int main(int argc, char **argv) {
const char *addr = bad_ssl_addr(argc, argv);
grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
grpc_server_credentials *ssl_creds;
grpc_server *server;
gpr_slice cert_slice, key_slice;
int ok;
grpc_init();
cert_slice =
gpr_load_file("src/core/lib/tsi/test_creds/badserver.pem", 1, &ok);
GPR_ASSERT(ok);
key_slice =
gpr_load_file("src/core/lib/tsi/test_creds/badserver.key", 1, &ok);
GPR_ASSERT(ok);
pem_key_cert_pair.private_key = (const char *)GPR_SLICE_START_PTR(key_slice);
pem_key_cert_pair.cert_chain = (const char *)GPR_SLICE_START_PTR(cert_slice);
ssl_creds =
grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1, 0, NULL);
server = grpc_server_create(NULL, NULL);
GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr, ssl_creds));
grpc_server_credentials_release(ssl_creds);
gpr_slice_unref(cert_slice);
gpr_slice_unref(key_slice);
bad_ssl_run(server);
grpc_shutdown();
return 0;
}
GPR_EXPORT grpc_server_credentials *GPR_CALLTYPE
grpcsharp_ssl_server_credentials_create(
const char *pem_root_certs, const char **key_cert_pair_cert_chain_array,
const char **key_cert_pair_private_key_array, size_t num_key_cert_pairs,
int force_client_auth) {
size_t i;
grpc_server_credentials *creds;
grpc_ssl_pem_key_cert_pair *key_cert_pairs =
gpr_malloc(sizeof(grpc_ssl_pem_key_cert_pair) * num_key_cert_pairs);
memset(key_cert_pairs, 0,
sizeof(grpc_ssl_pem_key_cert_pair) * num_key_cert_pairs);
for (i = 0; i < num_key_cert_pairs; i++) {
if (key_cert_pair_cert_chain_array[i] ||
key_cert_pair_private_key_array[i]) {
key_cert_pairs[i].cert_chain = key_cert_pair_cert_chain_array[i];
key_cert_pairs[i].private_key = key_cert_pair_private_key_array[i];
}
}
creds = grpc_ssl_server_credentials_create(pem_root_certs, key_cert_pairs,
num_key_cert_pairs,
force_client_auth, NULL);
gpr_free(key_cert_pairs);
return creds;
}
static void chttp2_init_server_simple_ssl_secure_fullstack(
grpc_end2end_test_fixture *f, grpc_channel_args *server_args) {
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
test_server1_cert};
grpc_server_credentials *ssl_creds =
grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1);
chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);
}
static grpc_server *create_proxy_server(const char *port) {
grpc_server *s = grpc_server_create(NULL, NULL);
grpc_ssl_pem_key_cert_pair pem_cert_key_pair = {test_server1_key,
test_server1_cert};
grpc_server_credentials *ssl_creds =
grpc_ssl_server_credentials_create(NULL, &pem_cert_key_pair, 1, 0, NULL);
GPR_ASSERT(grpc_server_add_secure_http2_port(s, port, ssl_creds));
grpc_server_credentials_release(ssl_creds);
return s;
}
static void chttp2_init_server_simple_ssl_secure_fullstack(
grpc_end2end_test_fixture *f, grpc_channel_args *server_args) {
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
test_server1_cert};
grpc_server_credentials *ssl_creds =
grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1, 0, NULL);
grpc_server_credentials_set_auth_metadata_processor(
ssl_creds, test_processor_create(fail_server_auth_check(server_args)));
chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);
}
// Simple gRPC server. This listens until client_handshake_complete occurs.
static void server_thread(void *arg) {
const int port = *(int *)arg;
// Load key pair and establish server SSL credentials.
grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
gpr_slice ca_slice, cert_slice, key_slice;
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(SSL_CA_PATH, 1, &ca_slice)));
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(SSL_CERT_PATH, 1, &cert_slice)));
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(SSL_KEY_PATH, 1, &key_slice)));
const char *ca_cert = (const char *)GPR_SLICE_START_PTR(ca_slice);
pem_key_cert_pair.private_key = (const char *)GPR_SLICE_START_PTR(key_slice);
pem_key_cert_pair.cert_chain = (const char *)GPR_SLICE_START_PTR(cert_slice);
grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create(
ca_cert, &pem_key_cert_pair, 1, 0, NULL);
// Start server listening on local port.
char *addr;
gpr_asprintf(&addr, "127.0.0.1:%d", port);
grpc_server *server = grpc_server_create(NULL, NULL);
GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr, ssl_creds));
free(addr);
grpc_completion_queue *cq = grpc_completion_queue_create(NULL);
grpc_server_register_completion_queue(server, cq, NULL);
grpc_server_start(server);
// Wait a bounded number of time until client_handshake_complete is set,
// sleeping between polls.
