• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 //
3 // Copyright 2020 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #ifndef GRPC_SRC_CORE_XDS_GRPC_XDS_CERTIFICATE_PROVIDER_H
20 #define GRPC_SRC_CORE_XDS_GRPC_XDS_CERTIFICATE_PROVIDER_H
21 
22 #include <grpc/grpc.h>
23 #include <grpc/grpc_security.h>
24 #include <grpc/support/port_platform.h>
25 
26 #include <map>
27 #include <memory>
28 #include <string>
29 #include <vector>
30 
31 #include "absl/base/thread_annotations.h"
32 #include "absl/strings/string_view.h"
33 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
34 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
35 #include "src/core/util/matchers.h"
36 #include "src/core/util/ref_counted_ptr.h"
37 #include "src/core/util/sync.h"
38 #include "src/core/util/unique_type_name.h"
39 #include "src/core/util/useful.h"
40 
41 namespace grpc_core {
42 
43 class XdsCertificateProvider final : public grpc_tls_certificate_provider {
44  public:
45   // ctor for client side
46   XdsCertificateProvider(
47       RefCountedPtr<grpc_tls_certificate_provider> root_cert_provider,
48       absl::string_view root_cert_name, bool use_system_root_certs,
49       RefCountedPtr<grpc_tls_certificate_provider> identity_cert_provider,
50       absl::string_view identity_cert_name,
51       std::vector<StringMatcher> san_matchers);
52 
53   // ctor for server side
54   XdsCertificateProvider(
55       RefCountedPtr<grpc_tls_certificate_provider> root_cert_provider,
56       absl::string_view root_cert_name,
57       RefCountedPtr<grpc_tls_certificate_provider> identity_cert_provider,
58       absl::string_view identity_cert_name, bool require_client_certificate);
59 
60   ~XdsCertificateProvider() override;
61 
distributor()62   RefCountedPtr<grpc_tls_certificate_distributor> distributor() const override {
63     return distributor_;
64   }
65 
66   UniqueTypeName type() const override;
67 
ProvidesRootCerts()68   bool ProvidesRootCerts() const { return root_cert_provider_ != nullptr; }
UseSystemRootCerts()69   bool UseSystemRootCerts() const { return use_system_root_certs_; }
ProvidesIdentityCerts()70   bool ProvidesIdentityCerts() const {
71     return identity_cert_provider_ != nullptr;
72   }
require_client_certificate()73   bool require_client_certificate() const {
74     return require_client_certificate_;
75   }
san_matchers()76   const std::vector<StringMatcher>& san_matchers() const {
77     return san_matchers_;
78   }
79 
ChannelArgName()80   static absl::string_view ChannelArgName() {
81     return "grpc.internal.xds_certificate_provider";
82   }
ChannelArgsCompare(const XdsCertificateProvider * a,const XdsCertificateProvider * b)83   static int ChannelArgsCompare(const XdsCertificateProvider* a,
84                                 const XdsCertificateProvider* b) {
85     if (a == nullptr || b == nullptr) return QsortCompare(a, b);
86     return a->Compare(b);
87   }
88 
89  private:
CompareImpl(const grpc_tls_certificate_provider * other)90   int CompareImpl(const grpc_tls_certificate_provider* other) const override {
91     // TODO(yashykt): Maybe do something better here.
92     return QsortCompare(static_cast<const grpc_tls_certificate_provider*>(this),
93                         other);
94   }
95 
96   void WatchStatusCallback(std::string cert_name, bool root_being_watched,
97                            bool identity_being_watched);
98 
99   RefCountedPtr<grpc_tls_certificate_distributor> distributor_;
100   RefCountedPtr<grpc_tls_certificate_provider> root_cert_provider_;
101   std::string root_cert_name_;
102   bool use_system_root_certs_ = false;
103   RefCountedPtr<grpc_tls_certificate_provider> identity_cert_provider_;
104   std::string identity_cert_name_;
105   std::vector<StringMatcher> san_matchers_;
106   bool require_client_certificate_ = false;
107 
108   grpc_tls_certificate_distributor::TlsCertificatesWatcherInterface*
109       root_cert_watcher_ = nullptr;
110   grpc_tls_certificate_distributor::TlsCertificatesWatcherInterface*
111       identity_cert_watcher_ = nullptr;
112 };
113 
114 }  // namespace grpc_core
115 
116 #endif  // GRPC_SRC_CORE_XDS_GRPC_XDS_CERTIFICATE_PROVIDER_H
117