gen_grpc_tls_credentials_options.py
Go to the documentation of this file.
1 #!/usr/bin/env python3
2 
3 # Copyright 2022 gRPC authors.
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16 
17 # Generator script for src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h and test/core/security/grpc_tls_credentials_options_comparator_test.cc
18 # Should be executed from grpc's root directory.
19 
20 from __future__ import print_function
21 
22 import collections
23 from dataclasses import dataclass
24 import difflib
25 import filecmp
26 import os
27 import sys
28 import tempfile
29 
30 
31 @dataclass
32 class DataMember:
33  name: str # name of the data member without the trailing '_'
34  type: str # Type (eg. std::string, bool)
35  test_name: str # The name to use for the associated test
36  test_value_1: str # Test-specific value to use for comparison
37  test_value_2: str # Test-specific value (different from test_value_1)
38  default_initializer: str = '' # If non-empty, this will be used as the default initialization of this field
39  getter_comment: str = '' # Comment to add before the getter for this field
40  special_getter_return_type: str = '' # Override for the return type of getter (eg. const std::string&)
41  override_getter: str = '' # Override for the entire getter method. Relevant for certificate_verifier and certificate_provider
42  setter_comment: str = '' # Commend to add before the setter for this field
43  setter_move_semantics: bool = False # Should the setter use move-semantics
44  special_comparator: str = '' # If non-empty, this will be used in `operator==`
45 
46 
47 _DATA_MEMBERS = [
48  DataMember(name='cert_request_type',
49  type='grpc_ssl_client_certificate_request_type',
50  default_initializer='GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE',
51  test_name="DifferentCertRequestType",
52  test_value_1="GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE",
53  test_value_2="GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY"),
54  DataMember(name='verify_server_cert',
55  type='bool',
56  default_initializer='true',
57  test_name="DifferentVerifyServerCert",
58  test_value_1="false",
59  test_value_2="true"),
60  DataMember(name='min_tls_version',
61  type='grpc_tls_version',
62  default_initializer='grpc_tls_version::TLS1_2',
63  test_name="DifferentMinTlsVersion",
64  test_value_1="grpc_tls_version::TLS1_2",
65  test_value_2="grpc_tls_version::TLS1_3"),
66  DataMember(name='max_tls_version',
67  type='grpc_tls_version',
68  default_initializer='grpc_tls_version::TLS1_3',
69  test_name="DifferentMaxTlsVersion",
70  test_value_1="grpc_tls_version::TLS1_2",
71  test_value_2="grpc_tls_version::TLS1_3"),
72  DataMember(
73  name='certificate_verifier',
74  type='grpc_core::RefCountedPtr<grpc_tls_certificate_verifier>',
75  override_getter="""grpc_tls_certificate_verifier* certificate_verifier() {
76  return certificate_verifier_.get();
77  }""",
78  setter_move_semantics=True,
79  special_comparator=
80  '(certificate_verifier_ == other.certificate_verifier_ || (certificate_verifier_ != nullptr && other.certificate_verifier_ != nullptr && certificate_verifier_->Compare(other.certificate_verifier_.get()) == 0))',
81  test_name="DifferentCertificateVerifier",
82  test_value_1="MakeRefCounted<HostNameCertificateVerifier>()",
83  test_value_2="MakeRefCounted<XdsCertificateVerifier>(nullptr, \"\")"),
84  DataMember(name='check_call_host',
85  type='bool',
86  default_initializer='true',
87  test_name="DifferentCheckCallHost",
88  test_value_1="false",
89  test_value_2="true"),
90  DataMember(
91  name='certificate_provider',
92  type='grpc_core::RefCountedPtr<grpc_tls_certificate_provider>',
93  getter_comment=
94  'Returns the distributor from certificate_provider_ if it is set, nullptr otherwise.',
95  override_getter=
96  """grpc_tls_certificate_distributor* certificate_distributor() {
97  if (certificate_provider_ != nullptr) { return certificate_provider_->distributor().get(); }
