Esempio n. 1
0
/* Called to obtain the x509 cert of an authenticated peer. */
static VALUE grpc_rb_call_get_peer_cert(VALUE self) {
  grpc_rb_call *call = NULL;
  VALUE res = Qnil;
  grpc_auth_context *ctx = NULL;
  if (RTYPEDDATA_DATA(self) == NULL) {
    rb_raise(grpc_rb_eCallError, "Cannot get peer cert on closed call");
    return Qnil;
  }
  TypedData_Get_Struct(self, grpc_rb_call, &grpc_call_data_type, call);

  ctx = grpc_call_auth_context(call->wrapped);

  if (!ctx || !grpc_auth_context_peer_is_authenticated(ctx)) {
    return Qnil;
  }

  {
    grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
        ctx, GRPC_X509_PEM_CERT_PROPERTY_NAME);
    const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it);
    if (prop == NULL) {
      return Qnil;
    }

    res = rb_str_new2(prop->value);
  }

  grpc_auth_context_release(ctx);

  return res;
}
Esempio n. 2
0
static int check_identity(const grpc_auth_context *ctx,
                          const char *expected_property_name,
                          const char **expected_identities,
                          size_t num_identities) {
  grpc_auth_property_iterator it;
  const grpc_auth_property *prop;
  size_t i;
  GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
  it = grpc_auth_context_peer_identity(ctx);
  for (i = 0; i < num_identities; i++) {
    prop = grpc_auth_property_iterator_next(&it);
    if (prop == NULL) {
      gpr_log(GPR_ERROR, "Expected identity value %s not found.",
              expected_identities[i]);
      return 0;
    }
    if (strcmp(prop->name, expected_property_name) != 0) {
      gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.",
              expected_property_name, prop->name);
      return 0;
    }
    if (strncmp(prop->value, expected_identities[i], prop->value_length) != 0) {
      gpr_log(GPR_ERROR, "Expected peer identity %s and got %s.",
              expected_identities[i], prop->value);
      return 0;
    }
  }
  return 1;
}
Esempio n. 3
0
static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(
    void) {
  tsi_peer peer;
  grpc_auth_context *ctx;
  const char *expected_cn = "cn1";
  const char *expected_sans[] = {"san1", "san2", "san3"};
  size_t i;
  GPR_ASSERT(tsi_construct_peer(4 + GPR_ARRAY_SIZE(expected_sans), &peer) ==
             TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
                 &peer.properties[0]) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 "foo", "bar", &peer.properties[1]) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn,
                 &peer.properties[2]) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 "chapi", "chapo", &peer.properties[3]) == TSI_OK);
  for (i = 0; i < GPR_ARRAY_SIZE(expected_sans); i++) {
    GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                   TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY,
                   expected_sans[i], &peer.properties[4 + i]) == TSI_OK);
  }
  ctx = tsi_ssl_peer_to_auth_context(&peer);
  GPR_ASSERT(ctx != NULL);
  GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
  GPR_ASSERT(check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, expected_sans,
                            GPR_ARRAY_SIZE(expected_sans)));
  GPR_ASSERT(check_transport_security_type(ctx));
  GPR_ASSERT(check_x509_cn(ctx, expected_cn));

  tsi_peer_destruct(&peer);
  GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
Esempio n. 4
0
static void test_cn_and_one_san_ssl_peer_to_auth_context(void) {
  tsi_peer peer;
  grpc_auth_context *ctx;
  const char *expected_cn = "cn1";
  const char *expected_san = "san1";
  GPR_ASSERT(tsi_construct_peer(3, &peer) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
                 &peer.properties[0]) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn,
                 &peer.properties[1]) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, expected_san,
                 &peer.properties[2]) == TSI_OK);
  ctx = tsi_ssl_peer_to_auth_context(&peer);
  GPR_ASSERT(ctx != NULL);
  GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
  GPR_ASSERT(
      check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, &expected_san, 1));
  GPR_ASSERT(check_transport_security_type(ctx));
  GPR_ASSERT(check_x509_cn(ctx, expected_cn));

  tsi_peer_destruct(&peer);
  GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
Esempio n. 5
0
static void test_cn_only_ssl_peer_to_auth_context(void) {
  tsi_peer peer;
  tsi_peer rpeer;
  grpc_auth_context *ctx;
  const char *expected_cn = "cn1";
  const char *expected_pem_cert = "pem_cert1";
  GPR_ASSERT(tsi_construct_peer(3, &peer) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
                 &peer.properties[0]) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn,
                 &peer.properties[1]) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert,
                 &peer.properties[2]) == TSI_OK);
  ctx = tsi_ssl_peer_to_auth_context(&peer);
  GPR_ASSERT(ctx != NULL);
  GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
  GPR_ASSERT(check_identity(ctx, GRPC_X509_CN_PROPERTY_NAME, &expected_cn, 1));
  GPR_ASSERT(check_transport_security_type(ctx));
  GPR_ASSERT(check_x509_cn(ctx, expected_cn));
  GPR_ASSERT(check_x509_pem_cert(ctx, expected_pem_cert));

  rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));

  tsi_shallow_peer_destruct(&rpeer);
  tsi_peer_destruct(&peer);
  GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
Esempio n. 6
0
static void test_unauthenticated_ssl_peer(void) {
  tsi_peer peer;
  grpc_auth_context *ctx;
  GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
                 &peer.properties[0]) == TSI_OK);
  ctx = tsi_ssl_peer_to_auth_context(&peer);
  GPR_ASSERT(ctx != NULL);
  GPR_ASSERT(!grpc_auth_context_peer_is_authenticated(ctx));
  GPR_ASSERT(check_transport_security_type(ctx));

  tsi_peer_destruct(&peer);
  GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
Esempio n. 7
0
static void print_auth_context(int is_client, const grpc_auth_context *ctx) {
  const grpc_auth_property *p;
  grpc_auth_property_iterator it;
  gpr_log(GPR_INFO, "%s peer:", is_client ? "client" : "server");
  gpr_log(GPR_INFO, "\tauthenticated: %s",
          grpc_auth_context_peer_is_authenticated(ctx) ? "YES" : "NO");
  it = grpc_auth_context_peer_identity(ctx);
  while ((p = grpc_auth_property_iterator_next(&it)) != NULL) {
    gpr_log(GPR_INFO, "\t\t%s: %s", p->name, p->value);
  }
  gpr_log(GPR_INFO, "\tall properties:");
  it = grpc_auth_context_property_iterator(ctx);
  while ((p = grpc_auth_property_iterator_next(&it)) != NULL) {
    gpr_log(GPR_INFO, "\t\t%s: %s", p->name, p->value);
  }
}