1 /*
2 *
3 * Copyright 2019 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include <grpc/grpc_security.h>
20 #include <grpc/support/alloc.h>
21 #include <grpcpp/security/tls_credentials_options.h>
22
23 #include "absl/container/inlined_vector.h"
24 #include "src/cpp/common/tls_credentials_options_util.h"
25
26 namespace grpc {
27 namespace experimental {
28
29 /** gRPC TLS server authorization check arg API implementation **/
TlsServerAuthorizationCheckArg(grpc_tls_server_authorization_check_arg * arg)30 TlsServerAuthorizationCheckArg::TlsServerAuthorizationCheckArg(
31 grpc_tls_server_authorization_check_arg* arg)
32 : c_arg_(arg) {
33 GPR_ASSERT(c_arg_ != nullptr);
34 if (c_arg_->context != nullptr) {
35 gpr_log(GPR_ERROR, "c_arg context has already been set");
36 }
37 c_arg_->context = static_cast<void*>(this);
38 c_arg_->destroy_context = &TlsServerAuthorizationCheckArgDestroyContext;
39 }
40
~TlsServerAuthorizationCheckArg()41 TlsServerAuthorizationCheckArg::~TlsServerAuthorizationCheckArg() {}
42
cb_user_data() const43 void* TlsServerAuthorizationCheckArg::cb_user_data() const {
44 return c_arg_->cb_user_data;
45 }
46
success() const47 int TlsServerAuthorizationCheckArg::success() const { return c_arg_->success; }
48
target_name() const49 std::string TlsServerAuthorizationCheckArg::target_name() const {
50 std::string cpp_target_name(c_arg_->target_name);
51 return cpp_target_name;
52 }
53
peer_cert() const54 std::string TlsServerAuthorizationCheckArg::peer_cert() const {
55 std::string cpp_peer_cert(c_arg_->peer_cert);
56 return cpp_peer_cert;
57 }
58
peer_cert_full_chain() const59 std::string TlsServerAuthorizationCheckArg::peer_cert_full_chain() const {
60 std::string cpp_peer_cert_full_chain(c_arg_->peer_cert_full_chain);
61 return cpp_peer_cert_full_chain;
62 }
63
status() const64 grpc_status_code TlsServerAuthorizationCheckArg::status() const {
65 return c_arg_->status;
66 }
67
error_details() const68 std::string TlsServerAuthorizationCheckArg::error_details() const {
69 return c_arg_->error_details->error_details();
70 }
71
set_cb_user_data(void * cb_user_data)72 void TlsServerAuthorizationCheckArg::set_cb_user_data(void* cb_user_data) {
73 c_arg_->cb_user_data = cb_user_data;
74 }
75
set_success(int success)76 void TlsServerAuthorizationCheckArg::set_success(int success) {
77 c_arg_->success = success;
78 }
79
set_target_name(const std::string & target_name)80 void TlsServerAuthorizationCheckArg::set_target_name(
81 const std::string& target_name) {
82 c_arg_->target_name = gpr_strdup(target_name.c_str());
83 }
84
set_peer_cert(const std::string & peer_cert)85 void TlsServerAuthorizationCheckArg::set_peer_cert(
86 const std::string& peer_cert) {
87 c_arg_->peer_cert = gpr_strdup(peer_cert.c_str());
88 }
89
set_peer_cert_full_chain(const std::string & peer_cert_full_chain)90 void TlsServerAuthorizationCheckArg::set_peer_cert_full_chain(
91 const std::string& peer_cert_full_chain) {
92 c_arg_->peer_cert_full_chain = gpr_strdup(peer_cert_full_chain.c_str());
93 }
94
set_status(grpc_status_code status)95 void TlsServerAuthorizationCheckArg::set_status(grpc_status_code status) {
96 c_arg_->status = status;
97 }
98
set_error_details(const std::string & error_details)99 void TlsServerAuthorizationCheckArg::set_error_details(
100 const std::string& error_details) {
101 c_arg_->error_details->set_error_details(error_details.c_str());
102 }
103
OnServerAuthorizationCheckDoneCallback()104 void TlsServerAuthorizationCheckArg::OnServerAuthorizationCheckDoneCallback() {
105 if (c_arg_->cb == nullptr) {
106 gpr_log(GPR_ERROR, "server authorizaton check arg callback API is nullptr");
107 return;
108 }
109 c_arg_->cb(c_arg_);
110 }
111
