tsi_peer tsi_shallow_peer_from_ssl_auth_context( const grpc_auth_context *auth_context) { size_t max_num_props = 0; grpc_auth_property_iterator it; const grpc_auth_property *prop; tsi_peer peer; memset(&peer, 0, sizeof(peer)); it = grpc_auth_context_property_iterator(auth_context); while (grpc_auth_property_iterator_next(&it) != NULL) max_num_props++; if (max_num_props > 0) { peer.properties = gpr_malloc(max_num_props * sizeof(tsi_peer_property)); it = grpc_auth_context_property_iterator(auth_context); while ((prop = grpc_auth_property_iterator_next(&it)) != NULL) { if (strcmp(prop->name, GRPC_X509_SAN_PROPERTY_NAME) == 0) { add_shalow_auth_property_to_peer( &peer, prop, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY); } else if (strcmp(prop->name, GRPC_X509_CN_PROPERTY_NAME) == 0) { add_shalow_auth_property_to_peer( &peer, prop, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY); } } } return peer; }
static int check_transport_security_type(const grpc_auth_context *ctx) { grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name( ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME); const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); if (prop == NULL) return 0; if (strncmp(prop->value, GRPC_SSL_TRANSPORT_SECURITY_TYPE, prop->value_length) != 0) { return 0; } /* Check that we have only one property with this name. */ if (grpc_auth_property_iterator_next(&it) != NULL) return 0; return 1; }
static void print_auth_context(int is_client, const grpc_auth_context *ctx) { const grpc_auth_property *p; grpc_auth_property_iterator it; gpr_log(GPR_INFO, "%s peer:", is_client ? "client" : "server"); gpr_log(GPR_INFO, "\tauthenticated: %s", grpc_auth_context_peer_is_authenticated(ctx) ? "YES" : "NO"); it = grpc_auth_context_peer_identity(ctx); while ((p = grpc_auth_property_iterator_next(&it)) != NULL) { gpr_log(GPR_INFO, "\t\t%s: %s", p->name, p->value); } gpr_log(GPR_INFO, "\tall properties:"); it = grpc_auth_context_property_iterator(ctx); while ((p = grpc_auth_property_iterator_next(&it)) != NULL) { gpr_log(GPR_INFO, "\t\t%s: %s", p->name, p->value); } }
/* Called to obtain the x509 cert of an authenticated peer. */ static VALUE grpc_rb_call_get_peer_cert(VALUE self) { grpc_rb_call *call = NULL; VALUE res = Qnil; grpc_auth_context *ctx = NULL; if (RTYPEDDATA_DATA(self) == NULL) { rb_raise(grpc_rb_eCallError, "Cannot get peer cert on closed call"); return Qnil; } TypedData_Get_Struct(self, grpc_rb_call, &grpc_call_data_type, call); ctx = grpc_call_auth_context(call->wrapped); if (!ctx || !grpc_auth_context_peer_is_authenticated(ctx)) { return Qnil; } { grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name( ctx, GRPC_X509_PEM_CERT_PROPERTY_NAME); const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); if (prop == NULL) { return Qnil; } res = rb_str_new2(prop->value); } grpc_auth_context_release(ctx); return res; }
static int check_identity(const grpc_auth_context *ctx, const char *expected_property_name, const char **expected_identities, size_t num_identities) { grpc_auth_property_iterator it; const grpc_auth_property *prop; size_t i; GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); it = grpc_auth_context_peer_identity(ctx); for (i = 0; i < num_identities; i++) { prop = grpc_auth_property_iterator_next(&it); if (prop == NULL) { gpr_log(GPR_ERROR, "Expected identity value %s not found.", expected_identities[i]); return 0; } if (strcmp(prop->name, expected_property_name) != 0) { gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.", expected_property_name, prop->name); return 0; } if (strncmp(prop->value, expected_identities[i], prop->value_length) != 0) { gpr_log(GPR_ERROR, "Expected peer identity %s and got %s.", expected_identities[i], prop->value); return 0; } } return 1; }
