grpc/src/core/lib/security/credentials/tls/tls_credentials.cc - platform/external/rust/crates/grpcio-sys - Git at Google

 /*
  *
  * Copyright 2018 gRPC authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  */

 #include <grpc/support/port_platform.h>

 #include "src/core/lib/security/credentials/tls/tls_credentials.h"

 #include <cstring>

 #include <grpc/grpc.h>
 #include <grpc/support/alloc.h>
 #include <grpc/support/log.h>
 #include <grpc/support/string_util.h>

 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/security/security_connector/tls/tls_security_connector.h"

 #define GRPC_CREDENTIALS_TYPE_TLS "Tls"

 namespace {

 bool CredentialOptionSanityCheck(const grpc_tls_credentials_options* options,
                                  bool is_client) {
   if (options == nullptr) {
     gpr_log(GPR_ERROR, "TLS credentials options is nullptr.");
     return false;
   }
   // TODO(ZhenLian): remove this when it is also supported on server side.
   if (!is_client && options->server_authorization_check_config() != nullptr) {
     gpr_log(GPR_INFO,
             "Server's credentials options should not contain server "
             "authorization check config.");
   }
   if (options->server_verification_option() != GRPC_TLS_SERVER_VERIFICATION &&
       options->server_authorization_check_config() == nullptr) {
     gpr_log(GPR_ERROR,
             "Should provider custom verifications if bypassing default ones.");
     return false;
   }
   return true;
 }

 }  // namespace

 TlsCredentials::TlsCredentials(
     grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
     : grpc_channel_credentials(GRPC_CREDENTIALS_TYPE_TLS),
       options_(std::move(options)) {}

 TlsCredentials::~TlsCredentials() {}

 grpc_core::RefCountedPtr<grpc_channel_security_connector>
 TlsCredentials::create_security_connector(
     grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
     const char* target_name, const grpc_channel_args* args,
     grpc_channel_args** new_args) {
   const char* overridden_target_name = nullptr;
   tsi_ssl_session_cache* ssl_session_cache = nullptr;
   for (size_t i = 0; args != nullptr && i < args->num_args; i++) {
     grpc_arg* arg = &args->args[i];
     if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 &&
         arg->type == GRPC_ARG_STRING) {
       overridden_target_name = arg->value.string;
     }
     if (strcmp(arg->key, GRPC_SSL_SESSION_CACHE_ARG) == 0 &&
         arg->type == GRPC_ARG_POINTER) {
       ssl_session_cache =
           static_cast<tsi_ssl_session_cache*>(arg->value.pointer.p);
     }
   }
   grpc_core::RefCountedPtr<grpc_channel_security_connector> sc =
       grpc_core::TlsChannelSecurityConnector::CreateTlsChannelSecurityConnector(
           this->Ref(), options_, std::move(call_creds), target_name,
           overridden_target_name, ssl_session_cache);
   if (sc == nullptr) {
     return nullptr;
   }
   if (args != nullptr) {
     grpc_arg new_arg = grpc_channel_arg_string_create(
         const_cast<char*>(GRPC_ARG_HTTP2_SCHEME), const_cast<char*>("https"));
     *new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1);
   }
   return sc;
 }

 TlsServerCredentials::TlsServerCredentials(
     grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
     : grpc_server_credentials(GRPC_CREDENTIALS_TYPE_TLS),
       options_(std::move(options)) {}

 TlsServerCredentials::~TlsServerCredentials() {}

 grpc_core::RefCountedPtr<grpc_server_security_connector>
 TlsServerCredentials::create_security_connector(
     const grpc_channel_args* /* args */) {
   return grpc_core::TlsServerSecurityConnector::
       CreateTlsServerSecurityConnector(this->Ref(), options_);
 }

 /** -- Wrapper APIs declared in grpc_security.h -- **/

 grpc_channel_credentials* grpc_tls_credentials_create(
     grpc_tls_credentials_options* options) {
   if (!CredentialOptionSanityCheck(options, true /* is_client */)) {
     return nullptr;
   }
   return new TlsCredentials(
       grpc_core::RefCountedPtr<grpc_tls_credentials_options>(options));
 }

 grpc_server_credentials* grpc_tls_server_credentials_create(
     grpc_tls_credentials_options* options) {
   if (!CredentialOptionSanityCheck(options, false /* is_client */)) {
     return nullptr;
   }
   return new TlsServerCredentials(
       grpc_core::RefCountedPtr<grpc_tls_credentials_options>(options));
 }
	/*
	*
	* Copyright 2018 gRPC authors.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/

