1 //
2 //
3 // Copyright 2018 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18
19 #include <grpc/support/port_platform.h>
20
21 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
22
23 #include <memory>
24
25 #include <grpc/grpc_crl_provider.h>
26 #include <grpc/support/log.h>
27
28 #include "src/core/lib/debug/trace.h"
29 #include "src/core/lib/gprpp/debug_location.h"
30 #include "src/core/lib/iomgr/exec_ctx.h"
31 #include "src/core/lib/surface/api_trace.h"
32 #include "src/core/tsi/ssl_transport_security.h"
33
34 /// -- Wrapper APIs declared in grpc_security.h -- *
35
grpc_tls_credentials_options_create()36 grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
37 grpc_core::ExecCtx exec_ctx;
38 return new grpc_tls_credentials_options();
39 }
40
grpc_tls_credentials_options_copy(grpc_tls_credentials_options * options)41 grpc_tls_credentials_options* grpc_tls_credentials_options_copy(
42 grpc_tls_credentials_options* options) {
43 GPR_ASSERT(options != nullptr);
44 return new grpc_tls_credentials_options(*options);
45 }
46
grpc_tls_credentials_options_destroy(grpc_tls_credentials_options * options)47 void grpc_tls_credentials_options_destroy(
48 grpc_tls_credentials_options* options) {
49 delete options;
50 }
51
grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options * options,grpc_ssl_client_certificate_request_type type)52 void grpc_tls_credentials_options_set_cert_request_type(
53 grpc_tls_credentials_options* options,
54 grpc_ssl_client_certificate_request_type type) {
55 GPR_ASSERT(options != nullptr);
56 options->set_cert_request_type(type);
57 }
58
grpc_tls_credentials_options_set_verify_server_cert(grpc_tls_credentials_options * options,int verify_server_cert)59 void grpc_tls_credentials_options_set_verify_server_cert(
60 grpc_tls_credentials_options* options, int verify_server_cert) {
61 GPR_ASSERT(options != nullptr);
62 options->set_verify_server_cert(verify_server_cert);
63 }
64
grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options * options,grpc_tls_certificate_provider * provider)65 void grpc_tls_credentials_options_set_certificate_provider(
66 grpc_tls_credentials_options* options,
67 grpc_tls_certificate_provider* provider) {
68 GPR_ASSERT(options != nullptr);
69 GPR_ASSERT(provider != nullptr);
70 grpc_core::ExecCtx exec_ctx;
71 options->set_certificate_provider(
72 provider->Ref(DEBUG_LOCATION, "set_certificate_provider"));
73 }
74
grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options * options)75 void grpc_tls_credentials_options_watch_root_certs(
76 grpc_tls_credentials_options* options) {
77 GPR_ASSERT(options != nullptr);
78 options->set_watch_root_cert(true);
79 }
80
grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options * options,const char * root_cert_name)81 void grpc_tls_credentials_options_set_root_cert_name(
82 grpc_tls_credentials_options* options, const char* root_cert_name) {
83 GPR_ASSERT(options != nullptr);
84 options->set_root_cert_name(root_cert_name);
85 }
86
grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options * options)87 void grpc_tls_credentials_options_watch_identity_key_cert_pairs(
88 grpc_tls_credentials_options* options) {
89 GPR_ASSERT(options != nullptr);
90 options->set_watch_identity_pair(true);
91 }
92
grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options * options,const char * identity_cert_name)93 void grpc_tls_credentials_options_set_identity_cert_name(
94 grpc_tls_credentials_options* options, const char* identity_cert_name) {
95 GPR_ASSERT(options != nullptr);
96 options->set_identity_cert_name(identity_cert_name);
97 }
98
grpc_tls_credentials_options_set_certificate_verifier(grpc_tls_credentials_options * options,grpc_tls_certificate_verifier * verifier)99 void grpc_tls_credentials_options_set_certificate_verifier(
100 grpc_tls_credentials_options* options,
101 grpc_tls_certificate_verifier* verifier) {
102 GPR_ASSERT(options != nullptr);
103 GPR_ASSERT(verifier != nullptr);
104 options->set_certificate_verifier(verifier->Ref());
105 }
106
grpc_tls_credentials_options_set_crl_directory(grpc_tls_credentials_options * options,const char * crl_directory)107 void grpc_tls_credentials_options_set_crl_directory(
108 grpc_tls_credentials_options* options, const char* crl_directory) {
109 GPR_ASSERT(options != nullptr);
110 options->set_crl_directory(crl_directory);
111 }
112
grpc_tls_credentials_options_set_check_call_host(grpc_tls_credentials_options * options,int check_call_host)113 void grpc_tls_credentials_options_set_check_call_host(
114 grpc_tls_credentials_options* options, int check_call_host) {
115 GPR_ASSERT(options != nullptr);
116 options->set_check_call_host(check_call_host);
117 }
118
grpc_tls_credentials_options_set_tls_session_key_log_file_path(grpc_tls_credentials_options * options,const char * path)119 void grpc_tls_credentials_options_set_tls_session_key_log_file_path(
120 grpc_tls_credentials_options* options, const char* path) {
121 if (!tsi_tls_session_key_logging_supported() || options == nullptr) {
122 return;
123 }
124 GRPC_API_TRACE(
125 "grpc_tls_credentials_options_set_tls_session_key_log_config(options=%p)",
126 1, (options));
127 // Tls session key logging is assumed to be enabled if the specified log
128 // file is non-empty.
129 if (path != nullptr) {
130 gpr_log(GPR_INFO,
131 "Enabling TLS session key logging with keys stored at: %s", path);
132 } else {
133 gpr_log(GPR_INFO, "Disabling TLS session key logging");
134 }
135 options->set_tls_session_key_log_file_path(path != nullptr ? path : "");
136 }
137
grpc_tls_credentials_options_set_send_client_ca_list(grpc_tls_credentials_options * options,bool send_client_ca_list)138 void grpc_tls_credentials_options_set_send_client_ca_list(
139 grpc_tls_credentials_options* options, bool send_client_ca_list) {
140 if (options == nullptr) {
141 return;
142 }
143 options->set_send_client_ca_list(send_client_ca_list);
144 }
145
grpc_tls_credentials_options_set_crl_provider(grpc_tls_credentials_options * options,std::shared_ptr<grpc_core::experimental::CrlProvider> provider)146 void grpc_tls_credentials_options_set_crl_provider(
147 grpc_tls_credentials_options* options,
148 std::shared_ptr<grpc_core::experimental::CrlProvider> provider) {
149 GPR_ASSERT(options != nullptr);
150 options->set_crl_provider(provider);
151 }
152
grpc_tls_credentials_options_set_min_tls_version(grpc_tls_credentials_options * options,grpc_tls_version min_tls_version)153 void grpc_tls_credentials_options_set_min_tls_version(
154 grpc_tls_credentials_options* options, grpc_tls_version min_tls_version) {
155 GPR_ASSERT(options != nullptr);
156 options->set_min_tls_version(min_tls_version);
157 }
158
grpc_tls_credentials_options_set_max_tls_version(grpc_tls_credentials_options * options,grpc_tls_version max_tls_version)159 void grpc_tls_credentials_options_set_max_tls_version(
160 grpc_tls_credentials_options* options, grpc_tls_version max_tls_version) {
161 GPR_ASSERT(options != nullptr);
162 options->set_max_tls_version(max_tls_version);
163 }
164