1 /*
2 *
3 * Copyright 2019 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include "absl/container/inlined_vector.h"
20
21 #include <grpc/grpc_security.h>
22 #include <grpc/support/alloc.h>
23 #include <grpcpp/security/tls_credentials_options.h>
24
25 #include "src/cpp/common/tls_credentials_options_util.h"
26
27 namespace grpc {
28 namespace experimental {
29
30 /** gRPC TLS server authorization check arg API implementation **/
TlsServerAuthorizationCheckArg(grpc_tls_server_authorization_check_arg * arg)31 TlsServerAuthorizationCheckArg::TlsServerAuthorizationCheckArg(
32 grpc_tls_server_authorization_check_arg* arg)
33 : c_arg_(arg) {
34 GPR_ASSERT(c_arg_ != nullptr);
35 if (c_arg_->context != nullptr) {
36 gpr_log(GPR_ERROR, "c_arg context has already been set");
37 }
38 c_arg_->context = static_cast<void*>(this);
39 c_arg_->destroy_context = &TlsServerAuthorizationCheckArgDestroyContext;
40 }
41
~TlsServerAuthorizationCheckArg()42 TlsServerAuthorizationCheckArg::~TlsServerAuthorizationCheckArg() {}
43
cb_user_data() const44 void* TlsServerAuthorizationCheckArg::cb_user_data() const {
45 return c_arg_->cb_user_data;
46 }
47
success() const48 int TlsServerAuthorizationCheckArg::success() const { return c_arg_->success; }
49
target_name() const50 std::string TlsServerAuthorizationCheckArg::target_name() const {
51 std::string cpp_target_name(c_arg_->target_name);
52 return cpp_target_name;
53 }
54
peer_cert() const55 std::string TlsServerAuthorizationCheckArg::peer_cert() const {
56 std::string cpp_peer_cert(c_arg_->peer_cert);
57 return cpp_peer_cert;
58 }
59
peer_cert_full_chain() const60 std::string TlsServerAuthorizationCheckArg::peer_cert_full_chain() const {
61 std::string cpp_peer_cert_full_chain(c_arg_->peer_cert_full_chain);
62 return cpp_peer_cert_full_chain;
63 }
64
status() const65 grpc_status_code TlsServerAuthorizationCheckArg::status() const {
66 return c_arg_->status;
67 }
68
error_details() const69 std::string TlsServerAuthorizationCheckArg::error_details() const {
70 return c_arg_->error_details->error_details();
71 }
72
set_cb_user_data(void * cb_user_data)73 void TlsServerAuthorizationCheckArg::set_cb_user_data(void* cb_user_data) {
74 c_arg_->cb_user_data = cb_user_data;
75 }
76
set_success(int success)77 void TlsServerAuthorizationCheckArg::set_success(int success) {
78 c_arg_->success = success;
79 }
80
set_target_name(const std::string & target_name)81 void TlsServerAuthorizationCheckArg::set_target_name(
82 const std::string& target_name) {
83 c_arg_->target_name = gpr_strdup(target_name.c_str());
84 }
85
set_peer_cert(const std::string & peer_cert)86 void TlsServerAuthorizationCheckArg::set_peer_cert(
87 const std::string& peer_cert) {
88 c_arg_->peer_cert = gpr_strdup(peer_cert.c_str());
89 }
90
set_peer_cert_full_chain(const std::string & peer_cert_full_chain)91 void TlsServerAuthorizationCheckArg::set_peer_cert_full_chain(
92 const std::string& peer_cert_full_chain) {
93 c_arg_->peer_cert_full_chain = gpr_strdup(peer_cert_full_chain.c_str());
94 }
95
set_status(grpc_status_code status)96 void TlsServerAuthorizationCheckArg::set_status(grpc_status_code status) {
97 c_arg_->status = status;
98 }
99
set_error_details(const std::string & error_details)100 void TlsServerAuthorizationCheckArg::set_error_details(
101 const std::string& error_details) {
102 c_arg_->error_details->set_error_details(error_details.c_str());
103 }
104
OnServerAuthorizationCheckDoneCallback()105 void TlsServerAuthorizationCheckArg::OnServerAuthorizationCheckDoneCallback() {
106 if (c_arg_->cb == nullptr) {
107 gpr_log(GPR_ERROR, "server authorizaton check arg callback API is nullptr");
108 return;
109 }
110 c_arg_->cb(c_arg_);
111 }
112
