Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added unit tests and fixed some build problems

Browse Source
pull/19778/head
Matthew Stevenson 5 years ago
parent 5da4baa80d
commit 5980d0d10d
7 changed files with 257 additions and 82 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      include/grpcpp/security/credentials_impl.h
  2. 2
      include/grpcpp/security/server_credentials_impl.h
  3. 129
      include/grpcpp/security/tls_credentials_options.h
  4. 4
      src/cpp/client/secure_credentials.cc
  5. 2
      src/cpp/client/secure_credentials.h
  6. 92
      src/cpp/common/tls_credentials_options.cc
  7. 108
      test/cpp/client/credentials_test.cc

2
include/grpcpp/security/credentials_impl.h
Unescape View File

@ -28,10 +28,10 @@
#include <grpcpp/impl/codegen/client_interceptor.h>
#include <grpcpp/impl/codegen/grpc_library.h>
#include <grpcpp/security/auth_context.h>
#include <grpcpp/security/tls_credentials_options.h>
#include <grpcpp/support/channel_arguments_impl.h>
#include <grpcpp/support/status.h>
#include <grpcpp/support/string_ref.h>
#include <grpcpp/security/tls_credentials_options.h>
struct grpc_call;

2
include/grpcpp/security/server_credentials_impl.h
Unescape View File

@ -24,8 +24,8 @@
#include <grpc/grpc_security_constants.h>
#include <grpcpp/security/auth_metadata_processor.h>
#include <grpcpp/support/config.h>
#include <grpcpp/security/tls_credentials_options.h>
#include <grpcpp/support/config.h>
struct grpc_server;