int retries = 10;
while (!gpr_event_get(&client_handshake_complete) && retries-- > 0) {
const gpr_timespec cq_deadline = GRPC_TIMEOUT_SECONDS_TO_DEADLINE(1);
grpc_event ev = grpc_completion_queue_next(cq, cq_deadline, NULL);
GPR_ASSERT(ev.type == GRPC_QUEUE_TIMEOUT);
}
gpr_log(GPR_INFO, "Shutting down server");
grpc_server_shutdown_and_notify(server, cq, NULL);
grpc_completion_queue_shutdown(cq);
const gpr_timespec cq_deadline = GRPC_TIMEOUT_SECONDS_TO_DEADLINE(5);
grpc_event ev = grpc_completion_queue_next(cq, cq_deadline, NULL);
GPR_ASSERT(ev.type == GRPC_OP_COMPLETE);
grpc_server_destroy(server);
grpc_completion_queue_destroy(cq);
grpc_server_credentials_release(ssl_creds);
gpr_slice_unref(cert_slice);
gpr_slice_unref(key_slice);
gpr_slice_unref(ca_slice);
}
/*
call-seq:
creds = ServerCredentials.new(pem_root_certs, pem_private_key,
pem_cert_chain)
creds = ServerCredentials.new(nil, pem_private_key,
pem_cert_chain)
pem_root_certs: (required) PEM encoding of the server root certificate
pem_private_key: (optional) PEM encoding of the server's private key
pem_cert_chain: (optional) PEM encoding of the server's cert chain
Initializes ServerCredential instances. */
static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs,
VALUE pem_private_key,
VALUE pem_cert_chain) {
/* TODO support multiple key cert pairs in the ruby API. */
grpc_rb_server_credentials *wrapper = NULL;
grpc_server_credentials *creds = NULL;
grpc_ssl_pem_key_cert_pair key_cert_pair = {NULL, NULL};
Data_Get_Struct(self, grpc_rb_server_credentials, wrapper);
if (pem_cert_chain == Qnil) {
rb_raise(rb_eRuntimeError,
"could not create a server credential: nil pem_cert_chain");
return Qnil;
} else if (pem_private_key == Qnil) {
rb_raise(rb_eRuntimeError,
"could not create a server credential: nil pem_private_key");
return Qnil;
}
key_cert_pair.private_key = RSTRING_PTR(pem_private_key);
key_cert_pair.cert_chain = RSTRING_PTR(pem_cert_chain);
if (pem_root_certs == Qnil) {
creds = grpc_ssl_server_credentials_create(NULL, &key_cert_pair, 1);
} else {
creds = grpc_ssl_server_credentials_create(RSTRING_PTR(pem_root_certs),
&key_cert_pair, 1);
}
if (creds == NULL) {
rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why");
}
wrapper->wrapped = creds;
/* Add the input objects as hidden fields to preserve them. */
rb_ivar_set(self, id_pem_cert_chain, pem_cert_chain);
rb_ivar_set(self, id_pem_private_key, pem_private_key);
rb_ivar_set(self, id_pem_root_certs, pem_root_certs);
return self;
}
static void chttp2_init_server_simple_ssl_secure_fullstack(
grpc_end2end_test_fixture *f, grpc_channel_args *server_args) {
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
test_server1_cert};
grpc_server_credentials *ssl_creds =
grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1, 0, NULL);
grpc_auth_metadata_processor processor;
processor.state = NULL;
if (fail_server_auth_check(server_args)) {
processor.process = process_oauth2_failure;
} else {
processor.process = process_oauth2_success;
}
grpc_server_credentials_set_auth_metadata_processor(ssl_creds, processor);
chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);
}
ServerCredentials *pygrpc_ServerCredentials_ssl(
PyTypeObject *type, PyObject *args, PyObject *kwargs) {
ServerCredentials *self;
const char *root_certs;
PyObject *py_key_cert_pairs;
grpc_ssl_pem_key_cert_pair *key_cert_pairs;
size_t num_key_cert_pairs;
size_t i;
static char *keywords[] = {"root_certs", "key_cert_pairs", NULL};
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "zO:ssl", keywords,
&root_certs, &py_key_cert_pairs)) {
return NULL;
}
if (!PyList_Check(py_key_cert_pairs)) {
PyErr_SetString(PyExc_TypeError, "expected a list of 2-tuples of strings");
return NULL;
}
num_key_cert_pairs = PyList_Size(py_key_cert_pairs);
key_cert_pairs =
