Chiebot-Mirror
/
grpc
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Revert "Collect TLS-specific changes from PR 20568."

Browse Source
pull/21778/head
matthewstevenson88 5 years ago committed by GitHub
parent 214fd8822b
commit 26d50f726a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 57 additions and 105 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 43
      include/grpcpp/security/tls_credentials_options.h
  2. 62
      src/cpp/common/tls_credentials_options.cc
  3. 45
      test/cpp/client/credentials_test.cc

43
include/grpcpp/security/tls_credentials_options.h
Unescape View File

@ -55,13 +55,12 @@ class TlsKeyMaterialsConfig {
} }
int version() const { return version_; } int version() const { return version_; }
/** Setter for key materials that will be called by the user. Ownership of the /** Setter for key materials that will be called by the user. The setter
* arguments will not be transferred. **/ * transfers ownership of the arguments to the config. **/
void set_pem_root_certs(const grpc::string& pem_root_certs); void set_pem_root_certs(grpc::string pem_root_certs);
void add_pem_key_cert_pair(const PemKeyCertPair& pem_key_cert_pair); void add_pem_key_cert_pair(const PemKeyCertPair& pem_key_cert_pair);
void set_key_materials( void set_key_materials(grpc::string pem_root_certs,
const grpc::string& pem_root_certs, std::vector<PemKeyCertPair> pem_key_cert_pair_list);
const std::vector<PemKeyCertPair>& pem_key_cert_pair_list);
void set_version(int version) { version_ = version; }; void set_version(int version) { version_ = version; };
private: private:
@ -81,26 +80,30 @@ class TlsKeyMaterialsConfig {
class TlsCredentialReloadArg { class TlsCredentialReloadArg {
public: public:
/** TlsCredentialReloadArg does not take ownership of the C arg that is passed /** TlsCredentialReloadArg does not take ownership of the C arg that is passed
* to the constructor. One must remember to free any memory allocated to the * to the constructor. One must remember to free any memory allocated to the C
* C arg after using the setter functions below. **/ * arg after using the setter functions below. **/
TlsCredentialReloadArg(grpc_tls_credential_reload_arg* arg); TlsCredentialReloadArg(grpc_tls_credential_reload_arg* arg);
~TlsCredentialReloadArg(); ~TlsCredentialReloadArg();
/** Getters for member fields. **/ /** Getters for member fields. The callback function is not exposed.
* They return the corresponding fields of the underlying C arg. In the case
* of the key materials config, it creates a new instance of the C++ key
* materials config from the underlying C grpc_tls_key_materials_config. **/
void* cb_user_data() const; void* cb_user_data() const;
bool is_pem_key_cert_pair_list_empty() const; bool is_pem_key_cert_pair_list_empty() const;
grpc_ssl_certificate_config_reload_status status() const; grpc_ssl_certificate_config_reload_status status() const;
grpc::string error_details() const; grpc::string error_details() const;
/** Setters for member fields. Ownership of the arguments will not be /** Setters for member fields. They modify the fields of the underlying C arg.
* transferred. **/ * The setters for the key_materials_config and the error_details allocate
* memory when modifying c_arg_, so one must remember to free c_arg_'s
* original key_materials_config or error_details after using the appropriate
* setter function.
