tsi_peer tsi_shallow_peer_from_ssl_auth_context(
const grpc_auth_context *auth_context) {
size_t max_num_props = 0;
grpc_auth_property_iterator it;
const grpc_auth_property *prop;
tsi_peer peer;
memset(&peer, 0, sizeof(peer));
it = grpc_auth_context_property_iterator(auth_context);
while (grpc_auth_property_iterator_next(&it) != NULL) max_num_props++;
if (max_num_props > 0) {
peer.properties = gpr_malloc(max_num_props * sizeof(tsi_peer_property));
it = grpc_auth_context_property_iterator(auth_context);
while ((prop = grpc_auth_property_iterator_next(&it)) != NULL) {
if (strcmp(prop->name, GRPC_X509_SAN_PROPERTY_NAME) == 0) {
add_shalow_auth_property_to_peer(
&peer, prop, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY);
} else if (strcmp(prop->name, GRPC_X509_CN_PROPERTY_NAME) == 0) {
add_shalow_auth_property_to_peer(
&peer, prop, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY);
}
}
}
return peer;
}
static int check_transport_security_type(const grpc_auth_context *ctx) {
grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME);
const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it);
if (prop == NULL) return 0;
if (strncmp(prop->value, GRPC_SSL_TRANSPORT_SECURITY_TYPE,
prop->value_length) != 0) {
return 0;
}
/* Check that we have only one property with this name. */
if (grpc_auth_property_iterator_next(&it) != NULL) return 0;
return 1;
}
static void print_auth_context(int is_client, const grpc_auth_context *ctx) {
const grpc_auth_property *p;
grpc_auth_property_iterator it;
gpr_log(GPR_INFO, "%s peer:", is_client ? "client" : "server");
gpr_log(GPR_INFO, "\tauthenticated: %s",
grpc_auth_context_peer_is_authenticated(ctx) ? "YES" : "NO");
it = grpc_auth_context_peer_identity(ctx);
while ((p = grpc_auth_property_iterator_next(&it)) != NULL) {
gpr_log(GPR_INFO, "\t\t%s: %s", p->name, p->value);
}
gpr_log(GPR_INFO, "\tall properties:");
it = grpc_auth_context_property_iterator(ctx);
while ((p = grpc_auth_property_iterator_next(&it)) != NULL) {
gpr_log(GPR_INFO, "\t\t%s: %s", p->name, p->value);
}
}
/* Called to obtain the x509 cert of an authenticated peer. */
static VALUE grpc_rb_call_get_peer_cert(VALUE self) {
grpc_rb_call *call = NULL;
VALUE res = Qnil;
grpc_auth_context *ctx = NULL;
if (RTYPEDDATA_DATA(self) == NULL) {
rb_raise(grpc_rb_eCallError, "Cannot get peer cert on closed call");
return Qnil;
}
TypedData_Get_Struct(self, grpc_rb_call, &grpc_call_data_type, call);
ctx = grpc_call_auth_context(call->wrapped);
if (!ctx || !grpc_auth_context_peer_is_authenticated(ctx)) {
return Qnil;
}
{
grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
ctx, GRPC_X509_PEM_CERT_PROPERTY_NAME);
const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it);
if (prop == NULL) {
return Qnil;
}
res = rb_str_new2(prop->value);
}
grpc_auth_context_release(ctx);
return res;
}
static int check_identity(const grpc_auth_context *ctx,
const char *expected_property_name,
const char **expected_identities,
size_t num_identities) {
grpc_auth_property_iterator it;
const grpc_auth_property *prop;
size_t i;
GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
it = grpc_auth_context_peer_identity(ctx);
for (i = 0; i < num_identities; i++) {
prop = grpc_auth_property_iterator_next(&it);
if (prop == NULL) {
gpr_log(GPR_ERROR, "Expected identity value %s not found.",
expected_identities[i]);
return 0;
}
if (strcmp(prop->name, expected_property_name) != 0) {
gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.",
expected_property_name, prop->name);
return 0;
}
if (strncmp(prop->value, expected_identities[i], prop->value_length) != 0) {
gpr_log(GPR_ERROR, "Expected peer identity %s and got %s.",
expected_identities[i], prop->value);
return 0;
}
}
return 1;
}
static void test_chained_context(void) {
grpc_auth_context *chained = grpc_auth_context_create(NULL);
grpc_auth_context *ctx = grpc_auth_context_create(chained);
grpc_auth_property_iterator it;
size_t i;
gpr_log(GPR_INFO, "test_chained_context");