gpr_malloc(sizeof(grpc_ssl_pem_key_cert_pair) * num_key_cert_pairs);
for (i = 0; i < num_key_cert_pairs; ++i) {
PyObject *item = PyList_GET_ITEM(py_key_cert_pairs, i);
const char *key;
const char *cert;
if (!PyArg_ParseTuple(item, "zz", &key, &cert)) {
gpr_free(key_cert_pairs);
PyErr_SetString(PyExc_TypeError,
"expected a list of 2-tuples of strings");
return NULL;
}
key_cert_pairs[i].private_key = key;
key_cert_pairs[i].cert_chain = cert;
}
self = (ServerCredentials *)type->tp_alloc(type, 0);
self->c_creds = grpc_ssl_server_credentials_create(
root_certs, key_cert_pairs, num_key_cert_pairs);
gpr_free(key_cert_pairs);
return self;
}
int main(int argc, char **argv) {
grpc_event ev;
call_state *s;
char *addr_buf = NULL;
gpr_cmdline *cl;
int shutdown_started = 0;
int shutdown_finished = 0;
int secure = 0;
char *addr = NULL;
char *fake_argv[1];
GPR_ASSERT(argc >= 1);
fake_argv[0] = argv[0];
grpc_test_init(1, fake_argv);
grpc_init();
srand(clock());
cl = gpr_cmdline_create("fling server");
gpr_cmdline_add_string(cl, "bind", "Bind host:port", &addr);
gpr_cmdline_add_flag(cl, "secure", "Run with security?", &secure);
gpr_cmdline_parse(cl, argc, argv);
gpr_cmdline_destroy(cl);
if (addr == NULL) {
gpr_join_host_port(&addr_buf, "::", grpc_pick_unused_port_or_die());
addr = addr_buf;
}
gpr_log(GPR_INFO, "creating server on: %s", addr);
cq = grpc_completion_queue_create();
if (secure) {
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
test_server1_cert};
grpc_server_credentials *ssl_creds =
grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1, 0);
server = grpc_server_create(NULL);
GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr, ssl_creds));
grpc_server_credentials_release(ssl_creds);
} else {
server = grpc_server_create(NULL);
GPR_ASSERT(grpc_server_add_insecure_http2_port(server, addr));
}
grpc_server_register_completion_queue(server, cq);
grpc_server_start(server);
gpr_free(addr_buf);
addr = addr_buf = NULL;
grpc_call_details_init(&call_details);
request_call();
grpc_profiler_start("server.prof");
signal(SIGINT, sigint_handler);
while (!shutdown_finished) {
if (got_sigint && !shutdown_started) {
gpr_log(GPR_INFO, "Shutting down due to SIGINT");
grpc_server_shutdown_and_notify(server, cq, tag(1000));
GPR_ASSERT(grpc_completion_queue_pluck(
cq, tag(1000), GRPC_TIMEOUT_SECONDS_TO_DEADLINE(5))
.type == GRPC_OP_COMPLETE);
grpc_completion_queue_shutdown(cq);
shutdown_started = 1;
}
ev = grpc_completion_queue_next(
cq, gpr_time_add(gpr_now(GPR_CLOCK_REALTIME),
gpr_time_from_micros(1000000, GPR_TIMESPAN)));
s = ev.tag;
switch (ev.type) {
case GRPC_OP_COMPLETE:
switch ((gpr_intptr)s) {
case FLING_SERVER_NEW_REQUEST:
if (call != NULL) {
if (0 ==
strcmp(call_details.method, "/Reflector/reflectStream")) {
/* Received streaming call. Send metadata here. */
start_read_op(FLING_SERVER_READ_FOR_STREAMING);
send_initial_metadata();
} else {
/* Received unary call. Can do all ops in one batch. */
start_read_op(FLING_SERVER_READ_FOR_UNARY);
}
} else {
GPR_ASSERT(shutdown_started);
}
/* request_call();
*/
break;
case FLING_SERVER_READ_FOR_STREAMING:
if (payload_buffer != NULL) {
/* Received payload from client. */
start_write_op();
} else {
/* Received end of stream from client. */
start_send_status();
}
break;
case FLING_SERVER_WRITE_FOR_STREAMING:
/* Write completed at server */
grpc_byte_buffer_destroy(payload_buffer);
payload_buffer = NULL;
start_read_op(FLING_SERVER_READ_FOR_STREAMING);
break;
case FLING_SERVER_SEND_INIT_METADATA_FOR_STREAMING:
/* Metadata send completed at server */
break;
case FLING_SERVER_SEND_STATUS_FOR_STREAMING:
/* Send status and close completed at server */
grpc_call_destroy(call);
if (!shutdown_started) request_call();
break;
case FLING_SERVER_READ_FOR_UNARY:
/* Finished payload read for unary. Start all reamaining
* unary ops in a batch.
