mirror of https://github.com/grpc/grpc.git
Merge pull request #16083 from tdbhacks/system-root-clean-history
Added system roots feature to load roots from OS trust storepull/16311/head
Jiangtao Li
7 years ago
committed by
GitHub
commit
69d6694409
29 changed files with 760 additions and 10 deletions
@ -0,0 +1,29 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_H |
||||
#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_H |
||||
|
||||
namespace grpc_core { |
||||
|
||||
// Returns a slice containing roots from the OS trust store
|
||||
grpc_slice LoadSystemRootCerts(); |
||||
|
||||
} // namespace grpc_core
|
||||
|
||||
#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_H */ |
||||
@ -0,0 +1,32 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include <grpc/slice_buffer.h> |
||||
#include "src/core/lib/security/security_connector/load_system_roots.h" |
||||
|
||||
#ifndef GPR_LINUX |
||||
|
||||
namespace grpc_core { |
||||
|
||||
grpc_slice LoadSystemRootCerts() { return grpc_empty_slice(); } |
||||
|
||||
} // namespace grpc_core
|
||||
|
||||
#endif /* GPR_LINUX */ |
||||
@ -0,0 +1,165 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include <grpc/slice_buffer.h> |
||||
#include "src/core/lib/security/security_connector/load_system_roots_linux.h" |
||||
|
||||
#ifdef GPR_LINUX |
||||
|
||||
#include "src/core/lib/security/security_connector/load_system_roots.h" |
||||
|
||||
#include <dirent.h> |
||||
#include <fcntl.h> |
||||
#include <stdbool.h> |
||||
#include <string.h> |
||||
#include <sys/param.h> |
||||
#include <sys/stat.h> |
||||
#include <sys/types.h> |
||||
#include <unistd.h> |
||||
|
||||
#include <grpc/support/alloc.h> |
||||
#include <grpc/support/log.h> |
||||
#include <grpc/support/string_util.h> |
||||
|
||||
#include "src/core/lib/gpr/env.h" |
||||
#include "src/core/lib/gpr/string.h" |
||||
#include "src/core/lib/gpr/useful.h" |
||||
#include "src/core/lib/gprpp/inlined_vector.h" |
||||
#include "src/core/lib/iomgr/load_file.h" |
||||
|
||||
namespace grpc_core { |
||||
namespace { |
||||
|
||||
const char* kLinuxCertFiles[] = { |
||||
"/etc/ssl/certs/ca-certificates.crt", "/etc/pki/tls/certs/ca-bundle.crt", |
||||
"/etc/ssl/ca-bundle.pem", "/etc/pki/tls/cacert.pem", |
||||
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}; |
||||
const char* kLinuxCertDirectories[] = { |
||||
"/etc/ssl/certs", "/system/etc/security/cacerts", "/usr/local/share/certs", |
||||
"/etc/pki/tls/certs", "/etc/openssl/certs"}; |
||||
|
||||
grpc_slice GetSystemRootCerts() { |
||||
grpc_slice valid_bundle_slice = grpc_empty_slice(); |
||||
size_t num_cert_files_ = GPR_ARRAY_SIZE(kLinuxCertFiles); |
||||
for (size_t i = 0; i < num_cert_files_; i++) { |
||||
grpc_error* error = |
||||
grpc_load_file(kLinuxCertFiles[i], 1, &valid_bundle_slice); |
||||
if (error == GRPC_ERROR_NONE) { |
||||
return valid_bundle_slice; |
||||
} |
||||
} |
||||
return grpc_empty_slice(); |
||||
} |
||||
|
||||
} // namespace
|
||||
|
||||
void GetAbsoluteFilePath(const char* valid_file_dir, |
||||
const char* file_entry_name, char* path_buffer) { |
||||
if (valid_file_dir != nullptr && file_entry_name != nullptr) { |
||||
int path_len = snprintf(path_buffer, MAXPATHLEN, "%s/%s", valid_file_dir, |
||||
file_entry_name); |
||||
if (path_len == 0) { |
||||
gpr_log(GPR_ERROR, "failed to get absolute path for file: %s", |
||||
file_entry_name); |
||||
} |
||||
} |
||||
} |
||||
|
||||
grpc_slice CreateRootCertsBundle(const char* certs_directory) { |
||||
grpc_slice bundle_slice = grpc_empty_slice(); |
||||
if (certs_directory == nullptr) { |
||||
return bundle_slice; |
||||
} |
||||
DIR* ca_directory = opendir(certs_directory); |
||||
if (ca_directory == nullptr) { |
||||
return bundle_slice; |
||||
} |
||||
struct FileData { |
||||
char path[MAXPATHLEN]; |
||||
off_t size; |
||||
}; |
||||
InlinedVector<FileData, 2> roots_filenames; |
||||
size_t total_bundle_size = 0; |
||||
struct dirent* directory_entry; |
||||
while ((directory_entry = readdir(ca_directory)) != nullptr) { |
||||
struct stat dir_entry_stat; |
||||
const char* file_entry_name = directory_entry->d_name; |
||||
FileData file_data; |
||||
GetAbsoluteFilePath(certs_directory, file_entry_name, file_data.path); |
||||
int stat_return = stat(file_data.path, &dir_entry_stat); |
||||
if (stat_return == -1 || !S_ISREG(dir_entry_stat.st_mode)) { |
||||
// no subdirectories.
