From c2fd3844dcec60de2accc4353f39d161941109ae Mon Sep 17 00:00:00 2001 From: Matthew Stevenson Date: Fri, 23 Aug 2019 16:20:19 -0700 Subject: [PATCH] Implemented Yihua's comments --- BUILD | 2 + BUILD.gn | 2 + CMakeLists.txt | 1 + Makefile | 2 + build.yaml | 2 + gRPC-C++.podspec | 3 + grpc.gyp | 1 + .../grpcpp/security/tls_credentials_options.h | 65 +++----- src/cpp/common/tls_credentials_options.cc | 154 +++--------------- .../common/tls_credentials_options_util.cc | 137 ++++++++++++++++ src/cpp/common/tls_credentials_options_util.h | 54 ++++++ test/cpp/client/credentials_test.cc | 41 +++-- tools/doxygen/Doxyfile.c++.internal | 2 + 13 files changed, 272 insertions(+), 194 deletions(-) create mode 100644 src/cpp/common/tls_credentials_options_util.cc create mode 100644 src/cpp/common/tls_credentials_options_util.h diff --git a/BUILD b/BUILD index 6f1393e9317..c3c0d2e5b5b 100644 --- a/BUILD +++ b/BUILD @@ -358,12 +358,14 @@ grpc_cc_library( "src/cpp/common/secure_channel_arguments.cc", "src/cpp/common/secure_create_auth_context.cc", "src/cpp/common/tls_credentials_options.cc", + "src/cpp/common/tls_credentials_options_util.cc", "src/cpp/server/insecure_server_credentials.cc", "src/cpp/server/secure_server_credentials.cc", ], hdrs = [ "src/cpp/client/secure_credentials.h", "src/cpp/common/secure_auth_context.h", + "src/cpp/common/tls_credentials_options_util.h", "src/cpp/server/secure_server_credentials.h", ], language = "c++", diff --git a/BUILD.gn b/BUILD.gn index 4f21afe4b1f..8b683121bf3 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -1391,6 +1391,8 @@ config("grpc_config") { "src/cpp/common/secure_channel_arguments.cc", "src/cpp/common/secure_create_auth_context.cc", "src/cpp/common/tls_credentials_options.cc", + "src/cpp/common/tls_credentials_options_util.cc", + "src/cpp/common/tls_credentials_options_util.h", "src/cpp/common/validate_service_config.cc", "src/cpp/common/version_cc.cc", "src/cpp/server/async_generic_service.cc", diff --git a/CMakeLists.txt b/CMakeLists.txt index 5c547b459a5..00c86bb2702 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3164,6 +3164,7 @@ add_library(grpc++ src/cpp/common/secure_channel_arguments.cc src/cpp/common/secure_create_auth_context.cc src/cpp/common/tls_credentials_options.cc + src/cpp/common/tls_credentials_options_util.cc src/cpp/server/insecure_server_credentials.cc src/cpp/server/secure_server_credentials.cc src/cpp/client/channel_cc.cc diff --git a/Makefile b/Makefile index 822595adc74..3a52fce658a 100644 --- a/Makefile +++ b/Makefile @@ -5578,6 +5578,7 @@ LIBGRPC++_SRC = \ src/cpp/common/secure_channel_arguments.cc \ src/cpp/common/secure_create_auth_context.cc \ src/cpp/common/tls_credentials_options.cc \ + src/cpp/common/tls_credentials_options_util.cc \ src/cpp/server/insecure_server_credentials.cc \ src/cpp/server/secure_server_credentials.cc \ src/cpp/client/channel_cc.cc \ @@ -22660,6 +22661,7 @@ src/cpp/common/secure_auth_context.cc: $(OPENSSL_DEP) src/cpp/common/secure_channel_arguments.cc: $(OPENSSL_DEP) src/cpp/common/secure_create_auth_context.cc: $(OPENSSL_DEP) src/cpp/common/tls_credentials_options.cc: $(OPENSSL_DEP) +src/cpp/common/tls_credentials_options_util.cc: $(OPENSSL_DEP) src/cpp/ext/proto_server_reflection.cc: $(OPENSSL_DEP) src/cpp/ext/proto_server_reflection_plugin.cc: $(OPENSSL_DEP) src/cpp/server/channelz/channelz_service.cc: $(OPENSSL_DEP) diff --git a/build.yaml b/build.yaml index 35ef7131e66..06595ff64f2 100644 --- a/build.yaml +++ b/build.yaml @@ -1811,6 +1811,7 @@ libs: - include/grpcpp/impl/codegen/core_codegen.h - src/cpp/client/secure_credentials.h - src/cpp/common/secure_auth_context.h + - src/cpp/common/tls_credentials_options_util.h - src/cpp/server/secure_server_credentials.h src: - src/cpp/client/insecure_credentials.cc @@ -1820,6 +1821,7 @@ libs: - src/cpp/common/secure_channel_arguments.cc - src/cpp/common/secure_create_auth_context.cc - src/cpp/common/tls_credentials_options.cc + - src/cpp/common/tls_credentials_options_util.cc - src/cpp/server/insecure_server_credentials.cc - src/cpp/server/secure_server_credentials.cc deps: diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec index f34891abf75..5ca7cc23861 100644 --- a/gRPC-C++.podspec +++ b/gRPC-C++.podspec @@ -220,6 +220,7 @@ Pod::Spec.new do |s| ss.source_files = 'include/grpcpp/impl/codegen/core_codegen.h', 