channel_credentials.c
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
24 #include "channel_credentials.h"
25 
26 #include <ext/standard/sha1.h>
27 #include <ext/spl/spl_exceptions.h>
28 #include <zend_exceptions.h>
29 
30 #include <grpc/support/alloc.h>
31 #include <grpc/support/string_util.h>
32 
33 #include "call_credentials.h"
34 #include "channel.h"
35 
36 zend_class_entry *grpc_ce_channel_credentials;
37 PHP_GRPC_DECLARE_OBJECT_HANDLER(channel_credentials_ce_handlers)
38 static char *default_pem_root_certs = NULL;
39 
40 static grpc_ssl_roots_override_result get_ssl_roots_override(
41  char **pem_root_certs) {
42  if (!default_pem_root_certs) {
43  *pem_root_certs = NULL;
44  return GRPC_SSL_ROOTS_OVERRIDE_FAIL;
45  }
46  *pem_root_certs = gpr_strdup(default_pem_root_certs);
47  return GRPC_SSL_ROOTS_OVERRIDE_OK;
48 }
49 
50 /* Frees and destroys an instance of wrapped_grpc_channel_credentials */
51 PHP_GRPC_FREE_WRAPPED_FUNC_START(wrapped_grpc_channel_credentials)
52  if (p->hashstr != NULL) {
53  free(p->hashstr);
54  p->hashstr = NULL;
55  }
56  if (p->wrapped != NULL) {
57  grpc_channel_credentials_release(p->wrapped);
58  p->wrapped = NULL;
59  }
60 PHP_GRPC_FREE_WRAPPED_FUNC_END()
61 
62 /* Initializes an instance of wrapped_grpc_channel_credentials to be
63  * associated with an object of a class specified by class_type */
64 php_grpc_zend_object create_wrapped_grpc_channel_credentials(
65  zend_class_entry *class_type TSRMLS_DC) {
66  PHP_GRPC_ALLOC_CLASS_OBJECT(wrapped_grpc_channel_credentials);
67  zend_object_std_init(&intern->std, class_type TSRMLS_CC);
68  object_properties_init(&intern->std, class_type);
69  PHP_GRPC_FREE_CLASS_OBJECT(wrapped_grpc_channel_credentials,
70  channel_credentials_ce_handlers);
71 }
72 
73 zval *grpc_php_wrap_channel_credentials(grpc_channel_credentials *wrapped,
74  char *hashstr,
75  zend_bool has_call_creds TSRMLS_DC) {
76  zval *credentials_object;
77  PHP_GRPC_MAKE_STD_ZVAL(credentials_object);
78  object_init_ex(credentials_object, grpc_ce_channel_credentials);
79  wrapped_grpc_channel_credentials *credentials =
80  PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_channel_credentials,
81  credentials_object);
82  credentials->wrapped = wrapped;
83  credentials->hashstr = hashstr;
84  credentials->has_call_creds = has_call_creds;
85  return credentials_object;
86 }
87 
93 PHP_METHOD(ChannelCredentials, setDefaultRootsPem) {
94  char *pem_roots;
95  php_grpc_int pem_roots_length;
96 
97  /* "s" == 1 string */
98  if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &pem_roots,
99  &pem_roots_length) == FAILURE) {
100  zend_throw_exception(spl_ce_InvalidArgumentException,
101  "setDefaultRootsPem expects 1 string", 1 TSRMLS_CC);
102  return;
103  }
104  default_pem_root_certs = gpr_realloc(default_pem_root_certs, (pem_roots_length + 1) * sizeof(char));
105  memcpy(default_pem_root_certs, pem_roots, pem_roots_length + 1);
106 }
107 
112 PHP_METHOD(ChannelCredentials, isDefaultRootsPemSet) {
113  if (default_pem_root_certs) {
114  RETURN_TRUE;
115  }
116  RETURN_FALSE;
117 }
118 
