1 /*
2 *
3 * Copyright 2018 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include <grpc/support/port_platform.h>
20
21 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
22
23 #include <stdlib.h>
24 #include <string.h>
25
26 #include <grpc/support/alloc.h>
27 #include <grpc/support/log.h>
28 #include <grpc/support/string_util.h>
29
30 #include "src/core/lib/surface/api_trace.h"
31
32 /** -- gRPC TLS server authorization check API implementation. -- **/
33 grpc_tls_server_authorization_check_config::
grpc_tls_server_authorization_check_config(const void * config_user_data,int (* schedule)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* cancel)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* destruct)(void * config_user_data))34 grpc_tls_server_authorization_check_config(
35 const void* config_user_data,
36 int (*schedule)(void* config_user_data,
37 grpc_tls_server_authorization_check_arg* arg),
38 void (*cancel)(void* config_user_data,
39 grpc_tls_server_authorization_check_arg* arg),
40 void (*destruct)(void* config_user_data))
41 : config_user_data_(const_cast<void*>(config_user_data)),
42 schedule_(schedule),
43 cancel_(cancel),
44 destruct_(destruct) {}
45
46 grpc_tls_server_authorization_check_config::
~grpc_tls_server_authorization_check_config()47 ~grpc_tls_server_authorization_check_config() {
48 if (destruct_ != nullptr) {
49 destruct_(config_user_data_);
50 }
51 }
52
Schedule(grpc_tls_server_authorization_check_arg * arg) const53 int grpc_tls_server_authorization_check_config::Schedule(
54 grpc_tls_server_authorization_check_arg* arg) const {
55 if (schedule_ == nullptr) {
56 gpr_log(GPR_ERROR, "schedule API is nullptr");
57 if (arg != nullptr) {
58 arg->status = GRPC_STATUS_NOT_FOUND;
59 arg->error_details->set_error_details(
60 "schedule API in server authorization check config is nullptr");
61 }
62 return 1;
63 }
64 if (arg != nullptr && context_ != nullptr) {
65 arg->config = const_cast<grpc_tls_server_authorization_check_config*>(this);
66 }
67 return schedule_(config_user_data_, arg);
68 }
69
Cancel(grpc_tls_server_authorization_check_arg * arg) const70 void grpc_tls_server_authorization_check_config::Cancel(
71 grpc_tls_server_authorization_check_arg* arg) const {
72 if (cancel_ == nullptr) {
73 gpr_log(GPR_ERROR, "cancel API is nullptr.");
74 if (arg != nullptr) {
75 arg->status = GRPC_STATUS_NOT_FOUND;
76 arg->error_details->set_error_details(
77 "schedule API in server authorization check config is nullptr");
78 }
79 return;
80 }
81 if (arg != nullptr) {
82 arg->config = const_cast<grpc_tls_server_authorization_check_config*>(this);
83 }
84 cancel_(config_user_data_, arg);
85 }
86
87 /** -- Wrapper APIs declared in grpc_security.h -- **/
88
grpc_tls_credentials_options_create()89 grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
90 return new grpc_tls_credentials_options();
91 }
92
grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options * options,grpc_ssl_client_certificate_request_type type)93 void grpc_tls_credentials_options_set_cert_request_type(
94 grpc_tls_credentials_options* options,
95 grpc_ssl_client_certificate_request_type type) {
96 GPR_ASSERT(options != nullptr);
97 options->set_cert_request_type(type);
98 }
99
grpc_tls_credentials_options_set_server_verification_option(grpc_tls_credentials_options * options,grpc_tls_server_verification_option server_verification_option)100 void grpc_tls_credentials_options_set_server_verification_option(
101 grpc_tls_credentials_options* options,
102 grpc_tls_server_verification_option server_verification_option) {
103 GPR_ASSERT(options != nullptr);
104 options->set_server_verification_option(server_verification_option);
105 }
106
grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options * options,grpc_tls_certificate_provider * provider)107 void grpc_tls_credentials_options_set_certificate_provider(
108 grpc_tls_credentials_options* options,
109 grpc_tls_certificate_provider* provider) {
110 GPR_ASSERT(options != nullptr);
111 GPR_ASSERT(provider != nullptr);
112 options->set_certificate_provider(
113 provider->Ref(DEBUG_LOCATION, "set_certificate_provider"));
114 }
115
grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options * options)116 void grpc_tls_credentials_options_watch_root_certs(
117 grpc_tls_credentials_options* options) {
118 GPR_ASSERT(options != nullptr);
119 options->set_watch_root_cert(true);
120 }
121
grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options * options,const char * root_cert_name)122 void grpc_tls_credentials_options_set_root_cert_name(
123 grpc_tls_credentials_options* options, const char* root_cert_name) {
124 GPR_ASSERT(options != nullptr);
125 options->set_root_cert_name(root_cert_name);
126 }
127
grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options * options)128 void grpc_tls_credentials_options_watch_identity_key_cert_pairs(
129 grpc_tls_credentials_options* options) {
130 GPR_ASSERT(options != nullptr);
131 options->set_watch_identity_pair(true);
132 }
133
grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options * options,const char * identity_cert_name)134 void grpc_tls_credentials_options_set_identity_cert_name(
135 grpc_tls_credentials_options* options, const char* identity_cert_name) {
136 GPR_ASSERT(options != nullptr);
137 options->set_identity_cert_name(identity_cert_name);
138 }
139
grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options * options,grpc_tls_server_authorization_check_config * config)140 void grpc_tls_credentials_options_set_server_authorization_check_config(
141 grpc_tls_credentials_options* options,
142 grpc_tls_server_authorization_check_config* config) {
143 GPR_ASSERT(options != nullptr);
144 GPR_ASSERT(config != nullptr);
145 options->set_server_authorization_check_config(config->Ref());
146 }
147
148 grpc_tls_server_authorization_check_config*
grpc_tls_server_authorization_check_config_create(const void * config_user_data,int (* schedule)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* cancel)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* destruct)(void * config_user_data))149 grpc_tls_server_authorization_check_config_create(
150 const void* config_user_data,
151 int (*schedule)(void* config_user_data,
152 grpc_tls_server_authorization_check_arg* arg),
153 void (*cancel)(void* config_user_data,
154 grpc_tls_server_authorization_check_arg* arg),
155 void (*destruct)(void* config_user_data)) {
156 if (schedule == nullptr) {
157 gpr_log(GPR_ERROR,
158 "Schedule API is nullptr in creating TLS server authorization "
159 "check config.");
160 return nullptr;
161 }
162 return new grpc_tls_server_authorization_check_config(
163 config_user_data, schedule, cancel, destruct);
164 }
165
grpc_tls_server_authorization_check_config_release(grpc_tls_server_authorization_check_config * config)166 void grpc_tls_server_authorization_check_config_release(
167 grpc_tls_server_authorization_check_config* config) {
168 GRPC_API_TRACE(
169 "grpc_tls_server_authorization_check_config_release(config=%p)", 1,
170 (config));
171 grpc_core::ExecCtx exec_ctx;
172 if (config != nullptr) config->Unref();
173 }
174