Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updates implementation of rb_server_credentials

Browse Source 
- allows use of multiple credentials, e.g, per servername
pull/3158/head
Tim Emiola 9 years ago
parent 68e63c7fc7
commit 14d0a3c796
1 changed files with 90 additions and 35 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 125
      src/ruby/ext/grpc/rb_server_credentials.c

125
src/ruby/ext/grpc/rb_server_credentials.c
Unescape View File

@ -135,63 +135,117 @@ static VALUE grpc_rb_server_credentials_init_copy(VALUE copy, VALUE orig) {
return copy; return copy;
} }
/* The attribute used on the mark object to hold the pem_root_certs. */ /* The attribute used on the mark object to preserve the pem_root_certs. */
static ID id_pem_root_certs; static ID id_pem_root_certs;
/* The attribute used on the mark object to hold the pem_private_key. */ /* The attribute used on the mark object to preserve the pem_key_certs */
static ID id_pem_private_key; static ID id_pem_key_certs;
/* The attribute used on the mark object to hold the pem_private_key. */ /* The key used to access the pem cert in a key_cert pair hash */
static ID id_pem_cert_chain; static VALUE sym_cert_chain;
/* The key used to access the pem private key in a key_cert pair hash */
static VALUE sym_private_key;
/* /*
call-seq: call-seq:
creds = ServerCredentials.new(pem_root_certs, pem_private_key, creds = ServerCredentials.new(nil,
pem_cert_chain) [{private_key: <pem_private_key1>,
creds = ServerCredentials.new(nil, pem_private_key, {cert_chain: <pem_cert_chain1>}],
pem_cert_chain) force_client_auth)
creds = ServerCredentials.new(pem_root_certs,
pem_root_certs: (required) PEM encoding of the server root certificate [{private_key: <pem_private_key1>,
pem_private_key: (optional) PEM encoding of the server's private key {cert_chain: <pem_cert_chain1>}],
pem_cert_chain: (optional) PEM encoding of the server's cert chain force_client_auth)
pem_root_certs: (optional) PEM encoding of the server root certificate
pem_private_key: (required) PEM encoding of the server's private keys
force_client_auth: indicatees
Initializes ServerCredential instances. */ Initializes ServerCredential instances. */
static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs, static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs,
VALUE pem_private_key, VALUE pem_key_certs,
VALUE pem_cert_chain) { VALUE force_client_auth) {
/* TODO support multiple key cert pairs in the ruby API. */
grpc_rb_server_credentials *wrapper = NULL; grpc_rb_server_credentials *wrapper = NULL;
grpc_server_credentials *creds = NULL; grpc_server_credentials *creds = NULL;
grpc_ssl_pem_key_cert_pair key_cert_pair = {NULL, NULL}; grpc_ssl_pem_key_cert_pair *key_cert_pairs = NULL;
TypedData_Get_Struct(self, grpc_rb_server_credentials, VALUE cert = Qnil;
&grpc_rb_server_credentials_data_type, wrapper); VALUE key = Qnil;
if (pem_cert_chain == Qnil) { VALUE key_cert = Qnil;
rb_raise(rb_eRuntimeError, int auth_client = 0;
"could not create a server credential: nil pem_cert_chain"); int num_key_certs = 0;
int i;
if (NIL_P(force_client_auth) ||
!(force_client_auth == Qfalse || force_client_auth == Qtrue)) {
rb_raise(rb_eTypeError,
"bad force_client_auth: got:<%s> want: <True|False|nil>",
rb_obj_classname(force_client_auth));
return Qnil; return Qnil;
} else if (pem_private_key == Qnil) { }
rb_raise(rb_eRuntimeError, if (NIL_P(pem_key_certs) || TYPE(pem_key_certs) != T_ARRAY) {
"could not create a server credential: nil pem_private_key"); rb_raise(rb_eTypeError, "bad pem_key_certs: got:<%s> want: <Array>",
