1 //
2 //
3 // Copyright 2018 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18
19 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
20
21 #include <grpc/grpc_crl_provider.h>
22 #include <grpc/support/port_platform.h>
23
24 #include <memory>
25
26 #include "absl/log/check.h"
27 #include "absl/log/log.h"
28 #include "src/core/lib/debug/trace.h"
29 #include "src/core/lib/iomgr/exec_ctx.h"
30 #include "src/core/tsi/ssl_transport_security.h"
31 #include "src/core/util/debug_location.h"
32
33 /// -- Wrapper APIs declared in grpc_security.h -- *
34
grpc_tls_credentials_options_create()35 grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
36 grpc_core::ExecCtx exec_ctx;
37 return new grpc_tls_credentials_options();
38 }
39
grpc_tls_credentials_options_copy(grpc_tls_credentials_options * options)40 grpc_tls_credentials_options* grpc_tls_credentials_options_copy(
41 grpc_tls_credentials_options* options) {
42 CHECK_NE(options, nullptr);
43 return new grpc_tls_credentials_options(*options);
44 }
45
grpc_tls_credentials_options_destroy(grpc_tls_credentials_options * options)46 void grpc_tls_credentials_options_destroy(
47 grpc_tls_credentials_options* options) {
48 delete options;
49 }
50
grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options * options,grpc_ssl_client_certificate_request_type type)51 void grpc_tls_credentials_options_set_cert_request_type(
52 grpc_tls_credentials_options* options,
53 grpc_ssl_client_certificate_request_type type) {
54 CHECK_NE(options, nullptr);
55 options->set_cert_request_type(type);
56 }
57
grpc_tls_credentials_options_set_verify_server_cert(grpc_tls_credentials_options * options,int verify_server_cert)58 void grpc_tls_credentials_options_set_verify_server_cert(
59 grpc_tls_credentials_options* options, int verify_server_cert) {
60 CHECK_NE(options, nullptr);
61 options->set_verify_server_cert(verify_server_cert);
62 }
63
grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options * options,grpc_tls_certificate_provider * provider)64 void grpc_tls_credentials_options_set_certificate_provider(
65 grpc_tls_credentials_options* options,
66 grpc_tls_certificate_provider* provider) {
67 CHECK_NE(options, nullptr);
68 CHECK_NE(provider, nullptr);
69 grpc_core::ExecCtx exec_ctx;
70 options->set_certificate_provider(
71 provider->Ref(DEBUG_LOCATION, "set_certificate_provider"));
72 }
73
grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options * options)74 void grpc_tls_credentials_options_watch_root_certs(
75 grpc_tls_credentials_options* options) {
76 CHECK_NE(options, nullptr);
77 options->set_watch_root_cert(true);
78 }
79
grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options * options,const char * root_cert_name)80 void grpc_tls_credentials_options_set_root_cert_name(
81 grpc_tls_credentials_options* options, const char* root_cert_name) {
82 CHECK_NE(options, nullptr);
83 options->set_root_cert_name(root_cert_name);
84 }
85
grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options * options)86 void grpc_tls_credentials_options_watch_identity_key_cert_pairs(
87 grpc_tls_credentials_options* options) {
88 CHECK_NE(options, nullptr);
89 options->set_watch_identity_pair(true);
90 }
91
grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options * options,const char * identity_cert_name)92 void grpc_tls_credentials_options_set_identity_cert_name(
93 grpc_tls_credentials_options* options, const char* identity_cert_name) {
94 CHECK_NE(options, nullptr);
95 options->set_identity_cert_name(identity_cert_name);
96 }
97
grpc_tls_credentials_options_set_certificate_verifier(grpc_tls_credentials_options * options,grpc_tls_certificate_verifier * verifier)98 void grpc_tls_credentials_options_set_certificate_verifier(
99 grpc_tls_credentials_options* options,
100 grpc_tls_certificate_verifier* verifier) {
101 CHECK_NE(options, nullptr);
102 CHECK_NE(verifier, nullptr);
103 options->set_certificate_verifier(verifier->Ref());
104 }
105
grpc_tls_credentials_options_set_crl_directory(grpc_tls_credentials_options * options,const char * crl_directory)106 void grpc_tls_credentials_options_set_crl_directory(
107 grpc_tls_credentials_options* options, const char* crl_directory) {
108 CHECK_NE(options, nullptr);
109 options->set_crl_directory(crl_directory);
110 }
111
grpc_tls_credentials_options_set_check_call_host(grpc_tls_credentials_options * options,int check_call_host)112 void grpc_tls_credentials_options_set_check_call_host(
113 grpc_tls_credentials_options* options, int check_call_host) {
114 CHECK_NE(options, nullptr);
115 options->set_check_call_host(check_call_host);
116 }
117
grpc_tls_credentials_options_set_tls_session_key_log_file_path(grpc_tls_credentials_options * options,const char * path)118 void grpc_tls_credentials_options_set_tls_session_key_log_file_path(
119 grpc_tls_credentials_options* options, const char* path) {
120 if (!tsi_tls_session_key_logging_supported() || options == nullptr) {
121 return;
122 }
123 GRPC_TRACE_LOG(api, INFO)
124 << "grpc_tls_credentials_options_set_tls_session_key_log_config(options="
125 << options << ")";
126 // Tls session key logging is assumed to be enabled if the specified log
127 // file is non-empty.
128 if (path != nullptr) {
129 VLOG(2) << "Enabling TLS session key logging with keys stored at: " << path;
130 } else {
131 VLOG(2) << "Disabling TLS session key logging";
132 }
133 options->set_tls_session_key_log_file_path(path != nullptr ? path : "");
134 }
135
grpc_tls_credentials_options_set_send_client_ca_list(grpc_tls_credentials_options * options,bool send_client_ca_list)136 void grpc_tls_credentials_options_set_send_client_ca_list(
137 grpc_tls_credentials_options* options, bool send_client_ca_list) {
138 if (options == nullptr) {
139 return;
140 }
141 options->set_send_client_ca_list(send_client_ca_list);
142 }
143
grpc_tls_credentials_options_set_crl_provider(grpc_tls_credentials_options * options,std::shared_ptr<grpc_core::experimental::CrlProvider> provider)144 void grpc_tls_credentials_options_set_crl_provider(
145 grpc_tls_credentials_options* options,
146 std::shared_ptr<grpc_core::experimental::CrlProvider> provider) {
147 CHECK_NE(options, nullptr);
148 options->set_crl_provider(provider);
149 }
150
grpc_tls_credentials_options_set_min_tls_version(grpc_tls_credentials_options * options,grpc_tls_version min_tls_version)151 void grpc_tls_credentials_options_set_min_tls_version(
152 grpc_tls_credentials_options* options, grpc_tls_version min_tls_version) {
153 CHECK_NE(options, nullptr);
154 options->set_min_tls_version(min_tls_version);
155 }
156
grpc_tls_credentials_options_set_max_tls_version(grpc_tls_credentials_options * options,grpc_tls_version max_tls_version)157 void grpc_tls_credentials_options_set_max_tls_version(
158 grpc_tls_credentials_options* options, grpc_tls_version max_tls_version) {
159 CHECK_NE(options, nullptr);
160 options->set_max_tls_version(max_tls_version);
161 }
162