Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 1 | /* |
| 2 | * |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 3 | * Copyright 2015 gRPC authors. |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 4 | * |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | * you may not use this file except in compliance with the License. |
| 7 | * You may obtain a copy of the License at |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 8 | * |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 10 | * |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 16 | * |
| 17 | */ |
| 18 | |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 19 | #include <functional> |
| 20 | #include <map> |
| 21 | #include <memory> |
| 22 | |
Craig Tiller | 7c70b6c | 2017-01-23 07:48:42 -0800 | [diff] [blame] | 23 | #include <grpc++/impl/codegen/slice.h> |
| 24 | #include <grpc++/security/auth_metadata_processor.h> |
| 25 | |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 26 | #include "src/cpp/common/secure_auth_context.h" |
Julien Boeuf | 1d2240c | 2015-04-09 21:07:56 -0700 | [diff] [blame] | 27 | #include "src/cpp/server/secure_server_credentials.h" |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 28 | |
| 29 | namespace grpc { |
| 30 | |
Craig Tiller | 71a0f9d | 2015-09-28 17:22:01 -0700 | [diff] [blame] | 31 | void AuthMetadataProcessorAyncWrapper::Destroy(void* wrapper) { |
Julien Boeuf | 0c711ad | 2015-08-28 14:10:58 -0700 | [diff] [blame] | 32 | auto* w = reinterpret_cast<AuthMetadataProcessorAyncWrapper*>(wrapper); |
| 33 | delete w; |
| 34 | } |
| 35 | |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 36 | void AuthMetadataProcessorAyncWrapper::Process( |
Julien Boeuf | bf25bb0 | 2015-08-14 12:36:11 -0700 | [diff] [blame] | 37 | void* wrapper, grpc_auth_context* context, const grpc_metadata* md, |
| 38 | size_t num_md, grpc_process_auth_metadata_done_cb cb, void* user_data) { |
| 39 | auto* w = reinterpret_cast<AuthMetadataProcessorAyncWrapper*>(wrapper); |
Vijay Pai | e57abcf | 2015-09-29 22:55:34 +0000 | [diff] [blame] | 40 | if (!w->processor_) { |
Julien Boeuf | bf25bb0 | 2015-08-14 12:36:11 -0700 | [diff] [blame] | 41 | // Early exit. |
Julien Boeuf | 5b3516e | 2015-08-26 11:19:10 -0700 | [diff] [blame] | 42 | cb(user_data, nullptr, 0, nullptr, 0, GRPC_STATUS_OK, nullptr); |
Julien Boeuf | bf25bb0 | 2015-08-14 12:36:11 -0700 | [diff] [blame] | 43 | return; |
Julien Boeuf | 5941335 | 2015-08-13 22:03:56 -0700 | [diff] [blame] | 44 | } |
Julien Boeuf | bf25bb0 | 2015-08-14 12:36:11 -0700 | [diff] [blame] | 45 | if (w->processor_->IsBlocking()) { |
| 46 | w->thread_pool_->Add( |
| 47 | std::bind(&AuthMetadataProcessorAyncWrapper::InvokeProcessor, w, |
| 48 | context, md, num_md, cb, user_data)); |
| 49 | } else { |
| 50 | // invoke directly. |
| 51 | w->InvokeProcessor(context, md, num_md, cb, user_data); |
| 52 | } |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 53 | } |
| 54 | |
Julien Boeuf | bf25bb0 | 2015-08-14 12:36:11 -0700 | [diff] [blame] | 55 | void AuthMetadataProcessorAyncWrapper::InvokeProcessor( |
