mirror of https://github.com/grpc/grpc.git
Sree Kuchibhotla
7 years ago
commit
d69fdefcfa
104 changed files with 1761 additions and 432 deletions
@ -1,4 +1,4 @@ |
||||
set noparent |
||||
@jtattermusch |
||||
@nicolasnoble |
||||
@matt-kwong |
||||
@mehrdada |
||||
|
||||
@ -0,0 +1,36 @@ |
||||
# SSL in gRPC and performance |
||||
|
||||
The SSL requirement of gRPC isn't necessarily making it easy to integrate. The HTTP/2 protocol requires ALPN support, which is a fairly new handshake protocol only supported by recent implementations. |
||||
|
||||
As a result, we've tried hard to provide a smooth experience to our users when compiling and distributing gRPC, but this may come at performance costs due to this. More specifically, we will sometime build the SSL library by disabling assembly code |
||||
(by setting the `OPENSSL_NO_ASM` option), which can impact performance by an order of magnitude when processing encrypted streams. |
||||
|
||||
## gRPC C++: Building from Source |
||||
|
||||
Build system | Condition | Platform | Uses assembly optimizations |
||||
---|---|---|-- |
||||
Makefile | with OpenSSL 1.0.2 development files | all | :heavy_check_mark: |
||||
Makefile | all other cases | all | :x: |
||||
Bazel | | Linux | :heavy_check_mark: |
||||
Bazel | | MacOS | :heavy_check_mark: |
||||
Bazel | | Windows | :x: |
||||
CMake | boringssl from submodule (default) | all | :x: |
||||
CMake | pre-installed OpenSSL 1.0.2+ (`gRPC_SSL_PROVIDER=package`) | all | :heavy_check_mark: |
||||
|
||||
## Other Languages: Binary/Source Packages |
||||
|
||||
In addition, we are shipping packages for language implementations. These packages are source packages, but also have pre-built binaries being distributed. Building packages from source may give a different result in some cases. |
||||
|
||||
Language | From source | Platform | Uses assembly optimizations |
||||
---|---|---|--- |
||||
C# | n/a | all | :x: |
||||
Node.JS | n/a | Linux | :heavy_check_mark: |
||||
Node.JS | n/a | MacOS | :heavy_check_mark: |
||||
Node.JS | n/a | Windows | :x: |
||||
Electron | n/a | all | :heavy_check_mark: |
||||
ObjC | Yes | iOS | :x: |
||||
PHP | Yes | all | Same as the `Makefile` case from above |
||||
PHP | No | all | :x: |
||||
Python | n/a | all | :x: |
||||
Ruby | No | all | :x: |
||||
|
||||
@ -0,0 +1,75 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2015 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include "src/core/lib/iomgr/port.h" |
||||
|
||||
#ifdef GRPC_CFSTREAM_IOMGR |
||||
|
||||
#include "src/core/lib/debug/trace.h" |
||||
#include "src/core/lib/iomgr/ev_posix.h" |
||||
#include "src/core/lib/iomgr/iomgr_internal.h" |
||||
#include "src/core/lib/iomgr/iomgr_posix.h" |
||||
#include "src/core/lib/iomgr/resolve_address.h" |
||||
#include "src/core/lib/iomgr/tcp_client.h" |
||||
#include "src/core/lib/iomgr/tcp_posix.h" |
||||
#include "src/core/lib/iomgr/tcp_server.h" |
||||
#include "src/core/lib/iomgr/timer.h" |
||||
|
||||
static const char* grpc_cfstream_env_var = "grpc_cfstream"; |
||||
|
||||
extern grpc_tcp_server_vtable grpc_posix_tcp_server_vtable; |
||||
extern grpc_tcp_client_vtable grpc_posix_tcp_client_vtable; |
||||
extern grpc_tcp_client_vtable grpc_cfstream_client_vtable; |
||||
extern grpc_timer_vtable grpc_generic_timer_vtable; |
||||
extern grpc_pollset_vtable grpc_posix_pollset_vtable; |
||||
extern grpc_pollset_set_vtable grpc_posix_pollset_set_vtable; |
||||
extern grpc_address_resolver_vtable grpc_posix_resolver_vtable; |
||||
|
||||
static void iomgr_platform_init(void) { |
||||
grpc_wakeup_fd_global_init(); |
||||
grpc_event_engine_init(); |
||||
} |
||||
|
||||
static void iomgr_platform_flush(void) {} |
||||
|
||||
static void iomgr_platform_shutdown(void) { |
