Chiebot-Mirror
/
grpc
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Small changes to ssl_util.h, added comments, fixed error in key materials unit test

Browse Source
pull/19778/head
Matthew Stevenson 6 years ago
parent aa207510ce
commit 094c35f872
10 changed files with 2350 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      XML_REPORT
  2. 8
      XML_REPORT2
  3. 7
      XML_REPORT3
  4. 317
      XML_REPORT4
  5. 1929
      XML_REPORT5
  6. 18
      include/grpcpp/security/tls_credentials_options.h
  7. 7
      ml
  8. 4
      src/core/lib/security/security_connector/ssl_utils.h
  9. 28
      src/cpp/common/tls_credentials_options.cc
  10. 55
      test/cpp/client/credentials_test.cc

8
XML_REPORT
View File

File diff suppressed because one or more lines are too long

8
XML_REPORT2
View File

File diff suppressed because one or more lines are too long

7
XML_REPORT3
View File

File diff suppressed because one or more lines are too long

317
XML_REPORT4
View File

File diff suppressed because one or more lines are too long

1929
XML_REPORT5
View File

File diff suppressed because one or more lines are too long

18
include/grpcpp/security/tls_credentials_options.h
Unescape View File

@ -56,6 +56,10 @@ class TlsKeyMaterialsConfig {
::grpc::string pem_root_certs_; ::grpc::string pem_root_certs_;
}; };
/** Creates smart pointer to a C++ version of the C key materials. **/
::std::shared_ptr<TlsKeyMaterialsConfig> tls_key_materials_c_to_cpp(
const grpc_tls_key_materials_config* config);
/** TLS credential reload arguments, wraps grpc_tls_credential_reload_arg. **/ /** TLS credential reload arguments, wraps grpc_tls_credential_reload_arg. **/
typedef class TlsCredentialReloadArg TlsCredentialReloadArg; typedef class TlsCredentialReloadArg TlsCredentialReloadArg;
@ -95,6 +99,11 @@ class TlsCredentialReloadArg {
::grpc::string error_details_; ::grpc::string error_details_;
}; };
/** Creates a smart pointer to a C++ version of the credential reload argument,
* with the callback function set to a nullptr. **/
::std::unique_ptr<TlsCredentialReloadArg> tls_credential_reload_arg_c_to_cpp(
const grpc_tls_credential_reload_arg* arg);
/** TLS credential reloag config, wraps grpc_tls_credential_reload_config. **/ /** TLS credential reloag config, wraps grpc_tls_credential_reload_config. **/
class TlsCredentialReloadConfig { class TlsCredentialReloadConfig {
public: public:
@ -117,7 +126,7 @@ class TlsCredentialReloadConfig {
} }
cancel_(config_user_data_, arg); cancel_(config_user_data_, arg);
} }
/** Creates C struct for the credential reload config. **/
grpc_tls_credential_reload_config* c_credential_reload() const; grpc_tls_credential_reload_config* c_credential_reload() const;
private: private:
@ -177,6 +186,12 @@ class TlsServerAuthorizationCheckArg {
::grpc::string error_details_; ::grpc::string error_details_;
}; };
/** Creates a smart pointer to a C++ version of the server authorization check
* argument, with the callback function set to a nullptr. **/
::std::unique_ptr<TlsServerAuthorizationCheckArg>
tls_server_authorization_check_arg_c_to_cpp(
const grpc_tls_server_authorization_check_arg* arg);
/** TLS server authorization check config, wraps /** TLS server authorization check config, wraps
* grps_tls_server_authorization_check_config. **/ * grps_tls_server_authorization_check_config. **/
class TlsServerAuthorizationCheckConfig { class TlsServerAuthorizationCheckConfig {
@ -202,6 +217,7 @@ class TlsServerAuthorizationCheckConfig {
cancel_(config_user_data_, arg); cancel_(config_user_data_, arg);
} }
/** Creates C struct for the server authorization check config. **/
grpc_tls_server_authorization_check_config* c_server_authorization_check() grpc_tls_server_authorization_check_config* c_server_authorization_check()
const; const;

7
ml
View File

File diff suppressed because one or more lines are too long

4
src/core/lib/security/security_connector/ssl_utils.h
Unescape View File

@ -137,6 +137,10 @@ class PemKeyCertPair {
cert_chain_(const_cast<char*>(pair->cert_chain)) { cert_chain_(const_cast<char*>(pair->cert_chain)) {
gpr_free(pair); gpr_free(pair);
} }
// Construct directly from the two strings.
explicit PemKeyCertPair(const char* private_key, const char* cert_chain)
: private_key_(grpc_core::UniquePtr<char>(gpr_strdup(private_key))),
cert_chain_(grpc_core::UniquePtr<char>(gpr_strdup(cert_chain))) {}
// Movable. // Movable.
PemKeyCertPair(PemKeyCertPair&& other) { PemKeyCertPair(PemKeyCertPair&& other) {

