First Spiffe1 commit
diff --git a/BUILD b/BUILD
index 6b51f07..dadc155 100644
--- a/BUILD
+++ b/BUILD
@@ -260,6 +260,7 @@
"include/grpcpp/security/credentials_impl.h",
"include/grpcpp/security/server_credentials.h",
"include/grpcpp/security/server_credentials_impl.h",
+ "include/grpcpp/security/tls_credentials_options.h",
"include/grpcpp/server.h",
"include/grpcpp/server_impl.h",
"include/grpcpp/server_builder.h",
@@ -357,6 +358,7 @@
"src/cpp/common/secure_auth_context.cc",
"src/cpp/common/secure_channel_arguments.cc",
"src/cpp/common/secure_create_auth_context.cc",
+ "src/cpp/common/tls_credentials_options.cc",
"src/cpp/server/insecure_server_credentials.cc",
"src/cpp/server/secure_server_credentials.cc",
],
diff --git a/build.yaml b/build.yaml
index f16a8f2..7c4a6cb 100644
--- a/build.yaml
+++ b/build.yaml
@@ -1457,6 +1457,7 @@
- include/grpcpp/security/credentials_impl.h
- include/grpcpp/security/server_credentials.h
- include/grpcpp/security/server_credentials_impl.h
+ - include/grpcpp/security/tls_credentials_options.h
- include/grpcpp/server.h
- include/grpcpp/server_builder.h
- include/grpcpp/server_builder_impl.h
@@ -1798,6 +1799,7 @@
- src/cpp/common/secure_auth_context.cc
- src/cpp/common/secure_channel_arguments.cc
- src/cpp/common/secure_create_auth_context.cc
+ - src/cpp/common/tls_credentials_options.cc
- src/cpp/server/insecure_server_credentials.cc
- src/cpp/server/secure_server_credentials.cc
deps:
diff --git a/include/grpcpp/security/credentials.h b/include/grpcpp/security/credentials.h
index 4df69f9..e38414d 100644
--- a/include/grpcpp/security/credentials.h
+++ b/include/grpcpp/security/credentials.h
@@ -132,6 +132,11 @@
return ::grpc_impl::experimental::LocalCredentials(type);
}
+static inline std::shared_ptr<grpc_impl::ChannelCredentials> SpiffeCredentials(
+ const TlsCredentialsOptions& options) {
+ return ::grpc_impl::experimental::SpiffeCredentials(options);
+}
+
} // namespace experimental
} // namespace grpc
diff --git a/include/grpcpp/security/credentials_impl.h b/include/grpcpp/security/credentials_impl.h
index bd79f30..4d7f83e 100644
--- a/include/grpcpp/security/credentials_impl.h
+++ b/include/grpcpp/security/credentials_impl.h
@@ -31,6 +31,7 @@
#include <grpcpp/support/channel_arguments_impl.h>
#include <grpcpp/support/status.h>
#include <grpcpp/support/string_ref.h>
+#include <grpcpp/security/tls_credentials_options.h>
struct grpc_call;
@@ -336,6 +337,10 @@
std::shared_ptr<ChannelCredentials> LocalCredentials(
grpc_local_connect_type type);
+/// Builds SPIFFE Credentials given TLS options.
+std::shared_ptr<ChannelCredentials> SpiffeCredentials(
+ const TlsCredentialsOptions& options);
+
} // namespace experimental
} // namespace grpc_impl
diff --git a/include/grpcpp/security/server_credentials.h b/include/grpcpp/security/server_credentials.h
index 57f7338..b5b6b39 100644
--- a/include/grpcpp/security/server_credentials.h
+++ b/include/grpcpp/security/server_credentials.h
@@ -79,6 +79,12 @@
return ::grpc_impl::experimental::LocalServerCredentials(type);
}
+/// Builds SPIFFE ServerCredentials given TLS options.