'src/cpp/client/secure_credentials.h', 'src/cpp/common/secure_auth_context.h', + 'src/cpp/common/tls_credentials_options_util.h', 'src/cpp/server/secure_server_credentials.h', 'src/cpp/client/create_channel_internal.h', 'src/cpp/common/channel_filter.h', @@ -235,6 +236,7 @@ Pod::Spec.new do |s| 'src/cpp/common/secure_channel_arguments.cc', 'src/cpp/common/secure_create_auth_context.cc', 'src/cpp/common/tls_credentials_options.cc', + 'src/cpp/common/tls_credentials_options_util.cc', 'src/cpp/server/insecure_server_credentials.cc', 'src/cpp/server/secure_server_credentials.cc', 'src/cpp/client/channel_cc.cc', @@ -278,6 +280,7 @@ Pod::Spec.new do |s| ss.private_header_files = 'include/grpcpp/impl/codegen/core_codegen.h', 'src/cpp/client/secure_credentials.h', 'src/cpp/common/secure_auth_context.h', + 'src/cpp/common/tls_credentials_options_util.h', 'src/cpp/server/secure_server_credentials.h', 'src/cpp/client/create_channel_internal.h', 'src/cpp/common/channel_filter.h', diff --git a/grpc.gyp b/grpc.gyp index 8b1c189ed3b..0ef62d6f789 100644 --- a/grpc.gyp +++ b/grpc.gyp @@ -1551,6 +1551,7 @@ 'src/cpp/common/secure_channel_arguments.cc', 'src/cpp/common/secure_create_auth_context.cc', 'src/cpp/common/tls_credentials_options.cc', + 'src/cpp/common/tls_credentials_options_util.cc', 'src/cpp/server/insecure_server_credentials.cc', 'src/cpp/server/secure_server_credentials.cc', 'src/cpp/client/channel_cc.cc', diff --git a/include/grpcpp/security/tls_credentials_options.h b/include/grpcpp/security/tls_credentials_options.h index 9cba5aa27bc..8b19a9b873d 100644 --- a/include/grpcpp/security/tls_credentials_options.h +++ b/include/grpcpp/security/tls_credentials_options.h @@ -51,32 +51,29 @@ class TlsKeyMaterialsConfig { void set_version(int version) { version_ = version; }; private: - int version_; + int version_ = 0; std::vector pem_key_cert_pair_list_; grpc::string pem_root_certs_; }; -/** The following 2 functions are exposed for testing purposes. **/ -grpc_tls_key_materials_config* c_key_materials( - const std::shared_ptr& config); - -std::shared_ptr tls_key_materials_c_to_cpp( - const grpc_tls_key_materials_config* config); - /** TLS credential reload arguments, wraps grpc_tls_credential_reload_arg. **/ class TlsCredentialReloadArg { public: - TlsCredentialReloadArg(); + // TlsCredentialReloadArg(); TlsCredentialReloadArg(grpc_tls_credential_reload_arg arg); ~TlsCredentialReloadArg(); - /** Getters for member fields. The callback function is not exposed. **/ + /** Getters for member fields. The callback function is not exposed. + * They return the corresponding fields of the underlying C arg. In the case + * of the key materials config, it creates a new instance of the C++ key + * materials config from the underlying C grpc_tls_key_materials_config. **/ void* cb_user_data() const; std::shared_ptr key_materials_config() const; grpc_ssl_certificate_config_reload_status status() const; - std::shared_ptr error_details() const; + grpc::string error_details() const; - /** Setters for member fields. **/ + /** Setters for member fields. They modify the fields of the underlying C arg. + * **/ void set_cb_user_data(void* cb_user_data); void set_key_materials_config( const std::shared_ptr& key_materials_config); @@ -84,18 +81,12 @@ class TlsCredentialReloadArg { void set_error_details(const grpc::string& error_details); /** Calls the C arg's callback function. **/ - void callback(); + void OnCredentialReloadDoneCallback(); private: grpc_tls_credential_reload_arg c_arg_; }; -// Exposed for testing purposes. -int tls_credential_reload_config_c_schedule( - void* config_user_data, grpc_tls_credential_reload_arg* arg); -void tls_credential_reload_config_c_cancel(void* config_user_data, - grpc_tls_credential_reload_arg* arg); - /** TLS credential reloag config, wraps grpc_tls_credential_reload_config. **/ class TlsCredentialReloadConfig { public: @@ -108,6 +99,10 @@ class TlsCredentialReloadConfig { ~TlsCredentialReloadConfig(); int Schedule(TlsCredentialReloadArg* arg) const { + if (schedule_ == nullptr) { + gpr_log(GPR_ERROR, "schedule API is nullptr"); + return 1; + } return schedule_(config_user_data_, arg); } @@ -118,10 +113,9 @@ class TlsCredentialReloadConfig { } cancel_(config_user_data_, arg); } + /** Returns a C struct for the credential reload