28
src/cpp/common/tls_credentials_options.cc
Unescape View File

@ -38,10 +38,9 @@ grpc_tls_key_materials_config* TlsKeyMaterialsConfig::c_key_materials() const {
c_pem_key_cert_pair_list; c_pem_key_cert_pair_list;
for (auto key_cert_pair = pem_key_cert_pair_list_.begin(); for (auto key_cert_pair = pem_key_cert_pair_list_.begin();
key_cert_pair != pem_key_cert_pair_list_.end(); key_cert_pair++) { key_cert_pair != pem_key_cert_pair_list_.end(); key_cert_pair++) {
grpc_ssl_pem_key_cert_pair p = {key_cert_pair->private_key.c_str(),
key_cert_pair->cert_chain.c_str()};
::grpc_core::PemKeyCertPair c_pem_key_cert_pair = ::grpc_core::PemKeyCertPair c_pem_key_cert_pair =
::grpc_core::PemKeyCertPair(&p); ::grpc_core::PemKeyCertPair(key_cert_pair->private_key.c_str(),
key_cert_pair->cert_chain.c_str());
c_pem_key_cert_pair_list.push_back(::std::move(c_pem_key_cert_pair)); c_pem_key_cert_pair_list.push_back(::std::move(c_pem_key_cert_pair));
} }
::grpc_core::UniquePtr<char> c_pem_root_certs( ::grpc_core::UniquePtr<char> c_pem_root_certs(
@ -51,21 +50,12 @@ grpc_tls_key_materials_config* TlsKeyMaterialsConfig::c_key_materials() const {
return c_config; return c_config;
} }
/** Creates smart pointer to a C++ version of the C key materials. **/ ::std::shared_ptr<TlsKeyMaterialsConfig> tls_key_materials_c_to_cpp(
::std::shared_ptr<TlsKeyMaterialsConfig> cpp_key_materials(
const grpc_tls_key_materials_config* config) { const grpc_tls_key_materials_config* config) {
::std::shared_ptr<TlsKeyMaterialsConfig> cpp_config( ::std::shared_ptr<TlsKeyMaterialsConfig> cpp_config(
new TlsKeyMaterialsConfig()); new TlsKeyMaterialsConfig());
::std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> ::std::vector<TlsKeyMaterialsConfig::PemKeyCertPair>
cpp_pem_key_cert_pair_list; cpp_pem_key_cert_pair_list;
/** for (auto key_cert_pair = config->pem_key_cert_pair_list().begin();
key_cert_pair != config->pem_key_cert_pair_list().end(); key_cert_pair++)
{ TlsKeyMaterialsConfig::PemKeyCertPair p = {key_cert_pair->private_key,
key_cert_pair->cert_chain};
cpp_pem_key_cert_pair_list.push_back(::std::move(p));
}
**/
// TODO: add begin() and end() to InlinedVector so above for loop works
grpc_tls_key_materials_config::PemKeyCertPairList pem_key_cert_pair_list = grpc_tls_key_materials_config::PemKeyCertPairList pem_key_cert_pair_list =
config->pem_key_cert_pair_list(); config->pem_key_cert_pair_list();
for (size_t i = 0; i < pem_key_cert_pair_list.size(); i++) { for (size_t i = 0; i < pem_key_cert_pair_list.size(); i++) {
@ -105,16 +95,15 @@ void TlsCredentialReloadArg::set_error_details(::grpc::string error_details) {
error_details_ = ::std::move(error_details); error_details_ = ::std::move(error_details);
} }
/** Creates a smart pointer to a C++ version of the credential reload argument,
* with the callback function set to a nullptr. **/
::std::unique_ptr<TlsCredentialReloadArg> tls_credential_reload_arg_c_to_cpp( ::std::unique_ptr<TlsCredentialReloadArg> tls_credential_reload_arg_c_to_cpp(
const grpc_tls_credential_reload_arg* arg) { const grpc_tls_credential_reload_arg* arg) {
::std::unique_ptr<TlsCredentialReloadArg> cpp_arg( ::std::unique_ptr<TlsCredentialReloadArg> cpp_arg(
new TlsCredentialReloadArg()); new TlsCredentialReloadArg());
cpp_arg->set_cb(nullptr); cpp_arg->set_cb(
static_cast<grpcpp_tls_on_credential_reload_done_cb>(nullptr));
cpp_arg->set_cb_user_data(arg->cb_user_data); cpp_arg->set_cb_user_data(arg->cb_user_data);
cpp_arg->set_key_materials_config( cpp_arg->set_key_materials_config(
cpp_key_materials(arg->key_materials_config)); tls_key_materials_c_to_cpp(arg->key_materials_config));
cpp_arg->set_status(arg->status); cpp_arg->set_status(arg->status);
cpp_arg->set_error_details(arg->error_details); cpp_arg->set_error_details(arg->error_details);
return cpp_arg; return cpp_arg;
@ -190,14 +179,13 @@ TlsCredentialReloadConfig::c_credential_reload() const {
/** gRPC TLS server authorization check arg API implementation **/ /** gRPC TLS server authorization check arg API implementation **/
/** Creates a smart pointer to a C++ version of the credential reload argument,
* with the callback function set to a nullptr. **/
::std::unique_ptr<TlsServerAuthorizationCheckArg> ::std::unique_ptr<TlsServerAuthorizationCheckArg>
tls_server_authorization_check_arg_c_to_cpp( tls_server_authorization_check_arg_c_to_cpp(
const grpc_tls_server_authorization_check_arg* arg) { const grpc_tls_server_authorization_check_arg* arg) {
::std::unique_ptr<TlsServerAuthorizationCheckArg> cpp_arg( ::std::unique_ptr<TlsServerAuthorizationCheckArg> cpp_arg(
new TlsServerAuthorizationCheckArg()); new TlsServerAuthorizationCheckArg());
cpp_arg->set_cb(nullptr); cpp_arg->set_cb(
static_cast<grpcpp_tls_on_server_authorization_check_done_cb>(nullptr));
cpp_arg->set_cb_user_data(arg->cb_user_data); cpp_arg->set_cb_user_data(arg->cb_user_data);
cpp_arg->set_success(arg->success); cpp_arg->set_success(arg->success);
cpp_arg->set_target_name(arg->target_name); cpp_arg->set_target_name(arg->target_name);