129
include/grpcpp/security/tls_credentials_options.h
Unescape View File

@ -19,12 +19,12 @@
#ifndef GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
#define GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
#include <vector>
#include <memory>
#include <vector>
#include <grpcpp/support/config.h>
#include <grpc/support/log.h>
#include <grpc/grpc_security.h>
#include <grpc/support/log.h>
#include <grpcpp/support/config.h>
namespace grpc_impl {
namespace experimental {
@ -38,9 +38,7 @@ class TlsKeyMaterialsConfig {
};
/** Getters for member fields. **/
const ::grpc::string pem_root_certs() const {
return pem_root_certs_;
}
const ::grpc::string pem_root_certs() const { return pem_root_certs_; }
const ::std::vector<PemKeyCertPair>& pem_key_cert_pair_list() const {
return pem_key_cert_pair_list_;
}
@ -60,31 +58,25 @@ class TlsKeyMaterialsConfig {
/** TLS credential reload arguments, wraps grpc_tls_credential_reload_arg. **/
typedef class TlsCredentialReloadArg TlsCredentialReloadArg;
typedef void (*grpcpp_tls_on_credential_reload_done_cb)(TlsCredentialReloadArg* arg);
typedef void (*grpcpp_tls_on_credential_reload_done_cb)(
TlsCredentialReloadArg* arg);
class TlsCredentialReloadArg {
public:
/** Getters for member fields. **/
grpcpp_tls_on_credential_reload_done_cb cb() const {
return cb_;
}
void* cb_user_data() const {
return cb_user_data_;
}
grpcpp_tls_on_credential_reload_done_cb cb() const { return cb_; }
void* cb_user_data() const { return cb_user_data_; }
::std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config() const {
return key_materials_config_;
}
grpc_ssl_certificate_config_reload_status status() const {
return status_;
}
::grpc::string error_details() const {
return error_details_;
}
grpc_ssl_certificate_config_reload_status status() const { return status_; }
::grpc::string error_details() const { return error_details_; }
/** Setters for member fields. **/
void set_cb(grpcpp_tls_on_credential_reload_done_cb cb);
void set_cb_user_data(void* cb_user_data);
void set_key_materials_config(::std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config);
void set_key_materials_config(
::std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config);
void set_status(grpc_ssl_certificate_config_reload_status status);
void set_error_details(::grpc::string error_details);
@ -102,11 +94,12 @@ class TlsCredentialReloadArg {
/** TLS credential reloag config, wraps grpc_tls_credential_reload_config. **/
class TlsCredentialReloadConfig {
public:
TlsCredentialReloadConfig(
const void* config_user_data,
int (*schedule)(void* config_user_data, TlsCredentialReloadArg* arg),
void (*cancel)(void* config_user_data, TlsCredentialReloadArg* arg),
void (*destruct)(void* config_user_data));
TlsCredentialReloadConfig(const void* config_user_data,
int (*schedule)(void* config_user_data,
TlsCredentialReloadArg* arg),
void (*cancel)(void* config_user_data,
TlsCredentialReloadArg* arg),
void (*destruct)(void* config_user_data));
~TlsCredentialReloadConfig();
int Schedule(TlsCredentialReloadArg* arg) const {
@ -121,7 +114,7 @@ class TlsCredentialReloadConfig {
cancel_(config_user_data_, arg);
}
grpc_tls_credential_reload_config* c_credential_reload() const;
grpc_tls_credential_reload_config* c_credential_reload() const;
private:
void* config_user_data_;
@ -140,35 +133,26 @@ typedef void (*grpcpp_tls_on_server_authorization_check_done_cb)(
class TlsServerAuthorizationCheckArg {
public:
/** Getters for member fields. **/
grpcpp_tls_on_server_authorization_check_done_cb cb() const {
return cb_;
}
void* cb_user_data() const {
return cb_user_data_;
}
int success() const {
return success_;
}
::grpc::string peer_cert() const {
return peer_cert_;
}
grpc_status_code status() const {
return status_;
}
::grpc::string error_details() const {
return error_details_;
}
grpcpp_tls_on_server_authorization_check_done_cb cb() const { return cb_; }
void* cb_user_data() const { return cb_user_data_; }
int success() const { return success_; }
::grpc::string peer_cert() const { return peer_cert_; }
grpc_status_code status() const { return status_; }
::grpc::string error_details() const { return error_details_; }
/** Setters for member fields. **/
void set_cb(grpcpp_tls_on_server_authorization_check_done_cb cb);
