Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / grpc-grpc / 6c8ee58f955d04cbc9733ee899c50e01fecef9d9 / . / src / cpp / server / secure_server_credentials.cc
blob: 0fbe4ccd18b9f698d05c2207a77a41bd74a9fc03 [file] [log] [blame]
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]1/*
2 *
Jan Tattermusch7897ae92017-06-07 22:57:36 +0200[diff] [blame]3 * Copyright 2015 gRPC authors.
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]4 *
Jan Tattermusch7897ae92017-06-07 22:57:36 +0200[diff] [blame]5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]8 *
Jan Tattermusch7897ae92017-06-07 22:57:36 +0200[diff] [blame]9 * http://www.apache.org/licenses/LICENSE-2.0
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]10 *
Jan Tattermusch7897ae92017-06-07 22:57:36 +0200[diff] [blame]11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]16 *
17 */
18
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]19#include <functional>
20#include <map>
21#include <memory>
22
Craig Tiller7c70b6c2017-01-23 07:48:42 -0800[diff] [blame]23#include <grpc++/impl/codegen/slice.h>
24#include <grpc++/security/auth_metadata_processor.h>
25
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]26#include "src/cpp/common/secure_auth_context.h"
Julien Boeuf1d2240c2015-04-09 21:07:56 -0700[diff] [blame]27#include "src/cpp/server/secure_server_credentials.h"
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]28
29namespace grpc {
30
Craig Tiller71a0f9d2015-09-28 17:22:01 -0700[diff] [blame]31void AuthMetadataProcessorAyncWrapper::Destroy(void* wrapper) {
Julien Boeuf0c711ad2015-08-28 14:10:58 -0700[diff] [blame]32 auto* w = reinterpret_cast<AuthMetadataProcessorAyncWrapper*>(wrapper);
33 delete w;
34}
35
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]36void AuthMetadataProcessorAyncWrapper::Process(
Julien Boeufbf25bb02015-08-14 12:36:11 -0700[diff] [blame]37 void* wrapper, grpc_auth_context* context, const grpc_metadata* md,
38 size_t num_md, grpc_process_auth_metadata_done_cb cb, void* user_data) {
39 auto* w = reinterpret_cast<AuthMetadataProcessorAyncWrapper*>(wrapper);
Vijay Paie57abcf2015-09-29 22:55:34 +0000[diff] [blame]40 if (!w->processor_) {
Julien Boeufbf25bb02015-08-14 12:36:11 -0700[diff] [blame]41 // Early exit.
Julien Boeuf5b3516e2015-08-26 11:19:10 -0700[diff] [blame]42 cb(user_data, nullptr, 0, nullptr, 0, GRPC_STATUS_OK, nullptr);
Julien Boeufbf25bb02015-08-14 12:36:11 -0700[diff] [blame]43 return;
Julien Boeuf59413352015-08-13 22:03:56 -0700[diff] [blame]44 }
Julien Boeufbf25bb02015-08-14 12:36:11 -0700[diff] [blame]45 if (w->processor_->IsBlocking()) {
46 w->thread_pool_->Add(
47 std::bind(&AuthMetadataProcessorAyncWrapper::InvokeProcessor, w,
48 context, md, num_md, cb, user_data));
49 } else {
50 // invoke directly.
51 w->InvokeProcessor(context, md, num_md, cb, user_data);
52 }
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]53}
54
Julien Boeufbf25bb02015-08-14 12:36:11 -0700[diff] [blame]55void AuthMetadataProcessorAyncWrapper::InvokeProcessor(
Craig Tiller71a0f9d2015-09-28 17:22:01 -0700[diff] [blame]56 grpc_auth_context* ctx, const grpc_metadata* md, size_t num_md,
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]57 grpc_process_auth_metadata_done_cb cb, void* user_data) {
Julien Boeuf35b559f2015-08-26 23:17:35 -0700[diff] [blame]58 AuthMetadataProcessor::InputMetadata metadata;
Julien Boeufbf25bb02015-08-14 12:36:11 -0700[diff] [blame]59 for (size_t i = 0; i < num_md; i++) {
Craig Tiller7c70b6c2017-01-23 07:48:42 -0800[diff] [blame]60 metadata.insert(std::make_pair(StringRefFromSlice(&md[i].key),
61 StringRefFromSlice(&md[i].value)));
Julien Boeufbf25bb02015-08-14 12:36:11 -0700[diff] [blame]62 }
Julien Boeuf0c711ad2015-08-28 14:10:58 -0700[diff] [blame]63 SecureAuthContext context(ctx, false);
Julien Boeuf35b559f2015-08-26 23:17:35 -0700[diff] [blame]64 AuthMetadataProcessor::OutputMetadata consumed_metadata;
65 AuthMetadataProcessor::OutputMetadata response_metadata;
66
67 Status status = processor_->Process(metadata, &context, &consumed_metadata,
68 &response_metadata);
69
Julien Boeuf0c711ad2015-08-28 14:10:58 -0700[diff] [blame]70 std::vector<grpc_metadata> consumed_md;
Julien Boeuf35b559f2015-08-26 23:17:35 -0700[diff] [blame]71 for (auto it = consumed_metadata.begin(); it != consumed_metadata.end();
72 ++it) {
Vijay Paie57abcf2015-09-29 22:55:34 +0000[diff] [blame]73 grpc_metadata md_entry;
Craig Tiller7c70b6c2017-01-23 07:48:42 -0800[diff] [blame]74 md_entry.key = SliceReferencingString(it->first);
75 md_entry.value = SliceReferencingString(it->second);
Vijay Paie57abcf2015-09-29 22:55:34 +0000[diff] [blame]76 md_entry.flags = 0;
77 consumed_md.push_back(md_entry);
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]78 }
Julien Boeuf0c711ad2015-08-28 14:10:58 -0700[diff] [blame]79 std::vector<grpc_metadata> response_md;
Julien Boeuf35b559f2015-08-26 23:17:35 -0700[diff] [blame]80 for (auto it = response_metadata.begin(); it != response_metadata.end();
81 ++it) {
Vijay Paie57abcf2015-09-29 22:55:34 +0000[diff] [blame]82 grpc_metadata md_entry;
Craig Tiller7c70b6c2017-01-23 07:48:42 -0800[diff] [blame]83 md_entry.key = SliceReferencingString(it->first);
84 md_entry.value = SliceReferencingString(it->second);
Vijay Paie57abcf2015-09-29 22:55:34 +0000[diff] [blame]85 md_entry.flags = 0;
86 response_md.push_back(md_entry);
Julien Boeuf35b559f2015-08-26 23:17:35 -0700[diff] [blame]87 }
yang-g61e461e2015-09-03 13:08:59 -0700[diff] [blame]88 auto consumed_md_data = consumed_md.empty() ? nullptr : &consumed_md[0];
89 auto response_md_data = response_md.empty() ? nullptr : &response_md[0];
90 cb(user_data, consumed_md_data, consumed_md.size(), response_md_data,
Julien Boeuf35b559f2015-08-26 23:17:35 -0700[diff] [blame]91 response_md.size(), static_cast<grpc_status_code>(status.error_code()),
92 status.error_message().c_str());
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]93}
94
Craig Tillerd6c98df2015-08-18 09:33:44 -0700[diff] [blame]95int SecureServerCredentials::AddPortToServer(const grpc::string& addr,
96 grpc_server* server) {
Julien Boeuf1d2240c2015-04-09 21:07:56 -0700[diff] [blame]97 return grpc_server_add_secure_http2_port(server, addr.c_str(), creds_);
98}
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]99
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]100void SecureServerCredentials::SetAuthMetadataProcessor(
101 const std::shared_ptr<AuthMetadataProcessor>& processor) {
Craig Tiller71a0f9d2015-09-28 17:22:01 -0700[diff] [blame]102 auto* wrapper = new AuthMetadataProcessorAyncWrapper(processor);
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]103 grpc_server_credentials_set_auth_metadata_processor(
Julien Boeuf0c711ad2015-08-28 14:10:58 -0700[diff] [blame]104 creds_, {AuthMetadataProcessorAyncWrapper::Process,
105 AuthMetadataProcessorAyncWrapper::Destroy, wrapper});
Julien Boeufc2274e72015-08-10 12:45:17 -0700[diff] [blame]106}
107
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]108std::shared_ptr<ServerCredentials> SslServerCredentials(
Yang Gao6baa9b62015-03-17 10:49:39 -0700[diff] [blame]109 const SslServerCredentialsOptions& options) {
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]110 std::vector<grpc_ssl_pem_key_cert_pair> pem_key_cert_pairs;
Vijay Pai82dd80a2015-03-24 10:36:08 -0700[diff] [blame]111 for (auto key_cert_pair = options.pem_key_cert_pairs.begin();
Julien Boeuf1d2240c2015-04-09 21:07:56 -0700[diff] [blame]112 key_cert_pair != options.pem_key_cert_pairs.end(); key_cert_pair++) {
Vijay Pai82dd80a2015-03-24 10:36:08 -0700[diff] [blame]113 grpc_ssl_pem_key_cert_pair p = {key_cert_pair->private_key.c_str(),
Julien Boeuf1d2240c2015-04-09 21:07:56 -0700[diff] [blame]114 key_cert_pair->cert_chain.c_str()};
Vijay Pai82dd80a2015-03-24 10:36:08 -0700[diff] [blame]115 pem_key_cert_pairs.push_back(p);
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]116 }
Deepak Lukosedba4c5f2016-03-25 12:54:25 -0700[diff] [blame]117 grpc_server_credentials* c_creds = grpc_ssl_server_credentials_create_ex(
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]118 options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(),
yang-g61e461e2015-09-03 13:08:59 -0700[diff] [blame]119 pem_key_cert_pairs.empty() ? nullptr : &pem_key_cert_pairs[0],
Deepak Lukosedba4c5f2016-03-25 12:54:25 -0700[diff] [blame]120 pem_key_cert_pairs.size(),
121 options.force_client_auth
122 ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
123 : options.client_certificate_request,
124 nullptr);
Yang Gao6baa9b62015-03-17 10:49:39 -0700[diff] [blame]125 return std::shared_ptr<ServerCredentials>(
126 new SecureServerCredentials(c_creds));
Craig Tiller42bc87c2015-02-23 08:50:19 -0800[diff] [blame]127}
128
129} // namespace grpc