98  return nullptr;
99  }""",
100  setter_move_semantics=True,
101  special_comparator=
102  '(certificate_provider_ == other.certificate_provider_ || (certificate_provider_ != nullptr && other.certificate_provider_ != nullptr && certificate_provider_->Compare(other.certificate_provider_.get()) == 0))',
103  test_name="DifferentCertificateProvider",
104  test_value_1=
105  "MakeRefCounted<StaticDataCertificateProvider>(\"root_cert_1\", PemKeyCertPairList())",
106  test_value_2=
107  "MakeRefCounted<StaticDataCertificateProvider>(\"root_cert_2\", PemKeyCertPairList())"
108  ),
109  DataMember(
110  name='watch_root_cert',
111  type='bool',
112  default_initializer='false',
113  setter_comment=
114  'If need to watch the updates of root certificates with name |root_cert_name|. The default value is false. If used in tls_credentials, it should always be set to true unless the root certificates are not needed.',
115  test_name="DifferentWatchRootCert",
116  test_value_1="false",
117  test_value_2="true"),
118  DataMember(
119  name='root_cert_name',
120  type='std::string',
121  special_getter_return_type='const std::string&',
122  setter_comment=
123  'Sets the name of root certificates being watched, if |set_watch_root_cert| is called. If not set, an empty string will be used as the name.',
124  setter_move_semantics=True,
125  test_name="DifferentRootCertName",
126  test_value_1="\"root_cert_name_1\"",
127  test_value_2="\"root_cert_name_2\""),
128  DataMember(
129  name='watch_identity_pair',
130  type='bool',
131  default_initializer='false',
132  setter_comment=
133  'If need to watch the updates of identity certificates with name |identity_cert_name|. The default value is false. If used in tls_credentials, it should always be set to true unless the identity key-cert pairs are not needed.',
134  test_name="DifferentWatchIdentityPair",
135  test_value_1="false",
136  test_value_2="true"),
137  DataMember(
138  name='identity_cert_name',
139  type='std::string',
140  special_getter_return_type='const std::string&',
141  setter_comment=
142  'Sets the name of identity key-cert pairs being watched, if |set_watch_identity_pair| is called. If not set, an empty string will be used as the name.',
143  setter_move_semantics=True,
144  test_name="DifferentIdentityCertName",
145  test_value_1="\"identity_cert_name_1\"",
146  test_value_2="\"identity_cert_name_2\""),
147  DataMember(name='tls_session_key_log_file_path',
148  type='std::string',
149  special_getter_return_type='const std::string&',
150  setter_move_semantics=True,
151  test_name="DifferentTlsSessionKeyLogFilePath",
152  test_value_1="\"file_path_1\"",
153  test_value_2="\"file_path_2\""),
154  DataMember(
155  name='crl_directory',
156  type='std::string',
157  special_getter_return_type='const std::string&',
158  setter_comment=
159  ' gRPC will enforce CRLs on all handshakes from all hashed CRL files inside of the crl_directory. If not set, an empty string will be used, which will not enable CRL checking. Only supported for OpenSSL version > 1.1.',
160  setter_move_semantics=True,
161  test_name="DifferentCrlDirectory",
162  test_value_1="\"crl_directory_1\"",
163  test_value_2="\"crl_directory_2\"")
164 ]
165 
166 
167 # print copyright notice from this file
168 def put_copyright(f, year):
169  print("""//
170 //
171 // Copyright %s gRPC authors.
172 //
173 // Licensed under the Apache License, Version 2.0 (the "License");
174 // you may not use this file except in compliance with the License.
175 // You may obtain a copy of the License at
176 //
177 // http://www.apache.org/licenses/LICENSE-2.0
178 //
179 // Unless required by applicable law or agreed to in writing, software
180 // distributed under the License is distributed on an "AS IS" BASIS,
181 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
182 // See the License for the specific language governing permissions and
183 // limitations under the License.