* **/
void set_cb_user_data(void* cb_user_data); void set_cb_user_data(void* cb_user_data);
void set_pem_root_certs(const grpc::string& pem_root_certs); void set_pem_root_certs(const grpc::string& pem_root_certs);
void add_pem_key_cert_pair( void add_pem_key_cert_pair(
const TlsKeyMaterialsConfig::PemKeyCertPair& pem_key_cert_pair); TlsKeyMaterialsConfig::PemKeyCertPair pem_key_cert_pair);
void set_key_materials(const grpc::string& pem_root_certs,
std::vector<TlsKeyMaterialsConfig::PemKeyCertPair>
pem_key_cert_pair_list);
void set_key_materials_config( void set_key_materials_config(
const std::shared_ptr<TlsKeyMaterialsConfig>& key_materials_config); const std::shared_ptr<TlsKeyMaterialsConfig>& key_materials_config);
void set_status(grpc_ssl_certificate_config_reload_status status); void set_status(grpc_ssl_certificate_config_reload_status status);
@ -184,7 +187,8 @@ class TlsServerAuthorizationCheckArg {
TlsServerAuthorizationCheckArg(grpc_tls_server_authorization_check_arg* arg); TlsServerAuthorizationCheckArg(grpc_tls_server_authorization_check_arg* arg);
~TlsServerAuthorizationCheckArg(); ~TlsServerAuthorizationCheckArg();
/** Getters for member fields. **/ /** Getters for member fields. They return the corresponding fields of the
* underlying C arg.**/
void* cb_user_data() const; void* cb_user_data() const;
int success() const; int success() const;
grpc::string target_name() const; grpc::string target_name() const;
@ -193,7 +197,12 @@ class TlsServerAuthorizationCheckArg {
grpc_status_code status() const; grpc_status_code status() const;
grpc::string error_details() const; grpc::string error_details() const;
/** Setters for member fields. **/ /** Setters for member fields. They modify the fields of the underlying C arg.
* The setters for target_name, peer_cert, and error_details allocate memory
* when modifying c_arg_, so one must remember to free c_arg_'s original
* target_name, peer_cert, or error_details after using the appropriate setter
* function.
* **/
void set_cb_user_data(void* cb_user_data); void set_cb_user_data(void* cb_user_data);
void set_success(int success); void set_success(int success);
void set_target_name(const grpc::string& target_name); void set_target_name(const grpc::string& target_name);

62
src/cpp/common/tls_credentials_options.cc
Unescape View File

@ -16,18 +16,19 @@
* *
*/ */
#include <grpc/support/alloc.h>
#include <grpcpp/security/tls_credentials_options.h> #include <grpcpp/security/tls_credentials_options.h>
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
#include <grpc/support/alloc.h>
#include "src/cpp/common/tls_credentials_options_util.h" #include "src/cpp/common/tls_credentials_options_util.h"
namespace grpc_impl { namespace grpc_impl {
namespace experimental { namespace experimental {
/** TLS key materials config API implementation **/ /** TLS key materials config API implementation **/
void TlsKeyMaterialsConfig::set_pem_root_certs( void TlsKeyMaterialsConfig::set_pem_root_certs(grpc::string pem_root_certs) {
const grpc::string& pem_root_certs) { pem_root_certs_ = std::move(pem_root_certs);
pem_root_certs_ = pem_root_certs;
} }
void TlsKeyMaterialsConfig::add_pem_key_cert_pair( void TlsKeyMaterialsConfig::add_pem_key_cert_pair(
@ -36,10 +37,10 @@ void TlsKeyMaterialsConfig::add_pem_key_cert_pair(
} }
void TlsKeyMaterialsConfig::set_key_materials( void TlsKeyMaterialsConfig::set_key_materials(
const grpc::string& pem_root_certs, grpc::string pem_root_certs,
const std::vector<PemKeyCertPair>& pem_key_cert_pair_list) { std::vector<PemKeyCertPair> pem_key_cert_pair_list) {
pem_key_cert_pair_list_ = pem_key_cert_pair_list; pem_key_cert_pair_list_ = std::move(pem_key_cert_pair_list);
pem_root_certs_ = pem_root_certs; pem_root_certs_ = std::move(pem_root_certs);
