GPR_EXPORT grpc_server_credentials *GPR_CALLTYPE grpcsharp_ssl_server_credentials_create( const char *pem_root_certs, const char **key_cert_pair_cert_chain_array, const char **key_cert_pair_private_key_array, size_t num_key_cert_pairs, int force_client_auth) { size_t i; grpc_server_credentials *creds; grpc_ssl_pem_key_cert_pair *key_cert_pairs = gpr_malloc(sizeof(grpc_ssl_pem_key_cert_pair) * num_key_cert_pairs); memset(key_cert_pairs, 0, sizeof(grpc_ssl_pem_key_cert_pair) * num_key_cert_pairs); for (i = 0; i < num_key_cert_pairs; i++) { if (key_cert_pair_cert_chain_array[i] || key_cert_pair_private_key_array[i]) { key_cert_pairs[i].cert_chain = key_cert_pair_cert_chain_array[i]; key_cert_pairs[i].private_key = key_cert_pair_private_key_array[i]; } } creds = grpc_ssl_server_credentials_create_ex( pem_root_certs, key_cert_pairs, num_key_cert_pairs, force_client_auth ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, NULL); gpr_free(key_cert_pairs); return creds; }
GPR_EXPORT grpc_server_credentials* GPR_CALLTYPE grpcsharp_ssl_server_credentials_create( const char* pem_root_certs, const char** key_cert_pair_cert_chain_array, const char** key_cert_pair_private_key_array, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_request_type) { size_t i; grpc_server_credentials* creds; grpc_ssl_pem_key_cert_pair* key_cert_pairs = gpr_malloc(sizeof(grpc_ssl_pem_key_cert_pair) * num_key_cert_pairs); memset(key_cert_pairs, 0, sizeof(grpc_ssl_pem_key_cert_pair) * num_key_cert_pairs); for (i = 0; i < num_key_cert_pairs; i++) { if (key_cert_pair_cert_chain_array[i] || key_cert_pair_private_key_array[i]) { key_cert_pairs[i].cert_chain = key_cert_pair_cert_chain_array[i]; key_cert_pairs[i].private_key = key_cert_pair_private_key_array[i]; } } creds = grpc_ssl_server_credentials_create_ex(pem_root_certs, key_cert_pairs, num_key_cert_pairs, client_request_type, NULL); gpr_free(key_cert_pairs); return creds; }
/** * Create SSL credentials. * @param string pem_root_certs PEM encoding of the server root certificates * @param string pem_private_key PEM encoding of the client's private key * @param string pem_cert_chain PEM encoding of the client's certificate chain * @return Credentials The new SSL credentials object */ PHP_METHOD(ServerCredentials, createSsl) { zend_string *pem_root_certs = NULL; zend_string *private_key; zend_string *cert_chain; grpc_ssl_pem_key_cert_pair pem_key_cert_pair; /* "S!SS" == 1 nullable string, 2 strings */ /* TODO: support multiple key cert pairs. */ if (zend_parse_parameters(ZEND_NUM_ARGS(), "S!SS", &pem_root_certs, &private_key, &cert_chain) == FAILURE) { zend_throw_exception(spl_ce_InvalidArgumentException, "createSsl expects 3 strings", 1); return; } if (private_key) { pem_key_cert_pair.private_key = ZSTR_VAL(private_key); } if (cert_chain) { pem_key_cert_pair.cert_chain = ZSTR_VAL(cert_chain); } /* TODO: add a client_certificate_request field in ServerCredentials and pass * it as the last parameter. */ grpc_server_credentials *creds = grpc_ssl_server_credentials_create_ex( pem_root_certs == NULL ? NULL : ZSTR_VAL(pem_root_certs), &pem_key_cert_pair, 1, GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, NULL); grpc_php_wrap_server_credentials(creds, return_value); RETURN_DESTROY_ZVAL(return_value); }