config. **/ - grpc_tls_credential_reload_config* c_credential_reload() const { - return c_config_; - } + grpc_tls_credential_reload_config* c_config() const { return c_config_; } private: grpc_tls_credential_reload_config* c_config_; @@ -136,19 +130,21 @@ class TlsCredentialReloadConfig { class TlsServerAuthorizationCheckArg { public: - TlsServerAuthorizationCheckArg(); + // TlsServerAuthorizationCheckArg(); TlsServerAuthorizationCheckArg(grpc_tls_server_authorization_check_arg arg); ~TlsServerAuthorizationCheckArg(); - /** Getters for member fields. **/ + /** Getters for member fields. They return the corresponding fields of the + * underlying C arg.**/ void* cb_user_data() const; int success() const; - std::shared_ptr target_name() const; - std::shared_ptr peer_cert() const; + grpc::string target_name() const; + grpc::string peer_cert() const; grpc_status_code status() const; - std::shared_ptr error_details() const; + grpc::string error_details() const; - /** Setters for member fields. **/ + /** Setters for member fields. They modify the fields of the underlying C arg. + * **/ void set_cb_user_data(void* cb_user_data); void set_success(int success); void set_target_name(const grpc::string& target_name); @@ -157,18 +153,12 @@ class TlsServerAuthorizationCheckArg { void set_error_details(const grpc::string& error_details); /** Calls the C arg's callback function. **/ - void callback(); + void OnServerAuthorizationCheckDoneCallback(); private: grpc_tls_server_authorization_check_arg c_arg_; }; -// Exposed for testing purposes. -int tls_server_authorization_check_config_c_schedule( - void* config_user_data, grpc_tls_server_authorization_check_arg* arg); -void tls_server_authorization_check_config_c_cancel( - void* config_user_data, grpc_tls_server_authorization_check_arg* arg); - /** TLS server authorization check config, wraps * grps_tls_server_authorization_check_config. **/ class TlsServerAuthorizationCheckConfig { @@ -194,9 +184,8 @@ class TlsServerAuthorizationCheckConfig { cancel_(config_user_data_, arg); } - /** Creates C struct for the credential reload config. **/ - grpc_tls_server_authorization_check_config* c_server_authorization_check() - const { + /** Creates C struct for the server authorization check config. **/ + grpc_tls_server_authorization_check_config* c_config() const { return c_config_; } diff --git a/src/cpp/common/tls_credentials_options.cc b/src/cpp/common/tls_credentials_options.cc index 026e85dcdfa..2f4a95384b9 100644 --- a/src/cpp/common/tls_credentials_options.cc +++ b/src/cpp/common/tls_credentials_options.cc @@ -19,6 +19,7 @@ #include #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" +#include "src/cpp/common/tls_credentials_options_util.h" namespace grpc_impl { namespace experimental { @@ -31,61 +32,7 @@ void TlsKeyMaterialsConfig::set_key_materials( pem_root_certs_ = std::move(pem_root_certs); } -/** Creates a new C struct for the key materials. Note that the user must free - * the underlying pointer to private key and cert chain duplicates; they are not - * freed when the UniquePtr member variables of PemKeyCertPair are unused. - * Similarly, the user must free the underlying pointer to c_pem_root_certs. **/ -grpc_tls_key_materials_config* c_key_materials( - const std::shared_ptr& config) { - grpc_tls_key_materials_config* c_config = - grpc_tls_key_materials_config_create(); - ::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1> - c_pem_key_cert_pair_list; - for (auto key_cert_pair = config->pem_key_cert_pair_list().begin(); - key_cert_pair != config->pem_key_cert_pair_list().end(); - key_cert_pair++) { - grpc_ssl_pem_key_cert_pair* ssl_pair = - (grpc_ssl_pem_key_cert_pair*)gpr_malloc( - sizeof(grpc_ssl_pem_key_cert_pair)); - ssl_pair->private_key = gpr_strdup(key_cert_pair->private_key.c_str()); - ssl_pair->cert_chain = gpr_strdup(key_cert_pair->cert_chain.c_str()); - ::grpc_core::PemKeyCertPair c_pem_key_cert_pair = - ::grpc_core::PemKeyCertPair(ssl_pair); - c_pem_key_cert_pair_list.push_back(::std::move(c_pem_key_cert_pair)); - } - ::grpc_core::UniquePtr c_pem_root_certs( - gpr_strdup(config->pem_root_certs().c_str())); - c_config->set_key_materials(std::move(c_pem_root_certs), - std::move(c_pem_key_cert_pair_list)); - c_config->set_version(config->version()); - return c_config; -} - -/** Creates a new