secure_server_credentials.cc
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #include "src/cpp/server/secure_server_credentials.h"
20 
21 #include <algorithm>
22 #include <map>
23 #include <memory>
24 #include <utility>
25 #include <vector>
26 
27 #include <grpc/grpc_security_constants.h>
28 #include <grpc/slice.h>
29 #include <grpc/status.h>
30 #include <grpcpp/security/auth_metadata_processor.h>
31 #include <grpcpp/security/tls_credentials_options.h>
32 #include <grpcpp/support/slice.h>
33 #include <grpcpp/support/status.h>
34 #include <grpcpp/support/string_ref.h>
35 
36 #include "src/cpp/common/secure_auth_context.h"
37 
38 namespace grpc {
39 
40 void AuthMetadataProcessorAyncWrapper::Destroy(void* wrapper) {
41  auto* w = static_cast<AuthMetadataProcessorAyncWrapper*>(wrapper);
42  delete w;
43 }
44 
45 void AuthMetadataProcessorAyncWrapper::Process(
46  void* wrapper, grpc_auth_context* context, const grpc_metadata* md,
47  size_t num_md, grpc_process_auth_metadata_done_cb cb, void* user_data) {
48  auto* w = static_cast<AuthMetadataProcessorAyncWrapper*>(wrapper);
49  if (!w->processor_) {
50  // Early exit.
51  cb(user_data, nullptr, 0, nullptr, 0, GRPC_STATUS_OK, nullptr);
52  return;
53  }
54  if (w->processor_->IsBlocking()) {
55  w->thread_pool_->Add([w, context, md, num_md, cb, user_data] {
56  w->AuthMetadataProcessorAyncWrapper::InvokeProcessor(context, md, num_md,
57  cb, user_data);
58  });
59  } else {
60  // invoke directly.
61  w->InvokeProcessor(context, md, num_md, cb, user_data);
62  }
63 }
64 
65 void AuthMetadataProcessorAyncWrapper::InvokeProcessor(
66  grpc_auth_context* context, const grpc_metadata* md, size_t num_md,
67  grpc_process_auth_metadata_done_cb cb, void* user_data) {
68  AuthMetadataProcessor::InputMetadata metadata;
69  for (size_t i = 0; i < num_md; i++) {
70  metadata.insert(std::make_pair(StringRefFromSlice(&md[i].key),
71  StringRefFromSlice(&md[i].value)));
72  }
73  SecureAuthContext ctx(context);
74  AuthMetadataProcessor::OutputMetadata consumed_metadata;
75  AuthMetadataProcessor::OutputMetadata response_metadata;
76 
77  Status status = processor_->Process(metadata, &ctx, &consumed_metadata,
78  &response_metadata);
79 
80  std::vector<grpc_metadata> consumed_md;
81  for (const auto& consumed : consumed_metadata) {
82  grpc_metadata md_entry;
83  md_entry.key = SliceReferencingString(consumed.first);
84  md_entry.value = SliceReferencingString(consumed.second);
85  consumed_md.push_back(md_entry);
86  }
87  std::vector<grpc_metadata> response_md;
88  for (const auto& response : response_metadata) {
89  grpc_metadata md_entry;
90  md_entry.key = SliceReferencingString(response.first);
91  md_entry.value = SliceReferencingString(response.second);
92  response_md.push_back(md_entry);
93  }
94  auto consumed_md_data = consumed_md.empty() ? nullptr : &consumed_md[0];
95  auto response_md_data = response_md.empty() ? nullptr : &response_md[0];
96  cb(user_data, consumed_md_data, consumed_md.size(), response_md_data,
97  response_md.size(), static_cast<grpc_status_code>(status.error_code()),
98  status.error_message().c_str());
99 }
100 
101 int SecureServerCredentials::AddPortToServer(const std::string& addr,
102  grpc_server* server) {
103  return grpc_server_add_http2_port(server, addr.c_str(), creds_);
104 }
105 
106 void SecureServerCredentials::SetAuthMetadataProcessor(
107  const std::shared_ptr<grpc::AuthMetadataProcessor>& processor) {
108  auto* wrapper = new grpc::AuthMetadataProcessorAyncWrapper(processor);
109  grpc_server_credentials_set_auth_metadata_processor(
110  creds_, {grpc::AuthMetadataProcessorAyncWrapper::Process,
111  grpc::AuthMetadataProcessorAyncWrapper::Destroy, wrapper});
112 }
113 
114 std::shared_ptr<ServerCredentials> SslServerCredentials(
115  const grpc::SslServerCredentialsOptions& options) {
116  std::vector<grpc_ssl_pem_key_cert_pair> pem_key_cert_pairs;
117  for (const auto& key_cert_pair : options.pem_key_cert_pairs) {
118  grpc_ssl_pem_key_cert_pair p = {key_cert_pair.private_key.c_str(),
119  key_cert_pair.cert_chain.c_str()};
120  pem_key_cert_pairs.push_back(p);
121  }
122  grpc_server_credentials* c_creds = grpc_ssl_server_credentials_create_ex(
123  options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(),
124  pem_key_cert_pairs.empty() ? nullptr : &pem_key_cert_pairs[0],
125  pem_key_cert_pairs.size(),
126  options.force_client_auth
127  ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
128  : options.client_certificate_request,
129  nullptr);
130  return std::shared_ptr<ServerCredentials>(
131  new SecureServerCredentials(c_creds));
132 }
133 
134 namespace experimental {
135 
136 std::shared_ptr<ServerCredentials> AltsServerCredentials(
137  const AltsServerCredentialsOptions& /* options */) {
138  grpc_alts_credentials_options* c_options =
139  grpc_alts_credentials_server_options_create();
140  grpc_server_credentials* c_creds =
141  grpc_alts_server_credentials_create(c_options);
142  grpc_alts_credentials_options_destroy(c_options);
143  return std::shared_ptr<ServerCredentials>(
144  new SecureServerCredentials(c_creds));
145 }
146 
147 std::shared_ptr<ServerCredentials> LocalServerCredentials(
148  grpc_local_connect_type type) {
149  return std::shared_ptr<ServerCredentials>(
150  new SecureServerCredentials(grpc_local_server_credentials_create(type)));
151 }
152 
153 std::shared_ptr<ServerCredentials> TlsServerCredentials(
154  const grpc::experimental::TlsServerCredentialsOptions& options) {
155  return std::shared_ptr<ServerCredentials>(new SecureServerCredentials(
156  grpc_tls_server_credentials_create(options.c_credentials_options())));
157 }
158 
159 } // namespace experimental
160 } // namespace grpc
grpc::StringRefFromSlice
grpc::string_ref StringRefFromSlice(const grpc_slice *slice)
Definition: include/grpcpp/impl/codegen/slice.h:133
grpc_alts_credentials_options_destroy
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
Definition: grpc_alts_credentials_options.cc:38
tls_credentials_options.h
grpc::status
auto status
Definition: cpp/client/credentials_test.cc:200
grpc_auth_context
Definition: security_context.h:63
ctx
Definition: benchmark-async.c:30
metadata
Definition: cq_verifier.cc:48
grpc
Definition: grpcpp/alarm.h:33
grpc::AuthMetadataProcessorAyncWrapper::processor_
std::shared_ptr< AuthMetadataProcessor > processor_
Definition: secure_server_credentials.h:61
slice.h
grpc_local_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
Definition: local_credentials.cc:69
options
double_dict options[]
Definition: capstone_test.c:55
metadata
struct metadata metadata
testing::internal::string
::std::string string
Definition: bloaty/third_party/protobuf/third_party/googletest/googletest/include/gtest/internal/gtest-port.h:881
grpc_process_auth_metadata_done_cb
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
Definition: grpc_security.h:585
grpc_status_code
grpc_status_code
Definition: include/grpc/impl/codegen/status.h:28
slice.h
ctx
static struct test_ctx ctx
Definition: test-ipc-send-recv.c:65
secure_auth_context.h
grpc::AuthMetadataProcessorAyncWrapper::Process
static void Process(void *wrapper, grpc_auth_context *context, const grpc_metadata *md, size_t num_md, grpc_process_auth_metadata_done_cb cb, void *user_data)
Definition: secure_server_credentials.cc:45
grpc::AuthMetadataProcessor::OutputMetadata
std::multimap< std::string, std::string > OutputMetadata
Definition: grpcpp/security/auth_metadata_processor.h:38
grpc::experimental::TlsServerCredentialsOptions
Definition: tls_credentials_options.h:136
grpc_server_credentials_set_auth_metadata_processor
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
Definition: credentials.cc:112
grpc_tls_server_credentials_create
grpc_server_credentials * grpc_tls_server_credentials_create(grpc_tls_credentials_options *options)
Definition: tls_credentials.cc:155
status.h
grpc_metadata
Definition: grpc_types.h:537
grpc_ssl_server_credentials_create_ex
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Definition: ssl_credentials.cc:330
GRPC_STATUS_OK
@ GRPC_STATUS_OK
Definition: include/grpc/impl/codegen/status.h:30
grpc::SecureServerCredentials
Definition: secure_server_credentials.h:64
grpc::AuthMetadataProcessorAyncWrapper::Destroy
static void Destroy(void *wrapper)
Definition: secure_server_credentials.cc:40
grpc_server_add_http2_port
GRPCAPI int grpc_server_add_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds)
Definition: chttp2_server.cc:1029
grpc::experimental::AltsServerCredentialsOptions
Options to create ServerCredentials with ALTS.
Definition: include/grpcpp/security/server_credentials.h:123
grpc::SslServerCredentials
std::shared_ptr< ServerCredentials > SslServerCredentials(const grpc::SslServerCredentialsOptions &options)
Builds SSL ServerCredentials given SSL specific options.
Definition: secure_server_credentials.cc:114
grpc::experimental::TlsServerCredentials
std::shared_ptr< ServerCredentials > TlsServerCredentials(const experimental::TlsServerCredentialsOptions &options)
Builds TLS ServerCredentials given TLS options.
Definition: secure_server_credentials.cc:153
auth_metadata_processor.h
grpc_metadata::value
grpc_slice value
Definition: grpc_types.h:541
grpc::SecureServerCredentials::AddPortToServer
int AddPortToServer(const std::string &addr, grpc_server *server) override
Definition: secure_server_credentials.cc:101
grpc_alts_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
Definition: alts_credentials.cc:116
grpc::SslServerCredentialsOptions
Options to create ServerCredentials with SSL.
Definition: include/grpcpp/security/server_credentials.h:38
grpc::experimental::LocalServerCredentials
std::shared_ptr< ServerCredentials > LocalServerCredentials(grpc_local_connect_type type)
Definition: secure_server_credentials.cc:147
grpc_server
struct grpc_server grpc_server
Definition: grpc_types.h:65
wrapper
grpc_channel_wrapper * wrapper
Definition: src/php/ext/grpc/channel.h:48
grpc::AuthMetadataProcessor::InputMetadata
std::multimap< grpc::string_ref, grpc::string_ref > InputMetadata
Definition: grpcpp/security/auth_metadata_processor.h:37
value
const char * value
Definition: hpack_parser_table.cc:165
grpc_server_credentials
Definition: src/core/lib/security/credentials/credentials.h:259
grpc_alts_credentials_options
Definition: grpc_alts_credentials_options.h:35
secure_server_credentials.h
grpc::SecureAuthContext
Definition: secure_auth_context.h:35
benchmark.md
md
Definition: benchmark.py:86
grpc_alts_credentials_server_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
Definition: grpc_alts_credentials_server_options.cc:36
key
const char * key
Definition: hpack_parser_table.cc:164
server
Definition: examples/python/async_streaming/server.py:1
grpc::AuthMetadataProcessorAyncWrapper
Definition: secure_server_credentials.h:40
asyncio_get_stats.response
response
Definition: asyncio_get_stats.py:28
grpc::SecureServerCredentials::SetAuthMetadataProcessor
void SetAuthMetadataProcessor(const std::shared_ptr< grpc::AuthMetadataProcessor > &processor) override
Definition: secure_server_credentials.cc:106
grpc_security_constants.h
grpc::Status
Definition: include/grpcpp/impl/codegen/status.h:35
grpc::SecureServerCredentials::creds_
grpc_server_credentials * creds_
Definition: secure_server_credentials.h:82
grpc::AuthMetadataProcessorAyncWrapper::InvokeProcessor
void InvokeProcessor(grpc_auth_context *context, const grpc_metadata *md, size_t num_md, grpc_process_auth_metadata_done_cb cb, void *user_data)
Definition: secure_server_credentials.cc:65
grpc::experimental::AltsServerCredentials
std::shared_ptr< ServerCredentials > AltsServerCredentials(const AltsServerCredentialsOptions &options)
Builds ALTS ServerCredentials given ALTS specific options.
Definition: secure_server_credentials.cc:136
context
grpc::ClientContext context
Definition: istio_echo_server_lib.cc:61
GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
@ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
Definition: grpc_security_constants.h:125
asyncio_get_stats.type
type
Definition: asyncio_get_stats.py:37
grpc_local_connect_type
grpc_local_connect_type
Definition: grpc_security_constants.h:143
grpc_ssl_pem_key_cert_pair
Definition: grpc_security.h:173
addr
struct sockaddr_in addr
Definition: libuv/docs/code/tcp-echo-server/main.c:10
cb
OPENSSL_EXPORT pem_password_cb * cb
Definition: pem.h:351
grpc_metadata::key
grpc_slice key
Definition: grpc_types.h:540
string_ref.h
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
status.h
grpc::SliceReferencingString
grpc_slice SliceReferencingString(const std::string &str)
Definition: include/grpcpp/impl/codegen/slice.h:144

grpc
Author(s):
autogenerated on Thu Mar 13 2025 03:01:15