TlsServerAuthorizationCheckConfig(std::shared_ptr<TlsServerAuthorizationCheckInterface> server_authorization_check_interface)112 TlsServerAuthorizationCheckConfig::TlsServerAuthorizationCheckConfig(
113 std::shared_ptr<TlsServerAuthorizationCheckInterface>
114 server_authorization_check_interface)
115 : server_authorization_check_interface_(
116 std::move(server_authorization_check_interface)) {
117 c_config_ = grpc_tls_server_authorization_check_config_create(
118 nullptr, &TlsServerAuthorizationCheckConfigCSchedule,
119 &TlsServerAuthorizationCheckConfigCCancel, nullptr);
120 c_config_->set_context(static_cast<void*>(this));
121 }
122
~TlsServerAuthorizationCheckConfig()123 TlsServerAuthorizationCheckConfig::~TlsServerAuthorizationCheckConfig() {
124 grpc_tls_server_authorization_check_config_release(c_config_);
125 }
126
TlsCredentialsOptions()127 TlsCredentialsOptions::TlsCredentialsOptions() {
128 c_credentials_options_ = grpc_tls_credentials_options_create();
129 }
130
set_certificate_provider(std::shared_ptr<CertificateProviderInterface> certificate_provider)131 void TlsCredentialsOptions::set_certificate_provider(
132 std::shared_ptr<CertificateProviderInterface> certificate_provider) {
133 certificate_provider_ = std::move(certificate_provider);
134 if (certificate_provider_ != nullptr) {
135 grpc_tls_credentials_options_set_certificate_provider(
136 c_credentials_options_, certificate_provider_->c_provider());
137 }
138 }
139
watch_root_certs()140 void TlsCredentialsOptions::watch_root_certs() {
141 grpc_tls_credentials_options_watch_root_certs(c_credentials_options_);
142 }
143
set_root_cert_name(const std::string & root_cert_name)144 void TlsCredentialsOptions::set_root_cert_name(
145 const std::string& root_cert_name) {
146 grpc_tls_credentials_options_set_root_cert_name(c_credentials_options_,
147 root_cert_name.c_str());
148 }
149
watch_identity_key_cert_pairs()150 void TlsCredentialsOptions::watch_identity_key_cert_pairs() {
151 grpc_tls_credentials_options_watch_identity_key_cert_pairs(
152 c_credentials_options_);
153 }
154
set_identity_cert_name(const std::string & identity_cert_name)155 void TlsCredentialsOptions::set_identity_cert_name(
156 const std::string& identity_cert_name) {
157 grpc_tls_credentials_options_set_identity_cert_name(
158 c_credentials_options_, identity_cert_name.c_str());
159 }
160
set_server_verification_option(grpc_tls_server_verification_option server_verification_option)161 void TlsChannelCredentialsOptions::set_server_verification_option(
162 grpc_tls_server_verification_option server_verification_option) {
163 grpc_tls_credentials_options* options = c_credentials_options();
164 GPR_ASSERT(options != nullptr);
165 grpc_tls_credentials_options_set_server_verification_option(
166 options, server_verification_option);
167 }
168
set_server_authorization_check_config(std::shared_ptr<TlsServerAuthorizationCheckConfig> config)169 void TlsChannelCredentialsOptions::set_server_authorization_check_config(
170 std::shared_ptr<TlsServerAuthorizationCheckConfig> config) {
171 grpc_tls_credentials_options* options = c_credentials_options();
172 GPR_ASSERT(options != nullptr);
173 if (config != nullptr) {
174 grpc_tls_credentials_options_set_server_authorization_check_config(
175 options, config->c_config());
176 }
177 }
178
set_cert_request_type(grpc_ssl_client_certificate_request_type cert_request_type)179 void TlsServerCredentialsOptions::set_cert_request_type(
180 grpc_ssl_client_certificate_request_type cert_request_type) {
181 grpc_tls_credentials_options* options = c_credentials_options();
182 GPR_ASSERT(options != nullptr);
183 grpc_tls_credentials_options_set_cert_request_type(options,
184 cert_request_type);
185 }
186
187 } // namespace experimental
188 } // namespace grpc
189