	#include <grpc/support/port_platform.h>

	#include "src/core/lib/security/credentials/tls/tls_credentials.h"

	#include <cstring>

	#include <grpc/grpc.h>
	#include <grpc/support/alloc.h>
	#include <grpc/support/log.h>
	#include <grpc/support/string_util.h>

	#include "src/core/lib/channel/channel_args.h"
	#include "src/core/lib/security/security_connector/tls/tls_security_connector.h"

	#define GRPC_CREDENTIALS_TYPE_TLS "Tls"

	namespace {

	bool CredentialOptionSanityCheck(const grpc_tls_credentials_options* options,
	bool is_client) {
	if (options == nullptr) {
	gpr_log(GPR_ERROR, "TLS credentials options is nullptr.");
	return false;
	}
	// TODO(ZhenLian): remove this when it is also supported on server side.
	if (!is_client && options->server_authorization_check_config() != nullptr) {
	gpr_log(GPR_INFO,
	"Server's credentials options should not contain server "
	"authorization check config.");
	}
	if (options->server_verification_option() != GRPC_TLS_SERVER_VERIFICATION &&
	options->server_authorization_check_config() == nullptr) {
	gpr_log(GPR_ERROR,
	"Should provider custom verifications if bypassing default ones.");
	return false;
	}
	return true;
	}

	} // namespace

	TlsCredentials::TlsCredentials(
	grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
	: grpc_channel_credentials(GRPC_CREDENTIALS_TYPE_TLS),
	options_(std::move(options)) {}

	TlsCredentials::~TlsCredentials() {}

	grpc_core::RefCountedPtr<grpc_channel_security_connector>
	TlsCredentials::create_security_connector(
	grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
	const char* target_name, const grpc_channel_args* args,
	grpc_channel_args** new_args) {
	const char* overridden_target_name = nullptr;
	tsi_ssl_session_cache* ssl_session_cache = nullptr;
	for (size_t i = 0; args != nullptr && i < args->num_args; i++) {
	grpc_arg* arg = &args->args[i];
	if (strcmp(arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 &&
	arg->type == GRPC_ARG_STRING) {
	overridden_target_name = arg->value.string;
	}
	if (strcmp(arg->key, GRPC_SSL_SESSION_CACHE_ARG) == 0 &&
	arg->type == GRPC_ARG_POINTER) {
	ssl_session_cache =
	static_cast<tsi_ssl_session_cache*>(arg->value.pointer.p);
	}
	}
	grpc_core::RefCountedPtr<grpc_channel_security_connector> sc =
	grpc_core::TlsChannelSecurityConnector::CreateTlsChannelSecurityConnector(
	this->Ref(), options_, std::move(call_creds), target_name,
	overridden_target_name, ssl_session_cache);
	if (sc == nullptr) {
	return nullptr;
	}
	if (args != nullptr) {
	grpc_arg new_arg = grpc_channel_arg_string_create(
	const_cast<char>(GRPC_ARG_HTTP2_SCHEME), const_cast<char>("https"));
	*new_args = grpc_channel_args_copy_and_add(args, &new_arg, 1);
	}
	return sc;
	}

	TlsServerCredentials::TlsServerCredentials(
	grpc_core::RefCountedPtr<grpc_tls_credentials_options> options)
	: grpc_server_credentials(GRPC_CREDENTIALS_TYPE_TLS),
	options_(std::move(options)) {}

	TlsServerCredentials::~TlsServerCredentials() {}

	grpc_core::RefCountedPtr<grpc_server_security_connector>
	TlsServerCredentials::create_security_connector(
	const grpc_channel_args* /* args */) {
	return grpc_core::TlsServerSecurityConnector::
	CreateTlsServerSecurityConnector(this->Ref(), options_);
	}

	/ -- Wrapper APIs declared in grpc_security.h -- /

	grpc_channel_credentials* grpc_tls_credentials_create(
	grpc_tls_credentials_options* options) {
	if (!CredentialOptionSanityCheck(options, true /* is_client */)) {
	return nullptr;
	}
	return new TlsCredentials(
	grpc_core::RefCountedPtr<grpc_tls_credentials_options>(options));
	}

	grpc_server_credentials* grpc_tls_server_credentials_create(
	grpc_tls_credentials_options* options) {
	if (!CredentialOptionSanityCheck(options, false /* is_client */)) {
	return nullptr;
	}
	return new TlsServerCredentials(
	grpc_core::RefCountedPtr<grpc_tls_credentials_options>(options));
	}