// // // Copyright 2018 gRPC authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // // #include <grpc/support/port_platform.h> #include "src/core/lib/security/security_connector/tls/tls_security_connector.h" #include <string.h> #include <algorithm> #include <memory> #include <utility> #include <vector> #include "absl/functional/bind_front.h" #include "absl/strings/str_cat.h" #include "absl/strings/string_view.h" #include <grpc/grpc.h> #include <grpc/grpc_security_constants.h> #include <grpc/support/alloc.h> #include <grpc/support/log.h> #include <grpc/support/string_util.h> #include "src/core/lib/channel/channel_args.h" #include "src/core/lib/gprpp/debug_location.h" #include "src/core/lib/gprpp/host_port.h" #include "src/core/lib/gprpp/status_helper.h" #include "src/core/lib/iomgr/exec_ctx.h" #include "src/core/lib/promise/promise.h" #include "src/core/lib/security/context/security_context.h" #include "src/core/lib/security/credentials/credentials.h" #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h" #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" #include "src/core/lib/security/security_connector/ssl_utils.h" #include "src/core/lib/security/transport/security_handshaker.h" #include "src/core/tsi/ssl_transport_security.h" namespace grpc_core { namespace { char* CopyCoreString(char* src, size_t length) { … } void PendingVerifierRequestInit( const char* target_name, tsi_peer peer, grpc_tls_custom_verification_check_request* request) { … } void PendingVerifierRequestDestroy( grpc_tls_custom_verification_check_request* request) { … } tsi_ssl_pem_key_cert_pair* ConvertToTsiPemKeyCertPair( const PemKeyCertPairList& cert_pair_list) { … } } // namespace // -------------------channel security connector------------------- RefCountedPtr<grpc_channel_security_connector> TlsChannelSecurityConnector::CreateTlsChannelSecurityConnector( RefCountedPtr<grpc_channel_credentials> channel_creds, RefCountedPtr<grpc_tls_credentials_options> options, RefCountedPtr<grpc_call_credentials> request_metadata_creds, const char* target_name, const char* overridden_target_name, tsi_ssl_session_cache* ssl_session_cache) { … } TlsChannelSecurityConnector::TlsChannelSecurityConnector( RefCountedPtr<grpc_channel_credentials> channel_creds, RefCountedPtr<grpc_tls_credentials_options> options, RefCountedPtr<grpc_call_credentials> request_metadata_creds, const char* target_name, const char* overridden_target_name, tsi_ssl_session_cache* ssl_session_cache) : … { … } TlsChannelSecurityConnector::~TlsChannelSecurityConnector() { … } void TlsChannelSecurityConnector::add_handshakers( const ChannelArgs& args, grpc_pollset_set* /*interested_parties*/, HandshakeManager* handshake_mgr) { … } void TlsChannelSecurityConnector::check_peer( tsi_peer peer, grpc_endpoint* /*ep*/, const ChannelArgs& /*args*/, RefCountedPtr<grpc_auth_context>* auth_context, grpc_closure* on_peer_checked) { … } void TlsChannelSecurityConnector::cancel_check_peer( grpc_closure* on_peer_checked, grpc_error_handle error) { … } int TlsChannelSecurityConnector::cmp( const grpc_security_connector* other_sc) const { … } ArenaPromise<absl::Status> TlsChannelSecurityConnector::CheckCallHost( absl::string_view host, grpc_auth_context* auth_context) { … } void TlsChannelSecurityConnector::TlsChannelCertificateWatcher:: OnCertificatesChanged(absl::optional<absl::string_view> root_certs, absl::optional<PemKeyCertPairList> key_cert_pairs) { … } // TODO(ZhenLian): implement the logic to signal waiting handshakers once // BlockOnInitialCredentialHandshaker is implemented. void TlsChannelSecurityConnector::TlsChannelCertificateWatcher::OnError( grpc_error_handle root_cert_error, grpc_error_handle identity_cert_error) { … } TlsChannelSecurityConnector::ChannelPendingVerifierRequest:: ChannelPendingVerifierRequest( RefCountedPtr<TlsChannelSecurityConnector> security_connector, grpc_closure* on_peer_checked, tsi_peer peer, const char* target_name) : … { … } TlsChannelSecurityConnector::ChannelPendingVerifierRequest:: ~ChannelPendingVerifierRequest() { … } void TlsChannelSecurityConnector::ChannelPendingVerifierRequest::Start() { … } void TlsChannelSecurityConnector::ChannelPendingVerifierRequest::OnVerifyDone( bool run_callback_inline, absl::Status status) { … } // TODO(ZhenLian): implement the logic to signal waiting handshakers once // BlockOnInitialCredentialHandshaker is implemented. grpc_security_status TlsChannelSecurityConnector::UpdateHandshakerFactoryLocked() { … } // -------------------server security connector------------------- RefCountedPtr<grpc_server_security_connector> TlsServerSecurityConnector::CreateTlsServerSecurityConnector( RefCountedPtr<grpc_server_credentials> server_creds, RefCountedPtr<grpc_tls_credentials_options> options) { … } TlsServerSecurityConnector::TlsServerSecurityConnector( RefCountedPtr<grpc_server_credentials> server_creds, RefCountedPtr<grpc_tls_credentials_options> options) : … { … } TlsServerSecurityConnector::~TlsServerSecurityConnector() { … } void TlsServerSecurityConnector::add_handshakers( const ChannelArgs& args, grpc_pollset_set* /*interested_parties*/, HandshakeManager* handshake_mgr) { … } void TlsServerSecurityConnector::check_peer( tsi_peer peer, grpc_endpoint* /*ep*/, const ChannelArgs& /*args*/, RefCountedPtr<grpc_auth_context>* auth_context, grpc_closure* on_peer_checked) { … } void TlsServerSecurityConnector::cancel_check_peer( grpc_closure* on_peer_checked, grpc_error_handle error) { … } int TlsServerSecurityConnector::cmp( const grpc_security_connector* other_sc) const { … } void TlsServerSecurityConnector::TlsServerCertificateWatcher:: OnCertificatesChanged(absl::optional<absl::string_view> root_certs, absl::optional<PemKeyCertPairList> key_cert_pairs) { … } // TODO(ZhenLian): implement the logic to signal waiting handshakers once // BlockOnInitialCredentialHandshaker is implemented. void TlsServerSecurityConnector::TlsServerCertificateWatcher::OnError( grpc_error_handle root_cert_error, grpc_error_handle identity_cert_error) { … } TlsServerSecurityConnector::ServerPendingVerifierRequest:: ServerPendingVerifierRequest( RefCountedPtr<TlsServerSecurityConnector> security_connector, grpc_closure* on_peer_checked, tsi_peer peer) : … { … } TlsServerSecurityConnector::ServerPendingVerifierRequest:: ~ServerPendingVerifierRequest() { … } void TlsServerSecurityConnector::ServerPendingVerifierRequest::Start() { … } void TlsServerSecurityConnector::ServerPendingVerifierRequest::OnVerifyDone( bool run_callback_inline, absl::Status status) { … } // TODO(ZhenLian): implement the logic to signal waiting handshakers once // BlockOnInitialCredentialHandshaker is implemented. grpc_security_status TlsServerSecurityConnector::UpdateHandshakerFactoryLocked() { … } } // namespace grpc_core
Codebase Browser
chromium