mirror of https://github.com/grpc/grpc.git
The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)
https://grpc.io/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
183 lines
5.9 KiB
183 lines
5.9 KiB
// |
|
// Copyright 2020 gRPC authors. |
|
// |
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
|
// you may not use this file except in compliance with the License. |
|
// You may obtain a copy of the License at |
|
// |
|
// http://www.apache.org/licenses/LICENSE-2.0 |
|
// |
|
// Unless required by applicable law or agreed to in writing, software |
|
// distributed under the License is distributed on an "AS IS" BASIS, |
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
// See the License for the specific language governing permissions and |
|
// limitations under the License. |
|
// |
|
|
|
#ifndef GRPC_TEST_CORE_UTIL_TLS_UTILS_H |
|
#define GRPC_TEST_CORE_UTIL_TLS_UTILS_H |
|
|
|
#include <deque> |
|
#include <string> |
|
#include <utility> |
|
|
|
#include "absl/base/thread_annotations.h" |
|
#include "absl/strings/string_view.h" |
|
|
|
#include <grpc/grpc.h> |
|
#include <grpc/grpc_security.h> |
|
#include <grpc/status.h> |
|
|
|
#include "src/core/lib/gprpp/sync.h" |
|
#include "src/core/lib/gprpp/thd.h" |
|
#include "src/core/lib/security/security_connector/ssl_utils.h" |
|
|
|
namespace grpc_core { |
|
|
|
namespace testing { |
|
|
|
class TmpFile { |
|
public: |
|
// Create a temporary file with |data| written in. |
|
explicit TmpFile(absl::string_view data); |
|
|
|
~TmpFile(); |
|
|
|
const std::string& name() { return name_; } |
|
|
|
// Rewrite |data| to the temporary file, in an atomic way. |
|
void RewriteFile(absl::string_view data); |
|
|
|
private: |
|
std::string CreateTmpFileAndWriteData(absl::string_view data); |
|
|
|
std::string name_; |
|
}; |
|
|
|
PemKeyCertPairList MakeCertKeyPairs(absl::string_view private_key, |
|
absl::string_view certs); |
|
|
|
std::string GetFileContents(const std::string& path); |
|
|
|
// A synchronous external verifier implementation that simply returns |
|
// verification results based on users' inputs. Note that it will delete itself |
|
// in Destruct(), so create it like |
|
// ``` |
|
// auto* sync_verifier_ = new SyncExternalVerifier(false); |
|
// ``` |
|
// and no need to delete it later. This is basically to keep consistent with the |
|
// semantics in AsyncExternalVerifier. |
|
class SyncExternalVerifier { |
|
public: |
|
explicit SyncExternalVerifier(bool success) |
|
: success_(success), base_{this, Verify, Cancel, Destruct} {} |
|
|
|
grpc_tls_certificate_verifier_external* base() { return &base_; } |
|
|
|
private: |
|
static int Verify(void* user_data, |
|
grpc_tls_custom_verification_check_request* request, |
|
grpc_tls_on_custom_verification_check_done_cb callback, |
|
void* callback_arg, grpc_status_code* sync_status, |
|
char** sync_error_details); |
|
|
|
static void Cancel(void*, grpc_tls_custom_verification_check_request*) {} |
|
|
|
static void Destruct(void* user_data); |
|
|
|
bool success_ = false; |
|
grpc_tls_certificate_verifier_external base_; |
|
}; |
|
|
|
// An asynchronous external verifier implementation that runs a thread and |
|
// process each request received from the verifier sequentially. Note that it |
|
// will delete itself in Destruct(), so create it like |
|
// ``` |
|
// auto* async_verifier = new AsyncExternalVerifier(true, &event); |
|
// auto* core_external_verifier = |
|
// new ExternalCertificateVerifier(async_verifier->base()); |
|
// ``` |
|
// and no need to delete it later. |
|
// We delete AsyncExternalVerifier in Destruct() instead of its dtor because we |
|
// wanted AsyncExternalVerifier to outlive the underlying core |
|
// ExternalCertificateVerifier implementation. |
|
class AsyncExternalVerifier { |
|
public: |
|
explicit AsyncExternalVerifier(bool success) |
|
: success_(success), |
|
thread_("AsyncExternalVerifierWorkerThread", WorkerThread, this), |
|
base_{this, Verify, Cancel, Destruct} { |
|
grpc_init(); |
|
thread_.Start(); |
|
} |
|
|
|
~AsyncExternalVerifier(); |
|
|
|
grpc_tls_certificate_verifier_external* base() { return &base_; } |
|
|
|
private: |
|
// A request to pass to the worker thread. |
|
struct Request { |
|
grpc_tls_custom_verification_check_request* request; |
|
grpc_tls_on_custom_verification_check_done_cb callback; |
|
void* callback_arg; |
|
bool shutdown; // If true, thread will exit. |
|
}; |
|
|
|
static int Verify(void* user_data, |
|
grpc_tls_custom_verification_check_request* request, |
|
grpc_tls_on_custom_verification_check_done_cb callback, |
|
void* callback_arg, grpc_status_code* sync_status, |
|
char** sync_error_details); |
|
|
|
static void Cancel(void*, grpc_tls_custom_verification_check_request*) {} |
|
|
|
static void Destruct(void* user_data); |
|
|
|
static void WorkerThread(void* arg); |
|
|
|
bool success_ = false; |
|
Thread thread_; |
|
grpc_tls_certificate_verifier_external base_; |
|
Mutex mu_; |
|
std::deque<Request> queue_ ABSL_GUARDED_BY(mu_); |
|
}; |
|
|
|
// A synchronous external verifier implementation that verifies configured |
|
// properties exist with the correct values. Note that it will delete itself in |
|
// Destruct(), so create it like |
|
// ``` |
|
// auto* verifier_ = new PeerPropertyExternalVerifier(...); |
|
// ``` |
|
// and no need to delete it later. This is basically to keep consistent with the |
|
// semantics in AsyncExternalVerifier. |
|
class PeerPropertyExternalVerifier { |
|
public: |
|
explicit PeerPropertyExternalVerifier( |
|
std::string expected_verified_root_cert_subject) |
|
: expected_verified_root_cert_subject_( |
|
std::move(expected_verified_root_cert_subject)), |
|
base_{this, Verify, Cancel, Destruct} {} |
|
|
|
grpc_tls_certificate_verifier_external* base() { return &base_; } |
|
|
|
private: |
|
static int Verify(void* user_data, |
|
grpc_tls_custom_verification_check_request* request, |
|
grpc_tls_on_custom_verification_check_done_cb callback, |
|
void* callback_arg, grpc_status_code* sync_status, |
|
char** sync_error_details); |
|
|
|
static void Cancel(void*, grpc_tls_custom_verification_check_request*) {} |
|
|
|
static void Destruct(void* user_data); |
|
|
|
std::string expected_verified_root_cert_subject_; |
|
grpc_tls_certificate_verifier_external base_; |
|
}; |
|
|
|
} // namespace testing |
|
|
|
} // namespace grpc_core |
|
|
|
#endif // GRPC_TEST_CORE_UTIL_TLS_UTILS_H
|
|
|