grpc_server_credentials *grpc_ssl_server_credentials_create( const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved) { return grpc_ssl_server_credentials_create_ex( pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs, force_client_auth ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, reserved); }
/* call-seq: creds = ServerCredentials.new(nil, [{private_key: <pem_private_key1>, {cert_chain: <pem_cert_chain1>}], force_client_auth) creds = ServerCredentials.new(pem_root_certs, [{private_key: <pem_private_key1>, {cert_chain: <pem_cert_chain1>}], force_client_auth) pem_root_certs: (optional) PEM encoding of the server root certificate pem_private_key: (required) PEM encoding of the server's private keys force_client_auth: indicatees Initializes ServerCredential instances. */ static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs, VALUE pem_key_certs, VALUE force_client_auth) { grpc_rb_server_credentials *wrapper = NULL; grpc_server_credentials *creds = NULL; grpc_ssl_pem_key_cert_pair *key_cert_pairs = NULL; VALUE cert = Qnil; VALUE key = Qnil; VALUE key_cert = Qnil; int auth_client = 0; long num_key_certs = 0; int i; if (NIL_P(force_client_auth) || !(force_client_auth == Qfalse || force_client_auth == Qtrue)) { rb_raise(rb_eTypeError, "bad force_client_auth: got:<%s> want: <True|False|nil>", rb_obj_classname(force_client_auth)); return Qnil; } if (NIL_P(pem_key_certs) || TYPE(pem_key_certs) != T_ARRAY) { rb_raise(rb_eTypeError, "bad pem_key_certs: got:<%s> want: <Array>", rb_obj_classname(pem_key_certs)); return Qnil; } num_key_certs = RARRAY_LEN(pem_key_certs); if (num_key_certs == 0) { rb_raise(rb_eTypeError, "bad pem_key_certs: it had no elements"); return Qnil; } for (i = 0; i < num_key_certs; i++) { key_cert = rb_ary_entry(pem_key_certs, i); if (key_cert == Qnil) { rb_raise(rb_eTypeError, "could not create a server credential: nil key_cert"); return Qnil; } else if (TYPE(key_cert) != T_HASH) { rb_raise(rb_eTypeError, "could not create a server credential: want <Hash>, got <%s>", rb_obj_classname(key_cert)); return Qnil; } else if (rb_hash_aref(key_cert, sym_private_key) == Qnil) { rb_raise(rb_eTypeError, "could not create a server credential: want nil private key"); return Qnil; } else if (rb_hash_aref(key_cert, sym_cert_chain) == Qnil) { rb_raise(rb_eTypeError, "could not create a server credential: want nil cert chain"); return Qnil; } } auth_client = TYPE(force_client_auth) == T_TRUE ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE; key_cert_pairs = ALLOC_N(grpc_ssl_pem_key_cert_pair, num_key_certs); for (i = 0; i < num_key_certs; i++) { key_cert = rb_ary_entry(pem_key_certs, i); key = rb_hash_aref(key_cert, sym_private_key); cert = rb_hash_aref(key_cert, sym_cert_chain); key_cert_pairs[i].private_key = RSTRING_PTR(key); key_cert_pairs[i].cert_chain = RSTRING_PTR(cert); } TypedData_Get_Struct(self, grpc_rb_server_credentials, &grpc_rb_server_credentials_data_type, wrapper); if (pem_root_certs == Qnil) { creds = grpc_ssl_server_credentials_create_ex( NULL, key_cert_pairs, num_key_certs, auth_client, NULL); } else { creds = grpc_ssl_server_credentials_create_ex(RSTRING_PTR(pem_root_certs), key_cert_pairs, num_key_certs, auth_client, NULL); } xfree(key_cert_pairs); if (creds == NULL) { rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why"); return Qnil; } wrapper->wrapped = creds; /* Add the input objects as hidden fields to preserve them. */ rb_ivar_set(self, id_pem_key_certs, pem_key_certs); rb_ivar_set(self, id_pem_root_certs, pem_root_certs); return self; }