TlsKeyMaterialsConfig from a C struct config. **/ -std::shared_ptr tls_key_materials_c_to_cpp( - const grpc_tls_key_materials_config* config) { - std::shared_ptr cpp_config( - new TlsKeyMaterialsConfig()); - std::vector cpp_pem_key_cert_pair_list; - grpc_tls_key_materials_config::PemKeyCertPairList pem_key_cert_pair_list = - config->pem_key_cert_pair_list(); - for (size_t i = 0; i < pem_key_cert_pair_list.size(); i++) { - ::grpc_core::PemKeyCertPair key_cert_pair = pem_key_cert_pair_list[i]; - TlsKeyMaterialsConfig::PemKeyCertPair p = { - //gpr_strdup(key_cert_pair.private_key()), - //gpr_strdup(key_cert_pair.cert_chain())}; - key_cert_pair.private_key(), key_cert_pair.cert_chain()}; - cpp_pem_key_cert_pair_list.push_back(::std::move(p)); - } - cpp_config->set_key_materials(std::move(config->pem_root_certs()), - std::move(cpp_pem_key_cert_pair_list)); - cpp_config->set_version(config->version()); - return cpp_config; -} - /** TLS credential reload arg API implementation **/ -TlsCredentialReloadArg::TlsCredentialReloadArg() {} - TlsCredentialReloadArg::TlsCredentialReloadArg( grpc_tls_credential_reload_arg arg) { c_arg_ = arg; @@ -102,7 +49,7 @@ void* TlsCredentialReloadArg::cb_user_data() const { * TlsCredentialReloadArg instance. **/ std::shared_ptr TlsCredentialReloadArg::key_materials_config() const { - return tls_key_materials_c_to_cpp(c_arg_.key_materials_config); + return ConvertToCppKeyMaterialsConfig(c_arg_.key_materials_config); } grpc_ssl_certificate_config_reload_status TlsCredentialReloadArg::status() @@ -110,9 +57,8 @@ grpc_ssl_certificate_config_reload_status TlsCredentialReloadArg::status() return c_arg_.status; } -std::shared_ptr TlsCredentialReloadArg::error_details() const { - std::shared_ptr cpp_error_details( - new grpc::string(c_arg_.error_details)); +grpc::string TlsCredentialReloadArg::error_details() const { + grpc::string cpp_error_details(c_arg_.error_details); return cpp_error_details; } @@ -122,7 +68,8 @@ void TlsCredentialReloadArg::set_cb_user_data(void* cb_user_data) { void TlsCredentialReloadArg::set_key_materials_config( const std::shared_ptr& key_materials_config) { - c_arg_.key_materials_config = c_key_materials(key_materials_config); + c_arg_.key_materials_config = + ConvertToCKeyMaterialsConfig(key_materials_config); } void TlsCredentialReloadArg::set_status( @@ -135,32 +82,8 @@ void TlsCredentialReloadArg::set_error_details( c_arg_.error_details = gpr_strdup(error_details.c_str()); } -void TlsCredentialReloadArg::callback() { c_arg_.cb(&c_arg_); } - -/** The C schedule and cancel functions for the credential reload config. **/ -int tls_credential_reload_config_c_schedule( - void* config_user_data, grpc_tls_credential_reload_arg* arg) { - TlsCredentialReloadConfig* cpp_config = - static_cast(arg->config->context()); - TlsCredentialReloadArg cpp_arg(*arg); - int schedule_output = cpp_config->Schedule(&cpp_arg); - arg->cb_user_data = cpp_arg.cb_user_data(); - arg->key_materials_config = c_key_materials(cpp_arg.key_materials_config()); - arg->status = cpp_arg.status(); - arg->error_details = gpr_strdup(cpp_arg.error_details()->c_str()); - return schedule_output; -} - -void tls_credential_reload_config_c_cancel( - void* config_user_data, grpc_tls_credential_reload_arg* arg) { - TlsCredentialReloadConfig* cpp_config = - static_cast(arg->config->context()); - TlsCredentialReloadArg cpp_arg(*arg); - cpp_config->Cancel(&cpp_arg); - arg->cb_user_data = cpp_arg.cb_user_data(); - arg->key_materials_config = c_key_materials(cpp_arg.key_materials_config()); - arg->status = cpp_arg.status(); - arg->error_details = cpp_arg.error_details()->c_str(); +void TlsCredentialReloadArg::OnCredentialReloadDoneCallback() { + c_arg_.cb(&c_arg_); } /** gRPC TLS credential reload config API implementation **/ @@ -182,15 +105,12 @@ TlsCredentialReloadConfig::TlsCredentialReloadConfig( TlsCredentialReloadConfig::~TlsCredentialReloadConfig() {} /** gRPC TLS server authorization check arg API implementation **/ -TlsServerAuthorizationCheckArg::TlsServerAuthorizationCheckArg() {} - TlsServerAuthorizationCheckArg::TlsServerAuthorizationCheckArg( grpc_tls_server_authorization_check_arg arg) { c_arg_ = arg; } -TlsServerAuthorizationCheckArg::~TlsServerAuthorizationCheckArg() { -} +TlsServerAuthorizationCheckArg::~TlsServerAuthorizationCheckArg() {} void* TlsServerAuthorizationCheckArg::cb_user_data() const { return c_arg_.cb_user_data; @@ -198,17 +118,13 @@ void* TlsServerAuthorizationCheckArg::cb_user_data() const { int TlsServerAuthorizationCheckArg::success() const { return c_arg_.success; } -std::shared_ptr TlsServerAuthorizationCheckArg::target_name() - const { - std::shared_ptr cpp_target_name( - new grpc::string(c_arg_.target_name)); +grpc::string TlsServerAuthorizationCheckArg::target_name() const { + grpc::string cpp_target_name(c_arg_.target_name); return cpp_target_name; } -std::shared_ptr TlsServerAuthorizationCheckArg::peer_cert() - const { - std::shared_ptr cpp_peer_cert( - new grpc::string(c_arg_.peer_cert)); +grpc::string TlsServerAuthorizationCheckArg::peer_cert() const { + grpc::string cpp_peer_cert(c_arg_.peer_cert); return cpp_peer_cert; } @@ -216,10 +132,8 @@ grpc_status_code TlsServerAuthorizationCheckArg::status() const { return c_arg_.status; } -std::shared_ptr TlsServerAuthorizationCheckArg::error_details() - const { - std::shared_ptr cpp_error_details( - new grpc::string(c_arg_.error_details)); +grpc::string TlsServerAuthorizationCheckArg::error_details() const { + grpc::string cpp_error_details(c_arg_.error_details); return cpp_error_details; } @@ -250,36 +164,8 @@ void TlsServerAuthorizationCheckArg::set_error_details( c_arg_.error_details = gpr_strdup(error_details.c_str()); } -void TlsServerAuthorizationCheckArg::callback() { c_arg_.cb(&c_arg_); } - -/** The C schedule and cancel functions for the credential reload config. **/ -int tls_server_authorization_check_config_c_schedule( - void* config_user_data, grpc_tls_server_authorization_check_arg* arg) { - TlsServerAuthorizationCheckConfig* cpp_config = - static_cast(arg->config->context()); - TlsServerAuthorizationCheckArg cpp_arg(*arg); - int schedule_output = cpp_config->Schedule(&cpp_arg); - arg->cb_user_data = cpp_arg.cb_user_data(); - arg->success = cpp_arg.success(); - arg->target_name = gpr_strdup(cpp_arg.target_name()->c_str()); - arg->peer_cert = gpr_strdup(cpp_arg.peer_cert()->c_str()); - arg->status = cpp_arg.status(); - arg->error_details = gpr_strdup(cpp_arg.error_details()->c_str()); - return schedule_output; -} - -void tls_server_authorization_check_config_c_cancel( - void* config_user_data, grpc_tls_server_authorization_check_arg* arg) { - TlsServerAuthorizationCheckConfig* cpp_config = - static_cast(arg->config->context()); - TlsServerAuthorizationCheckArg cpp_arg(*arg); - cpp_config->Cancel(&cpp_arg); - arg->cb_user_data = cpp_arg.cb_user_data(); - arg->success = cpp_arg.success(); - arg->target_name = gpr_strdup(cpp_arg.target_name()->c_str()); - arg->peer_cert = gpr_strdup(cpp_arg.peer_cert()->c_str()); - arg->status = cpp_arg.status(); - arg->error_details = gpr_strdup(cpp_arg.error_details()->c_str()); +void TlsServerAuthorizationCheckArg::OnServerAuthorizationCheckDoneCallback() { + c_arg_.cb(&c_arg_); } /** gRPC TLS server authorization check config API implementation **/ @@ -309,13 +195,13 @@ grpc_tls_credentials_options* TlsCredentialsOptions::c_credentials_options() c_options->set_cert_request_type(cert_request_type_); c_options->set_key_materials_config( ::grpc_core::RefCountedPtr( - c_key_materials(key_materials_config_))); + ConvertToCKeyMaterialsConfig(key_materials_config_))); c_options->set_credential_reload_config( ::grpc_core::RefCountedPtr( - credential_reload_config_->c_credential_reload())); + credential_reload_config_->c_config())); c_options->set_server_authorization_check_config( ::grpc_core::RefCountedPtr( - server_authorization_check_config_->c_server_authorization_check())); + server_authorization_check_config_->c_config())); return c_options; } diff --git a/src/cpp/common/tls_credentials_options_util.cc b/src/cpp/common/tls_credentials_options_util.cc new file mode 100644 index 00000000000..702f416d51a --- /dev/null +++ b/src/cpp/common/tls_credentials_options_util.cc @@ -0,0 +1,137 @@ +/* + * + * Copyright 2019 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "src/cpp/common/tls_credentials_options_util.h" +#include + +namespace grpc_impl { +namespace experimental { + +/** Creates a new C struct for the key materials. Note that the user must free + * the underlying pointer to private key and cert chain duplicates; they are not + * freed when the UniquePtr member