• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 /**
20  * class ChannelCredentials
21  * @see https://github.com/grpc/grpc/tree/master/src/php/ext/grpc/channel_credentials.c
22  */
23 
24 #include "channel_credentials.h"
25 
26 #include <ext/standard/sha1.h>
27 #include <ext/spl/spl_exceptions.h>
28 #include <zend_exceptions.h>
29 
30 #include <grpc/support/alloc.h>
31 #include <grpc/support/string_util.h>
32 
33 #include "call_credentials.h"
34 #include "channel.h"
35 
36 zend_class_entry *grpc_ce_channel_credentials;
37 PHP_GRPC_DECLARE_OBJECT_HANDLER(channel_credentials_ce_handlers)
38 static char *default_pem_root_certs = NULL;
39 
get_ssl_roots_override(char ** pem_root_certs)40 static grpc_ssl_roots_override_result get_ssl_roots_override(
41     char **pem_root_certs) {
42   if (!default_pem_root_certs) {
43     *pem_root_certs = NULL;
44     return GRPC_SSL_ROOTS_OVERRIDE_FAIL;
45   }
46   *pem_root_certs = gpr_strdup(default_pem_root_certs);
47   return GRPC_SSL_ROOTS_OVERRIDE_OK;
48 }
49 
50 /* Frees and destroys an instance of wrapped_grpc_channel_credentials */
51 PHP_GRPC_FREE_WRAPPED_FUNC_START(wrapped_grpc_channel_credentials)
52   if (p->hashstr != NULL) {
53     free(p->hashstr);
54     p->hashstr = NULL;
55   }
56   if (p->wrapped != NULL) {
57     grpc_channel_credentials_release(p->wrapped);
58     p->wrapped = NULL;
59   }
PHP_GRPC_FREE_WRAPPED_FUNC_END()60 PHP_GRPC_FREE_WRAPPED_FUNC_END()
61 
62 /* Initializes an instance of wrapped_grpc_channel_credentials to be
63  * associated with an object of a class specified by class_type */
64 php_grpc_zend_object create_wrapped_grpc_channel_credentials(
65     zend_class_entry *class_type TSRMLS_DC) {
66   PHP_GRPC_ALLOC_CLASS_OBJECT(wrapped_grpc_channel_credentials);
67   zend_object_std_init(&intern->std, class_type TSRMLS_CC);
68   object_properties_init(&intern->std, class_type);
69   PHP_GRPC_FREE_CLASS_OBJECT(wrapped_grpc_channel_credentials,
70                              channel_credentials_ce_handlers);
71 }
72 
grpc_php_wrap_channel_credentials(grpc_channel_credentials * wrapped,char * hashstr,zend_bool has_call_creds TSRMLS_DC)73 zval *grpc_php_wrap_channel_credentials(grpc_channel_credentials *wrapped,
74                                         char *hashstr,
75                                         zend_bool has_call_creds TSRMLS_DC) {
76   zval *credentials_object;
77   PHP_GRPC_MAKE_STD_ZVAL(credentials_object);
78   object_init_ex(credentials_object, grpc_ce_channel_credentials);
79   wrapped_grpc_channel_credentials *credentials =
80     PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_channel_credentials,
81                                 credentials_object);
82   credentials->wrapped = wrapped;
83   credentials->hashstr = hashstr;
84   credentials->has_call_creds = has_call_creds;
85   return credentials_object;
86 }
87 
88 /**
89  * Set default roots pem.