55
test/cpp/client/credentials_test.cc
Unescape View File

@ -214,36 +214,63 @@ TEST_F(CredentialsTest, TlsKeyMaterialsConfigCppToC) {
c_config->pem_key_cert_pair_list()[0].private_key()); c_config->pem_key_cert_pair_list()[0].private_key());
EXPECT_STREQ(pair.cert_chain.c_str(), EXPECT_STREQ(pair.cert_chain.c_str(),
c_config->pem_key_cert_pair_list()[0].cert_chain()); c_config->pem_key_cert_pair_list()[0].cert_chain());
gpr_free(c_config);
}
TEST_F(CredentialsTest, TlsKeyMaterialsCtoCpp) {
grpc_tls_key_materials_config c_config;
::grpc_core::PemKeyCertPair pem_key_cert_pair =
::grpc_core::PemKeyCertPair("private_key", "cert_chain");
::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1>
pem_key_cert_pair_list;
pem_key_cert_pair_list.push_back(pem_key_cert_pair);
c_config.set_key_materials(
::grpc_core::UniquePtr<char>(gpr_strdup("pem_root_certs")),
pem_key_cert_pair_list);
::std::shared_ptr<TlsKeyMaterialsConfig> cpp_config =
::grpc_impl::experimental::tls_key_materials_c_to_cpp(&c_config);
EXPECT_STREQ("pem_root_certs", cpp_config->pem_root_certs().c_str());
::std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> cpp_pair_list =
cpp_config->pem_key_cert_pair_list();
EXPECT_EQ(1, static_cast<int>(cpp_pair_list.size()));
EXPECT_STREQ("private_key", cpp_pair_list[0].private_key.c_str());
EXPECT_STREQ("cert_chain", cpp_pair_list[0].cert_chain.c_str());
} }
typedef class ::grpc_impl::experimental::TlsCredentialReloadArg typedef class ::grpc_impl::experimental::TlsCredentialReloadArg
TlsCredentialReloadArg; TlsCredentialReloadArg;
typedef class ::grpc_impl::experimental::TlsCredentialReloadConfig typedef class ::grpc_impl::experimental::TlsCredentialReloadConfig
TlsCredentialReloadConfig; TlsCredentialReloadConfig;
typedef void (*grpcpp_tls_on_credential_reload_done_cb)(
TlsCredentialReloadArg* arg);
TEST_F(CredentialsTest, TlsCredentialReloadArgCppToC) { TEST_F(CredentialsTest, TlsCredentialReloadArgCppToC) {
TlsCredentialReloadArg arg; TlsCredentialReloadArg arg;
// Only sync credential reload supported currently, // Only sync credential reload supported currently,
// so we use a nullptr call back function. // so we use a nullptr call back function.
arg.set_cb(nullptr); arg.set_cb(static_cast<grpcpp_tls_on_credential_reload_done_cb>(nullptr));
arg.set_cb_user_data(nullptr); arg.set_cb_user_data(nullptr);
arg.set_key_materials_config(nullptr); arg.set_key_materials_config(
static_cast<::std::shared_ptr<TlsKeyMaterialsConfig>>(nullptr));
arg.set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); arg.set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
arg.set_error_details("error_details"); arg.set_error_details("error_details");
grpc_tls_credential_reload_arg* c_arg = arg.c_credential_reload_arg(); grpc_tls_credential_reload_arg* c_arg = arg.c_credential_reload_arg();
EXPECT_NE(c_arg, nullptr); EXPECT_EQ(c_arg->cb,
EXPECT_EQ(c_arg->cb, nullptr); static_cast<grpc_tls_on_credential_reload_done_cb>(nullptr));
EXPECT_EQ(c_arg->cb_user_data, nullptr); EXPECT_EQ(c_arg->cb_user_data, nullptr);
EXPECT_EQ(c_arg->key_materials_config, nullptr); EXPECT_EQ(c_arg->key_materials_config,