184 //
185 //
186 """ % (year),
187  file=f)
188 
189 
190 # Prints differences between two files
191 def get_file_differences(file1, file2):
192  with open(file1) as f1:
193  file1_text = f1.readlines()
194  with open(file2) as f2:
195  file2_text = f2.readlines()
196  return difflib.unified_diff(file1_text,
197  file2_text,
198  fromfile=file1,
199  tofile=file2)
200 
201 
202 # Is this script executed in test mode?
203 test_mode = False
204 if len(sys.argv) > 1 and sys.argv[1] == "--test":
205  test_mode = True
206 
207 HEADER_FILE_NAME = 'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h'
208 # Generate src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h
209 header_file_name = HEADER_FILE_NAME
210 if (test_mode):
211  header_file_name = tempfile.NamedTemporaryFile(delete=False).name
212 H = open(header_file_name, 'w')
213 
214 put_copyright(H, '2018')
215 print(
216  '// Generated by tools/codegen/core/gen_grpc_tls_credentials_options.py\n',
217  file=H)
218 print(
219  """#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
220 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
221 
222 #include <grpc/support/port_platform.h>
223 
224 #include "absl/container/inlined_vector.h"
225 
226 #include <grpc/grpc_security.h>
227 
228 #include "src/core/lib/gprpp/ref_counted.h"
229 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
230 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
231 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h"
232 #include "src/core/lib/security/security_connector/ssl_utils.h"
233 
234 // Contains configurable options specified by callers to configure their certain
235 // security features supported in TLS.
236 // TODO(ZhenLian): consider making this not ref-counted.
237 struct grpc_tls_credentials_options
238  : public grpc_core::RefCounted<grpc_tls_credentials_options> {
239  public:
240  ~grpc_tls_credentials_options() override = default;
241 """,
242  file=H)
243 
244 # Print out getters for all data members
245 print(" // Getters for member fields.", file=H)
246 for data_member in _DATA_MEMBERS:
247  if data_member.getter_comment != '':
248  print(" // " + data_member.getter_comment, file=H)
249  if data_member.override_getter:
250  print(" " + data_member.override_getter, file=H)
251  else:
252  print(
253  " %s %s() const { return %s; }" %
254  (data_member.special_getter_return_type if
255  data_member.special_getter_return_type != '' else data_member.type,
256  data_member.name, data_member.name + '_'),
257  file=H)
258 
259 # Print out setters for all data members
260 print("", file=H)
261 print(" // Setters for member fields.", file=H)
262 for data_member in _DATA_MEMBERS:
263  if data_member.setter_comment != '':
264  print(" // " + data_member.setter_comment, file=H)
265  if (data_member.setter_move_semantics):
266  print(" void set_%s(%s %s) { %s_ = std::move(%s); }" %
267  (data_member.name, data_member.type, data_member.name,
268  data_member.name, data_member.name),
269  file=H)
270  else:
271  print(" void set_%s(%s %s) { %s_ = %s; }" %
272  (data_member.name, data_member.type, data_member.name,
273  data_member.name, data_member.name),
274  file=H)
275 
276 # Write out operator==
277 print("\n bool operator==(const grpc_tls_credentials_options& other) const {",
278  file=H)
279 operator_equal_content = " return "
280 for i in range(len(_DATA_MEMBERS)):
281  if (i != 0):
282  operator_equal_content += " "
283  if (_DATA_MEMBERS[i].special_comparator != ''):
284  operator_equal_content += _DATA_MEMBERS[i].special_comparator
285  else:
286  operator_equal_content += _DATA_MEMBERS[
287  i].name + "_ == other." + _DATA_MEMBERS[i].name + "_"
288  if (i != len(_DATA_MEMBERS) - 1):
289  operator_equal_content += ' &&\n'
290 print(operator_equal_content + ";\n }", file=H)
291 
292 #Print out data member declarations