122 PHP_METHOD(ChannelCredentials, invalidateDefaultRootsPem) {
123  if (default_pem_root_certs) {
124  gpr_free(default_pem_root_certs);
125  default_pem_root_certs = NULL;
126  }
127 }
128 
133 PHP_METHOD(ChannelCredentials, createDefault) {
134  grpc_channel_credentials *creds = grpc_google_default_credentials_create(NULL);
135  zval *creds_object = grpc_php_wrap_channel_credentials(creds, NULL, false
136  TSRMLS_CC);
137  RETURN_DESTROY_ZVAL(creds_object);
138 }
139 
149 PHP_METHOD(ChannelCredentials, createSsl) {
150  char *pem_root_certs = NULL;
151  grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
152 
153  php_grpc_int root_certs_length = 0;
154  php_grpc_int private_key_length = 0;
155  php_grpc_int cert_chain_length = 0;
156 
157  pem_key_cert_pair.private_key = pem_key_cert_pair.cert_chain = NULL;
158 
159  grpc_set_ssl_roots_override_callback(get_ssl_roots_override);
160 
161  /* "|s!s!s!" == 3 optional nullable strings */
162  if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s!s!s!",
163  &pem_root_certs, &root_certs_length,
164  &pem_key_cert_pair.private_key,
165  &private_key_length,
166  &pem_key_cert_pair.cert_chain,
167  &cert_chain_length) == FAILURE) {
168  zend_throw_exception(spl_ce_InvalidArgumentException,
169  "createSsl expects 3 optional strings", 1 TSRMLS_CC);
170  return;
171  }
172 
173  php_grpc_int hashkey_len = root_certs_length + cert_chain_length;
174  char *hashkey = emalloc(hashkey_len + 1);
175  if (root_certs_length > 0) {
176  strcpy(hashkey, pem_root_certs);
177  }
178  if (cert_chain_length > 0) {
179  strcpy(hashkey, pem_key_cert_pair.cert_chain);
180  }
181 
182  char *hashstr = malloc(41);
183  generate_sha1_str(hashstr, hashkey, hashkey_len);
184 
185  grpc_channel_credentials *creds = grpc_ssl_credentials_create(
186  pem_root_certs,
187  pem_key_cert_pair.private_key == NULL ? NULL : &pem_key_cert_pair, NULL, NULL);
188  zval *creds_object = grpc_php_wrap_channel_credentials(creds, hashstr, false
189  TSRMLS_CC);
190  efree(hashkey);
191  RETURN_DESTROY_ZVAL(creds_object);
192 }
193 
200 PHP_METHOD(ChannelCredentials, createComposite) {
201  zval *cred1_obj;
202  zval *cred2_obj;
203 
204  grpc_set_ssl_roots_override_callback(get_ssl_roots_override);
205 
206  /* "OO" == 2 Objects */
207  if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "OO", &cred1_obj,
208  grpc_ce_channel_credentials, &cred2_obj,
209  grpc_ce_call_credentials) == FAILURE) {
210  zend_throw_exception(spl_ce_InvalidArgumentException,
211  "createComposite expects 2 Credentials", 1 TSRMLS_CC);
212  return;
213  }
214  wrapped_grpc_channel_credentials *cred1 =
215  PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_channel_credentials, cred1_obj);
216  wrapped_grpc_call_credentials *cred2 =
217  PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_call_credentials, cred2_obj);
218  grpc_channel_credentials *creds =
219  grpc_composite_channel_credentials_create(cred1->wrapped, cred2->wrapped,
220  NULL);
221  // wrapped_grpc_channel_credentials object should keeps it's own
222  // allocation. Otherwise it conflicts free hashstr with call.c.