static void test_chained_context(void) { grpc_auth_context *chained = grpc_auth_context_create(NULL); grpc_auth_context *ctx = grpc_auth_context_create(chained); grpc_auth_property_iterator it; size_t i; gpr_log(GPR_INFO, "test_chained_context"); GRPC_AUTH_CONTEXT_UNREF(chained, "chained"); grpc_auth_context_add_cstring_property(chained, "name", "padapo"); grpc_auth_context_add_cstring_property(chained, "foo", "baz"); grpc_auth_context_add_cstring_property(ctx, "name", "chapi"); grpc_auth_context_add_cstring_property(ctx, "name", "chap0"); grpc_auth_context_add_cstring_property(ctx, "foo", "bar"); GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(ctx, "name") == 1); GPR_ASSERT( strcmp(grpc_auth_context_peer_identity_property_name(ctx), "name") == 0); it = grpc_auth_context_property_iterator(ctx); for (i = 0; i < ctx->properties.count; i++) { const grpc_auth_property *p = grpc_auth_property_iterator_next(&it); GPR_ASSERT(p == &ctx->properties.array[i]); } for (i = 0; i < chained->properties.count; i++) { const grpc_auth_property *p = grpc_auth_property_iterator_next(&it); GPR_ASSERT(p == &chained->properties.array[i]); } GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); it = grpc_auth_context_find_properties_by_name(ctx, "foo"); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == &ctx->properties.array[2]); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == &chained->properties.array[1]); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); it = grpc_auth_context_peer_identity(ctx); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == &ctx->properties.array[0]); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == &ctx->properties.array[1]); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == &chained->properties.array[0]); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); }
static void test_empty_context(void) { grpc_auth_context *ctx = grpc_auth_context_create(NULL); grpc_auth_property_iterator it; gpr_log(GPR_INFO, "test_empty_context"); GPR_ASSERT(ctx != NULL); GPR_ASSERT(grpc_auth_context_peer_identity_property_name(ctx) == NULL); it = grpc_auth_context_peer_identity(ctx); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); it = grpc_auth_context_property_iterator(ctx); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); it = grpc_auth_context_find_properties_by_name(ctx, "foo"); GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(ctx, "bar") == 0); GPR_ASSERT(grpc_auth_context_peer_identity_property_name(ctx) == NULL); GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); }
static int check_x509_cn(const grpc_auth_context *ctx, const char *expected_cn) { grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name( ctx, GRPC_X509_CN_PROPERTY_NAME); const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); if (prop == NULL) { gpr_log(GPR_ERROR, "CN property not found."); return 0; } if (strncmp(prop->value, expected_cn, prop->value_length) != 0) { gpr_log(GPR_ERROR, "Expected CN %s and got %s", expected_cn, prop->value); return 0; } if (grpc_auth_property_iterator_next(&it) != NULL) { gpr_log(GPR_ERROR, "Expected only one property for CN."); return 0; } return 1; }
const grpc_auth_property *grpc_auth_property_iterator_next( grpc_auth_property_iterator *it) { if (it == NULL || it->ctx == NULL) return NULL; while (it->index == it->ctx->properties.count) { if (it->ctx->chained == NULL) return NULL; it->ctx = it->ctx->chained; it->index = 0; } if (it->name == NULL) { return &it->ctx->properties.array[it->index++]; } else { while (it->index < it->ctx->properties.count) { const grpc_auth_property *prop = &it->ctx->properties.array[it->index++]; GPR_ASSERT(prop->name != NULL); if (strcmp(it->name, prop->name) == 0) { return prop; } } /* We could not find the name, try another round. */ return grpc_auth_property_iterator_next(it); } }
grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx, const char *file, int line, const char *reason) { if (ctx == NULL) return NULL; if (GRPC_TRACER_ON(grpc_trace_auth_context_refcount)) { gpr_atm val = gpr_atm_no_barrier_load(&ctx->refcount.count); gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG, "AUTH_CONTEXT:%p ref %" PRIdPTR " -> %" PRIdPTR " %s", ctx, val, val + 1, reason); } #else grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx) { if (ctx == NULL) return NULL; #endif gpr_ref(&ctx->refcount); return ctx; } #ifndef NDEBUG void grpc_auth_context_unref(grpc_auth_context *ctx, const char *file, int line, const char *reason) { if (ctx == NULL) return; if (GRPC_TRACER_ON(grpc_trace_auth_context_refcount)) { gpr_atm val = gpr_atm_no_barrier_load(&ctx->refcount.count); gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG, "AUTH_CONTEXT:%p unref %" PRIdPTR " -> %" PRIdPTR " %s", ctx, val, val - 1, reason); } #else void grpc_auth_context_unref(grpc_auth_context *ctx) { if (ctx == NULL) return; #endif if (gpr_unref(&ctx->refcount)) { size_t i; GRPC_AUTH_CONTEXT_UNREF(ctx->chained, "chained"); if (ctx->properties.array != NULL) { for (i = 0; i < ctx->properties.count; i++) { grpc_auth_property_reset(&ctx->properties.array[i]); } gpr_free(ctx->properties.array); } gpr_free(ctx); } } const char *grpc_auth_context_peer_identity_property_name( const grpc_auth_context *ctx) { GRPC_API_TRACE("grpc_auth_context_peer_identity_property_name(ctx=%p)", 1, (ctx)); return ctx->peer_identity_property_name; } int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name) { grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(ctx, name); const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); GRPC_API_TRACE( "grpc_auth_context_set_peer_identity_property_name(ctx=%p, name=%s)", 2, (ctx, name)); if (prop == NULL) { gpr_log(GPR_ERROR, "Property name %s not found in auth context.", name != NULL ? name : "NULL"); return 0; } ctx->peer_identity_property_name = prop->name; return 1; }
GPR_EXPORT const grpc_auth_property* GPR_CALLTYPE grpcsharp_auth_property_iterator_next(grpc_auth_property_iterator* it) { return grpc_auth_property_iterator_next(it); }
grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx, const char *file, int line, const char *reason) { if (ctx == NULL) return NULL; gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG, "AUTH_CONTEXT:%p ref %d -> %d %s", ctx, (int)ctx->refcount.count, (int)ctx->refcount.count + 1, reason); #else grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx) { if (ctx == NULL) return NULL; #endif gpr_ref(&ctx->refcount); return ctx; } #ifdef GRPC_AUTH_CONTEXT_REFCOUNT_DEBUG void grpc_auth_context_unref(grpc_auth_context *ctx, const char *file, int line, const char *reason) { if (ctx == NULL) return; gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG, "AUTH_CONTEXT:%p unref %d -> %d %s", ctx, (int)ctx->refcount.count, (int)ctx->refcount.count - 1, reason); #else void grpc_auth_context_unref(grpc_auth_context *ctx) { if (ctx == NULL) return; #endif if (gpr_unref(&ctx->refcount)) { size_t i; GRPC_AUTH_CONTEXT_UNREF(ctx->chained, "chained"); if (ctx->properties.array != NULL) { for (i = 0; i < ctx->properties.count; i++) { grpc_auth_property_reset(&ctx->properties.array[i]); } gpr_free(ctx->properties.array); } gpr_free(ctx); } } const char *grpc_auth_context_peer_identity_property_name( const grpc_auth_context *ctx) { return ctx->peer_identity_property_name; } int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name) { grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(ctx, name); const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); if (prop == NULL) { gpr_log(GPR_ERROR, "Property name %s not found in auth context.", name != NULL ? name : "NULL"); return 0; } ctx->peer_identity_property_name = prop->name; return 1; } int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx) { return ctx->peer_identity_property_name == NULL ? 0 : 1; } grpc_auth_property_iterator grpc_auth_context_property_iterator( const grpc_auth_context *ctx) { grpc_auth_property_iterator it = empty_iterator; if (ctx == NULL) return it; it.ctx = ctx; return it; }