90  * @param string $pem_roots PEM encoding of the server root certificates
91  * @return void
92  */
PHP_METHOD(ChannelCredentials,setDefaultRootsPem)93 PHP_METHOD(ChannelCredentials, setDefaultRootsPem) {
94   char *pem_roots;
95   php_grpc_int pem_roots_length;
96 
97   /* "s" == 1 string */
98   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &pem_roots,
99                             &pem_roots_length) == FAILURE) {
100     zend_throw_exception(spl_ce_InvalidArgumentException,
101                          "setDefaultRootsPem expects 1 string", 1 TSRMLS_CC);
102     return;
103   }
104   default_pem_root_certs = gpr_realloc(default_pem_root_certs, (pem_roots_length + 1) * sizeof(char));
105   memcpy(default_pem_root_certs, pem_roots, pem_roots_length + 1);
106 }
107 
108 /**
109  * if default roots pem is set
110  * @return TRUE/FALSE
111  */
PHP_METHOD(ChannelCredentials,isDefaultRootsPemSet)112 PHP_METHOD(ChannelCredentials, isDefaultRootsPemSet) {
113   if (default_pem_root_certs) {
114     RETURN_TRUE;
115   }
116   RETURN_FALSE;
117 }
118 
119 /**
120  * free default roots pem, if it is set
121  */
PHP_METHOD(ChannelCredentials,invalidateDefaultRootsPem)122 PHP_METHOD(ChannelCredentials, invalidateDefaultRootsPem) {
123   if (default_pem_root_certs) {
124     gpr_free(default_pem_root_certs);
125     default_pem_root_certs = NULL;
126   }
127 }
128 
129 /**
130  * Create a default channel credentials object.
131  * @return ChannelCredentials The new default channel credentials object
132  */
PHP_METHOD(ChannelCredentials,createDefault)133 PHP_METHOD(ChannelCredentials, createDefault) {
134   grpc_channel_credentials *creds = grpc_google_default_credentials_create(NULL);
135   zval *creds_object = grpc_php_wrap_channel_credentials(creds, NULL, false
136                                                          TSRMLS_CC);
137   RETURN_DESTROY_ZVAL(creds_object);
138 }
139 
140 /**
141  * Create SSL credentials.
142  * @param string $pem_root_certs = "" PEM encoding of the server root certificates (optional)
143  * @param string $private_key = "" PEM encoding of the client's
144  *                                              private key (optional)
145  * @param string $cert_chain = "" PEM encoding of the client's
146  *                                             certificate chain (optional)
147  * @return ChannelCredentials The new SSL credentials object
148  */
PHP_METHOD(ChannelCredentials,createSsl)149 PHP_METHOD(ChannelCredentials, createSsl) {
150   char *pem_root_certs = NULL;
151   grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
152 
153   php_grpc_int root_certs_length = 0;
154   php_grpc_int private_key_length = 0;
155   php_grpc_int cert_chain_length = 0;
156 
157   pem_key_cert_pair.private_key = pem_key_cert_pair.cert_chain = NULL;
158 
159   grpc_set_ssl_roots_override_callback(get_ssl_roots_override);
160 
161   /* "|s!s!s!" == 3 optional nullable strings */
162   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s!s!s!",
163                             &pem_root_certs, &root_certs_length,
164                             &pem_key_cert_pair.private_key,
165                             &private_key_length,
166                             &pem_key_cert_pair.cert_chain,
167                             &cert_chain_length) == FAILURE) {
168     zend_throw_exception(spl_ce_InvalidArgumentException,
169                          "createSsl expects 3 optional strings", 1 TSRMLS_CC);
170     return;
171   }
172 
173   php_grpc_int hashkey_len = root_certs_length + cert_chain_length;
174   char *hashkey = emalloc(hashkey_len + 1);
175   if (root_certs_length > 0) {
176     strcpy(hashkey, pem_root_certs);
177   }
178   if (cert_chain_length > 0) {
179     strcpy(hashkey, pem_key_cert_pair.cert_chain);
180   }
181 
182   char *hashstr = malloc(41);
183   generate_sha1_str(hashstr, hashkey, hashkey_len);
184 
185   grpc_channel_credentials *creds = grpc_ssl_credentials_create(
186       pem_root_certs,
187       pem_key_cert_pair.private_key == NULL ? NULL : &pem_key_cert_pair, NULL, NULL);
188   zval *creds_object = grpc_php_wrap_channel_credentials(creds, hashstr, false
189                                                          TSRMLS_CC);
190   efree(hashkey);
191   RETURN_DESTROY_ZVAL(creds_object);
192 }
193 
194 /**
195  * Create composite credentials from two existing credentials.