293 print("\n private:", file=H)
294 for data_member in _DATA_MEMBERS:
295  if data_member.default_initializer == '':
296  print(" %s %s_;" % (
297  data_member.type,
298  data_member.name,
299  ), file=H)
300  else:
301  print(" %s %s_ = %s;" % (data_member.type, data_member.name,
302  data_member.default_initializer),
303  file=H)
304 
305 # Print out file ending
306 print("""};
307 
308 #endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H""",
309  file=H)
310 
311 H.close()
312 
313 # Generate test/core/security/grpc_tls_credentials_options_comparator_test.cc
314 TEST_FILE_NAME = 'test/core/security/grpc_tls_credentials_options_comparator_test.cc'
315 test_file_name = TEST_FILE_NAME
316 if (test_mode):
317  test_file_name = tempfile.NamedTemporaryFile(delete=False).name
318 T = open(test_file_name, 'w')
319 
320 put_copyright(T, '2022')
321 print('// Generated by tools/codegen/core/gen_grpc_tls_credentials_options.py',
322  file=T)
323 print("""
324 #include <grpc/support/port_platform.h>
325 
326 #include <string>
327 
328 #include <gmock/gmock.h>
329 
330 #include "src/core/lib/security/credentials/xds/xds_credentials.h"
331 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
332 #include "test/core/util/test_config.h"
333 
334 namespace grpc_core {
335 namespace {
336 """,
337  file=T)
338 
339 # Generate negative test for each negative member
340 for data_member in _DATA_MEMBERS:
341  print("""TEST(TlsCredentialsOptionsComparatorTest, %s) {
342  auto* options_1 = grpc_tls_credentials_options_create();
343  auto* options_2 = grpc_tls_credentials_options_create();
344  options_1->set_%s(%s);
345  options_2->set_%s(%s);
346  EXPECT_FALSE(*options_1 == *options_2);
347  EXPECT_FALSE(*options_2 == *options_1);
348  delete options_1;
349  delete options_2;
350 }""" % (data_member.test_name, data_member.name, data_member.test_value_1,
351  data_member.name, data_member.test_value_2),
352  file=T)
353 
354 # Print out file ending
355 print("""
356 } // namespace
357 } // namespace grpc_core
358 
359 int main(int argc, char** argv) {
360  testing::InitGoogleTest(&argc, argv);
361  grpc::testing::TestEnvironment env(&argc, argv);
362  grpc_init();
363  auto result = RUN_ALL_TESTS();
364  grpc_shutdown();
365  return result;
366 }""",
367  file=T)
368 T.close()
369 
370 if (test_mode):
371  header_diff = get_file_differences(header_file_name, HEADER_FILE_NAME)
372  test_diff = get_file_differences(test_file_name, TEST_FILE_NAME)
373  os.unlink(header_file_name)
374  os.unlink(test_file_name)
375  header_error = False
376  for line in header_diff:
377  print(line)
378  header_error = True
379  if header_error:
380  print(
381  HEADER_FILE_NAME +
382  ' should not be manually modified. Please make changes to tools/distrib/gen_grpc_tls_credentials_options.py instead.'
383  )
384  test_error = False
385  for line in test_diff:
386  print(line)
387  test_error = True
388  if test_error:
389  print(
390  TEST_FILE_NAME +
391  ' should not be manually modified. Please make changes to tools/distrib/gen_grpc_tls_credentials_options.py instead.'
392  )
393  if (header_error or test_error):
394  sys.exit(1)
capstone.range
range
Definition: third_party/bloaty/third_party/capstone/bindings/python/capstone/__init__.py:6
gen_grpc_tls_credentials_options.get_file_differences
def get_file_differences(file1, file2)
Definition: gen_grpc_tls_credentials_options.py:191
gen_grpc_tls_credentials_options.put_copyright
def put_copyright(f, year)
Definition: gen_grpc_tls_credentials_options.py:168
open
#define open
Definition: test-fs.c:46
len
int len
Definition: abseil-cpp/absl/base/internal/low_level_alloc_test.cc:46
gen_grpc_tls_credentials_options.DataMember
Definition: gen_grpc_tls_credentials_options.py:32

grpc
Author(s):
autogenerated on Fri May 16 2025 02:58:25