|
||||
if (stat_return == -1) { |
||||
gpr_log(GPR_ERROR, "failed to get status for file: %s", file_data.path); |
||||
} |
||||
continue; |
||||
} |
||||
file_data.size = dir_entry_stat.st_size; |
||||
total_bundle_size += file_data.size; |
||||
roots_filenames.push_back(file_data); |
||||
} |
||||
closedir(ca_directory); |
||||
char* bundle_string = static_cast<char*>(gpr_zalloc(total_bundle_size + 1)); |
||||
size_t bytes_read = 0; |
||||
for (size_t i = 0; i < roots_filenames.size(); i++) { |
||||
int file_descriptor = open(roots_filenames[i].path, O_RDONLY); |
||||
if (file_descriptor != -1) { |
||||
// Read file into bundle.
|
||||
size_t cert_file_size = roots_filenames[i].size; |
||||
int read_ret = |
||||
read(file_descriptor, bundle_string + bytes_read, cert_file_size); |
||||
if (read_ret != -1) { |
||||
bytes_read += read_ret; |
||||
} else { |
||||
gpr_log(GPR_ERROR, "failed to read file: %s", roots_filenames[i].path); |
||||
} |
||||
} |
||||
} |
||||
bundle_slice = grpc_slice_new(bundle_string, bytes_read, gpr_free); |
||||
return bundle_slice; |
||||
} |
||||
|
||||
grpc_slice LoadSystemRootCerts() { |
||||
grpc_slice result = grpc_empty_slice(); |
||||
// Prioritize user-specified custom directory if flag is set.
|
||||
char* custom_dir = gpr_getenv("GRPC_SYSTEM_SSL_ROOTS_DIR"); |
||||
if (custom_dir != nullptr) { |
||||
result = CreateRootCertsBundle(custom_dir); |
||||
gpr_free(custom_dir); |
||||
} |
||||
// If the custom directory is empty/invalid/not specified, fallback to
|
||||
// distribution-specific directory.
|
||||
if (GRPC_SLICE_IS_EMPTY(result)) { |
||||
result = GetSystemRootCerts(); |
||||
} |
||||
if (GRPC_SLICE_IS_EMPTY(result)) { |
||||
for (size_t i = 0; i < GPR_ARRAY_SIZE(kLinuxCertDirectories); i++) { |
||||
result = CreateRootCertsBundle(kLinuxCertDirectories[i]); |
||||
if (!GRPC_SLICE_IS_EMPTY(result)) { |
||||
break; |
||||
} |
||||
} |
||||
} |
||||
return result; |
||||
} |
||||
|
||||
} // namespace grpc_core
|
||||
|
||||
#endif /* GPR_LINUX */ |
||||
@ -0,0 +1,44 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_LINUX_H |
||||
#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_LINUX_H |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#ifdef GPR_LINUX |
||||
|
||||
namespace grpc_core { |
||||
|
||||
// Creates a bundle slice containing the contents of all certificate files in
|
||||
// a directory.
|
||||
// Returns such slice.
|
||||
// Exposed for testing purposes only.
|
||||
grpc_slice CreateRootCertsBundle(const char* certs_directory); |
||||
|
||||
// Gets the absolute file path needed to load a certificate file.
|
||||
// Populates path_buffer, which must be of size MAXPATHLEN.
|
||||
// Exposed for testing purposes only.