Craig Tiller | 71a0f9d | 2015-09-28 17:22:01 -0700 | [diff] [blame] | 56 | grpc_auth_context* ctx, const grpc_metadata* md, size_t num_md, |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 57 | grpc_process_auth_metadata_done_cb cb, void* user_data) { |
Julien Boeuf | 35b559f | 2015-08-26 23:17:35 -0700 | [diff] [blame] | 58 | AuthMetadataProcessor::InputMetadata metadata; |
Julien Boeuf | bf25bb0 | 2015-08-14 12:36:11 -0700 | [diff] [blame] | 59 | for (size_t i = 0; i < num_md; i++) { |
Craig Tiller | 7c70b6c | 2017-01-23 07:48:42 -0800 | [diff] [blame] | 60 | metadata.insert(std::make_pair(StringRefFromSlice(&md[i].key), |
| 61 | StringRefFromSlice(&md[i].value))); |
Julien Boeuf | bf25bb0 | 2015-08-14 12:36:11 -0700 | [diff] [blame] | 62 | } |
Julien Boeuf | 0c711ad | 2015-08-28 14:10:58 -0700 | [diff] [blame] | 63 | SecureAuthContext context(ctx, false); |
Julien Boeuf | 35b559f | 2015-08-26 23:17:35 -0700 | [diff] [blame] | 64 | AuthMetadataProcessor::OutputMetadata consumed_metadata; |
| 65 | AuthMetadataProcessor::OutputMetadata response_metadata; |
| 66 | |
| 67 | Status status = processor_->Process(metadata, &context, &consumed_metadata, |
| 68 | &response_metadata); |
| 69 | |
Julien Boeuf | 0c711ad | 2015-08-28 14:10:58 -0700 | [diff] [blame] | 70 | std::vector<grpc_metadata> consumed_md; |
Julien Boeuf | 35b559f | 2015-08-26 23:17:35 -0700 | [diff] [blame] | 71 | for (auto it = consumed_metadata.begin(); it != consumed_metadata.end(); |
| 72 | ++it) { |
Vijay Pai | e57abcf | 2015-09-29 22:55:34 +0000 | [diff] [blame] | 73 | grpc_metadata md_entry; |
Craig Tiller | 7c70b6c | 2017-01-23 07:48:42 -0800 | [diff] [blame] | 74 | md_entry.key = SliceReferencingString(it->first); |
| 75 | md_entry.value = SliceReferencingString(it->second); |
Vijay Pai | e57abcf | 2015-09-29 22:55:34 +0000 | [diff] [blame] | 76 | md_entry.flags = 0; |
| 77 | consumed_md.push_back(md_entry); |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 78 | } |
Julien Boeuf | 0c711ad | 2015-08-28 14:10:58 -0700 | [diff] [blame] | 79 | std::vector<grpc_metadata> response_md; |
Julien Boeuf | 35b559f | 2015-08-26 23:17:35 -0700 | [diff] [blame] | 80 | for (auto it = response_metadata.begin(); it != response_metadata.end(); |
| 81 | ++it) { |
Vijay Pai | e57abcf | 2015-09-29 22:55:34 +0000 | [diff] [blame] | 82 | grpc_metadata md_entry; |
Craig Tiller | 7c70b6c | 2017-01-23 07:48:42 -0800 | [diff] [blame] | 83 | md_entry.key = SliceReferencingString(it->first); |
| 84 | md_entry.value = SliceReferencingString(it->second); |
Vijay Pai | e57abcf | 2015-09-29 22:55:34 +0000 | [diff] [blame] | 85 | md_entry.flags = 0; |
| 86 | response_md.push_back(md_entry); |
Julien Boeuf | 35b559f | 2015-08-26 23:17:35 -0700 | [diff] [blame] | 87 | } |
yang-g | 61e461e | 2015-09-03 13:08:59 -0700 | [diff] [blame] | 88 | auto consumed_md_data = consumed_md.empty() ? nullptr : &consumed_md[0]; |
| 89 | auto response_md_data = response_md.empty() ? nullptr : &response_md[0]; |
| 90 | cb(user_data, consumed_md_data, consumed_md.size(), response_md_data, |
Julien Boeuf | 35b559f | 2015-08-26 23:17:35 -0700 | [diff] [blame] | 91 | response_md.size(), static_cast<grpc_status_code>(status.error_code()), |
| 92 | status.error_message().c_str()); |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 93 | } |