196  * @param ChannelCredentials $cred1_obj The first credential
197  * @param CallCredentials $cred2_obj The second credential
198  * @return ChannelCredentials The new composite credentials object
199  */
PHP_METHOD(ChannelCredentials,createComposite)200 PHP_METHOD(ChannelCredentials, createComposite) {
201   zval *cred1_obj;
202   zval *cred2_obj;
203 
204   grpc_set_ssl_roots_override_callback(get_ssl_roots_override);
205 
206   /* "OO" == 2 Objects */
207   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "OO", &cred1_obj,
208                             grpc_ce_channel_credentials, &cred2_obj,
209                             grpc_ce_call_credentials) == FAILURE) {
210     zend_throw_exception(spl_ce_InvalidArgumentException,
211                          "createComposite expects 2 Credentials", 1 TSRMLS_CC);
212     return;
213   }
214   wrapped_grpc_channel_credentials *cred1 =
215     PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_channel_credentials, cred1_obj);
216   wrapped_grpc_call_credentials *cred2 =
217     PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_call_credentials, cred2_obj);
218   grpc_channel_credentials *creds =
219     grpc_composite_channel_credentials_create(cred1->wrapped, cred2->wrapped,
220                                               NULL);
221   // wrapped_grpc_channel_credentials object should keeps it's own
222   // allocation. Otherwise it conflicts free hashstr with call.c.
223   php_grpc_int cred1_len = strlen(cred1->hashstr);
224   char *cred1_hashstr = malloc(cred1_len+1);
225   strcpy(cred1_hashstr, cred1->hashstr);
226   zval *creds_object =
227     grpc_php_wrap_channel_credentials(creds, cred1_hashstr, true TSRMLS_CC);
228   RETURN_DESTROY_ZVAL(creds_object);
229 }
230 
231 /**
232  * Create insecure channel credentials
233  * @return null
234  */
PHP_METHOD(ChannelCredentials,createInsecure)235 PHP_METHOD(ChannelCredentials, createInsecure) {
236   grpc_channel_credentials* creds = grpc_insecure_credentials_create();
237   zval* creds_object = grpc_php_wrap_channel_credentials(
238       creds, strdup("INSECURE"), false TSRMLS_CC);
239   RETURN_DESTROY_ZVAL(creds_object);
240 }
241 
242 /**
243  * Create XDS channel credentials
244  * @param ChannelCredentials $fallback_creds  The fallback credentials used
245  * if the channel target does not have the 'xds:///' scheme or if the xDS
246  * control plane does not provide information on how to fetch credentials
247  * dynamically.
248  * @return ChannelCredentials The xDS channel credentials object
249  */
PHP_METHOD(ChannelCredentials,createXds)250 PHP_METHOD(ChannelCredentials, createXds) {
251   grpc_channel_credentials* xds_creds = NULL;
252   zval* fallback_creds = NULL;
253   if (zend_parse_parameters_ex(0,  // ZEND_PARSE_PARAMS_QUIET,
254                                ZEND_NUM_ARGS() TSRMLS_CC, "O", &fallback_creds,
255                                grpc_ce_channel_credentials) != SUCCESS) {
256     zend_throw_exception(spl_ce_InvalidArgumentException,
257                          "createXds expects a fallback credentials",
258                          1 TSRMLS_CC);
259     return;
260   }
261 
262   wrapped_grpc_channel_credentials* wrapped_fallback_creds =
263       PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_channel_credentials,
264                                   fallback_creds);