variables of PemKeyCertPair are unused. + * Similarly, the user must free the underlying pointer to c_pem_root_certs. **/ +grpc_tls_key_materials_config* ConvertToCKeyMaterialsConfig( + const std::shared_ptr& config) { + grpc_tls_key_materials_config* c_config = + grpc_tls_key_materials_config_create(); + ::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1> + c_pem_key_cert_pair_list; + for (auto key_cert_pair = config->pem_key_cert_pair_list().begin(); + key_cert_pair != config->pem_key_cert_pair_list().end(); + key_cert_pair++) { + grpc_ssl_pem_key_cert_pair* ssl_pair = + (grpc_ssl_pem_key_cert_pair*)gpr_malloc( + sizeof(grpc_ssl_pem_key_cert_pair)); + ssl_pair->private_key = gpr_strdup(key_cert_pair->private_key.c_str()); + ssl_pair->cert_chain = gpr_strdup(key_cert_pair->cert_chain.c_str()); + ::grpc_core::PemKeyCertPair c_pem_key_cert_pair = + ::grpc_core::PemKeyCertPair(ssl_pair); + c_pem_key_cert_pair_list.push_back(::std::move(c_pem_key_cert_pair)); + } + ::grpc_core::UniquePtr c_pem_root_certs( + gpr_strdup(config->pem_root_certs().c_str())); + c_config->set_key_materials(std::move(c_pem_root_certs), + std::move(c_pem_key_cert_pair_list)); + c_config->set_version(config->version()); + return c_config; +} + +/** Creates a new TlsKeyMaterialsConfig from a C struct config. **/ +std::shared_ptr ConvertToCppKeyMaterialsConfig( + const grpc_tls_key_materials_config* config) { + std::shared_ptr cpp_config( + new TlsKeyMaterialsConfig()); + std::vector cpp_pem_key_cert_pair_list; + grpc_tls_key_materials_config::PemKeyCertPairList pem_key_cert_pair_list = + config->pem_key_cert_pair_list(); + for (size_t i = 0; i < pem_key_cert_pair_list.size(); i++) { + ::grpc_core::PemKeyCertPair key_cert_pair = pem_key_cert_pair_list[i]; + TlsKeyMaterialsConfig::PemKeyCertPair p = { + // gpr_strdup(key_cert_pair.private_key()), + // gpr_strdup(key_cert_pair.cert_chain())}; + key_cert_pair.private_key(), key_cert_pair.cert_chain()}; + cpp_pem_key_cert_pair_list.push_back(::std::move(p)); + } + cpp_config->set_key_materials(std::move(config->pem_root_certs()), + std::move(cpp_pem_key_cert_pair_list)); + cpp_config->set_version(config->version()); + return cpp_config; +} + +/** The C schedule and cancel functions for the credential reload config. **/ +int tls_credential_reload_config_c_schedule( + void* config_user_data, grpc_tls_credential_reload_arg* arg) { + TlsCredentialReloadConfig* cpp_config = + static_cast(arg->config->context()); + TlsCredentialReloadArg cpp_arg(*arg); + int schedule_output = cpp_config->Schedule(&cpp_arg); + arg->cb_user_data = cpp_arg.cb_user_data(); + arg->key_materials_config = + ConvertToCKeyMaterialsConfig(cpp_arg.key_materials_config()); + arg->status = cpp_arg.status(); + arg->error_details = gpr_strdup(cpp_arg.error_details().c_str()); + return schedule_output; +} + +void tls_credential_reload_config_c_cancel( + void* config_user_data, grpc_tls_credential_reload_arg* arg) { + TlsCredentialReloadConfig* cpp_config = + static_cast(arg->config->context()); + TlsCredentialReloadArg cpp_arg(*arg); + cpp_config->Cancel(&cpp_arg); + arg->cb_user_data = cpp_arg.cb_user_data(); + arg->key_materials_config = + ConvertToCKeyMaterialsConfig(cpp_arg.key_materials_config()); + arg->status = cpp_arg.status(); + arg->error_details = gpr_strdup(cpp_arg.error_details().c_str()); +} + +/** The C schedule and cancel functions for the server authorization check + * config. **/ +int tls_server_authorization_check_config_c_schedule( + void* config_user_data, grpc_tls_server_authorization_check_arg* arg) { + TlsServerAuthorizationCheckConfig* cpp_config = + static_cast(arg->config->context()); + TlsServerAuthorizationCheckArg cpp_arg(*arg); + int schedule_output = cpp_config->Schedule(&cpp_arg); + arg->cb_user_data = cpp_arg.cb_user_data(); + arg->success = cpp_arg.success(); + arg->target_name = gpr_strdup(cpp_arg.target_name().c_str()); + arg->peer_cert = gpr_strdup(cpp_arg.peer_cert().c_str()); + arg->status = cpp_arg.status(); + arg->error_details = gpr_strdup(cpp_arg.error_details().c_str()); + return schedule_output; +} + +void tls_server_authorization_check_config_c_cancel( + void* config_user_data, grpc_tls_server_authorization_check_arg* arg) { + TlsServerAuthorizationCheckConfig* cpp_config = + static_cast(arg->config->context()); + TlsServerAuthorizationCheckArg