||||
grpc_event_engine_shutdown(); |
||||
grpc_wakeup_fd_global_destroy(); |
||||
} |
||||
|
||||
static grpc_iomgr_platform_vtable vtable = { |
||||
iomgr_platform_init, iomgr_platform_flush, iomgr_platform_shutdown}; |
||||
|
||||
void grpc_set_default_iomgr_platform() { |
||||
char* enable_cfstream = getenv(grpc_cfstream_env_var); |
||||
grpc_tcp_client_vtable* client_vtable = &grpc_posix_tcp_client_vtable; |
||||
if (enable_cfstream != nullptr && enable_cfstream[0] == '1') { |
||||
client_vtable = &grpc_cfstream_client_vtable; |
||||
} |
||||
grpc_set_tcp_client_impl(client_vtable); |
||||
grpc_set_tcp_server_impl(&grpc_posix_tcp_server_vtable); |
||||
grpc_set_timer_impl(&grpc_generic_timer_vtable); |
||||
grpc_set_pollset_vtable(&grpc_posix_pollset_vtable); |
||||
grpc_set_pollset_set_vtable(&grpc_posix_pollset_set_vtable); |
||||
grpc_set_resolver_impl(&grpc_posix_resolver_vtable); |
||||
grpc_set_iomgr_platform_vtable(&vtable); |
||||
} |
||||
|
||||
#endif /* GRPC_CFSTREAM_IOMGR */ |
||||
@ -0,0 +1,29 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_H |
||||
#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_H |
||||
|
||||
namespace grpc_core { |
||||
|
||||
// Returns a slice containing roots from the OS trust store
|
||||
grpc_slice LoadSystemRootCerts(); |
||||
|
||||
} // namespace grpc_core
|
||||
|
||||
#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_H */ |
||||
@ -0,0 +1,32 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include <grpc/slice_buffer.h> |
||||
#include "src/core/lib/security/security_connector/load_system_roots.h" |
||||
|
||||
#ifndef GPR_LINUX |
||||
|
||||
namespace grpc_core { |
||||
|
||||
grpc_slice LoadSystemRootCerts() { return grpc_empty_slice(); } |
||||
|
||||
} // namespace grpc_core
|
||||
|
||||
#endif /* GPR_LINUX */ |
||||
@ -0,0 +1,165 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include <grpc/slice_buffer.h> |
||||
#include "src/core/lib/security/security_connector/load_system_roots_linux.h" |
||||
|
||||
#ifdef GPR_LINUX |
||||
|
||||
#include "src/core/lib/security/security_connector/load_system_roots.h" |
||||
|
||||
#include <dirent.h> |
||||
#include <fcntl.h> |
||||
#include <stdbool.h> |
||||
#include <string.h> |
||||
#include <sys/param.h> |
||||
#include <sys/stat.h> |
||||
#include <sys/types.h> |
||||
#include <unistd.h> |
||||
|
||||
#include <grpc/support/alloc.h> |
||||
#include <grpc/support/log.h> |
||||
#include <grpc/support/string_util.h> |
||||
|
||||
#include "src/core/lib/gpr/env.h" |
||||
#include "src/core/lib/gpr/string.h" |
||||
#include "src/core/lib/gpr/useful.h" |
||||
#include "src/core/lib/gprpp/inlined_vector.h" |
||||
#include "src/core/lib/iomgr/load_file.h" |
||||
|
||||
namespace grpc_core { |
||||
namespace { |
||||
|
||||
const char* kLinuxCertFiles[] = { |
||||
"/etc/ssl/certs/ca-certificates.crt", "/etc/pki/tls/certs/ca-bundle.crt", |
||||
"/etc/ssl/ca-bundle.pem", "/etc/pki/tls/cacert.pem", |
||||
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}; |
||||
const char* kLinuxCertDirectories[] = { |
||||
"/etc/ssl/certs", "/system/etc/security/cacerts", "/usr/local/share/certs", |
||||
"/etc/pki/tls/certs", "/etc/openssl/certs"}; |
||||
|
||||
grpc_slice GetSystemRootCerts() { |
||||
grpc_slice valid_bundle_slice = grpc_empty_slice(); |
||||
size_t num_cert_files_ = GPR_ARRAY_SIZE(kLinuxCertFiles); |
||||
for (size_t i = 0; i < num_cert_files_; i++) { |
||||
grpc_error* error = |
||||
grpc_load_file(kLinuxCertFiles[i], 1, &valid_bundle_slice); |
||||
if (error == GRPC_ERROR_NONE) { |
||||
return valid_bundle_slice; |
||||
} |
||||
} |
||||
return grpc_empty_slice(); |
||||
} |
||||
|
||||
} // namespace
|
||||
|
||||
void GetAbsoluteFilePath(const char* valid_file_dir, |
