1 //
2 //
3 // Copyright 2018 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18
19 #include <grpc/support/port_platform.h>
20
21 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
22
23 #include <grpc/support/log.h>
24
25 #include "src/core/lib/debug/trace.h"
26 #include "src/core/lib/gprpp/debug_location.h"
27 #include "src/core/lib/iomgr/exec_ctx.h"
28 #include "src/core/lib/surface/api_trace.h"
29 #include "src/core/tsi/ssl_transport_security.h"
30
31 /// -- Wrapper APIs declared in grpc_security.h -- *
32
grpc_tls_credentials_options_create()33 grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
34 grpc_core::ExecCtx exec_ctx;
35 return new grpc_tls_credentials_options();
36 }
37
grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options * options,grpc_ssl_client_certificate_request_type type)38 void grpc_tls_credentials_options_set_cert_request_type(
39 grpc_tls_credentials_options* options,
40 grpc_ssl_client_certificate_request_type type) {
41 GPR_ASSERT(options != nullptr);
42 options->set_cert_request_type(type);
43 }
44
grpc_tls_credentials_options_set_verify_server_cert(grpc_tls_credentials_options * options,int verify_server_cert)45 void grpc_tls_credentials_options_set_verify_server_cert(
46 grpc_tls_credentials_options* options, int verify_server_cert) {
47 GPR_ASSERT(options != nullptr);
48 options->set_verify_server_cert(verify_server_cert);
49 }
50
grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options * options,grpc_tls_certificate_provider * provider)51 void grpc_tls_credentials_options_set_certificate_provider(
52 grpc_tls_credentials_options* options,
53 grpc_tls_certificate_provider* provider) {
54 GPR_ASSERT(options != nullptr);
55 GPR_ASSERT(provider != nullptr);
56 grpc_core::ExecCtx exec_ctx;
57 options->set_certificate_provider(
58 provider->Ref(DEBUG_LOCATION, "set_certificate_provider"));
59 }
60
grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options * options)61 void grpc_tls_credentials_options_watch_root_certs(
62 grpc_tls_credentials_options* options) {
63 GPR_ASSERT(options != nullptr);
64 options->set_watch_root_cert(true);
65 }
66
grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options * options,const char * root_cert_name)67 void grpc_tls_credentials_options_set_root_cert_name(
68 grpc_tls_credentials_options* options, const char* root_cert_name) {
69 GPR_ASSERT(options != nullptr);
70 options->set_root_cert_name(root_cert_name);
71 }
72
grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options * options)73 void grpc_tls_credentials_options_watch_identity_key_cert_pairs(
74 grpc_tls_credentials_options* options) {
75 GPR_ASSERT(options != nullptr);
76 options->set_watch_identity_pair(true);
77 }
78
grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options * options,const char * identity_cert_name)79 void grpc_tls_credentials_options_set_identity_cert_name(
80 grpc_tls_credentials_options* options, const char* identity_cert_name) {
81 GPR_ASSERT(options != nullptr);
82 options->set_identity_cert_name(identity_cert_name);
83 }
84
grpc_tls_credentials_options_set_certificate_verifier(grpc_tls_credentials_options * options,grpc_tls_certificate_verifier * verifier)85 void grpc_tls_credentials_options_set_certificate_verifier(
86 grpc_tls_credentials_options* options,
87 grpc_tls_certificate_verifier* verifier) {
88 GPR_ASSERT(options != nullptr);
89 GPR_ASSERT(verifier != nullptr);
90 options->set_certificate_verifier(verifier->Ref());
91 }
92
grpc_tls_credentials_options_set_crl_directory(grpc_tls_credentials_options * options,const char * crl_directory)93 void grpc_tls_credentials_options_set_crl_directory(
94 grpc_tls_credentials_options* options, const char* crl_directory) {
95 GPR_ASSERT(options != nullptr);
96 options->set_crl_directory(crl_directory);
97 }
98
grpc_tls_credentials_options_set_check_call_host(grpc_tls_credentials_options * options,int check_call_host)99 void grpc_tls_credentials_options_set_check_call_host(
100 grpc_tls_credentials_options* options, int check_call_host) {
101 GPR_ASSERT(options != nullptr);
102 options->set_check_call_host(check_call_host);
103 }
104
grpc_tls_credentials_options_set_tls_session_key_log_file_path(grpc_tls_credentials_options * options,const char * path)105 void grpc_tls_credentials_options_set_tls_session_key_log_file_path(
106 grpc_tls_credentials_options* options, const char* path) {
107 if (!tsi_tls_session_key_logging_supported() || options == nullptr) {
108 return;
109 }
110 GRPC_API_TRACE(
111 "grpc_tls_credentials_options_set_tls_session_key_log_config(options=%p)",
112 1, (options));
113 // Tls session key logging is assumed to be enabled if the specified log
114 // file is non-empty.
115 if (path != nullptr) {
116 gpr_log(GPR_INFO,
117 "Enabling TLS session key logging with keys stored at: %s", path);
118 } else {
119 gpr_log(GPR_INFO, "Disabling TLS session key logging");
120 }
121 options->set_tls_session_key_log_file_path(path != nullptr ? path : "");
122 }
123
grpc_tls_credentials_options_set_send_client_ca_list(grpc_tls_credentials_options * options,bool send_client_ca_list)124 void grpc_tls_credentials_options_set_send_client_ca_list(
125 grpc_tls_credentials_options* options, bool send_client_ca_list) {
126 if (options == nullptr) {
127 return;
128 }
129 options->set_send_client_ca_list(send_client_ca_list);
130 }
131