// // Copyright 2020 gRPC authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // #include <grpc/support/port_platform.h> #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h" #include <stdint.h> #include <time.h> #include <algorithm> #include <utility> #include <vector> #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/evp.h> #include <openssl/pem.h> #include <openssl/x509.h> #include "absl/status/status.h" #include <grpc/slice.h> #include <grpc/support/log.h> #include <grpc/support/time.h> #include "src/core/lib/debug/trace.h" #include "src/core/lib/gprpp/stat.h" #include "src/core/lib/gprpp/status_helper.h" #include "src/core/lib/iomgr/error.h" #include "src/core/lib/iomgr/exec_ctx.h" #include "src/core/lib/iomgr/load_file.h" #include "src/core/lib/slice/slice.h" #include "src/core/lib/slice/slice_internal.h" #include "src/core/lib/surface/api_trace.h" namespace grpc_core { StaticDataCertificateProvider::StaticDataCertificateProvider( std::string root_certificate, PemKeyCertPairList pem_key_cert_pairs) : … { … } StaticDataCertificateProvider::~StaticDataCertificateProvider() { … } UniqueTypeName StaticDataCertificateProvider::type() const { … } namespace { gpr_timespec TimeoutSecondsToDeadline(int64_t seconds) { … } } // namespace static constexpr int64_t kMinimumFileWatcherRefreshIntervalSeconds = …; FileWatcherCertificateProvider::FileWatcherCertificateProvider( std::string private_key_path, std::string identity_certificate_path, std::string root_cert_path, int64_t refresh_interval_sec) : … { … } FileWatcherCertificateProvider::~FileWatcherCertificateProvider() { … } UniqueTypeName FileWatcherCertificateProvider::type() const { … } void FileWatcherCertificateProvider::ForceUpdate() { … } absl::optional<std::string> FileWatcherCertificateProvider::ReadRootCertificatesFromFile( const std::string& root_cert_full_path) { … } namespace { // This helper function gets the last-modified time of |filename|. When failed, // it logs the error and returns 0. time_t GetModificationTime(const char* filename) { … } } // namespace absl::optional<PemKeyCertPairList> FileWatcherCertificateProvider::ReadIdentityKeyCertPairFromFiles( const std::string& private_key_path, const std::string& identity_certificate_path) { … } int64_t FileWatcherCertificateProvider::TestOnlyGetRefreshIntervalSecond() const { … } absl::StatusOr<bool> PrivateKeyAndCertificateMatch( absl::string_view private_key, absl::string_view cert_chain) { … } } // namespace grpc_core /// -- Wrapper APIs declared in grpc_security.h -- * grpc_tls_certificate_provider* grpc_tls_certificate_provider_static_data_create( const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs) { … } grpc_tls_certificate_provider* grpc_tls_certificate_provider_file_watcher_create( const char* private_key_path, const char* identity_certificate_path, const char* root_cert_path, unsigned int refresh_interval_sec) { … } void grpc_tls_certificate_provider_release( grpc_tls_certificate_provider* provider) { … }
Codebase Browser
chromium