||||
const char* file_entry_name, char* path_buffer) { |
||||
if (valid_file_dir != nullptr && file_entry_name != nullptr) { |
||||
int path_len = snprintf(path_buffer, MAXPATHLEN, "%s/%s", valid_file_dir, |
||||
file_entry_name); |
||||
if (path_len == 0) { |
||||
gpr_log(GPR_ERROR, "failed to get absolute path for file: %s", |
||||
file_entry_name); |
||||
} |
||||
} |
||||
} |
||||
|
||||
grpc_slice CreateRootCertsBundle(const char* certs_directory) { |
||||
grpc_slice bundle_slice = grpc_empty_slice(); |
||||
if (certs_directory == nullptr) { |
||||
return bundle_slice; |
||||
} |
||||
DIR* ca_directory = opendir(certs_directory); |
||||
if (ca_directory == nullptr) { |
||||
return bundle_slice; |
||||
} |
||||
struct FileData { |
||||
char path[MAXPATHLEN]; |
||||
off_t size; |
||||
}; |
||||
InlinedVector<FileData, 2> roots_filenames; |
||||
size_t total_bundle_size = 0; |
||||
struct dirent* directory_entry; |
||||
while ((directory_entry = readdir(ca_directory)) != nullptr) { |
||||
struct stat dir_entry_stat; |
||||
const char* file_entry_name = directory_entry->d_name; |
||||
FileData file_data; |
||||
GetAbsoluteFilePath(certs_directory, file_entry_name, file_data.path); |
||||
int stat_return = stat(file_data.path, &dir_entry_stat); |
||||
if (stat_return == -1 || !S_ISREG(dir_entry_stat.st_mode)) { |
||||
// no subdirectories.
|
||||
if (stat_return == -1) { |
||||
gpr_log(GPR_ERROR, "failed to get status for file: %s", file_data.path); |
||||
} |
||||
continue; |
||||
} |
||||
file_data.size = dir_entry_stat.st_size; |
||||
total_bundle_size += file_data.size; |
||||
roots_filenames.push_back(file_data); |
||||
} |
||||
closedir(ca_directory); |
||||
char* bundle_string = static_cast<char*>(gpr_zalloc(total_bundle_size + 1)); |
||||
size_t bytes_read = 0; |
||||
for (size_t i = 0; i < roots_filenames.size(); i++) { |
||||
int file_descriptor = open(roots_filenames[i].path, O_RDONLY); |
||||
if (file_descriptor != -1) { |
||||
// Read file into bundle.
|
||||
size_t cert_file_size = roots_filenames[i].size; |
||||
int read_ret = |
||||
read(file_descriptor, bundle_string + bytes_read, cert_file_size); |
||||
if (read_ret != -1) { |
||||
bytes_read += read_ret; |
||||
} else { |
||||
gpr_log(GPR_ERROR, "failed to read file: %s", roots_filenames[i].path); |
||||
} |
||||
} |
||||
} |
||||
bundle_slice = grpc_slice_new(bundle_string, bytes_read, gpr_free); |
||||
return bundle_slice; |
||||
} |
||||
|
||||
grpc_slice LoadSystemRootCerts() { |
||||
grpc_slice result = grpc_empty_slice(); |
||||
// Prioritize user-specified custom directory if flag is set.
|
||||
char* custom_dir = gpr_getenv("GRPC_SYSTEM_SSL_ROOTS_DIR"); |
||||
if (custom_dir != nullptr) { |
||||
result = CreateRootCertsBundle(custom_dir); |
||||
gpr_free(custom_dir); |
||||
} |
||||
// If the custom directory is empty/invalid/not specified, fallback to
|
||||
// distribution-specific directory.
|
||||
if (GRPC_SLICE_IS_EMPTY(result)) { |
||||
result = GetSystemRootCerts(); |
||||
} |
||||
if (GRPC_SLICE_IS_EMPTY(result)) { |
||||
for (size_t i = 0; i < GPR_ARRAY_SIZE(kLinuxCertDirectories); i++) { |
||||
result = CreateRootCertsBundle(kLinuxCertDirectories[i]); |
||||
if (!GRPC_SLICE_IS_EMPTY(result)) { |
||||
break; |
||||
} |
||||
} |
||||
} |
||||
return result; |
||||
} |
||||
|
||||
} // namespace grpc_core
|
||||
|
||||
#endif /* GPR_LINUX */ |
||||
@ -0,0 +1,44 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_LINUX_H |
||||
#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_LINUX_H |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#ifdef GPR_LINUX |
||||
|
||||
namespace grpc_core { |
||||
|
||||
// Creates a bundle slice containing the contents of all certificate files in
|
||||
// a directory.