265   xds_creds = grpc_xds_credentials_create(wrapped_fallback_creds->wrapped);
266   const char* fallback_creds_hash_str =
267       wrapped_fallback_creds->hashstr ? wrapped_fallback_creds->hashstr : "";
268 
269   // prefix "XDS:" as the hash of the xDS channel
270   char* hash_str = malloc(strlen(fallback_creds_hash_str) + strlen("XDS:") + 1);
271   strcpy(hash_str, "XDS:");
272   strcat(hash_str, fallback_creds_hash_str);
273   zval* xds_creds_obj = grpc_php_wrap_channel_credentials(
274       xds_creds, hash_str, false /* has_call_creds */ TSRMLS_CC);
275   RETURN_DESTROY_ZVAL(xds_creds_obj);
276 }
277 
278 ZEND_BEGIN_ARG_INFO_EX(arginfo_setDefaultRootsPem, 0, 0, 1)
279   ZEND_ARG_INFO(0, pem_roots)
280 ZEND_END_ARG_INFO()
281 
282 ZEND_BEGIN_ARG_INFO_EX(arginfo_isDefaultRootsPemSet, 0, 0, 0)
283 ZEND_END_ARG_INFO()
284 
285 ZEND_BEGIN_ARG_INFO_EX(arginfo_invalidateDefaultRootsPem, 0, 0, 0)
286 ZEND_END_ARG_INFO()
287 
288 ZEND_BEGIN_ARG_INFO_EX(arginfo_createDefault, 0, 0, 0)
289 ZEND_END_ARG_INFO()
290 
291 ZEND_BEGIN_ARG_INFO_EX(arginfo_createSsl, 0, 0, 0)
292   ZEND_ARG_INFO(0, pem_root_certs)
293   ZEND_ARG_INFO(0, pem_private_key)
294   ZEND_ARG_INFO(0, pem_cert_chain)
295 ZEND_END_ARG_INFO()
296 
297 ZEND_BEGIN_ARG_INFO_EX(arginfo_createComposite, 0, 0, 2)
298   ZEND_ARG_INFO(0, channel_creds)
299   ZEND_ARG_INFO(0, call_creds)
300 ZEND_END_ARG_INFO()
301 
302 ZEND_BEGIN_ARG_INFO_EX(arginfo_createInsecure, 0, 0, 0)
303 ZEND_END_ARG_INFO()
304 
305 ZEND_BEGIN_ARG_INFO_EX(arginfo_createXds, 0, 0, 1)
306   ZEND_ARG_OBJ_INFO(0, fallback_creds, Grpc\\ChannelCredentials, 1)
307 ZEND_END_ARG_INFO()
308 
309 static zend_function_entry channel_credentials_methods[] = {
310   PHP_ME(ChannelCredentials, setDefaultRootsPem, arginfo_setDefaultRootsPem,
311          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
312   PHP_ME(ChannelCredentials, isDefaultRootsPemSet, arginfo_isDefaultRootsPemSet,
313          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
314   PHP_ME(ChannelCredentials, invalidateDefaultRootsPem, arginfo_invalidateDefaultRootsPem,
315          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
316   PHP_ME(ChannelCredentials, createDefault, arginfo_createDefault,
317          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
318   PHP_ME(ChannelCredentials, createSsl, arginfo_createSsl,
319          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
320   PHP_ME(ChannelCredentials, createComposite, arginfo_createComposite,
321          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
322   PHP_ME(ChannelCredentials, createInsecure, arginfo_createInsecure,
323          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
324   PHP_ME(ChannelCredentials, createXds, arginfo_createXds,
325          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
326   PHP_FE_END
327 };
328 
grpc_init_channel_credentials(TSRMLS_D)329 void grpc_init_channel_credentials(TSRMLS_D) {
330   zend_class_entry ce;
331   INIT_CLASS_ENTRY(ce, "Grpc\\ChannelCredentials",
332                    channel_credentials_methods);
333   ce.create_object = create_wrapped_grpc_channel_credentials;
334   grpc_ce_channel_credentials = zend_register_internal_class(&ce TSRMLS_CC);
335   PHP_GRPC_INIT_HANDLER(wrapped_grpc_channel_credentials,
336                         channel_credentials_ce_handlers);
337 }
338