223  php_grpc_int cred1_len = strlen(cred1->hashstr);
224  char *cred1_hashstr = malloc(cred1_len+1);
225  strcpy(cred1_hashstr, cred1->hashstr);
226  zval *creds_object =
227  grpc_php_wrap_channel_credentials(creds, cred1_hashstr, true TSRMLS_CC);
228  RETURN_DESTROY_ZVAL(creds_object);
229 }
230 
235 PHP_METHOD(ChannelCredentials, createInsecure) {
236  RETURN_NULL();
237 }
238 
247 PHP_METHOD(ChannelCredentials, createXds) {
248  grpc_channel_credentials* xds_creds = NULL;
249  zval* fallback_creds = NULL;
250  if (zend_parse_parameters_ex(0, // ZEND_PARSE_PARAMS_QUIET,
251  ZEND_NUM_ARGS() TSRMLS_CC, "O", &fallback_creds,
252  grpc_ce_channel_credentials) != SUCCESS) {
253  zend_throw_exception(spl_ce_InvalidArgumentException,
254  "createXds expects a fallback credentials",
255  1 TSRMLS_CC);
256  return;
257  }
258 
259  wrapped_grpc_channel_credentials* wrapped_fallback_creds =
260  PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_channel_credentials,
261  fallback_creds);
262  xds_creds = grpc_xds_credentials_create(wrapped_fallback_creds->wrapped);
263  const char* fallback_creds_hash_str =
264  wrapped_fallback_creds->hashstr ? wrapped_fallback_creds->hashstr : "";
265 
266  // prefix "XDS:" as the hash of the xDS channel
267  char* hash_str = malloc(strlen(fallback_creds_hash_str) + strlen("XDS:") + 1);
268  strcpy(hash_str, "XDS:");
269  strcat(hash_str, fallback_creds_hash_str);
270  zval* xds_creds_obj = grpc_php_wrap_channel_credentials(
271  xds_creds, hash_str, false /* has_call_creds */ TSRMLS_CC);
272  RETURN_DESTROY_ZVAL(xds_creds_obj);
273 }
274 
275 ZEND_BEGIN_ARG_INFO_EX(arginfo_setDefaultRootsPem, 0, 0, 1)
276  ZEND_ARG_INFO(0, pem_roots)
277 ZEND_END_ARG_INFO()
278 
279 ZEND_BEGIN_ARG_INFO_EX(arginfo_isDefaultRootsPemSet, 0, 0, 0)
280 ZEND_END_ARG_INFO()
281 
282 ZEND_BEGIN_ARG_INFO_EX(arginfo_invalidateDefaultRootsPem, 0, 0, 0)
283 ZEND_END_ARG_INFO()
284 
285 ZEND_BEGIN_ARG_INFO_EX(arginfo_createDefault, 0, 0, 0)
286 ZEND_END_ARG_INFO()
287 
288 ZEND_BEGIN_ARG_INFO_EX(arginfo_createSsl, 0, 0, 0)
289  ZEND_ARG_INFO(0, pem_root_certs)
290  ZEND_ARG_INFO(0, pem_private_key)
291  ZEND_ARG_INFO(0, pem_cert_chain)
292 ZEND_END_ARG_INFO()
293 
294 ZEND_BEGIN_ARG_INFO_EX(arginfo_createComposite, 0, 0, 2)
295  ZEND_ARG_INFO(0, channel_creds)
296  ZEND_ARG_INFO(0, call_creds)
297 ZEND_END_ARG_INFO()
298 
299 ZEND_BEGIN_ARG_INFO_EX(arginfo_createInsecure, 0, 0, 0)
300 ZEND_END_ARG_INFO()
301 
302 ZEND_BEGIN_ARG_INFO_EX(arginfo_createXds, 0, 0, 1)
303  ZEND_ARG_OBJ_INFO(0, fallback_creds, Grpc\\ChannelCredentials, 1)
304 ZEND_END_ARG_INFO()
305 
306 static zend_function_entry channel_credentials_methods[] = {
307  PHP_ME(ChannelCredentials, setDefaultRootsPem, arginfo_setDefaultRootsPem,
308  ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
309  PHP_ME(ChannelCredentials, isDefaultRootsPemSet, arginfo_isDefaultRootsPemSet,
310  ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
311  PHP_ME(ChannelCredentials, invalidateDefaultRootsPem, arginfo_invalidateDefaultRootsPem,
312  ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