|
||||
// Returns such slice.
|
||||
// Exposed for testing purposes only.
|
||||
grpc_slice CreateRootCertsBundle(const char* certs_directory); |
||||
|
||||
// Gets the absolute file path needed to load a certificate file.
|
||||
// Populates path_buffer, which must be of size MAXPATHLEN.
|
||||
// Exposed for testing purposes only.
|
||||
void GetAbsoluteFilePath(const char* valid_file_dir, |
||||
const char* file_entry_name, char* path_buffer); |
||||
|
||||
} // namespace grpc_core
|
||||
|
||||
#endif /* GPR_LINUX */ |
||||
#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOAD_SYSTEM_ROOTS_LINUX_H \ |
||||
*/ |
||||
@ -1,25 +1,22 @@ |
||||
<?xml version="1.0" encoding="utf-8"?> |
||||
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> |
||||
<PropertyGroup> |
||||
<_GrpcCoreNugetNativePath Condition="'$(_GrpcCoreNugetNativePath)' == ''">$(MSBuildThisFileDirectory)..\..\</_GrpcCoreNugetNativePath> |
||||
</PropertyGroup> |
||||
|
||||
<ItemGroup Condition="'$(TargetFrameworkIdentifier)' == 'MonoAndroid'"> |
||||
<AndroidNativeLibrary Include="$(_GrpcCoreNugetNativePath)runtimes\monoandroid\arm64-v8a\libgrpc_csharp_ext.so"> |
||||
<AndroidNativeLibrary Include="$(MSBuildThisFileDirectory)..\..\native\android\arm64-v8a\libgrpc_csharp_ext.so"> |
||||
<CopyToOutputDirectory>Always</CopyToOutputDirectory> |
||||
<Abi>arm64-v8a</Abi> |
||||
</AndroidNativeLibrary> |
||||
</ItemGroup> |
||||
|
||||
<ItemGroup Condition="'$(TargetFrameworkIdentifier)' == 'MonoAndroid'"> |
||||
<AndroidNativeLibrary Include="$(_GrpcCoreNugetNativePath)runtimes\monoandroid\armeabi-v7a\libgrpc_csharp_ext.so"> |
||||
<AndroidNativeLibrary Include="$(MSBuildThisFileDirectory)..\..\native\android\armeabi-v7a\libgrpc_csharp_ext.so"> |
||||
<CopyToOutputDirectory>Always</CopyToOutputDirectory> |
||||
<Abi>armeabi-v7a</Abi> |
||||
</AndroidNativeLibrary> |
||||
</ItemGroup> |
||||
|
||||
<ItemGroup Condition="'$(TargetFrameworkIdentifier)' == 'MonoAndroid'"> |
||||
<AndroidNativeLibrary Include="$(_GrpcCoreNugetNativePath)runtimes\monoandroid\x86\libgrpc_csharp_ext.so"> |
||||
<AndroidNativeLibrary Include="$(MSBuildThisFileDirectory)..\..\native\android\x86\libgrpc_csharp_ext.so"> |
||||
<CopyToOutputDirectory>Always</CopyToOutputDirectory> |
||||
<Abi>x86</Abi> |
||||
</AndroidNativeLibrary> |
||||
@ -0,0 +1,22 @@ |
||||
# Copyright 2018 gRPC authors. |
||||
# |
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
licenses(["notice"]) # Apache v2 |
||||
|
||||
exports_files([ |
||||
"bundle.pem", |
||||
"test_roots/cert1.pem", |
||||
"test_roots/cert2.pem", |
||||
"test_roots/cert3.pem", |
||||
]) |
||||
@ -0,0 +1,2 @@ |
||||
These files are manual copies of a pem cert from the /etc/ssl/certs/ directory. |
||||
They serve only as dummy certificate test files. |
||||
@ -0,0 +1,63 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,21 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,21 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,21 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE |
||||
AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG |
||||
EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM |
||||
FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC |
||||
REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp |
||||
Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM |
||||
VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ |
||||
SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ |
||||
4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L |
||||
cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi |
||||
eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV |
||||
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG |
||||
A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 |
||||
DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j |
||||
vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP |
||||
DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc |
||||
maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D |
||||
lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv |
||||
KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,104 @@ |
||||
/*
|
||||
* |
||||
* Copyright 2018 gRPC authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
* |
||||
*/ |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
#include <stdio.h> |
||||
|
||||
#ifdef GPR_LINUX |
||||
#include <grpc/grpc_security.h> |
||||
#include <grpc/support/alloc.h> |
||||
#include <grpc/support/log.h> |
||||
#include <grpc/support/string_util.h> |
||||
#include <string.h> |
||||
#include <sys/param.h> |
||||
|
||||
#include "src/core/lib/gpr/env.h" |
||||
#include "src/core/lib/gpr/tmpfile.h" |
||||
#include "src/core/lib/iomgr/load_file.h" |
||||
#include "src/core/lib/security/context/security_context.h" |
||||
#include "src/core/lib/security/security_connector/load_system_roots.h" |
||||
#include "src/core/lib/security/security_connector/load_system_roots_linux.h" |
||||
#include "src/core/lib/security/security_connector/security_connector.h" |
||||
#include "src/core/lib/slice/slice_string_helpers.h" |
||||
#include "src/core/tsi/ssl_transport_security.h" |
||||
#include "src/core/tsi/transport_security.h" |
||||
#include "test/core/util/test_config.h" |
||||
|
||||
#include "gtest/gtest.h" |
||||
|
||||
#ifndef GRPC_USE_SYSTEM_SSL_ROOTS_ENV_VAR |
||||
#define GRPC_USE_SYSTEM_SSL_ROOTS_ENV_VAR "GRPC_USE_SYSTEM_SSL_ROOTS" |
||||
#endif |
||||
|
||||
namespace grpc { |
||||
namespace { |
||||
|
||||
TEST(AbsoluteFilePathTest, ConcatenatesCorrectly) { |
||||
const char* directory = "nonexistent/test/directory"; |
||||
const char* filename = "doesnotexist.txt"; |
||||
char result_path[MAXPATHLEN]; |
||||
grpc_core::GetAbsoluteFilePath(directory, filename, result_path); |
||||
EXPECT_STREQ(result_path, "nonexistent/test/directory/doesnotexist.txt"); |
||||
} |
||||
|
||||
TEST(CreateRootCertsBundleTest, ReturnsEmpty) { |
||||
// Test that CreateRootCertsBundle returns an empty slice for null or
|
||||
// nonexistent cert directories.
|
||||
grpc_slice result_slice = grpc_core::CreateRootCertsBundle(nullptr); |
||||
EXPECT_TRUE(GRPC_SLICE_IS_EMPTY(result_slice)); |
||||
grpc_slice_unref(result_slice); |
||||
result_slice = grpc_core::CreateRootCertsBundle("does/not/exist"); |
||||
EXPECT_TRUE(GRPC_SLICE_IS_EMPTY(result_slice)); |
||||
grpc_slice_unref(result_slice); |
||||
} |
||||
|
||||
TEST(CreateRootCertsBundleTest, BundlesCorrectly) { |
||||
gpr_setenv(GRPC_USE_SYSTEM_SSL_ROOTS_ENV_VAR, "true"); |
||||
// Test that CreateRootCertsBundle returns a correct slice.
|
||||
grpc_slice roots_bundle = grpc_empty_slice(); |
||||
GRPC_LOG_IF_ERROR( |
||||
"load_file", |
||||
grpc_load_file("test/core/security/etc/bundle.pem", 1, &roots_bundle)); |
||||
// result_slice should have the same content as roots_bundle.
|
||||
grpc_slice result_slice = |
||||
grpc_core::CreateRootCertsBundle("test/core/security/etc/test_roots"); |
||||
char* result_str = grpc_slice_to_c_string(result_slice); |
||||
char* bundle_str = grpc_slice_to_c_string(roots_bundle); |
||||
EXPECT_STREQ(result_str, bundle_str); |
||||
// Clean up.
|
||||
unsetenv(GRPC_USE_SYSTEM_SSL_ROOTS_ENV_VAR); |
||||
gpr_free(result_str); |
||||
gpr_free(bundle_str); |
||||
grpc_slice_unref(roots_bundle); |
||||
grpc_slice_unref(result_slice); |
||||
} |
||||
|
||||
} // namespace
|
||||
} // namespace grpc
|
||||
|
||||
int main(int argc, char** argv) { |
||||
grpc_test_init(argc, argv); |
||||
::testing::InitGoogleTest(&argc, argv); |
||||
return RUN_ALL_TESTS(); |
||||
} |
||||
#else |
||||
int main() { |
||||
printf("*** WARNING: this test is only supported on Linux systems ***\n"); |
||||
return 0; |
||||
} |
||||
#endif // GPR_LINUX
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue