Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 1 | #region Copyright notice and license |
| 2 | |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 3 | // Copyright 2015 gRPC authors. |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 4 | // |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 5 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | // you may not use this file except in compliance with the License. |
| 7 | // You may obtain a copy of the License at |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 8 | // |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 9 | // http://www.apache.org/licenses/LICENSE-2.0 |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 10 | // |
Jan Tattermusch | 7897ae9 | 2017-06-07 22:57:36 +0200 | [diff] [blame] | 11 | // Unless required by applicable law or agreed to in writing, software |
| 12 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | // See the License for the specific language governing permissions and |
| 15 | // limitations under the License. |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 16 | |
| 17 | #endregion |
| 18 | |
| 19 | using System; |
Jan Tattermusch | 5bd75d7 | 2015-09-08 10:55:20 -0700 | [diff] [blame] | 20 | using System.Collections.Generic; |
| 21 | using System.Threading.Tasks; |
| 22 | |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 23 | using Grpc.Core.Internal; |
Jan Tattermusch | 5bd75d7 | 2015-09-08 10:55:20 -0700 | [diff] [blame] | 24 | using Grpc.Core.Utils; |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 25 | |
| 26 | namespace Grpc.Core |
| 27 | { |
Jan Tattermusch | 286975f | 2015-03-12 14:04:36 -0700 | [diff] [blame] | 28 | /// <summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 29 | /// Client-side channel credentials. Used for creation of a secure channel. |
Jan Tattermusch | 286975f | 2015-03-12 14:04:36 -0700 | [diff] [blame] | 30 | /// </summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 31 | public abstract class ChannelCredentials |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 32 | { |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 33 | static readonly ChannelCredentials InsecureInstance = new InsecureCredentialsImpl(); |
Jan Tattermusch | a96ac05 | 2015-07-24 14:49:30 -0700 | [diff] [blame] | 34 | |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 35 | /// <summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 36 | /// Returns instance of credentials that provides no security and |
Jan Tattermusch | a96ac05 | 2015-07-24 14:49:30 -0700 | [diff] [blame] | 37 | /// will result in creating an unsecure channel with no encryption whatsoever. |
| 38 | /// </summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 39 | public static ChannelCredentials Insecure |
Jan Tattermusch | a96ac05 | 2015-07-24 14:49:30 -0700 | [diff] [blame] | 40 | { |
| 41 | get |
| 42 | { |
| 43 | return InsecureInstance; |
| 44 | } |
| 45 | } |
| 46 | |
| 47 | /// <summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 48 | /// Creates a new instance of <c>ChannelCredentials</c> class by composing |
| 49 | /// given channel credentials with call credentials. |
| 50 | /// </summary> |
| 51 | /// <param name="channelCredentials">Channel credentials.</param> |
| 52 | /// <param name="callCredentials">Call credentials.</param> |
| 53 | /// <returns>The new composite <c>ChannelCredentials</c></returns> |
| 54 | public static ChannelCredentials Create(ChannelCredentials channelCredentials, CallCredentials callCredentials) |
| 55 | { |
| 56 | return new CompositeChannelCredentials(channelCredentials, callCredentials); |
| 57 | } |
| 58 | |
| 59 | /// <summary> |
Jan Tattermusch | a96ac05 | 2015-07-24 14:49:30 -0700 | [diff] [blame] | 60 | /// Creates native object for the credentials. May return null if insecure channel |
| 61 | /// should be created. |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 62 | /// </summary> |
| 63 | /// <returns>The native credentials.</returns> |