cpp_arg(*arg); + cpp_config->Cancel(&cpp_arg); + arg->cb_user_data = cpp_arg.cb_user_data(); + arg->success = cpp_arg.success(); + arg->target_name = gpr_strdup(cpp_arg.target_name().c_str()); + arg->peer_cert = gpr_strdup(cpp_arg.peer_cert().c_str()); + arg->status = cpp_arg.status(); + arg->error_details = gpr_strdup(cpp_arg.error_details().c_str()); +} + +} // namespace experimental +} // namespace grpc_impl diff --git a/src/cpp/common/tls_credentials_options_util.h b/src/cpp/common/tls_credentials_options_util.h new file mode 100644 index 00000000000..8cdcf3bd851 --- /dev/null +++ b/src/cpp/common/tls_credentials_options_util.h @@ -0,0 +1,54 @@ +/* + * + * Copyright 2019 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_INTERNAL_CPP_COMMON_TLS_CREDENTIALS_OPTIONS_UTIL_H +#define GRPC_INTERNAL_CPP_COMMON_TLS_CREDENTIALS_OPTIONS_UTIL_H + +#include +#include + +#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" + +namespace grpc_impl { +namespace experimental { + +/** The following 2 functions are exposed for testing purposes. **/ +grpc_tls_key_materials_config* ConvertToCKeyMaterialsConfig( + const std::shared_ptr& config); + +std::shared_ptr ConvertToCppKeyMaterialsConfig( + const grpc_tls_key_materials_config* config); + +/** The following 4 functions convert the user-provided schedule or cancel + * functions into C style schedule or cancel functions. **/ +int tls_credential_reload_config_c_schedule( + void* config_user_data, grpc_tls_credential_reload_arg* arg); + +void tls_credential_reload_config_c_cancel(void* config_user_data, + grpc_tls_credential_reload_arg* arg); + +int tls_server_authorization_check_config_c_schedule( + void* config_user_data, grpc_tls_server_authorization_check_arg* arg); + +void tls_server_authorization_check_config_c_cancel( + void* config_user_data, grpc_tls_server_authorization_check_arg* arg); + +} // namespace experimental +} // namespace grpc_impl + +#endif // GRPC_INTERNAL_CPP_COMMON_TLS_CREDENTIALS_OPTIONS_UTIL_H diff --git a/test/cpp/client/credentials_test.cc b/test/cpp/client/credentials_test.cc index fad93b9fee7..d5a4a827f9f 100644 --- a/test/cpp/client/credentials_test.cc +++ b/test/cpp/client/credentials_test.cc @@ -29,6 +29,7 @@ #include "src/core/lib/gpr/tmpfile.h" #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" #include "src/cpp/client/secure_credentials.h" +#include "src/cpp/common/tls_credentials_options_util.h" namespace { @@ -281,7 +282,8 @@ TEST_F(CredentialsTest, TlsKeyMaterialsConfigCppToC) { "cert_chain"}; std::vector pair_list = {pair}; config->set_key_materials("pem_root_certs", pair_list); - grpc_tls_key_materials_config* c_config = c_key_materials(config); + grpc_tls_key_materials_config* c_config = + ConvertToCKeyMaterialsConfig(config); EXPECT_STREQ("pem_root_certs", c_config->pem_root_certs()); EXPECT_EQ(1, static_cast(c_config->pem_key_cert_pair_list().size())); EXPECT_STREQ(pair.private_key.c_str(), @@ -312,7 +314,7 @@ TEST_F(CredentialsTest, TlsKeyMaterialsCtoCpp) { ::grpc_core::UniquePtr(gpr_strdup("pem_root_certs")), pem_key_cert_pair_list); std::shared_ptr cpp_config = - ::grpc_impl::experimental::tls_key_materials_c_to_cpp(&c_config); + ::grpc_impl::experimental::ConvertToCppKeyMaterialsConfig(&c_config); EXPECT_STREQ("pem_root_certs", cpp_config->pem_root_certs().c_str()); std::vector cpp_pair_list = cpp_config->pem_key_cert_pair_list(); @@ -331,14 +333,15 @@ TEST_F(CredentialsTest, TlsCredentialReloadArgCallback) { c_arg.cb = tls_credential_reload_callback; TlsCredentialReloadArg arg = TlsCredentialReloadArg(c_arg); arg.set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); - arg.callback(); + arg.OnCredentialReloadDoneCallback(); EXPECT_EQ(arg.status(), GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED); } TEST_F(CredentialsTest, TlsCredentialReloadConfigSchedule) { TlsCredentialReloadConfig config(nullptr, &tls_credential_reload_sync, nullptr, nullptr); - TlsCredentialReloadArg arg; + grpc_tls_credential_reload_arg c_arg; + TlsCredentialReloadArg arg(c_arg); arg.set_cb_user_data(static_cast(nullptr)); std::shared_ptr key_materials_config( new TlsKeyMaterialsConfig()); @@ -365,7 +368,7 @@ TEST_F(CredentialsTest, TlsCredentialReloadConfigSchedule) { EXPECT_STREQ(pair_list[2].private_key.c_str(), "private_key3"); EXPECT_STREQ(pair_list[2].cert_chain.c_str(), "cert_chain3"); EXPECT_EQ(arg.status(), GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); - EXPECT_STREQ(arg.error_details()->c_str(), "error_details"); + EXPECT_STREQ(arg.error_details().c_str(), "error_details"); } TEST_F(CredentialsTest, TlsCredentialReloadConfigCppToC) { @@ -396,7 +399,7 @@ TEST_F(CredentialsTest, TlsCredentialReloadConfigCppToC) { grpc::string test_error_details = "error_details"; c_arg.error_details = test_error_details.c_str(); - grpc_tls_credential_reload_config* c_config = config.c_credential_reload(); + grpc_tls_credential_reload_config* c_config = config.c_config(); c_arg.config = c_config; int c_schedule_output = c_config->Schedule(&c_arg); EXPECT_EQ(c_schedule_output, 0); @@ -428,12 +431,6 @@ typedef class ::grpc_impl::experimental::TlsServerAuthorizationCheckConfig TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCallback) { grpc_tls_server_authorization_check_arg c_arg; c_arg.cb = tls_server_authorization_check_callback; - //c_arg.cb_user_data = nullptr; - //c_arg.success = 0; - //c_arg.target_name = "target_name"; - //c_arg.peer_cert = "peer_cert"; - //c_arg.status = GRPC_STATUS_UNAUTHENTICATED; - //c_arg.error_details = "error_details"; TlsServerAuthorizationCheckArg arg(c_arg); arg.set_cb_user_data(nullptr); arg.set_success(0); @@ -441,20 +438,21 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCallback) { arg.set_peer_cert("peer_cert"); arg.set_status(GRPC_STATUS_UNAUTHENTICATED); arg.set_error_details("error_details"); - arg.callback(); + arg.OnServerAuthorizationCheckDoneCallback(); EXPECT_STREQ(static_cast(arg.cb_user_data()), "cb_user_data"); gpr_free(arg.cb_user_data()); EXPECT_EQ(arg.success(), 1); - EXPECT_STREQ(arg.target_name()->c_str(), "callback_target_name"); - EXPECT_STREQ(arg.peer_cert()->c_str(), "callback_peer_cert"); + EXPECT_STREQ(arg.target_name().c_str(), "callback_target_name"); + EXPECT_STREQ(arg.peer_cert().c_str(), "callback_peer_cert"); EXPECT_EQ(arg.status(), GRPC_STATUS_OK); - EXPECT_STREQ(arg.error_details()->c_str(), "callback_error_details"); + EXPECT_STREQ(arg.error_details().c_str(), "callback_error_details"); } TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigSchedule) { TlsServerAuthorizationCheckConfig config = TlsServerAuthorizationCheckConfig( nullptr, &tls_server_authorization_check_sync, nullptr, nullptr); - TlsServerAuthorizationCheckArg arg; + grpc_tls_server_authorization_check_arg c_arg; + TlsServerAuthorizationCheckArg arg(c_arg); arg.set_cb_user_data(nullptr); arg.set_success(0); arg.set_target_name("target_name"); @@ -466,10 +464,10 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigSchedule) { EXPECT_STREQ(static_cast(arg.cb_user_data()), "cb_user_data"); gpr_free(arg.cb_user_data()); EXPECT_EQ(arg.success(), 1); - EXPECT_STREQ(arg.target_name()->c_str(), "sync_target_name"); - EXPECT_STREQ(arg.peer_cert()->c_str(), "sync_peer_cert"); + EXPECT_STREQ(arg.target_name().c_str(), "sync_target_name"); + EXPECT_STREQ(arg.peer_cert().c_str(), "sync_peer_cert"); EXPECT_EQ(arg.status(), GRPC_STATUS_OK); - EXPECT_STREQ(arg.error_details()->c_str(), "sync_error_details"); + EXPECT_STREQ(arg.error_details().c_str(), "sync_error_details"); } TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigCppToC) { @@ -485,8 +483,7 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigCppToC) { c_arg.status = GRPC_STATUS_UNAUTHENTICATED; c_arg.error_details = "error_details"; - grpc_tls_server_authorization_check_config* c_config = - config.c_server_authorization_check(); + grpc_tls_server_authorization_check_config* c_config = config.c_config(); c_arg.config = c_config; int c_schedule_output = c_config->Schedule(&c_arg); EXPECT_EQ(c_schedule_output, 1); diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal index 3507e32592b..8987ac77941 100644 --- a/tools/doxygen/Doxyfile.c++.internal +++ b/tools/doxygen/Doxyfile.c++.internal @@ -1266,6 +1266,8 @@ src/cpp/common/secure_auth_context.h \ src/cpp/common/secure_channel_arguments.cc \ src/cpp/common/secure_create_auth_context.cc \ src/cpp/common/tls_credentials_options.cc \ +src/cpp/common/tls_credentials_options_util.cc \ +src/cpp/common/tls_credentials_options_util.h \ src/cpp/common/validate_service_config.cc \ src/cpp/common/version_cc.cc \ src/cpp/server/async_generic_service.cc \