static_cast<::std::shared_ptr<TlsKeyMaterialsConfig>>(nullptr));
EXPECT_EQ(c_arg->status, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); EXPECT_EQ(c_arg->status, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
EXPECT_STREQ(c_arg->error_details, "error_details"); EXPECT_STREQ(c_arg->error_details, "error_details");
} }
/**
TEST_F(CredentialsTest, TlsCredentialReloadConfigCppToC) { TEST_F(CredentialsTest, TlsCredentialReloadConfigCppToC) {
TlsCredentialReloadConfig config = TlsCredentialReloadConfig config =
TlsCredentialReloadConfig(nullptr, nullptr, nullptr, nullptr); TlsCredentialReloadConfig(nullptr, nullptr, nullptr, nullptr);
grpc_tls_credential_reload_config* c_config = config.c_credential_reload(); grpc_tls_credential_reload_config* c_config = config.c_credential_reload();
EXPECT_NE(c_config, nullptr); EXPECT_EQ(c_config, nullptr);
// EXPECT_NE(c_config, nullptr);
// TODO: add tests to compare schedule, cancel, destruct fields. // TODO: add tests to compare schedule, cancel, destruct fields.
} }
@ -261,16 +288,22 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCppToC) {
arg.set_success(1); arg.set_success(1);
arg.set_peer_cert("peer_cert"); arg.set_peer_cert("peer_cert");
arg.set_status(GRPC_STATUS_OK); arg.set_status(GRPC_STATUS_OK);
arg.set_target_name("target_name");
arg.set_error_details("error_details"); arg.set_error_details("error_details");
grpc_tls_server_authorization_check_arg* c_arg = grpc_tls_server_authorization_check_arg* c_arg =
arg.c_server_authorization_check_arg(); arg.c_server_authorization_check_arg();
EXPECT_NE(c_arg, nullptr); // EXPECT_NE(c_arg, nullptr);
EXPECT_EQ(c_arg->cb, nullptr); EXPECT_EQ(c_arg->cb, nullptr);
EXPECT_EQ(c_arg->cb_user_data, nullptr); EXPECT_EQ(c_arg->cb_user_data, nullptr);
EXPECT_EQ(c_arg->success, 1); RecordProperty("TlsServerAuthorizationCheckArgCppToC::c_arg->success",
EXPECT_STREQ(c_arg->peer_cert, "peer_cert"); c_arg->success); EXPECT_EQ(c_arg->success, 1);
RecordProperty("TlsServerAuthorizationCheckArgCppToC::c_arg->peer_cert",
c_arg->peer_cert); EXPECT_STREQ(c_arg->peer_cert, "peer_cert");
RecordProperty("TlsServerAuthorizationCheckArgCppToC::c_arg->target_name",
c_arg->target_name); EXPECT_STREQ(c_arg->target_name, "target_name");
EXPECT_EQ(c_arg->status, GRPC_STATUS_OK); EXPECT_EQ(c_arg->status, GRPC_STATUS_OK);
EXPECT_STREQ(c_arg->error_details, "error_details"); RecordProperty("TlsServerAuthorizationCheckArgCppToC::c_arg->error_details",
c_arg->error_details); EXPECT_STREQ(c_arg->error_details, "error_details");
} }
TEST_F(CredentialsTest, TlsServerAuthorizationCheckCppToC) { TEST_F(CredentialsTest, TlsServerAuthorizationCheckCppToC) {
@ -302,7 +335,9 @@ TEST_F(CredentialsTest, TlsCredentialsOptionsCppToC) {
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY); GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
EXPECT_EQ(c_options->key_materials_config(), EXPECT_EQ(c_options->key_materials_config(),
key_materials_config->c_key_materials()); key_materials_config->c_key_materials());
gpr_free(c_options);
} }
**/
} // namespace testing } // namespace testing
} // namespace grpc } // namespace grpc

Write Preview
Loading…
Cancel
Save