Jan Tattermusch | 08dea32 | 2015-10-26 17:34:10 -0700 | [diff] [blame] | 64 | internal abstract ChannelCredentialsSafeHandle ToNativeCredentials(); |
Jan Tattermusch | a96ac05 | 2015-07-24 14:49:30 -0700 | [diff] [blame] | 65 | |
Jan Tattermusch | 74f39e1 | 2015-09-23 20:14:56 -0700 | [diff] [blame] | 66 | /// <summary> |
| 67 | /// Returns <c>true</c> if this credential type allows being composed by <c>CompositeCredentials</c>. |
| 68 | /// </summary> |
| 69 | internal virtual bool IsComposable |
| 70 | { |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 71 | get { return false; } |
Jan Tattermusch | 74f39e1 | 2015-09-23 20:14:56 -0700 | [diff] [blame] | 72 | } |
| 73 | |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 74 | private sealed class InsecureCredentialsImpl : ChannelCredentials |
Jan Tattermusch | a96ac05 | 2015-07-24 14:49:30 -0700 | [diff] [blame] | 75 | { |
Jan Tattermusch | 08dea32 | 2015-10-26 17:34:10 -0700 | [diff] [blame] | 76 | internal override ChannelCredentialsSafeHandle ToNativeCredentials() |
Jan Tattermusch | a96ac05 | 2015-07-24 14:49:30 -0700 | [diff] [blame] | 77 | { |
| 78 | return null; |
| 79 | } |
| 80 | } |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 81 | } |
| 82 | |
| 83 | /// <summary> |
| 84 | /// Client-side SSL credentials. |
| 85 | /// </summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 86 | public sealed class SslCredentials : ChannelCredentials |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 87 | { |
Jan Tattermusch | 88a9b32 | 2015-07-23 21:43:44 -0700 | [diff] [blame] | 88 | readonly string rootCertificates; |
| 89 | readonly KeyCertificatePair keyCertificatePair; |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 90 | |
Jan Tattermusch | 88a9b32 | 2015-07-23 21:43:44 -0700 | [diff] [blame] | 91 | /// <summary> |
| 92 | /// Creates client-side SSL credentials loaded from |
| 93 | /// disk file pointed to by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable. |
| 94 | /// If that fails, gets the roots certificates from a well known place on disk. |
| 95 | /// </summary> |
| 96 | public SslCredentials() : this(null, null) |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 97 | { |
Jan Tattermusch | 88a9b32 | 2015-07-23 21:43:44 -0700 | [diff] [blame] | 98 | } |
| 99 | |
| 100 | /// <summary> |
| 101 | /// Creates client-side SSL credentials from |
| 102 | /// a string containing PEM encoded root certificates. |
| 103 | /// </summary> |
| 104 | public SslCredentials(string rootCertificates) : this(rootCertificates, null) |
| 105 | { |
| 106 | } |
| 107 | |
| 108 | /// <summary> |
| 109 | /// Creates client-side SSL credentials. |
| 110 | /// </summary> |
| 111 | /// <param name="rootCertificates">string containing PEM encoded server root certificates.</param> |
| 112 | /// <param name="keyCertificatePair">a key certificate pair.</param> |
| 113 | public SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair) |
| 114 | { |
| 115 | this.rootCertificates = rootCertificates; |
| 116 | this.keyCertificatePair = keyCertificatePair; |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 117 | } |
| 118 | |
| 119 | /// <summary> |
| 120 | /// PEM encoding of the server root certificates. |
| 121 | /// </summary> |
Jan Tattermusch | 88a9b32 | 2015-07-23 21:43:44 -0700 | [diff] [blame] | 122 | public string RootCertificates |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 123 | { |
| 124 | get |
| 125 | { |
Jan Tattermusch | 88a9b32 | 2015-07-23 21:43:44 -0700 | [diff] [blame] | 126 | return this.rootCertificates; |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | /// <summary> |
| 131 | /// Client side key and certificate pair. |
| 132 | /// If null, client will not use key and certificate pair. |
| 133 | /// </summary> |
| 134 | public KeyCertificatePair KeyCertificatePair |
| 135 | { |
| 136 | get |
| 137 | { |
| 138 | return this.keyCertificatePair; |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 139 | } |
| 140 | } |
| 141 | |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 142 | // Composing composite makes no sense. |