rb_obj_classname(pem_key_certs));
return Qnil;
}
num_key_certs = RARRAY_LEN(pem_key_certs);
if (num_key_certs == 0) {
rb_raise(rb_eTypeError, "bad pem_key_certs: it had no elements");
return Qnil; return Qnil;
} }
key_cert_pair.private_key = RSTRING_PTR(pem_private_key); for (i = 0; i < num_key_certs; i++) {
key_cert_pair.cert_chain = RSTRING_PTR(pem_cert_chain); key_cert = rb_ary_entry(pem_key_certs, i);
/* TODO Add a force_client_auth parameter and pass it here. */ if (key_cert == Qnil) {
rb_raise(rb_eTypeError,
"could not create a server credential: nil key_cert");
return Qnil;
} else if (TYPE(key_cert) != T_HASH) {
rb_raise(rb_eTypeError,
"could not create a server credential: want <Hash>, got <%s>",
rb_obj_classname(key_cert));
return Qnil;
} else if (rb_hash_aref(key_cert, sym_private_key) == Qnil) {
rb_raise(rb_eTypeError,
"could not create a server credential: want nil private key");
return Qnil;
} else if (rb_hash_aref(key_cert, sym_cert_chain) == Qnil) {
rb_raise(rb_eTypeError,
"could not create a server credential: want nil cert chain");
return Qnil;
}
}
auth_client = TYPE(force_client_auth) == T_TRUE;
key_cert_pairs = ALLOC_N(grpc_ssl_pem_key_cert_pair, num_key_certs);
for (i = 0; i < num_key_certs; i++) {
key_cert = rb_ary_entry(pem_key_certs, i);
key = rb_hash_aref(key_cert, sym_private_key);
cert = rb_hash_aref(key_cert, sym_cert_chain);
key_cert_pairs[i].private_key = RSTRING_PTR(key);
key_cert_pairs[i].cert_chain = RSTRING_PTR(cert);
}
TypedData_Get_Struct(self, grpc_rb_server_credentials,
&grpc_rb_server_credentials_data_type, wrapper);
if (pem_root_certs == Qnil) { if (pem_root_certs == Qnil) {
creds = creds = grpc_ssl_server_credentials_create(NULL, key_cert_pairs,
grpc_ssl_server_credentials_create(NULL, &key_cert_pair, 1, 0, NULL); num_key_certs,
auth_client, NULL);
} else { } else {
creds = grpc_ssl_server_credentials_create(RSTRING_PTR(pem_root_certs), creds = grpc_ssl_server_credentials_create(RSTRING_PTR(pem_root_certs),
&key_cert_pair, 1, 0, NULL); key_cert_pairs, num_key_certs,
auth_client, NULL);
} }
xfree(key_cert_pairs);
if (creds == NULL) { if (creds == NULL) {
rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why"); rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why");
return Qnil;
} }
wrapper->wrapped = creds; wrapper->wrapped = creds;
/* Add the input objects as hidden fields to preserve them. */ /* Add the input objects as hidden fields to preserve them. */
rb_ivar_set(self, id_pem_cert_chain, pem_cert_chain); rb_ivar_set(self, id_pem_key_certs, pem_key_certs);
rb_ivar_set(self, id_pem_private_key, pem_private_key);
rb_ivar_set(self, id_pem_root_certs, pem_root_certs); rb_ivar_set(self, id_pem_root_certs, pem_root_certs);
return self; return self;
@ -211,9 +265,10 @@ void Init_grpc_server_credentials() {
rb_define_method(grpc_rb_cServerCredentials, "initialize_copy", rb_define_method(grpc_rb_cServerCredentials, "initialize_copy",
grpc_rb_server_credentials_init_copy, 1); grpc_rb_server_credentials_init_copy, 1);
id_pem_cert_chain = rb_intern("__pem_cert_chain"); id_pem_key_certs = rb_intern("__pem_key_certs");
id_pem_private_key = rb_intern("__pem_private_key");
id_pem_root_certs = rb_intern("__pem_root_certs"); id_pem_root_certs = rb_intern("__pem_root_certs");
sym_private_key = ID2SYM(rb_intern("private_key"));
sym_cert_chain = ID2SYM(rb_intern("cert_chain"));
} }
/* Gets the wrapped grpc_server_credentials from the ruby wrapper */ /* Gets the wrapped grpc_server_credentials from the ruby wrapper */

Write Preview
Loading…
Cancel
Save