void set_cb_user_data(void* cb_user_data);
void set_success(int success);
void set_peer_cert(::grpc::string peer_cert);
void set_status(grpc_status_code status);
void set_error_details(::grpc::string error_details);
void set_cb(grpcpp_tls_on_server_authorization_check_done_cb cb) { cb_ = cb; }
void set_cb_user_data(void* cb_user_data) { cb_user_data_ = cb_user_data; }
void set_success(int success) { success_ = success; }
void set_peer_cert(::grpc::string peer_cert) { peer_cert_ = peer_cert; }
void set_status(grpc_status_code status) { status_ = status; }
void set_error_details(::grpc::string error_details) {
error_details_ = error_details;
}
/** Creates C struct for credential reload arg. **/
grpc_tls_credential_reload_arg* c_credential_reload_arg() const;
/** Creates C struct for server authorization check arg. **/
grpc_tls_server_authorization_check_arg* c_server_authorization_check_arg()
const;
private:
grpcpp_tls_on_server_authorization_check_done_cb cb_;
@ -180,15 +164,16 @@ class TlsServerAuthorizationCheckArg {
::grpc::string error_details_;
};
/** TLS server authorization check config, wraps
* grps_tls_server_authorization_check_config. **/
class TlsServerAuthorizationCheckConfig {
public:
TlsServerAuthorizationCheckConfig(
const void* config_user_data,
int (*schedule)(void* config_user_data, TlsServerAuthorizationCheckArg* arg),
void (*cancel)(void* config_user_data, TlsServerAuthorizationCheckArg* arg),
int (*schedule)(void* config_user_data,
TlsServerAuthorizationCheckArg* arg),
void (*cancel)(void* config_user_data,
TlsServerAuthorizationCheckArg* arg),
void (*destruct)(void* config_user_data));
~TlsServerAuthorizationCheckConfig();
@ -204,30 +189,32 @@ class TlsServerAuthorizationCheckConfig {
cancel_(config_user_data_, arg);
}
grpc_tls_server_authorization_check_config* c_server_authorization_check() const;
grpc_tls_server_authorization_check_config* c_server_authorization_check()
const;
private:
void* config_user_data_;
int (*schedule_)(void* config_user_data, TlsServerAuthorizationCheckArg* arg);
void (*cancel_)(void* config_user_data, TlsServerAuthorizationCheckArg* arg);
void (*destruct_)(void* config_user_data);
void* config_user_data_;
int (*schedule_)(void* config_user_data, TlsServerAuthorizationCheckArg* arg);
void (*cancel_)(void* config_user_data, TlsServerAuthorizationCheckArg* arg);
void (*destruct_)(void* config_user_data);
};
/** TLS credentials options, wrapper for grpc_tls_credentials_options. **/
class TlsCredentialsOptions {
public:
/** Getters for member fields. **/
grpc_ssl_client_certificate_request_type cert_request_type() const{
grpc_ssl_client_certificate_request_type cert_request_type() const {
return cert_request_type_;
}
std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config() const {
return key_materials_config_;
}
::std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config() const {
::std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config()
const {
return credential_reload_config_;
}
::std::shared_ptr<TlsServerAuthorizationCheckConfig> server_authorization_check_config() const {
::std::shared_ptr<TlsServerAuthorizationCheckConfig>
server_authorization_check_config() const {
return server_authorization_check_config_;
}
@ -236,8 +223,7 @@ class TlsCredentialsOptions {
const grpc_ssl_client_certificate_request_type type) {
cert_request_type_ = type;
}
void set_key_materials_config(
std::shared_ptr<TlsKeyMaterialsConfig> config) {
void set_key_materials_config(std::shared_ptr<TlsKeyMaterialsConfig> config) {
key_materials_config_ = config;
}
void set_credential_reload_config(
@ -256,12 +242,11 @@ class TlsCredentialsOptions {
grpc_ssl_client_certificate_request_type cert_request_type_;
::std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config_;
::std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config_;
::std::shared_ptr<TlsServerAuthorizationCheckConfig> server_authorization_check_config_;
::std::shared_ptr<TlsServerAuthorizationCheckConfig>
server_authorization_check_config_;
};
} // namespace experimental
} // namespace grpc_impl
#endif // GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
} // namespace experimental
} // namespace grpc_impl
#endif // GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H

4
src/cpp/client/secure_credentials.cc
Unescape View File

@ -283,8 +283,8 @@ std::shared_ptr<ChannelCredentials> LocalCredentials(
// Builds SPIFFE Credentials given TLS options.
std::shared_ptr<ChannelCredentials> SpiffeCredentials(
const TlsCredentialsOptions& options) {
return WrapChannelCredentials(grpc_tls_spiffe_credentials_create(
options.c_credentials_options()));
return WrapChannelCredentials(
grpc_tls_spiffe_credentials_create(options.c_credentials_options()));
}
} // namespace experimental

2
src/cpp/client/secure_credentials.h
Unescape View File

@ -23,8 +23,8 @@
#include <grpcpp/security/credentials.h>
#include <grpcpp/security/credentials_impl.h>
#include <grpcpp/support/config.h>
#include <grpcpp/security/tls_credentials_options.h>
#include <grpcpp/support/config.h>
#include "src/core/lib/security/credentials/credentials.h"
#include "src/cpp/server/thread_pool_interface.h"

92
src/cpp/common/tls_credentials_options.cc
Unescape View File

@ -31,9 +31,92 @@ void TlsKeyMaterialsConfig::set_key_materials(
pem_root_certs_ = ::std::move(pem_root_certs);
}
grpc_tls_key_materials_config* TlsKeyMaterialsConfig::c_key_materials() const {
// TODO: implement.
return nullptr;
}
/** gRPC TLS credential reload arg API implementation **/
void TlsCredentialReloadArg::set_cb(
grpcpp_tls_on_credential_reload_done_cb cb) {
cb_ = cb;
}
void TlsCredentialReloadArg::set_cb_user_data(void* cb_user_data) {
cb_user_data_ = cb_user_data;
}
void TlsCredentialReloadArg::set_key_materials_config(
::std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config) {
key_materials_config_ = key_materials_config;
}
void TlsCredentialReloadArg::set_status(
grpc_ssl_certificate_config_reload_status status) {
status_ = status;
}
void TlsCredentialReloadArg::set_error_details(::grpc::string error_details) {
error_details_ = error_details;
}
grpc_tls_credential_reload_arg*
TlsCredentialReloadArg::c_credential_reload_arg() const {
// TODO: implement.
return nullptr;
}
/** gRPC TLS credential reload config API implementation **/
TlsCredentialReloadConfig::TlsCredentialReloadConfig(
const void* config_user_data,
int (*schedule)(void* config_user_data, TlsCredentialReloadArg* arg),
void (*cancel)(void* config_user_data, TlsCredentialReloadArg* arg),
void (*destruct)(void* config_user_data))
: config_user_data_(const_cast<void*>(config_user_data)),
schedule_(schedule),
cancel_(cancel),
destruct_(destruct) {}
TlsCredentialReloadConfig::~TlsCredentialReloadConfig() {}
grpc_tls_credential_reload_config*
TlsCredentialReloadConfig::c_credential_reload() const {
// TODO: implement
return nullptr;
}
/** gRPC TLS server authorization check arg API implementation **/
grpc_tls_server_authorization_check_arg*
TlsServerAuthorizationCheckArg::c_server_authorization_check_arg() const {
// TODO: implement
return nullptr;
}
/** gRPC TLS server authorization check config API implementation **/
TlsServerAuthorizationCheckConfig::TlsServerAuthorizationCheckConfig(
const void* config_user_data,
int (*schedule)(void* config_user_data,
TlsServerAuthorizationCheckArg* arg),
void (*cancel)(void* config_user_data, TlsServerAuthorizationCheckArg* arg),
void (*destruct)(void* config_user_data))
: config_user_data_(const_cast<void*>(config_user_data)),
schedule_(schedule),
cancel_(cancel),
destruct_(destruct) {}
TlsServerAuthorizationCheckConfig::~TlsServerAuthorizationCheckConfig() {}
grpc_tls_server_authorization_check_config*
TlsServerAuthorizationCheckConfig::c_server_authorization_check() const {
// TODO: implement
return nullptr;
}
/** gRPC TLS credential options API implementation **/
grpc_tls_credentials_options* TlsCredentialsOptions::c_credentials_options() const {
grpc_tls_credentials_options* c_options = grpc_tls_credentials_options_create();
grpc_tls_credentials_options* TlsCredentialsOptions::c_credentials_options()
const {
grpc_tls_credentials_options* c_options =
grpc_tls_credentials_options_create();
c_options->set_cert_request_type(cert_request_type_);
// TODO: put in C configs into functions below.
c_options->set_key_materials_config(nullptr);
@ -42,6 +125,5 @@ grpc_tls_credentials_options* TlsCredentialsOptions::c_credentials_options() con
return c_options;
}
} // namespace experimental
} // namespace grpc_impl
} // namespace experimental
} // namespace grpc_impl