} }
/** TLS credential reload arg API implementation **/ /** TLS credential reload arg API implementation **/
@ -58,6 +59,7 @@ TlsCredentialReloadArg::~TlsCredentialReloadArg() {}
void* TlsCredentialReloadArg::cb_user_data() const { void* TlsCredentialReloadArg::cb_user_data() const {
return c_arg_->cb_user_data; return c_arg_->cb_user_data;
} }
bool TlsCredentialReloadArg::is_pem_key_cert_pair_list_empty() const { bool TlsCredentialReloadArg::is_pem_key_cert_pair_list_empty() const {
return c_arg_->key_materials_config->pem_key_cert_pair_list().empty(); return c_arg_->key_materials_config->pem_key_cert_pair_list().empty();
} }
@ -83,46 +85,17 @@ void TlsCredentialReloadArg::set_pem_root_certs(
c_arg_->key_materials_config->set_pem_root_certs(std::move(c_pem_root_certs)); c_arg_->key_materials_config->set_pem_root_certs(std::move(c_pem_root_certs));
} }
namespace { void TlsCredentialReloadArg::add_pem_key_cert_pair(
TlsKeyMaterialsConfig::PemKeyCertPair pem_key_cert_pair) {
::grpc_core::PemKeyCertPair ConvertToCorePemKeyCertPair(
const TlsKeyMaterialsConfig::PemKeyCertPair& pem_key_cert_pair) {
grpc_ssl_pem_key_cert_pair* ssl_pair = grpc_ssl_pem_key_cert_pair* ssl_pair =
(grpc_ssl_pem_key_cert_pair*)gpr_malloc( (grpc_ssl_pem_key_cert_pair*)gpr_malloc(
sizeof(grpc_ssl_pem_key_cert_pair)); sizeof(grpc_ssl_pem_key_cert_pair));
ssl_pair->private_key = gpr_strdup(pem_key_cert_pair.private_key.c_str()); ssl_pair->private_key = gpr_strdup(pem_key_cert_pair.private_key.c_str());
ssl_pair->cert_chain = gpr_strdup(pem_key_cert_pair.cert_chain.c_str()); ssl_pair->cert_chain = gpr_strdup(pem_key_cert_pair.cert_chain.c_str());
return ::grpc_core::PemKeyCertPair(ssl_pair); ::grpc_core::PemKeyCertPair c_pem_key_cert_pair =
} ::grpc_core::PemKeyCertPair(ssl_pair);
} // namespace
void TlsCredentialReloadArg::add_pem_key_cert_pair(
const TlsKeyMaterialsConfig::PemKeyCertPair& pem_key_cert_pair) {
c_arg_->key_materials_config->add_pem_key_cert_pair( c_arg_->key_materials_config->add_pem_key_cert_pair(
ConvertToCorePemKeyCertPair(pem_key_cert_pair)); std::move(c_pem_key_cert_pair));
}
void TlsCredentialReloadArg::set_key_materials(
const grpc::string& pem_root_certs,
std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pem_key_cert_pair_list) {
/** Initialize the |key_materials_config| field of |c_arg_|, if it has not
* already been done. **/
if (c_arg_->key_materials_config == nullptr) {
c_arg_->key_materials_config = grpc_tls_key_materials_config_create();
}
/** Convert |pem_key_cert_pair_list| to an inlined vector of ssl pairs. **/
::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1>
c_pem_key_cert_pair_list;
for (const auto& key_cert_pair : pem_key_cert_pair_list) {
c_pem_key_cert_pair_list.emplace_back(
ConvertToCorePemKeyCertPair(key_cert_pair));
}
/** Populate the key materials config field of |c_arg_|. **/
::grpc_core::UniquePtr<char> c_pem_root_certs(
gpr_strdup(pem_root_certs.c_str()));
c_arg_->key_materials_config->set_key_materials(std::move(c_pem_root_certs),
c_pem_key_cert_pair_list);
} }
void TlsCredentialReloadArg::set_key_materials_config( void TlsCredentialReloadArg::set_key_materials_config(
@ -315,11 +288,6 @@ TlsCredentialsOptions::TlsCredentialsOptions(
c_credentials_options_, server_verification_option); c_credentials_options_, server_verification_option);
} }
/** Whenever a TlsCredentialsOptions instance is created, the caller takes
* ownership of the c_credentials_options_ pointer (see e.g. the implementation
* of the TlsCredentials API in secure_credentials.cc). For this reason, the
* TlsCredentialsOptions destructor is not responsible for freeing
* c_credentials_options_. **/
TlsCredentialsOptions::~TlsCredentialsOptions() {} TlsCredentialsOptions::~TlsCredentialsOptions() {}
} // namespace experimental } // namespace experimental

45
test/cpp/client/credentials_test.cc
Unescape View File

@ -17,7 +17,6 @@
*/ */
#include <grpcpp/security/credentials.h> #include <grpcpp/security/credentials.h>
#include <grpcpp/security/server_credentials.h>
#include <grpcpp/security/tls_credentials_options.h> #include <grpcpp/security/tls_credentials_options.h>
#include <memory> #include <memory>
@ -54,10 +53,10 @@ static void tls_credential_reload_callback(
class TestTlsCredentialReload : public TlsCredentialReloadInterface { class TestTlsCredentialReload : public TlsCredentialReloadInterface {
int Schedule(TlsCredentialReloadArg* arg) override { int Schedule(TlsCredentialReloadArg* arg) override {
GPR_ASSERT(arg != nullptr); GPR_ASSERT(arg != nullptr);
TlsKeyMaterialsConfig::PemKeyCertPair pair = {"private_key3", struct TlsKeyMaterialsConfig::PemKeyCertPair pair3 = {"private_key3",
"cert_chain3"}; "cert_chain3"};
arg->set_pem_root_certs("new_pem_root_certs"); arg->set_pem_root_certs("new_pem_root_certs");
arg->add_pem_key_cert_pair(pair); arg->add_pem_key_cert_pair(pair3);
arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
return 0; return 0;
} }
@ -101,6 +100,7 @@ class TestTlsServerAuthorizationCheck
arg->set_error_details("cancelled"); arg->set_error_details("cancelled");
} }
}; };
} // namespace } // namespace
namespace grpc { namespace grpc {
@ -293,7 +293,8 @@ TEST_F(CredentialsTest, TlsKeyMaterialsConfigCppToC) {
TEST_F(CredentialsTest, TlsKeyMaterialsModifiers) { TEST_F(CredentialsTest, TlsKeyMaterialsModifiers) {
std::shared_ptr<TlsKeyMaterialsConfig> config(new TlsKeyMaterialsConfig()); std::shared_ptr<TlsKeyMaterialsConfig> config(new TlsKeyMaterialsConfig());
TlsKeyMaterialsConfig::PemKeyCertPair pair = {"private_key", "cert_chain"}; struct TlsKeyMaterialsConfig::PemKeyCertPair pair = {"private_key",
"cert_chain"};
config->add_pem_key_cert_pair(pair); config->add_pem_key_cert_pair(pair);
config->set_pem_root_certs("pem_root_certs"); config->set_pem_root_certs("pem_root_certs");
EXPECT_STREQ(config->pem_root_certs().c_str(), "pem_root_certs"); EXPECT_STREQ(config->pem_root_certs().c_str(), "pem_root_certs");
@ -311,28 +312,15 @@ typedef class ::grpc_impl::experimental::TlsCredentialReloadConfig
TEST_F(CredentialsTest, TlsCredentialReloadArgCallback) { TEST_F(CredentialsTest, TlsCredentialReloadArgCallback) {
grpc_tls_credential_reload_arg* c_arg = new grpc_tls_credential_reload_arg; grpc_tls_credential_reload_arg* c_arg = new grpc_tls_credential_reload_arg;
c_arg->key_materials_config = grpc_tls_key_materials_config_create();
c_arg->cb = tls_credential_reload_callback; c_arg->cb = tls_credential_reload_callback;
c_arg->context = nullptr; c_arg->context = nullptr;
TlsCredentialReloadArg* arg = new TlsCredentialReloadArg(c_arg); TlsCredentialReloadArg* arg = new TlsCredentialReloadArg(c_arg);
arg->set_pem_root_certs("pem_root_certs");
TlsKeyMaterialsConfig::PemKeyCertPair pair = {"private_key", "cert_chain"};
arg->add_pem_key_cert_pair(pair);
arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
arg->OnCredentialReloadDoneCallback(); arg->OnCredentialReloadDoneCallback();
EXPECT_EQ(arg->status(), GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED); EXPECT_EQ(arg->status(), GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED);
EXPECT_STREQ(c_arg->key_materials_config->pem_root_certs(), "pem_root_certs");
EXPECT_EQ(c_arg->key_materials_config->pem_key_cert_pair_list().size(), 1);
EXPECT_STREQ(
c_arg->key_materials_config->pem_key_cert_pair_list()[0].private_key(),
"private_key");
EXPECT_STREQ(
c_arg->key_materials_config->pem_key_cert_pair_list()[0].cert_chain(),
"cert_chain");
// Cleanup. // Cleanup.
