1 /*
2 *
3 * Copyright 2015 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include <grpc/support/port_platform.h>
20
21 #include "src/core/lib/security/security_connector/security_connector.h"
22
23 #include <grpc/slice_buffer.h>
24 #include <grpc/support/alloc.h>
25 #include <grpc/support/log.h>
26 #include <grpc/support/string_util.h>
27
28 #include "src/core/ext/transport/chttp2/alpn/alpn.h"
29 #include "src/core/lib/channel/channel_args.h"
30 #include "src/core/lib/channel/handshaker.h"
31 #include "src/core/lib/gpr/string.h"
32 #include "src/core/lib/gprpp/host_port.h"
33 #include "src/core/lib/iomgr/load_file.h"
34 #include "src/core/lib/security/context/security_context.h"
35 #include "src/core/lib/security/credentials/credentials.h"
36 #include "src/core/lib/security/security_connector/load_system_roots.h"
37 #include "src/core/lib/security/security_connector/security_connector.h"
38 #include "src/core/lib/security/transport/security_handshaker.h"
39
40 grpc_core::DebugOnlyTraceFlag grpc_trace_security_connector_refcount(
41 false, "security_connector_refcount");
42
grpc_server_security_connector(const char * url_scheme,grpc_core::RefCountedPtr<grpc_server_credentials> server_creds)43 grpc_server_security_connector::grpc_server_security_connector(
44 const char* url_scheme,
45 grpc_core::RefCountedPtr<grpc_server_credentials> server_creds)
46 : grpc_security_connector(url_scheme),
47 server_creds_(std::move(server_creds)) {}
48
49 grpc_server_security_connector::~grpc_server_security_connector() = default;
50
grpc_channel_security_connector(const char * url_scheme,grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds)51 grpc_channel_security_connector::grpc_channel_security_connector(
52 const char* url_scheme,
53 grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,
54 grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds)
55 : grpc_security_connector(url_scheme),
56 channel_creds_(std::move(channel_creds)),
57 request_metadata_creds_(std::move(request_metadata_creds)) {}
58
~grpc_channel_security_connector()59 grpc_channel_security_connector::~grpc_channel_security_connector() {}
60
grpc_security_connector_cmp(const grpc_security_connector * sc,const grpc_security_connector * other)61 int grpc_security_connector_cmp(const grpc_security_connector* sc,
62 const grpc_security_connector* other) {
63 if (sc == nullptr || other == nullptr) {
64 return grpc_core::QsortCompare(sc, other);
65 }
66 return sc->cmp(other);
67 }
68
channel_security_connector_cmp(const grpc_channel_security_connector * other) const69 int grpc_channel_security_connector::channel_security_connector_cmp(
70 const grpc_channel_security_connector* other) const {
71 const grpc_channel_security_connector* other_sc =
72 static_cast<const grpc_channel_security_connector*>(other);
73 GPR_ASSERT(channel_creds() != nullptr);
74 GPR_ASSERT(other_sc->channel_creds() != nullptr);
75 int c = grpc_core::QsortCompare(channel_creds(), other_sc->channel_creds());
76 if (c != 0) return c;
77 return grpc_core::QsortCompare(request_metadata_creds(),
78 other_sc->request_metadata_creds());
79 }
80
server_security_connector_cmp(const grpc_server_security_connector * other) const81 int grpc_server_security_connector::server_security_connector_cmp(
82 const grpc_server_security_connector* other) const {
83 const grpc_server_security_connector* other_sc =
84 static_cast<const grpc_server_security_connector*>(other);
85 GPR_ASSERT(server_creds() != nullptr);
86 GPR_ASSERT(other_sc->server_creds() != nullptr);
87 return grpc_core::QsortCompare(server_creds(), other_sc->server_creds());
88 }
89
connector_arg_destroy(void * p)90 static void connector_arg_destroy(void* p) {
91 if (p == nullptr) return;
92 static_cast<grpc_security_connector*>(p)->Unref(DEBUG_LOCATION,
93 "connector_arg_destroy");
94 }
95
connector_arg_copy(void * p)96 static void* connector_arg_copy(void* p) {
97 if (p == nullptr) return nullptr;
98 return static_cast<grpc_security_connector*>(p)
99 ->Ref(DEBUG_LOCATION, "connector_arg_copy")
100 .release();
101 }
102
connector_cmp(void * a,void * b)103 static int connector_cmp(void* a, void* b) {
104 return static_cast<grpc_security_connector*>(a)->cmp(
105 static_cast<grpc_security_connector*>(b));
106 }
107
108 static const grpc_arg_pointer_vtable connector_arg_vtable = {
109 connector_arg_copy, connector_arg_destroy, connector_cmp};
110
grpc_security_connector_to_arg(grpc_security_connector * sc)111 grpc_arg grpc_security_connector_to_arg(grpc_security_connector* sc) {
112 return grpc_channel_arg_pointer_create(
113 const_cast<char*>(GRPC_ARG_SECURITY_CONNECTOR), sc,
114 &connector_arg_vtable);
115 }
116
grpc_security_connector_from_arg(const grpc_arg * arg)117 grpc_security_connector* grpc_security_connector_from_arg(const grpc_arg* arg) {
118 if (strcmp(arg->key, GRPC_ARG_SECURITY_CONNECTOR) != 0) return nullptr;
119 if (arg->type != GRPC_ARG_POINTER) {
120 gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
121 GRPC_ARG_SECURITY_CONNECTOR);
122 return nullptr;
123 }
124 return static_cast<grpc_security_connector*>(arg->value.pointer.p);
125 }
126
grpc_security_connector_find_in_args(const grpc_channel_args * args)127 grpc_security_connector* grpc_security_connector_find_in_args(
128 const grpc_channel_args* args) {
129 size_t i;
130 if (args == nullptr) return nullptr;
131 for (i = 0; i < args->num_args; i++) {
132 grpc_security_connector* sc =
133 grpc_security_connector_from_arg(&args->args[i]);
134 if (sc != nullptr) return sc;
135 }
136 return nullptr;
137 }
138