TlsServerAuthorizationCheckConfig(std::shared_ptr<TlsServerAuthorizationCheckInterface> server_authorization_check_interface)113 TlsServerAuthorizationCheckConfig::TlsServerAuthorizationCheckConfig(
114 std::shared_ptr<TlsServerAuthorizationCheckInterface>
115 server_authorization_check_interface)
116 : server_authorization_check_interface_(
117 std::move(server_authorization_check_interface)) {
118 c_config_ = grpc_tls_server_authorization_check_config_create(
119 nullptr, &TlsServerAuthorizationCheckConfigCSchedule,
120 &TlsServerAuthorizationCheckConfigCCancel, nullptr);
121 c_config_->set_context(static_cast<void*>(this));
122 }
123
~TlsServerAuthorizationCheckConfig()124 TlsServerAuthorizationCheckConfig::~TlsServerAuthorizationCheckConfig() {
125 grpc_tls_server_authorization_check_config_release(c_config_);
126 }
127
TlsCredentialsOptions()128 TlsCredentialsOptions::TlsCredentialsOptions() {
129 c_credentials_options_ = grpc_tls_credentials_options_create();
130 }
131
set_certificate_provider(std::shared_ptr<CertificateProviderInterface> certificate_provider)132 void TlsCredentialsOptions::set_certificate_provider(
133 std::shared_ptr<CertificateProviderInterface> certificate_provider) {
134 certificate_provider_ = std::move(certificate_provider);
135 if (certificate_provider_ != nullptr) {
136 grpc_tls_credentials_options_set_certificate_provider(
137 c_credentials_options_, certificate_provider_->c_provider());
138 }
139 }
140
watch_root_certs()141 void TlsCredentialsOptions::watch_root_certs() {
142 grpc_tls_credentials_options_watch_root_certs(c_credentials_options_);
143 }
144
set_root_cert_name(const std::string & root_cert_name)145 void TlsCredentialsOptions::set_root_cert_name(
146 const std::string& root_cert_name) {
147 grpc_tls_credentials_options_set_root_cert_name(c_credentials_options_,
148 root_cert_name.c_str());
149 }
150
watch_identity_key_cert_pairs()151 void TlsCredentialsOptions::watch_identity_key_cert_pairs() {
152 grpc_tls_credentials_options_watch_identity_key_cert_pairs(
153 c_credentials_options_);
154 }
155
set_identity_cert_name(const std::string & identity_cert_name)156 void TlsCredentialsOptions::set_identity_cert_name(
157 const std::string& identity_cert_name) {
158 grpc_tls_credentials_options_set_identity_cert_name(
159 c_credentials_options_, identity_cert_name.c_str());
160 }
161
set_server_verification_option(grpc_tls_server_verification_option server_verification_option)162 void TlsChannelCredentialsOptions::set_server_verification_option(
163 grpc_tls_server_verification_option server_verification_option) {
164 grpc_tls_credentials_options* options = c_credentials_options();
165 GPR_ASSERT(options != nullptr);
166 grpc_tls_credentials_options_set_server_verification_option(
167 options, server_verification_option);
168 }
169
set_server_authorization_check_config(std::shared_ptr<TlsServerAuthorizationCheckConfig> config)170 void TlsChannelCredentialsOptions::set_server_authorization_check_config(
171 std::shared_ptr<TlsServerAuthorizationCheckConfig> config) {
172 grpc_tls_credentials_options* options = c_credentials_options();
173 GPR_ASSERT(options != nullptr);
174 if (config != nullptr) {
175 grpc_tls_credentials_options_set_server_authorization_check_config(
176 options, config->c_config());
177 }
178 }
179
set_cert_request_type(grpc_ssl_client_certificate_request_type cert_request_type)180 void TlsServerCredentialsOptions::set_cert_request_type(
181 grpc_ssl_client_certificate_request_type cert_request_type) {
182 grpc_tls_credentials_options* options = c_credentials_options();
183 GPR_ASSERT(options != nullptr);
184 grpc_tls_credentials_options_set_cert_request_type(options,
185 cert_request_type);
186 }
187
188 } // namespace experimental
189 } // namespace grpc
190