delete arg; delete arg;
delete c_arg->key_materials_config;
delete c_arg; delete c_arg;
} }
@ -344,12 +332,15 @@ TEST_F(CredentialsTest, TlsCredentialReloadConfigSchedule) {
grpc_tls_credential_reload_arg* c_arg = new grpc_tls_credential_reload_arg(); grpc_tls_credential_reload_arg* c_arg = new grpc_tls_credential_reload_arg();
c_arg->context = nullptr; c_arg->context = nullptr;
TlsCredentialReloadArg* arg = new TlsCredentialReloadArg(c_arg); TlsCredentialReloadArg* arg = new TlsCredentialReloadArg(c_arg);
std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config(
new TlsKeyMaterialsConfig());
struct TlsKeyMaterialsConfig::PemKeyCertPair pair1 = {"private_key1", struct TlsKeyMaterialsConfig::PemKeyCertPair pair1 = {"private_key1",
"cert_chain1"}; "cert_chain1"};
struct TlsKeyMaterialsConfig::PemKeyCertPair pair2 = {"private_key2", struct TlsKeyMaterialsConfig::PemKeyCertPair pair2 = {"private_key2",
"cert_chain2"}; "cert_chain2"};
std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pair_list = {pair1, pair2}; std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pair_list = {pair1, pair2};
arg->set_key_materials("pem_root_certs", pair_list); key_materials_config->set_key_materials("pem_root_certs", pair_list);
arg->set_key_materials_config(key_materials_config);
arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
arg->set_error_details("error_details"); arg->set_error_details("error_details");
const char* error_details_before_schedule = c_arg->error_details; const char* error_details_before_schedule = c_arg->error_details;
@ -657,7 +648,7 @@ TEST_F(CredentialsTest, TlsCredentialsOptionsCppToC) {
delete c_options; delete c_options;
} }
// This test demonstrates how the TLS credentials will be used. // This test demonstrates how the SPIFFE credentials will be used.
TEST_F(CredentialsTest, LoadTlsChannelCredentials) { TEST_F(CredentialsTest, LoadTlsChannelCredentials) {
std::shared_ptr<TestTlsCredentialReload> test_credential_reload( std::shared_ptr<TestTlsCredentialReload> test_credential_reload(
new TestTlsCredentialReload()); new TestTlsCredentialReload());
@ -679,22 +670,6 @@ TEST_F(CredentialsTest, LoadTlsChannelCredentials) {
GPR_ASSERT(channel_credentials != nullptr); GPR_ASSERT(channel_credentials != nullptr);
} }
// This test demonstrates how the TLS credentials will be used to create
// server credentials.
TEST_F(CredentialsTest, LoadTlsServerCredentials) {
std::shared_ptr<TestTlsCredentialReload> test_credential_reload(
new TestTlsCredentialReload());
std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config(
new TlsCredentialReloadConfig(test_credential_reload));
TlsCredentialsOptions options = TlsCredentialsOptions(
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY,
GRPC_TLS_SERVER_VERIFICATION, nullptr, credential_reload_config, nullptr);
std::shared_ptr<::grpc_impl::ServerCredentials> server_credentials =
grpc::experimental::TlsServerCredentials(options);
GPR_ASSERT(server_credentials != nullptr);
}
TEST_F(CredentialsTest, TlsCredentialReloadConfigErrorMessages) { TEST_F(CredentialsTest, TlsCredentialReloadConfigErrorMessages) {
std::shared_ptr<TlsCredentialReloadConfig> config( std::shared_ptr<TlsCredentialReloadConfig> config(
new TlsCredentialReloadConfig(nullptr)); new TlsCredentialReloadConfig(nullptr));

Write Preview
Loading…
Cancel
Save