| 143 | internal override bool IsComposable |
| 144 | { |
| 145 | get { return true; } |
| 146 | } |
| 147 | |
Jan Tattermusch | 08dea32 | 2015-10-26 17:34:10 -0700 | [diff] [blame] | 148 | internal override ChannelCredentialsSafeHandle ToNativeCredentials() |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 149 | { |
Jan Tattermusch | 08dea32 | 2015-10-26 17:34:10 -0700 | [diff] [blame] | 150 | return ChannelCredentialsSafeHandle.CreateSslCredentials(rootCertificates, keyCertificatePair); |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 151 | } |
| 152 | } |
Jan Tattermusch | 5bd75d7 | 2015-09-08 10:55:20 -0700 | [diff] [blame] | 153 | |
| 154 | /// <summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 155 | /// Credentials that allow composing one <see cref="ChannelCredentials"/> object and |
| 156 | /// one or more <see cref="CallCredentials"/> objects into a single <see cref="ChannelCredentials"/>. |
Jan Tattermusch | 74f39e1 | 2015-09-23 20:14:56 -0700 | [diff] [blame] | 157 | /// </summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 158 | internal sealed class CompositeChannelCredentials : ChannelCredentials |
Jan Tattermusch | 5bd75d7 | 2015-09-08 10:55:20 -0700 | [diff] [blame] | 159 | { |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 160 | readonly ChannelCredentials channelCredentials; |
| 161 | readonly CallCredentials callCredentials; |
Jan Tattermusch | 5bd75d7 | 2015-09-08 10:55:20 -0700 | [diff] [blame] | 162 | |
Jan Tattermusch | 74f39e1 | 2015-09-23 20:14:56 -0700 | [diff] [blame] | 163 | /// <summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 164 | /// Initializes a new instance of <c>CompositeChannelCredentials</c> class. |
Jan Tattermusch | 74f39e1 | 2015-09-23 20:14:56 -0700 | [diff] [blame] | 165 | /// The resulting credentials object will be composite of all the credentials specified as parameters. |
| 166 | /// </summary> |
Jan Tattermusch | 5bd7005 | 2015-10-06 16:47:49 -0700 | [diff] [blame] | 167 | /// <param name="channelCredentials">channelCredentials to compose</param> |
| 168 | /// <param name="callCredentials">channelCredentials to compose</param> |
| 169 | public CompositeChannelCredentials(ChannelCredentials channelCredentials, CallCredentials callCredentials) |
Jan Tattermusch | 5bd75d7 | 2015-09-08 10:55:20 -0700 | [diff] [blame] | 170 | { |
Jan Tattermusch | 7a3ee6a | 2016-02-18 10:36:02 -0800 | [diff] [blame] | 171 | this.channelCredentials = GrpcPreconditions.CheckNotNull(channelCredentials); |
| 172 | this.callCredentials = GrpcPreconditions.CheckNotNull(callCredentials); |
| 173 | GrpcPreconditions.CheckArgument(channelCredentials.IsComposable, "Supplied channel credentials do not allow composition."); |
Jan Tattermusch | 5bd75d7 | 2015-09-08 10:55:20 -0700 | [diff] [blame] | 174 | } |
| 175 | |
Jan Tattermusch | 08dea32 | 2015-10-26 17:34:10 -0700 | [diff] [blame] | 176 | internal override ChannelCredentialsSafeHandle ToNativeCredentials() |
Jan Tattermusch | 5bd75d7 | 2015-09-08 10:55:20 -0700 | [diff] [blame] | 177 | { |
Jan Tattermusch | 08dea32 | 2015-10-26 17:34:10 -0700 | [diff] [blame] | 178 | using (var channelCreds = channelCredentials.ToNativeCredentials()) |
| 179 | using (var callCreds = callCredentials.ToNativeCredentials()) |
Jan Tattermusch | 74f39e1 | 2015-09-23 20:14:56 -0700 | [diff] [blame] | 180 | { |
Jan Tattermusch | 08dea32 | 2015-10-26 17:34:10 -0700 | [diff] [blame] | 181 | var nativeComposite = ChannelCredentialsSafeHandle.CreateComposite(channelCreds, callCreds); |
Jan Tattermusch | 74f39e1 | 2015-09-23 20:14:56 -0700 | [diff] [blame] | 182 | if (nativeComposite.IsInvalid) |
| 183 | { |
| 184 | throw new ArgumentException("Error creating native composite credentials. Likely, this is because you are trying to compose incompatible credentials."); |
| 185 | } |
| 186 | return nativeComposite; |
| 187 | } |
Jan Tattermusch | 5bd75d7 | 2015-09-08 10:55:20 -0700 | [diff] [blame] | 188 | } |
| 189 | } |
Jan Tattermusch | 1532923 | 2015-03-02 15:32:47 -0800 | [diff] [blame] | 190 | } |