*/
handle_unary_method();
break;
case FLING_SERVER_BATCH_OPS_FOR_UNARY:
/* Finished unary call. */
grpc_byte_buffer_destroy(payload_buffer);
payload_buffer = NULL;
grpc_call_destroy(call);
if (!shutdown_started) request_call();
break;
}
break;
case GRPC_QUEUE_SHUTDOWN:
GPR_ASSERT(shutdown_started);
shutdown_finished = 1;
break;
case GRPC_QUEUE_TIMEOUT:
break;
}
}
grpc_profiler_stop();
grpc_call_details_destroy(&call_details);
grpc_server_destroy(server);
grpc_completion_queue_destroy(cq);
grpc_shutdown();
return 0;
}
int main(int argc, char **argv) {
grpc_event *ev;
call_state *s;
char *addr_buf = NULL;
gpr_cmdline *cl;
int shutdown_started = 0;
int shutdown_finished = 0;
int secure = 0;
char *addr = NULL;
char *fake_argv[1];
#define MAX_ARGS 4
grpc_arg arge[MAX_ARGS];
grpc_arg *e;
grpc_channel_args args = {0, NULL};
grpc_http_server_page home_page = {"/", "text/html",
"<head>\n"
"<title>Echo Server</title>\n"
"</head>\n"
"<body>\n"
"Welcome to the world of the future!\n"
"</body>\n"};
GPR_ASSERT(argc >= 1);
fake_argv[0] = argv[0];
grpc_test_init(1, fake_argv);
grpc_init();
srand(clock());
memset(arge, 0, sizeof(arge));
args.args = arge;
cl = gpr_cmdline_create("echo server");
gpr_cmdline_add_string(cl, "bind", "Bind host:port", &addr);
gpr_cmdline_add_flag(cl, "secure", "Run with security?", &secure);
gpr_cmdline_parse(cl, argc, argv);
gpr_cmdline_destroy(cl);
e = &arge[args.num_args++];
e->type = GRPC_ARG_POINTER;
e->key = GRPC_ARG_SERVE_OVER_HTTP;
e->value.pointer.p = &home_page;
if (addr == NULL) {
gpr_join_host_port(&addr_buf, "::", grpc_pick_unused_port_or_die());
addr = addr_buf;
}
gpr_log(GPR_INFO, "creating server on: %s", addr);
cq = grpc_completion_queue_create();
if (secure) {
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
test_server1_cert};
grpc_server_credentials *ssl_creds =
grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1);
server = grpc_secure_server_create(ssl_creds, cq, &args);
GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr));
grpc_server_credentials_release(ssl_creds);
} else {
server = grpc_server_create(cq, &args);
GPR_ASSERT(grpc_server_add_http2_port(server, addr));
}
grpc_server_start(server);
gpr_free(addr_buf);
addr = addr_buf = NULL;
request_call();
signal(SIGINT, sigint_handler);
while (!shutdown_finished) {
if (got_sigint && !shutdown_started) {
gpr_log(GPR_INFO, "Shutting down due to SIGINT");
grpc_server_shutdown(server);
grpc_completion_queue_shutdown(cq);
shutdown_started = 1;
}
ev = grpc_completion_queue_next(
cq, gpr_time_add(gpr_now(), gpr_time_from_seconds(1)));
if (!ev) continue;
s = ev->tag;
switch (ev->type) {
case GRPC_SERVER_RPC_NEW:
if (ev->call != NULL) {
/* initial ops are already started in request_call */
grpc_call_server_accept_old(ev->call, cq, s);
grpc_call_server_end_initial_metadata_old(ev->call,
GRPC_WRITE_BUFFER_HINT);
GPR_ASSERT(grpc_call_start_read_old(ev->call, s) == GRPC_CALL_OK);
request_call();
} else {
GPR_ASSERT(shutdown_started);
gpr_free(s);
}
break;
case GRPC_WRITE_ACCEPTED:
GPR_ASSERT(ev->data.write_accepted == GRPC_OP_OK);
GPR_ASSERT(grpc_call_start_read_old(ev->call, s) == GRPC_CALL_OK);
break;
case GRPC_READ:
if (ev->data.read) {
assert_read_ok(ev->tag, ev->data.read);
GPR_ASSERT(grpc_call_start_write_old(ev->call, ev->data.read, s,
GRPC_WRITE_BUFFER_HINT) ==
GRPC_CALL_OK);
} else {
GPR_ASSERT(grpc_call_start_write_status_old(ev->call, GRPC_STATUS_OK,
NULL, s) == GRPC_CALL_OK);
}
break;
case GRPC_FINISH_ACCEPTED:
case GRPC_FINISHED:
if (gpr_unref(&s->pending_ops)) {
grpc_call_destroy(ev->call);
gpr_free(s);
}
break;
case GRPC_QUEUE_SHUTDOWN:
GPR_ASSERT(shutdown_started);
shutdown_finished = 1;
break;
default:
GPR_ASSERT(0);
}
grpc_event_finish(ev);
}
grpc_server_destroy(server);
grpc_completion_queue_destroy(cq);
grpc_shutdown();
return 0;
}
