diff --git a/include/grpcpp/security/tls_credentials_options.h b/include/grpcpp/security/tls_credentials_options.h index 24bfd2ccb8e..83535bc5701 100644 --- a/include/grpcpp/security/tls_credentials_options.h +++ b/include/grpcpp/security/tls_credentials_options.h @@ -57,6 +57,8 @@ class TlsKeyMaterialsConfig { /** Setter for key materials that will be called by the user. The setter * transfers ownership of the arguments to the config. **/ + void set_pem_root_certs(grpc::string pem_root_certs); + void add_pem_key_cert_pair(PemKeyCertPair pem_key_cert_pair); void set_key_materials(grpc::string pem_root_certs, std::vector pem_key_cert_pair_list); void set_version(int version) { version_ = version; }; @@ -88,7 +90,7 @@ class TlsCredentialReloadArg { * of the key materials config, it creates a new instance of the C++ key * materials config from the underlying C grpc_tls_key_materials_config. **/ void* cb_user_data() const; - std::shared_ptr key_materials_config() const; + bool is_pem_key_cert_pair_list_empty() const; grpc_ssl_certificate_config_reload_status status() const; grpc::string error_details() const; @@ -99,6 +101,8 @@ class TlsCredentialReloadArg { * setter function. * **/ void set_cb_user_data(void* cb_user_data); + void set_pem_root_certs(grpc::string pem_root_certs); + void add_pem_key_cert_pair(TlsKeyMaterialsConfig::PemKeyCertPair pem_key_cert_pair); void set_key_materials_config( const std::shared_ptr& key_materials_config); void set_status(grpc_ssl_certificate_config_reload_status status); @@ -127,16 +131,23 @@ struct TlsCredentialReloadInterface { * used for experimental purposes for now and it is subject to change. **/ class TlsCredentialReloadConfig { public: - /** The config takes ownership of the credential reload interface. **/ - TlsCredentialReloadConfig(std::unique_ptr + TlsCredentialReloadConfig(std::shared_ptr credential_reload_interface); ~TlsCredentialReloadConfig(); int Schedule(TlsCredentialReloadArg* arg) const { + if (credential_reload_interface_ == nullptr) { + gpr_log(GPR_ERROR, "credential reload interface is nullptr"); + return 1; + } return credential_reload_interface_->Schedule(arg); } void Cancel(TlsCredentialReloadArg* arg) const { + if (credential_reload_interface_ == nullptr) { + gpr_log(GPR_ERROR, "credential reload interface is nullptr"); + return; + } credential_reload_interface_->Cancel(arg); } @@ -145,7 +156,7 @@ class TlsCredentialReloadConfig { private: grpc_tls_credential_reload_config* c_config_; - std::unique_ptr credential_reload_interface_; + std::shared_ptr credential_reload_interface_; }; /** TLS server authorization check arguments, wraps @@ -213,18 +224,24 @@ struct TlsServerAuthorizationCheckInterface { * purposes for now and it is subject to change. **/ class TlsServerAuthorizationCheckConfig { public: - /** The config takes ownership of the server authorization check interface. - * **/ TlsServerAuthorizationCheckConfig( - std::unique_ptr + std::shared_ptr server_authorization_check_interface); ~TlsServerAuthorizationCheckConfig(); int Schedule(TlsServerAuthorizationCheckArg* arg) const { + if (server_authorization_check_interface_ == nullptr) { + gpr_log(GPR_ERROR, "server authorization check interface is nullptr"); + return 1; + } return server_authorization_check_interface_->Schedule(arg); } void Cancel(TlsServerAuthorizationCheckArg* arg) const { + if (server_authorization_check_interface_ == nullptr) { + gpr_log(GPR_ERROR, "server authorization check interface is nullptr"); + return; + } server_authorization_check_interface_->Cancel(arg); } @@ -235,7 +252,7 @@ class TlsServerAuthorizationCheckConfig { private: grpc_tls_server_authorization_check_config* c_config_; - std::unique_ptr + std::shared_ptr server_authorization_check_interface_; }; diff --git a/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h b/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h index d2b2a80ec1d..b9ee16c2f1e 100644 --- a/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +++ b/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h @@ -42,6 +42,12 @@ struct grpc_tls_key_materials_config