+static inline std::shared_ptr<ServerCredentials> SpiffeServerCredentials(
+ const TlsCredentialsOptions& options) {
+ return ::grpc_impl::experimental::SpiffeServerCredentials(options);
+}
+
} // namespace experimental
} // namespace grpc
diff --git a/include/grpcpp/security/server_credentials_impl.h b/include/grpcpp/security/server_credentials_impl.h
index f088490..3b9d243 100644
--- a/include/grpcpp/security/server_credentials_impl.h
+++ b/include/grpcpp/security/server_credentials_impl.h
@@ -25,6 +25,7 @@
#include <grpc/grpc_security_constants.h>
#include <grpcpp/security/auth_metadata_processor.h>
#include <grpcpp/support/config.h>
+#include <grpcpp/security/tls_credentials_options.h>
struct grpc_server;
@@ -79,6 +80,10 @@
std::shared_ptr<ServerCredentials> LocalServerCredentials(
grpc_local_connect_type type);
+/// Builds SPIFFE ServerCredentials given TLS options.
+std::shared_ptr<ServerCredentials> SpiffeServerCredentials(
+ const TlsCredentialsOptions& options);
+
} // namespace experimental
} // namespace grpc_impl
diff --git a/include/grpcpp/security/tls_credentials_options.h b/include/grpcpp/security/tls_credentials_options.h
new file mode 100644
index 0000000..b120cff
--- /dev/null
+++ b/include/grpcpp/security/tls_credentials_options.h
@@ -0,0 +1,94 @@
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef GRPCPP_TLS_CREDENTIALS_OPTIONS_H
+#define GRPCPP_TLS_CREDENTIALS_OPTIONS_H
+
+#include <vector>
+#include <memory>
+
+#include <grpcpp/support/config.h>
+#include <grpc/grpc_security_constants.h>
+
+#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
+
+namespace grpc_impl {
+namespace experimental {
+
+/** TLS key materials config, wrapper for grpc_tls_key_materials_config. **/
+class TlsKeyMaterialsConfig {
+ public:
+ struct PemKeyCertPair {
+ ::grpc::string private_key;
+ ::grpc::string cert_chain;
+ };
+
+ /** Getters for member fields. **/
+ const ::grpc::string pem_root_certs() const {
+ return pem_root_certs_;
+ }
+ const ::std::vector<PemKeyCertPair>& pem_key_cert_pair_list() const {
+ return pem_key_cert_pair_list_;
+ }
+
+ /**Setter for member fields. **/
+ void set_key_materials(::grpc::string pem_root_certs,
+ ::std::vector<PemKeyCertPair> pem_key_cert_pair_list);
+
+ /** Creates C struct for key materials. **/
+ grpc_core::RefCountedPtr<grpc_tls_key_materials_config> c_key_materials() const;
+
+ private:
+ ::std::vector<PemKeyCertPair> pem_key_cert_pair_list_;
+ ::grpc::string pem_root_certs_;
+};
+
+/** TLS credentials options, wrapper for grpc_tls_credentials_options. **/
+class TlsCredentialsOptions {
+ public:
+ /** Getters for member fields. **/
+ grpc_ssl_client_certificate_request_type cert_request_type() const{
+ return cert_request_type_;
+ }
+ std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config() const {
+ return key_materials_config_;
+ }
+
+ /** Setters for member fields. **/
+ void set_cert_request_type(
+ const grpc_ssl_client_certificate_request_type type) {
+ cert_request_type_ = type;
+ }
+
+ void set_key_materials_config(
+ std::shared_ptr<TlsKeyMaterialsConfig> config) {
+ key_materials_config_ = config;
+ }
+
+ /** Creates C struct for TLS credential options. **/
+ grpc_tls_credentials_options* c_credentials_options() const;
+
+ private:
+ grpc_ssl_client_certificate_request_type cert_request_type_;
+ std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config_;
+};
+
+} // namespace experimental
+} // namespace grpc_impl
+#endif /** GRPCPP_TLS_CREDENTIALS_OPTIONS_H **/
+
diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc
index ebff8af..b3b2bf4 100644
--- a/src/cpp/client/secure_credentials.cc
+++ b/src/cpp/client/secure_credentials.cc
@@ -280,6 +280,13 @@
return WrapChannelCredentials(grpc_local_credentials_create(type));
}
+// Builds SPIFFE Credentials given TLS options.