| 94 | |
Craig Tiller | d6c98df | 2015-08-18 09:33:44 -0700 | [diff] [blame] | 95 | int SecureServerCredentials::AddPortToServer(const grpc::string& addr, |
| 96 | grpc_server* server) { |
Julien Boeuf | 1d2240c | 2015-04-09 21:07:56 -0700 | [diff] [blame] | 97 | return grpc_server_add_secure_http2_port(server, addr.c_str(), creds_); |
| 98 | } |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 99 | |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 100 | void SecureServerCredentials::SetAuthMetadataProcessor( |
| 101 | const std::shared_ptr<AuthMetadataProcessor>& processor) { |
Craig Tiller | 71a0f9d | 2015-09-28 17:22:01 -0700 | [diff] [blame] | 102 | auto* wrapper = new AuthMetadataProcessorAyncWrapper(processor); |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 103 | grpc_server_credentials_set_auth_metadata_processor( |
Julien Boeuf | 0c711ad | 2015-08-28 14:10:58 -0700 | [diff] [blame] | 104 | creds_, {AuthMetadataProcessorAyncWrapper::Process, |
| 105 | AuthMetadataProcessorAyncWrapper::Destroy, wrapper}); |
Julien Boeuf | c2274e7 | 2015-08-10 12:45:17 -0700 | [diff] [blame] | 106 | } |
| 107 | |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 108 | std::shared_ptr<ServerCredentials> SslServerCredentials( |
Yang Gao | 6baa9b6 | 2015-03-17 10:49:39 -0700 | [diff] [blame] | 109 | const SslServerCredentialsOptions& options) { |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 110 | std::vector<grpc_ssl_pem_key_cert_pair> pem_key_cert_pairs; |
Vijay Pai | 82dd80a | 2015-03-24 10:36:08 -0700 | [diff] [blame] | 111 | for (auto key_cert_pair = options.pem_key_cert_pairs.begin(); |
Julien Boeuf | 1d2240c | 2015-04-09 21:07:56 -0700 | [diff] [blame] | 112 | key_cert_pair != options.pem_key_cert_pairs.end(); key_cert_pair++) { |
Vijay Pai | 82dd80a | 2015-03-24 10:36:08 -0700 | [diff] [blame] | 113 | grpc_ssl_pem_key_cert_pair p = {key_cert_pair->private_key.c_str(), |
Julien Boeuf | 1d2240c | 2015-04-09 21:07:56 -0700 | [diff] [blame] | 114 | key_cert_pair->cert_chain.c_str()}; |
Vijay Pai | 82dd80a | 2015-03-24 10:36:08 -0700 | [diff] [blame] | 115 | pem_key_cert_pairs.push_back(p); |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 116 | } |
Deepak Lukose | dba4c5f | 2016-03-25 12:54:25 -0700 | [diff] [blame] | 117 | grpc_server_credentials* c_creds = grpc_ssl_server_credentials_create_ex( |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 118 | options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(), |
yang-g | 61e461e | 2015-09-03 13:08:59 -0700 | [diff] [blame] | 119 | pem_key_cert_pairs.empty() ? nullptr : &pem_key_cert_pairs[0], |
Deepak Lukose | dba4c5f | 2016-03-25 12:54:25 -0700 | [diff] [blame] | 120 | pem_key_cert_pairs.size(), |
| 121 | options.force_client_auth |
| 122 | ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY |
| 123 | : options.client_certificate_request, |
| 124 | nullptr); |
Yang Gao | 6baa9b6 | 2015-03-17 10:49:39 -0700 | [diff] [blame] | 125 | return std::shared_ptr<ServerCredentials>( |
| 126 | new SecureServerCredentials(c_creds)); |
Craig Tiller | 42bc87c | 2015-02-23 08:50:19 -0800 | [diff] [blame] | 127 | } |
| 128 | |
| 129 | } // namespace grpc |