int version() const { return version_; } /** Setters for member fields. **/ + void set_pem_root_certs(grpc_core::UniquePtr pem_root_certs) { + pem_root_certs_ = std::move(pem_root_certs); + } + void add_pem_key_cert_pair(grpc_core::PemKeyCertPair pem_key_cert_pair) { + pem_key_cert_pair_list_.push_back(pem_key_cert_pair); + } void set_key_materials(grpc_core::UniquePtr pem_root_certs, PemKeyCertPairList pem_key_cert_pair_list); void set_version(int version) { version_ = version; } diff --git a/src/cpp/common/tls_credentials_options.cc b/src/cpp/common/tls_credentials_options.cc index 6c77675bedb..aa052fa5027 100644 --- a/src/cpp/common/tls_credentials_options.cc +++ b/src/cpp/common/tls_credentials_options.cc @@ -25,6 +25,14 @@ namespace grpc_impl { namespace experimental { /** TLS key materials config API implementation **/ +void TlsKeyMaterialsConfig::set_pem_root_certs(grpc::string pem_root_certs) { + pem_root_certs_ = std::move(pem_root_certs); +} + +void TlsKeyMaterialsConfig::add_pem_key_cert_pair(PemKeyCertPair pem_key_cert_pair) { + pem_key_cert_pair_list_.push_back(pem_key_cert_pair); +} + void TlsKeyMaterialsConfig::set_key_materials( grpc::string pem_root_certs, std::vector pem_key_cert_pair_list) { @@ -51,11 +59,6 @@ void* TlsCredentialReloadArg::cb_user_data() const { /** This function creates a new TlsKeyMaterialsConfig instance whose fields are * not shared with the corresponding key materials config fields of the * TlsCredentialReloadArg instance. **/ -std::shared_ptr -TlsCredentialReloadArg::key_materials_config() const { - return ConvertToCppKeyMaterialsConfig(c_arg_->key_materials_config); -} - grpc_ssl_certificate_config_reload_status TlsCredentialReloadArg::status() const { return c_arg_->status; @@ -70,6 +73,20 @@ void TlsCredentialReloadArg::set_cb_user_data(void* cb_user_data) { c_arg_->cb_user_data = cb_user_data; } +void TlsCredentialReloadArg::set_pem_root_certs(grpc::string pem_root_certs) { + ::grpc_core::UniquePtr c_pem_root_certs(gpr_strdup(pem_root_certs.c_str())); + c_arg_->key_materials_config->set_pem_root_certs(std::move(c_pem_root_certs)); +} + +void TlsCredentialReloadArg::add_pem_key_cert_pair(TlsKeyMaterialsConfig::PemKeyCertPair pem_key_cert_pair) { + grpc_ssl_pem_key_cert_pair* ssl_pair = (grpc_ssl_pem_key_cert_pair*)gpr_malloc(sizeof(grpc_ssl_pem_key_cert_pair)); + ssl_pair->private_key = gpr_strdup(pem_key_cert_pair.private_key.c_str()); + ssl_pair->cert_chain = gpr_strdup(pem_key_cert_pair.cert_chain.c_str()); + ::grpc_core::PemKeyCertPair c_pem_key_cert_pair = + ::grpc_core::PemKeyCertPair(ssl_pair); + c_arg_->key_materials_config->add_pem_key_cert_pair(c_pem_key_cert_pair); +} + void TlsCredentialReloadArg::set_key_materials_config( const std::shared_ptr& key_materials_config) { c_arg_->key_materials_config = @@ -96,8 +113,8 @@ void TlsCredentialReloadArg::OnCredentialReloadDoneCallback() { /** gRPC TLS credential reload config API implementation **/ TlsCredentialReloadConfig::TlsCredentialReloadConfig( - std::unique_ptr credential_reload_interface) - : credential_reload_interface_(std::move(credential_reload_interface)) { + std::shared_ptr credential_reload_interface) + : credential_reload_interface_(credential_reload_interface) { c_config_ = grpc_tls_credential_reload_config_create( nullptr, &TlsCredentialReloadConfigCSchedule, &TlsCredentialReloadConfigCCancel, nullptr); @@ -182,10 +199,10 @@ void TlsServerAuthorizationCheckArg::OnServerAuthorizationCheckDoneCallback() { /** gRPC TLS server authorization check config API implementation. **/ TlsServerAuthorizationCheckConfig::TlsServerAuthorizationCheckConfig( - std::unique_ptr + std::shared_ptr server_authorization_check_interface) : server_authorization_check_interface_( - std::move(server_authorization_check_interface)) { + server_authorization_check_interface) { c_config_ = grpc_tls_server_authorization_check_config_create( nullptr, &TlsServerAuthorizationCheckConfigCSchedule, &TlsServerAuthorizationCheckConfigCCancel, nullptr); @@ -202,10 +219,10 @@ TlsCredentialsOptions::TlsCredentialsOptions( std::shared_ptr