313  PHP_ME(ChannelCredentials, createDefault, arginfo_createDefault,
314  ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
315  PHP_ME(ChannelCredentials, createSsl, arginfo_createSsl,
316  ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
317  PHP_ME(ChannelCredentials, createComposite, arginfo_createComposite,
318  ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
319  PHP_ME(ChannelCredentials, createInsecure, arginfo_createInsecure,
320  ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
321  PHP_ME(ChannelCredentials, createXds, arginfo_createXds,
322  ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
323  PHP_FE_END
324 };
325 
326 void grpc_init_channel_credentials(TSRMLS_D) {
327  zend_class_entry ce;
328  INIT_CLASS_ENTRY(ce, "Grpc\\ChannelCredentials",
329  channel_credentials_methods);
330  ce.create_object = create_wrapped_grpc_channel_credentials;
331  grpc_ce_channel_credentials = zend_register_internal_class(&ce TSRMLS_CC);
332  PHP_GRPC_INIT_HANDLER(wrapped_grpc_channel_credentials,
333  channel_credentials_ce_handlers);
334 }
grpc_ce_channel_credentials
zend_class_entry * grpc_ce_channel_credentials
Definition: channel_credentials.c:36
php_grpc_zend_object
#define php_grpc_zend_object
Definition: php7_wrapper.h:27
grpc_ssl_pem_key_cert_pair::private_key
const char * private_key
Definition: grpc_security.h:176
pem_root_certs
static char * pem_root_certs
Definition: rb_channel_credentials.c:38
channel_credentials.h
channel_credentials_methods
static zend_function_entry channel_credentials_methods[]
Definition: channel_credentials.c:306
channel.h
gpr_free
GPRAPI void gpr_free(void *ptr)
Definition: alloc.cc:51
xds_manager.p
p
Definition: xds_manager.py:60
create_wrapped_grpc_channel_credentials
php_grpc_zend_object create_wrapped_grpc_channel_credentials(zend_class_entry *class_type TSRMLS_DC)
Definition: channel_credentials.c:64
get_ssl_roots_override
static grpc_ssl_roots_override_result get_ssl_roots_override(char **pem_root_certs)
Definition: channel_credentials.c:40
grpc_ssl_pem_key_cert_pair::cert_chain
const char * cert_chain
Definition: grpc_security.h:180
PHP_GRPC_INIT_HANDLER
#define PHP_GRPC_INIT_HANDLER(class_object, handler_name)
Definition: php7_wrapper.h:140
grpc_ssl_credentials_create
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Definition: ssl_credentials.cc:132
PHP_GRPC_FREE_WRAPPED_FUNC_END
#define PHP_GRPC_FREE_WRAPPED_FUNC_END()
Definition: php7_wrapper.h:73
string_util.h
memcpy
memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data) ->size, size))
generate_sha1_str
void generate_sha1_str(char *sha1str, char *str, php_grpc_int len)
Definition: channel.c:167
gpr_realloc
GPRAPI void * gpr_realloc(void *p, size_t size)
Definition: alloc.cc:56
PHP_GRPC_DECLARE_OBJECT_HANDLER
#define PHP_GRPC_DECLARE_OBJECT_HANDLER(handler_name)
Definition: php7_wrapper.h:146
PHP_GRPC_GET_WRAPPED_OBJECT
#define PHP_GRPC_GET_WRAPPED_OBJECT(class_object, zv)
Definition: php7_wrapper.h:149
GRPC_SSL_ROOTS_OVERRIDE_FAIL
@ GRPC_SSL_ROOTS_OVERRIDE_FAIL
Definition: grpc_security_constants.h:69
php_grpc_int
#define php_grpc_int
Definition: php7_wrapper.h:24
grpc_init_channel_credentials
void grpc_init_channel_credentials(TSRMLS_D)
Definition: channel_credentials.c:326
grpc_ssl_roots_override_result
grpc_ssl_roots_override_result
Definition: grpc_security_constants.h:66
has_call_creds
zend_bool has_call_creds
Definition: channel_credentials.h:34
GRPC_SSL_ROOTS_OVERRIDE_OK
@ GRPC_SSL_ROOTS_OVERRIDE_OK
Definition: grpc_security_constants.h:67
call_creds
void call_creds(grpc_end2end_test_config config)
Definition: call_creds.cc:523
grpc_ce_call_credentials
zend_class_entry * grpc_ce_call_credentials
Definition: call_credentials.c:34
hashstr
char * hashstr
Definition: channel_credentials.h:33
grpc_composite_channel_credentials_create
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Definition: composite_credentials.cc:164
grpc::testing::SUCCESS
@ SUCCESS
Definition: h2_ssl_cert_test.cc:201
grpc_channel_credentials_release
GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds)
Definition: credentials.cc:36
PHP_METHOD
PHP_METHOD(ChannelCredentials, setDefaultRootsPem)
Definition: channel_credentials.c:93
grpc.beta.implementations.ChannelCredentials
ChannelCredentials
Definition: implementations.py:33
wrapped
grpc_call * wrapped
Definition: src/php/ext/grpc/call.h:32
intern
upb_strtable_uninit & intern
Definition: bloaty/third_party/protobuf/php/ext/google/protobuf/map.c:222
PHP_GRPC_MAKE_STD_ZVAL
#define PHP_GRPC_MAKE_STD_ZVAL(pzv)
Definition: php7_wrapper.h:42
PHP_GRPC_ALLOC_CLASS_OBJECT
#define PHP_GRPC_ALLOC_CLASS_OBJECT(class_object)
Definition: php7_wrapper.h:77
alloc.h
default_pem_root_certs
static char * default_pem_root_certs
Definition: channel_credentials.c:38
grpc_set_ssl_roots_override_callback
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Definition: ssl_utils.cc:71
call_credentials.h
PHP_GRPC_FREE_CLASS_OBJECT
#define PHP_GRPC_FREE_CLASS_OBJECT(class_object, handler)
Definition: php7_wrapper.h:82
gpr_strdup
GPRAPI char * gpr_strdup(const char *src)
Definition: string.cc:39
if
if(p->hashstr !=NULL)
Definition: channel_credentials.c:52
grpc_google_default_credentials_create
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(grpc_call_credentials *call_credentials)
Definition: google_default_credentials.cc:429
grpc_xds_credentials_create
GRPCAPI grpc_channel_credentials * grpc_xds_credentials_create(grpc_channel_credentials *fallback_credentials)
Definition: core/lib/security/credentials/xds/xds_credentials.cc:243
PHP_GRPC_FREE_WRAPPED_FUNC_START
#define PHP_GRPC_FREE_WRAPPED_FUNC_START(class_object)
Definition: php7_wrapper.h:70
RETURN_DESTROY_ZVAL
#define RETURN_DESTROY_ZVAL(val)
Definition: php7_wrapper.h:55
grpc_ssl_pem_key_cert_pair
Definition: grpc_security.h:173
grpc_channel_credentials
Definition: src/core/lib/security/credentials/credentials.h:96
grpc_php_wrap_channel_credentials
zval * grpc_php_wrap_channel_credentials(grpc_channel_credentials *wrapped, char *hashstr, zend_bool has_call_creds TSRMLS_DC)
Definition: channel_credentials.c:73

grpc
Author(s):
autogenerated on Fri May 16 2025 02:57:52