108
test/cpp/client/credentials_test.cc
Unescape View File

@ -26,7 +26,9 @@
#include "src/core/lib/gpr/env.h"
#include "src/core/lib/gpr/tmpfile.h"
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
#include "src/cpp/client/secure_credentials.h"
#include "src/cpp/common/tls_credentials_options.cc"
namespace grpc {
namespace testing {
@ -196,6 +198,112 @@ TEST_F(CredentialsTest, StsCredentialsOptionsFromEnv) {
gpr_unsetenv("STS_CREDENTIALS");
}
typedef class ::grpc_impl::experimental::TlsKeyMaterialsConfig
TlsKeyMaterialsConfig;
TEST_F(CredentialsTest, TlsKeyMaterialsConfigCppToC) {
TlsKeyMaterialsConfig config;
struct TlsKeyMaterialsConfig::PemKeyCertPair pair = {"private_key",
"cert_chain"};
::std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pair_list = {pair};
config.set_key_materials("pem_root_certs", pair_list);
grpc_tls_key_materials_config* c_config = config.c_key_materials();
EXPECT_STREQ("pem_root_certs", c_config->pem_root_certs());
EXPECT_EQ(1, static_cast<int>(c_config->pem_key_cert_pair_list().size()));
EXPECT_STREQ(pair.private_key.c_str(),
c_config->pem_key_cert_pair_list()[0].private_key());
EXPECT_STREQ(pair.cert_chain.c_str(),
c_config->pem_key_cert_pair_list()[0].cert_chain());
}
typedef class ::grpc_impl::experimental::TlsCredentialReloadArg
TlsCredentialReloadArg;
typedef class ::grpc_impl::experimental::TlsCredentialReloadConfig
TlsCredentialReloadConfig;
TEST_F(CredentialsTest, TlsCredentialReloadArgCppToC) {
TlsCredentialReloadArg arg;
// Only sync credential reload supported currently,
// so we use a nullptr call back function.
arg.set_cb(nullptr);
arg.set_cb_user_data(nullptr);
arg.set_key_materials_config(nullptr);
arg.set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
arg.set_error_details("error_details");
grpc_tls_credential_reload_arg* c_arg = arg.c_credential_reload_arg();
EXPECT_NE(c_arg, nullptr);
EXPECT_EQ(c_arg->cb, nullptr);
EXPECT_EQ(c_arg->cb_user_data, nullptr);
EXPECT_EQ(c_arg->key_materials_config, nullptr);
EXPECT_EQ(c_arg->status, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
EXPECT_STREQ(c_arg->error_details, "error_details");
}
TEST_F(CredentialsTest, TlsCredentialReloadConfigCppToC) {
TlsCredentialReloadConfig config =
TlsCredentialReloadConfig(nullptr, nullptr, nullptr, nullptr);
grpc_tls_credential_reload_config* c_config = config.c_credential_reload();
EXPECT_NE(c_config, nullptr);
// TODO: add tests to compare schedule, cancel, destruct fields.
}
typedef class ::grpc_impl::experimental::TlsServerAuthorizationCheckArg
TlsServerAuthorizationCheckArg;
typedef class ::grpc_impl::experimental::TlsServerAuthorizationCheckConfig
TlsServerAuthorizationCheckConfig;
TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCppToC) {
TlsServerAuthorizationCheckArg arg;
// Only sync server authorization check supported currently,
// so we use a nullptr call back function.
arg.set_cb(nullptr);
arg.set_cb_user_data(nullptr);
arg.set_success(1);
arg.set_peer_cert("peer_cert");
arg.set_status(GRPC_STATUS_OK);
arg.set_error_details("error_details");
grpc_tls_server_authorization_check_arg* c_arg =
arg.c_server_authorization_check_arg();
EXPECT_NE(c_arg, nullptr);
EXPECT_EQ(c_arg->cb, nullptr);
EXPECT_EQ(c_arg->cb_user_data, nullptr);
EXPECT_EQ(c_arg->success, 1);
EXPECT_STREQ(c_arg->peer_cert, "peer_cert");
EXPECT_EQ(c_arg->status, GRPC_STATUS_OK);
EXPECT_STREQ(c_arg->error_details, "error_details");
}
TEST_F(CredentialsTest, TlsServerAuthorizationCheckCppToC) {
TlsServerAuthorizationCheckConfig config =
TlsServerAuthorizationCheckConfig(nullptr, nullptr, nullptr, nullptr);
grpc_tls_server_authorization_check_config* c_config =
config.c_server_authorization_check();
EXPECT_NE(c_config, nullptr);
// TODO: add tests to compare schedule, cancel, destruct fields.
}
typedef class ::grpc_impl::experimental::TlsCredentialsOptions
TlsCredentialsOptions;
TEST_F(CredentialsTest, TlsCredentialsOptionsCppToC) {
TlsCredentialsOptions options;
options.set_cert_request_type(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
::std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config(
new TlsKeyMaterialsConfig());
struct TlsKeyMaterialsConfig::PemKeyCertPair pair = {"private_key",
"cert_chain"};
::std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pair_list = {pair};
key_materials_config->set_key_materials("pem_root_certs", pair_list);
options.set_key_materials_config(key_materials_config);
// TODO: add instances of credential reload and server authorization check to
// options.
grpc_tls_credentials_options* c_options = options.c_credentials_options();
EXPECT_EQ(c_options->cert_request_type(),
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
EXPECT_EQ(c_options->key_materials_config(),
key_materials_config->c_key_materials());
}
} // namespace testing
} // namespace grpc

Write Preview
Loading…
Cancel
Save