GRPC_AUTH_CONTEXT_UNREF(chained, "chained");
grpc_auth_context_add_cstring_property(chained, "name", "padapo");
grpc_auth_context_add_cstring_property(chained, "foo", "baz");
grpc_auth_context_add_cstring_property(ctx, "name", "chapi");
grpc_auth_context_add_cstring_property(ctx, "name", "chap0");
grpc_auth_context_add_cstring_property(ctx, "foo", "bar");
GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(ctx, "name") ==
1);
GPR_ASSERT(
strcmp(grpc_auth_context_peer_identity_property_name(ctx), "name") == 0);
it = grpc_auth_context_property_iterator(ctx);
for (i = 0; i < ctx->properties.count; i++) {
const grpc_auth_property *p = grpc_auth_property_iterator_next(&it);
GPR_ASSERT(p == &ctx->properties.array[i]);
}
for (i = 0; i < chained->properties.count; i++) {
const grpc_auth_property *p = grpc_auth_property_iterator_next(&it);
GPR_ASSERT(p == &chained->properties.array[i]);
}
GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);
it = grpc_auth_context_find_properties_by_name(ctx, "foo");
GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
&ctx->properties.array[2]);
GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
&chained->properties.array[1]);
GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);
it = grpc_auth_context_peer_identity(ctx);
GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
&ctx->properties.array[0]);
GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
&ctx->properties.array[1]);
GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
&chained->properties.array[0]);
GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
static void test_empty_context(void) {
grpc_auth_context *ctx = grpc_auth_context_create(NULL);
grpc_auth_property_iterator it;
gpr_log(GPR_INFO, "test_empty_context");
GPR_ASSERT(ctx != NULL);
GPR_ASSERT(grpc_auth_context_peer_identity_property_name(ctx) == NULL);
it = grpc_auth_context_peer_identity(ctx);
GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);
it = grpc_auth_context_property_iterator(ctx);
GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);
it = grpc_auth_context_find_properties_by_name(ctx, "foo");
GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);
GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(ctx, "bar") ==
0);
GPR_ASSERT(grpc_auth_context_peer_identity_property_name(ctx) == NULL);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
static int check_x509_cn(const grpc_auth_context *ctx,
const char *expected_cn) {
grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
ctx, GRPC_X509_CN_PROPERTY_NAME);
const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it);
if (prop == NULL) {
gpr_log(GPR_ERROR, "CN property not found.");
return 0;
}
if (strncmp(prop->value, expected_cn, prop->value_length) != 0) {
gpr_log(GPR_ERROR, "Expected CN %s and got %s", expected_cn, prop->value);
return 0;
}
if (grpc_auth_property_iterator_next(&it) != NULL) {
gpr_log(GPR_ERROR, "Expected only one property for CN.");
return 0;
}
return 1;
}
const grpc_auth_property *grpc_auth_property_iterator_next(
grpc_auth_property_iterator *it) {
if (it == NULL || it->ctx == NULL) return NULL;
while (it->index == it->ctx->properties.count) {
if (it->ctx->chained == NULL) return NULL;
it->ctx = it->ctx->chained;
it->index = 0;
}
if (it->name == NULL) {
return &it->ctx->properties.array[it->index++];
} else {
while (it->index < it->ctx->properties.count) {
const grpc_auth_property *prop = &it->ctx->properties.array[it->index++];
GPR_ASSERT(prop->name != NULL);
if (strcmp(it->name, prop->name) == 0) {
return prop;
}
}
/* We could not find the name, try another round. */
return grpc_auth_property_iterator_next(it);
}
}
grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx,
const char *file, int line,
const char *reason) {
if (ctx == NULL) return NULL;
if (GRPC_TRACER_ON(grpc_trace_auth_context_refcount)) {
gpr_atm val = gpr_atm_no_barrier_load(&ctx->refcount.count);
gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
