1 /*
2 *
3 * Copyright 2018 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include <grpc/support/port_platform.h>
20
21 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
22
23 #include <stdlib.h>
24 #include <string.h>
25
26 #include <grpc/support/alloc.h>
27 #include <grpc/support/log.h>
28 #include <grpc/support/string_util.h>
29
30 #include "src/core/lib/surface/api_trace.h"
31
32 /** -- gRPC TLS server authorization check API implementation. -- **/
33 grpc_tls_server_authorization_check_config::
grpc_tls_server_authorization_check_config(const void * config_user_data,int (* schedule)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* cancel)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* destruct)(void * config_user_data))34 grpc_tls_server_authorization_check_config(
35 const void* config_user_data,
36 int (*schedule)(void* config_user_data,
37 grpc_tls_server_authorization_check_arg* arg),
38 void (*cancel)(void* config_user_data,
39 grpc_tls_server_authorization_check_arg* arg),
40 void (*destruct)(void* config_user_data))
41 : config_user_data_(const_cast<void*>(config_user_data)),
42 schedule_(schedule),
43 cancel_(cancel),
44 destruct_(destruct) {}
45
46 grpc_tls_server_authorization_check_config::
~grpc_tls_server_authorization_check_config()47 ~grpc_tls_server_authorization_check_config() {
48 if (destruct_ != nullptr) {
49 destruct_(config_user_data_);
50 }
51 }
52
Schedule(grpc_tls_server_authorization_check_arg * arg) const53 int grpc_tls_server_authorization_check_config::Schedule(
54 grpc_tls_server_authorization_check_arg* arg) const {
55 if (schedule_ == nullptr) {
56 gpr_log(GPR_ERROR, "schedule API is nullptr");
57 if (arg != nullptr) {
58 arg->status = GRPC_STATUS_NOT_FOUND;
59 arg->error_details->set_error_details(
60 "schedule API in server authorization check config is nullptr");
61 }
62 return 1;
63 }
64 if (arg != nullptr && context_ != nullptr) {
65 arg->config = const_cast<grpc_tls_server_authorization_check_config*>(this);
66 }
67 return schedule_(config_user_data_, arg);
68 }
69
Cancel(grpc_tls_server_authorization_check_arg * arg) const70 void grpc_tls_server_authorization_check_config::Cancel(
71 grpc_tls_server_authorization_check_arg* arg) const {
72 if (cancel_ == nullptr) {
73 gpr_log(GPR_ERROR, "cancel API is nullptr.");
74 if (arg != nullptr) {
75 arg->status = GRPC_STATUS_NOT_FOUND;
76 arg->error_details->set_error_details(
77 "schedule API in server authorization check config is nullptr");
78 }
79 return;
80 }
81 if (arg != nullptr) {
82 arg->config = const_cast<grpc_tls_server_authorization_check_config*>(this);
83 }
84 cancel_(config_user_data_, arg);
85 }
86
87 /** -- Wrapper APIs declared in grpc_security.h -- **/
88
grpc_tls_credentials_options_create()89 grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
90 grpc_core::ExecCtx exec_ctx;
91 return new grpc_tls_credentials_options();
92 }
93
grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options * options,grpc_ssl_client_certificate_request_type type)94 void grpc_tls_credentials_options_set_cert_request_type(
95 grpc_tls_credentials_options* options,
96 grpc_ssl_client_certificate_request_type type) {
97 GPR_ASSERT(options != nullptr);
98 options->set_cert_request_type(type);
99 }
100
grpc_tls_credentials_options_set_server_verification_option(grpc_tls_credentials_options * options,grpc_tls_server_verification_option server_verification_option)101 void grpc_tls_credentials_options_set_server_verification_option(
102 grpc_tls_credentials_options* options,
103 grpc_tls_server_verification_option server_verification_option) {
104 GPR_ASSERT(options != nullptr);
105 options->set_server_verification_option(server_verification_option);
106 }
107
grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options * options,grpc_tls_certificate_provider * provider)108 void grpc_tls_credentials_options_set_certificate_provider(
109 grpc_tls_credentials_options* options,
110 grpc_tls_certificate_provider* provider) {
111 GPR_ASSERT(options != nullptr);
112 GPR_ASSERT(provider != nullptr);
113 grpc_core::ExecCtx exec_ctx;
114 options->set_certificate_provider(
115 provider->Ref(DEBUG_LOCATION, "set_certificate_provider"));
116 }
117
grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options * options)118 void grpc_tls_credentials_options_watch_root_certs(
119 grpc_tls_credentials_options* options) {
120 GPR_ASSERT(options != nullptr);
121 options->set_watch_root_cert(true);
122 }
123
grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options * options,const char * root_cert_name)124 void grpc_tls_credentials_options_set_root_cert_name(
125 grpc_tls_credentials_options* options, const char* root_cert_name) {
126 GPR_ASSERT(options != nullptr);
127 options->set_root_cert_name(root_cert_name);
128 }
129
grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options * options)130 void grpc_tls_credentials_options_watch_identity_key_cert_pairs(
131 grpc_tls_credentials_options* options) {
132 GPR_ASSERT(options != nullptr);
133 options->set_watch_identity_pair(true);
134 }
135
grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options * options,const char * identity_cert_name)136 void grpc_tls_credentials_options_set_identity_cert_name(
137 grpc_tls_credentials_options* options, const char* identity_cert_name) {
138 GPR_ASSERT(options != nullptr);
139 options->set_identity_cert_name(identity_cert_name);
140 }
141
grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options * options,grpc_tls_server_authorization_check_config * config)142 void grpc_tls_credentials_options_set_server_authorization_check_config(
143 grpc_tls_credentials_options* options,
144 grpc_tls_server_authorization_check_config* config) {
145 GPR_ASSERT(options != nullptr);
146 GPR_ASSERT(config != nullptr);
147 grpc_core::ExecCtx exec_ctx;
148 options->set_server_authorization_check_config(config->Ref());
149 }
150
151 grpc_tls_server_authorization_check_config*
grpc_tls_server_authorization_check_config_create(const void * config_user_data,int (* schedule)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* cancel)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* destruct)(void * config_user_data))152 grpc_tls_server_authorization_check_config_create(
153 const void* config_user_data,
154 int (*schedule)(void* config_user_data,
155 grpc_tls_server_authorization_check_arg* arg),
156 void (*cancel)(void* config_user_data,
157 grpc_tls_server_authorization_check_arg* arg),
158 void (*destruct)(void* config_user_data)) {
159 if (schedule == nullptr) {
160 gpr_log(GPR_ERROR,
161 "Schedule API is nullptr in creating TLS server authorization "
162 "check config.");
163 return nullptr;
164 }
165 grpc_core::ExecCtx exec_ctx;
166 return new grpc_tls_server_authorization_check_config(
167 config_user_data, schedule, cancel, destruct);
168 }
169
grpc_tls_server_authorization_check_config_release(grpc_tls_server_authorization_check_config * config)170 void grpc_tls_server_authorization_check_config_release(
171 grpc_tls_server_authorization_check_config* config) {
172 GRPC_API_TRACE(
173 "grpc_tls_server_authorization_check_config_release(config=%p)", 1,
174 (config));
175 grpc_core::ExecCtx exec_ctx;
176 if (config != nullptr) config->Unref();
177 }
178