfortunately prior C++17,
there is no std::filesystem, so we have to have platform specific impls)
* The implementation of `DirectoryReloaderCrlProvider` takes an
event_engine and a directory interface. This allows us to test using the
fuzzing event engine for time mocking, and to implement a test directory
interface so we avoid having to make temporary directories and files in
the tests. This is notably not in `include`, and the
`CreateDirectoryReloaderCrlProvider` is the only way to construct one
from the public API, so we don't expose the event engine and directory
details to the user.

---------

Co-authored-by: gtcooke94 <gtcooke94@users.noreply.github.com>
gtcooke94 added a commit to gtcooke94/grpc that referenced this pull request Nov 13, 2023
@gtcooke94
[Security - Revocation] Crl Directory Watcher Implementation (grpc#34749
6c25cf1 
)

This adds the directory reloader implementation of the CrlProvider. This
will periodically reload CRL files in a directory per [gRFC
A69](grpc/proposal#382)

Included in this is the following:
* A public API to create the `DirectoryReloaderCrlProvider`
* A basic directory interface in gprpp and platform specific impls for
getting the list of files in a directory (unfortunately prior C++17,
there is no std::filesystem, so we have to have platform specific impls)
* The implementation of `DirectoryReloaderCrlProvider` takes an
event_engine and a directory interface. This allows us to test using the
fuzzing event engine for time mocking, and to implement a test directory
interface so we avoid having to make temporary directories and files in
the tests. This is notably not in `include`, and the
`CreateDirectoryReloaderCrlProvider` is the only way to construct one
from the public API, so we don't expose the event engine and directory
details to the user.

---------

Co-authored-by: gtcooke94 <gtcooke94@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markdroth markdroth markdroth approved these changes

@matthewstevenson88 matthewstevenson88 matthewstevenson88 left review comments

Assignees

No one assigned

Labels

area/security bloat/medium disposition/ready to merge imported Specifies if the PR has been imported to the internal repository lang/c++ lang/core per-call-memory/decrease per-channel-memory/neutral release notes: yes Indicates if PR needs to be in release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gtcooke94 @markdroth @matthewstevenson88 @grpc-kokoro