server_authorization_check_config) : cert_request_type_(cert_request_type), - key_materials_config_(std::move(key_materials_config)), - credential_reload_config_(std::move(credential_reload_config)), + key_materials_config_(key_materials_config), + credential_reload_config_(credential_reload_config), server_authorization_check_config_( - std::move(server_authorization_check_config)) { + server_authorization_check_config) { c_credentials_options_ = grpc_tls_credentials_options_create(); grpc_tls_credentials_options_set_cert_request_type(c_credentials_options_, cert_request_type_); diff --git a/src/cpp/common/tls_credentials_options_util.cc b/src/cpp/common/tls_credentials_options_util.cc index d2cf845378b..0f644638d75 100644 --- a/src/cpp/common/tls_credentials_options_util.cc +++ b/src/cpp/common/tls_credentials_options_util.cc @@ -56,30 +56,6 @@ grpc_tls_key_materials_config* ConvertToCKeyMaterialsConfig( return c_config; } -/** Converts the C key materials config to a Cpp key materials config; it - * allocates memory for the Cpp config. **/ -std::shared_ptr ConvertToCppKeyMaterialsConfig( - const grpc_tls_key_materials_config* config) { - if (config == nullptr) { - return nullptr; - } - std::shared_ptr cpp_config( - new TlsKeyMaterialsConfig()); - std::vector cpp_pem_key_cert_pair_list; - grpc_tls_key_materials_config::PemKeyCertPairList pem_key_cert_pair_list = - config->pem_key_cert_pair_list(); - for (size_t i = 0; i < pem_key_cert_pair_list.size(); i++) { - ::grpc_core::PemKeyCertPair key_cert_pair = pem_key_cert_pair_list[i]; - TlsKeyMaterialsConfig::PemKeyCertPair p = {key_cert_pair.private_key(), - key_cert_pair.cert_chain()}; - cpp_pem_key_cert_pair_list.push_back(::std::move(p)); - } - cpp_config->set_key_materials(std::move(config->pem_root_certs()), - std::move(cpp_pem_key_cert_pair_list)); - cpp_config->set_version(config->version()); - return cpp_config; -} - /** The C schedule and cancel functions for the credential reload config. * They populate a C credential reload arg with the result of a C++ credential * reload schedule/cancel API. **/ diff --git a/src/cpp/common/tls_credentials_options_util.h b/src/cpp/common/tls_credentials_options_util.h index 5fadc83090b..d5e20846254 100644 --- a/src/cpp/common/tls_credentials_options_util.h +++ b/src/cpp/common/tls_credentials_options_util.h @@ -27,13 +27,10 @@ namespace grpc_impl { namespace experimental { -/** The following 2 functions are exposed for testing purposes. **/ +/** The following function is exposed for testing purposes. **/ grpc_tls_key_materials_config* ConvertToCKeyMaterialsConfig( const std::shared_ptr& config); -std::shared_ptr ConvertToCppKeyMaterialsConfig( - const grpc_tls_key_materials_config* config); - /** The following 4 functions convert the user-provided schedule or cancel * functions into C style schedule or cancel functions. These are internal * functions, not meant to be accessed by the user. They are exposed for diff --git a/test/cpp/client/credentials_test.cc b/test/cpp/client/credentials_test.cc index fcb7355ba66..979bc63fdd0 100644 --- a/test/cpp/client/credentials_test.cc +++ b/test/cpp/client/credentials_test.cc @@ -55,16 +55,18 @@ class TestTlsCredentialReload : public TlsCredentialReloadInterface { GPR_ASSERT(arg != nullptr); struct TlsKeyMaterialsConfig::PemKeyCertPair pair3 = {"private_key3", "cert_chain3"}; - std::shared_ptr key_materials_config = - arg->key_materials_config(); - GPR_ASSERT(key_materials_config != nullptr); - std::vector pair_list = - key_materials_config->pem_key_cert_pair_list(); + //std::shared_ptr key_materials_config = + // arg->key_materials_config(); + //GPR_ASSERT(key_materials_config != nullptr); + //std::vector pair_list = + // key_materials_config->pem_key_cert_pair_list(); pair_list.push_back(pair3); - pair_list[0].private_key = "private_key01"; - pair_list[0].cert_chain = "cert_chain01"; - key_materials_config->set_key_materials("new_pem_root_certs", pair_list); - arg->set_key_materials_config(key_materials_config); + //pair_list[0].private_key = "private_key01"; + //pair_list[0].cert_chain = "cert_chain01"; + //key_materials_config->set_key_materials("new_pem_root_certs", pair_list); + //arg->set_key_materials_config(key_materials_config); + arg->set_pem_root_certs("new_pem_root_certs"); + arg->add_pem_key_cert_pair(pair3); arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); return 0; } @@ -302,6 +304,7 @@ TEST_F(CredentialsTest, TlsKeyMaterialsConfigCppToC) { gpr_free(c_config); } +/** TEST_F(CredentialsTest, TlsKeyMaterialsCtoCpp) { grpc_tls_key_materials_config c_config; grpc::string test_private_key = "private_key"; @@ -328,6 +331,7 @@ TEST_F(CredentialsTest, TlsKeyMaterialsCtoCpp) { EXPECT_STREQ("private_key", cpp_pair_list[0].private_key.c_str()); EXPECT_STREQ("cert_chain", cpp_pair_list[0].cert_chain.c_str()); } +**/ typedef class ::grpc_impl::experimental::TlsCredentialReloadArg TlsCredentialReloadArg; @@ -344,7 +348,7 @@ TEST_F(CredentialsTest, TlsCredentialReloadArgCallback) { } TEST_F(CredentialsTest, TlsCredentialReloadConfigSchedule) { - std::unique_ptr test_credential_reload( + std::shared_ptr test_credential_reload( new TestTlsCredentialReload()); TlsCredentialReloadConfig config(std::move(test_credential_reload)); grpc_tls_credential_reload_arg c_arg; @@ -368,9 +372,9 @@ TEST_F(CredentialsTest, TlsCredentialReloadConfigSchedule) { int schedule_output = config.Schedule(&arg); EXPECT_EQ(schedule_output, 0); EXPECT_EQ(arg.cb_user_data(), nullptr); - EXPECT_STREQ(arg.key_materials_config()->pem_root_certs().c_str(), + EXPECT_STREQ(c_arg.key_materials_config->pem_root_certs().get(), "new_pem_root_certs"); - pair_list = arg.key_materials_config()->pem_key_cert_pair_list(); + pair_list = c_arg.key_materials_config->pem_key_cert_pair_list(); EXPECT_EQ(static_cast(pair_list.size()), 3); EXPECT_STREQ(pair_list[0].private_key.c_str(), "private_key01"); EXPECT_STREQ(pair_list[0].cert_chain.c_str(), "cert_chain01"); @@ -389,7 +393,7 @@ TEST_F(CredentialsTest, TlsCredentialReloadConfigSchedule) { } TEST_F(CredentialsTest, TlsCredentialReloadConfigCppToC) { - std::unique_ptr test_credential_reload( + std::shared_ptr test_credential_reload( new TestTlsCredentialReload()); TlsCredentialReloadConfig config(std::move(test_credential_reload)); grpc_tls_credential_reload_arg c_arg; @@ -478,7 +482,7 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCallback) { } TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigSchedule) { - std::unique_ptr + std::shared_ptr test_server_authorization_check(new TestTlsServerAuthorizationCheck()); TlsServerAuthorizationCheckConfig config( std::move(test_server_authorization_check)); @@ -515,7 +519,7 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigSchedule) { } TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigCppToC) { - std::unique_ptr + std::shared_ptr test_server_authorization_check(new TestTlsServerAuthorizationCheck()); TlsServerAuthorizationCheckConfig config( std::move(test_server_authorization_check)); @@ -559,12 +563,12 @@ TEST_F(CredentialsTest, TlsCredentialsOptionsCppToC) { std::vector pair_list = {pair}; key_materials_config->set_key_materials("pem_root_certs", pair_list); - std::unique_ptr test_credential_reload( + std::shared_ptr test_credential_reload( new TestTlsCredentialReload()); std::shared_ptr credential_reload_config( new TlsCredentialReloadConfig(std::move(test_credential_reload))); - std::unique_ptr + std::shared_ptr test_server_authorization_check(new TestTlsServerAuthorizationCheck()); std::shared_ptr server_authorization_check_config(new TlsServerAuthorizationCheckConfig( @@ -656,12 +660,12 @@ TEST_F(CredentialsTest, TlsCredentialsOptionsCppToC) { // This test demonstrates how the SPIFFE credentials will be used. TEST_F(CredentialsTest, LoadSpiffeChannelCredentials) { - std::unique_ptr test_credential_reload( + std::shared_ptr test_credential_reload( new TestTlsCredentialReload()); std::shared_ptr credential_reload_config( new TlsCredentialReloadConfig(std::move(test_credential_reload))); - std::unique_ptr + std::shared_ptr test_server_authorization_check(new TestTlsServerAuthorizationCheck()); std::shared_ptr server_authorization_check_config(new TlsServerAuthorizationCheckConfig(