"AUTH_CONTEXT:%p ref %" PRIdPTR " -> %" PRIdPTR " %s", ctx, val,
val + 1, reason);
}
#else
grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx) {
if (ctx == NULL) return NULL;
#endif
gpr_ref(&ctx->refcount);
return ctx;
}
#ifndef NDEBUG
void grpc_auth_context_unref(grpc_auth_context *ctx, const char *file, int line,
const char *reason) {
if (ctx == NULL) return;
if (GRPC_TRACER_ON(grpc_trace_auth_context_refcount)) {
gpr_atm val = gpr_atm_no_barrier_load(&ctx->refcount.count);
gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
"AUTH_CONTEXT:%p unref %" PRIdPTR " -> %" PRIdPTR " %s", ctx, val,
val - 1, reason);
}
#else
void grpc_auth_context_unref(grpc_auth_context *ctx) {
if (ctx == NULL) return;
#endif
if (gpr_unref(&ctx->refcount)) {
size_t i;
GRPC_AUTH_CONTEXT_UNREF(ctx->chained, "chained");
if (ctx->properties.array != NULL) {
for (i = 0; i < ctx->properties.count; i++) {
grpc_auth_property_reset(&ctx->properties.array[i]);
}
gpr_free(ctx->properties.array);
}
gpr_free(ctx);
}
}
const char *grpc_auth_context_peer_identity_property_name(
const grpc_auth_context *ctx) {
GRPC_API_TRACE("grpc_auth_context_peer_identity_property_name(ctx=%p)", 1,
(ctx));
return ctx->peer_identity_property_name;
}
int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx,
const char *name) {
grpc_auth_property_iterator it =
grpc_auth_context_find_properties_by_name(ctx, name);
const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it);
GRPC_API_TRACE(
"grpc_auth_context_set_peer_identity_property_name(ctx=%p, name=%s)", 2,
(ctx, name));
if (prop == NULL) {
gpr_log(GPR_ERROR, "Property name %s not found in auth context.",
name != NULL ? name : "NULL");
return 0;
}
ctx->peer_identity_property_name = prop->name;
return 1;
}
GPR_EXPORT const grpc_auth_property* GPR_CALLTYPE
grpcsharp_auth_property_iterator_next(grpc_auth_property_iterator* it) {
return grpc_auth_property_iterator_next(it);
}
grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx,
const char *file, int line,
const char *reason) {
if (ctx == NULL) return NULL;
gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
"AUTH_CONTEXT:%p ref %d -> %d %s", ctx, (int)ctx->refcount.count,
(int)ctx->refcount.count + 1, reason);
#else
grpc_auth_context *grpc_auth_context_ref(grpc_auth_context *ctx) {
if (ctx == NULL) return NULL;
#endif
gpr_ref(&ctx->refcount);
return ctx;
}
#ifdef GRPC_AUTH_CONTEXT_REFCOUNT_DEBUG
void grpc_auth_context_unref(grpc_auth_context *ctx, const char *file, int line,
const char *reason) {
if (ctx == NULL) return;
gpr_log(file, line, GPR_LOG_SEVERITY_DEBUG,
"AUTH_CONTEXT:%p unref %d -> %d %s", ctx, (int)ctx->refcount.count,
(int)ctx->refcount.count - 1, reason);
#else
void grpc_auth_context_unref(grpc_auth_context *ctx) {
if (ctx == NULL) return;
#endif
if (gpr_unref(&ctx->refcount)) {
size_t i;
GRPC_AUTH_CONTEXT_UNREF(ctx->chained, "chained");
if (ctx->properties.array != NULL) {
for (i = 0; i < ctx->properties.count; i++) {
grpc_auth_property_reset(&ctx->properties.array[i]);
}
gpr_free(ctx->properties.array);
}
gpr_free(ctx);
}
}
const char *grpc_auth_context_peer_identity_property_name(
const grpc_auth_context *ctx) {
return ctx->peer_identity_property_name;
}
int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx,
const char *name) {
grpc_auth_property_iterator it =
grpc_auth_context_find_properties_by_name(ctx, name);
const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it);
if (prop == NULL) {
gpr_log(GPR_ERROR, "Property name %s not found in auth context.",
name != NULL ? name : "NULL");
return 0;
}
ctx->peer_identity_property_name = prop->name;
return 1;
}
int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx) {
return ctx->peer_identity_property_name == NULL ? 0 : 1;
}
grpc_auth_property_iterator grpc_auth_context_property_iterator(
const grpc_auth_context *ctx) {
grpc_auth_property_iterator it = empty_iterator;
if (ctx == NULL) return it;
it.ctx = ctx;
return it;
}