+std::shared_ptr<ChannelCredentials> SpiffeCredentials(
+ const TlsCredentialsOptions& options) {
+ return WrapChannelCredentials(grpc_tls_spiffe_credentials_create(
+ options.c_credentials_options()));
+}
+
} // namespace experimental
// Builds credentials for use when running in GCE
diff --git a/src/cpp/client/secure_credentials.h b/src/cpp/client/secure_credentials.h
index ed14df4..1f3e667 100644
--- a/src/cpp/client/secure_credentials.h
+++ b/src/cpp/client/secure_credentials.h
@@ -24,6 +24,7 @@
#include <grpcpp/security/credentials.h>
#include <grpcpp/security/credentials_impl.h>
#include <grpcpp/support/config.h>
+#include <grpcpp/security/tls_credentials_options.h>
#include "src/core/lib/security/credentials/credentials.h"
#include "src/cpp/server/thread_pool_interface.h"
diff --git a/src/cpp/common/tls_credentials_options.cc b/src/cpp/common/tls_credentials_options.cc
new file mode 100644
index 0000000..09d739d
--- /dev/null
+++ b/src/cpp/common/tls_credentials_options.cc
@@ -0,0 +1,45 @@
+/*
+ *
+ * Copyright 2019 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <grpcpp/security/tls_credentials_options.h>
+
+namespace grpc_impl {
+namespace experimental {
+
+/** gRPC TLS key materials config API implementation **/
+void TlsKeyMaterialsConfig::set_key_materials(
+ ::grpc::string pem_root_certs,
+ ::std::vector<PemKeyCertPair> pem_key_cert_pair_list) {
+ pem_key_cert_pair_list_ = ::std::move(pem_key_cert_pair_list);
+ pem_root_certs_ = ::std::move(pem_root_certs);
+}
+
+/** gRPC TLS credential options API implementation **/
+grpc_tls_credentials_options* TlsCredentialsOptions::c_credentials_options() const {
+ grpc_tls_credentials_options* c_options = grpc_tls_credentials_options_create();
+ c_options->set_cert_request_type(cert_request_type_);
+ // TODO: put in C configs into functions below.
+ c_options->set_key_materials_config(nullptr);
+ c_options->set_credential_reload_config(nullptr);
+ c_options->set_server_authorization_check_config(nullptr);
+ return c_options;
+}
+
+} // namespace experimental
+} // namespace grpc_impl
+
diff --git a/src/cpp/server/secure_server_credentials.cc b/src/cpp/server/secure_server_credentials.cc
index 93dc10f..ddbdf98 100644
--- a/src/cpp/server/secure_server_credentials.cc
+++ b/src/cpp/server/secure_server_credentials.cc
@@ -150,5 +150,12 @@
new SecureServerCredentials(grpc_local_server_credentials_create(type)));
}
+std::shared_ptr<ServerCredentials> SpiffeServerCredentials(
+ const TlsCredentialsOptions& options) {
+ return std::shared_ptr<ServerCredentials>(
+ new SecureServerCredentials(grpc_tls_spiffe_server_credentials_create(
+ options.c_credentials_options())));
+}
+
} // namespace experimental
} // namespace grpc_impl
diff --git a/src/cpp/server/secure_server_credentials.h b/src/cpp/server/secure_server_credentials.h
index 24b133c..0b49ef9 100644
--- a/src/cpp/server/secure_server_credentials.h
+++ b/src/cpp/server/secure_server_credentials.h
@@ -22,6 +22,7 @@
#include <memory>
#include <grpcpp/security/server_credentials.h>
+#include <grpcpp/security/tls_credentials_options.h>
#include <grpc/grpc_security.h>