|
||||
void GetAbsoluteFilePath(const char* valid_file_dir, |
||||
const char* file_entry_name, char* path_buffer); |
||||
|
||||
} // namespace grpc_core
|
||||
|
||||
#endif /* GPR_LINUX */ |
||||
#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_LINUX_H \ |
||||
*/ |
||||
@ -0,0 +1,22 @@ |
||||
# Copyright 2018 gRPC authors. |
||||
# |
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
licenses(["notice"]) # Apache v2 |
||||
|
||||
exports_files([ |
||||
"bundle.pem", |
||||
"test_roots/cert1.pem", |
||||
"test_roots/cert2.pem", |
||||
"test_roots/cert3.pem", |
||||
]) |
||||
@ -0,0 +1,2 @@ |
||||
These files are manual copies of a pem cert from the /etc/ssl/certs/ directory. |
||||
They serve only as dummy certificate test files. |
||||
@ -0,0 +1,63 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,21 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,21 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,21 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,104 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
#include <stdio.h> |
||||
|
||||
#ifdef GPR_LINUX |
||||
#include <grpc/grpc_security.h> |
||||
#include <grpc/support/alloc.h> |
||||
#include <grpc/support/log.h> |
||||
#include <grpc/support/string_util.h> |
||||
#include <string.h> |
||||
#include <sys/param.h> |
||||
|
||||
#include "src/core/lib/gpr/env.h" |
||||
#include "src/core/lib/gpr/tmpfile.h" |
||||
#include "src/core/lib/iomgr/load_file.h" |
||||
#include "src/core/lib/security/context/security_context.h" |
||||
#include "src/core/lib/security/security_connector/load_system_roots.h" |
||||
#include "src/core/lib/security/security_connector/load_system_roots_linux.h" |
||||
#include "src/core/lib/security/security_connector/security_connector.h" |
||||
#include "src/core/lib/slice/slice_string_helpers.h" |
||||
#include "src/core/tsi/ssl_transport_security.h" |
||||
#include "src/core/tsi/transport_security.h" |
||||
#include "test/core/util/test_config.h" |
||||
|
||||
#include "gtest/gtest.h" |
||||
|
||||
#ifndef GRPC_USE_SYSTEM_SSL_ROOTS_ENV_VAR |
||||
#define GRPC_USE_SYSTEM_SSL_ROOTS_ENV_VAR "GRPC_USE_SYSTEM_SSL_ROOTS" |
||||
#endif |
||||
|
||||
namespace grpc { |
||||
namespace { |
||||
|
||||
TEST(AbsoluteFilePathTest, ConcatenatesCorrectly) { |
||||
const char* directory = "nonexistent/test/directory"; |
||||
const char* filename = "doesnotexist.txt"; |
||||
char result_path[MAXPATHLEN]; |
||||
grpc_core::GetAbsoluteFilePath(directory, filename, result_path); |
||||
EXPECT_STREQ(result_path, "nonexistent/test/directory/doesnotexist.txt"); |
||||
} |
||||
|
||||
TEST(CreateRootCertsBundleTest, ReturnsEmpty) { |
||||
// Test that CreateRootCertsBundle returns an empty slice for null or
|
||||
// nonexistent cert directories.
|
||||
grpc_slice result_slice = grpc_core::CreateRootCertsBundle(nullptr); |
||||
EXPECT_TRUE(GRPC_SLICE_IS_EMPTY(result_slice)); |
||||
grpc_slice_unref(result_slice); |
||||
result_slice = grpc_core::CreateRootCertsBundle("does/not/exist"); |
||||
EXPECT_TRUE(GRPC_SLICE_IS_EMPTY(result_slice)); |
||||
grpc_slice_unref(result_slice); |
||||
} |
||||
|
||||
TEST(CreateRootCertsBundleTest, BundlesCorrectly) { |
||||
gpr_setenv(GRPC_USE_SYSTEM_SSL_ROOTS_ENV_VAR, "true"); |
||||
// Test that CreateRootCertsBundle returns a correct slice.
|
||||
grpc_slice roots_bundle = grpc_empty_slice(); |
||||
GRPC_LOG_IF_ERROR( |
||||
"load_file", |
||||
grpc_load_file("test/core/security/etc/bundle.pem", 1, &roots_bundle)); |
||||
// result_slice should have the same content as roots_bundle.
|
||||
grpc_slice result_slice = |
||||
grpc_core::CreateRootCertsBundle("test/core/security/etc/test_roots"); |
||||
char* result_str = grpc_slice_to_c_string(result_slice); |
||||
char* bundle_str = grpc_slice_to_c_string(roots_bundle); |
||||
EXPECT_STREQ(result_str, bundle_str); |
||||
// Clean up.
|
||||
unsetenv(GRPC_USE_SYSTEM_SSL_ROOTS_ENV_VAR); |
||||
gpr_free(result_str); |
||||
gpr_free(bundle_str); |
||||
grpc_slice_unref(roots_bundle); |
||||
grpc_slice_unref(result_slice); |
||||
} |
||||
|
||||
} // namespace
|
||||
} // namespace grpc
|
||||
|
||||
int main(int argc, char** argv) { |
||||
grpc_test_init(argc, argv); |
||||
::testing::InitGoogleTest(&argc, argv); |
||||
return RUN_ALL_TESTS(); |
||||
} |
||||
#else |
||||
int main() { |
||||
printf("*** WARNING: this test is only supported on Linux systems ***\n"); |
||||
return 0; |
||||
} |
||||
#endif // GPR_LINUX
|
||||
Loading…
Reference in new issue