Пример #1
0
grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer) {
  size_t i;
  grpc_auth_context *ctx = NULL;

  /* The caller has checked the certificate type property. */
  GPR_ASSERT(peer->property_count >= 1);
  ctx = grpc_auth_context_create(NULL, peer->property_count);
  ctx->properties[0] = grpc_auth_property_init_from_cstring(
      GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
      GRPC_SSL_TRANSPORT_SECURITY_TYPE);
  ctx->property_count = 1;
  for (i = 0; i < peer->property_count; i++) {
    const tsi_peer_property *prop = &peer->properties[i];
    if (prop->name == NULL) continue;
    if (strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) {
      /* If there is no subject alt name, have the CN as the identity. */
      if (ctx->peer_identity_property_name == NULL) {
        ctx->peer_identity_property_name = GRPC_X509_CN_PROPERTY_NAME;
      }
      ctx->properties[ctx->property_count++] = grpc_auth_property_init(
          GRPC_X509_CN_PROPERTY_NAME, prop->value.data, prop->value.length);
    } else if (strcmp(prop->name,
                      TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) {
      ctx->peer_identity_property_name = GRPC_X509_SAN_PROPERTY_NAME;
      ctx->properties[ctx->property_count++] = grpc_auth_property_init(
          GRPC_X509_SAN_PROPERTY_NAME, prop->value.data, prop->value.length);
    }
  }
  return ctx;
}
Пример #2
0
static void fake_check_peer(grpc_exec_ctx *exec_ctx,
                            grpc_security_connector *sc, tsi_peer peer,
                            grpc_security_peer_check_cb cb, void *user_data) {
  const char *prop_name;
  grpc_security_status status = GRPC_SECURITY_OK;
  grpc_auth_context *auth_context = NULL;
  if (peer.property_count != 1) {
    gpr_log(GPR_ERROR, "Fake peers should only have 1 property.");
    status = GRPC_SECURITY_ERROR;
    goto end;
  }
  prop_name = peer.properties[0].name;
  if (prop_name == NULL ||
      strcmp(prop_name, TSI_CERTIFICATE_TYPE_PEER_PROPERTY)) {
    gpr_log(GPR_ERROR, "Unexpected property in fake peer: %s.",
            prop_name == NULL ? "<EMPTY>" : prop_name);
    status = GRPC_SECURITY_ERROR;
    goto end;
  }
  if (strncmp(peer.properties[0].value.data, TSI_FAKE_CERTIFICATE_TYPE,
              peer.properties[0].value.length)) {
    gpr_log(GPR_ERROR, "Invalid value for cert type property.");
    status = GRPC_SECURITY_ERROR;
    goto end;
  }
  auth_context = grpc_auth_context_create(NULL);
  grpc_auth_context_add_cstring_property(
      auth_context, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
      GRPC_FAKE_TRANSPORT_SECURITY_TYPE);

end:
  cb(exec_ctx, user_data, status, auth_context);
  grpc_auth_context_unref(auth_context);
  tsi_peer_destruct(&peer);
}
Пример #3
0
static grpc_security_status fake_check_peer(grpc_security_connector *sc,
                                            tsi_peer peer,
                                            grpc_security_check_cb cb,
                                            void *user_data) {
  const char *prop_name;
  grpc_security_status status = GRPC_SECURITY_OK;
  if (peer.property_count != 1) {
    gpr_log(GPR_ERROR, "Fake peers should only have 1 property.");
    status = GRPC_SECURITY_ERROR;
    goto end;
  }
  prop_name = peer.properties[0].name;
  if (prop_name == NULL ||
      strcmp(prop_name, TSI_CERTIFICATE_TYPE_PEER_PROPERTY)) {
    gpr_log(GPR_ERROR, "Unexpected property in fake peer: %s.",
            prop_name == NULL ? "<EMPTY>" : prop_name);
    status = GRPC_SECURITY_ERROR;
    goto end;
  }
  if (strncmp(peer.properties[0].value.data, TSI_FAKE_CERTIFICATE_TYPE,
              peer.properties[0].value.length)) {
    gpr_log(GPR_ERROR, "Invalid value for cert type property.");
    status = GRPC_SECURITY_ERROR;
    goto end;
  }
  GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector");
  sc->auth_context = grpc_auth_context_create(NULL, 1);
  sc->auth_context->properties[0] = grpc_auth_property_init_from_cstring(
      GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
      GRPC_FAKE_TRANSPORT_SECURITY_TYPE);

end:
  tsi_peer_destruct(&peer);
  return status;
}
Пример #4
0
/* Constructor for call_data */
static void init_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
                           const void *server_transport_data,
                           grpc_transport_stream_op *initial_op) {
  /* grab pointers to our data from the call element */
  call_data *calld = elem->call_data;
  channel_data *chand = elem->channel_data;
  grpc_server_security_context *server_ctx = NULL;

  /* initialize members */
  memset(calld, 0, sizeof(*calld));
  grpc_closure_init(&calld->auth_on_recv, auth_on_recv, elem);

  GPR_ASSERT(initial_op && initial_op->context != NULL &&
             initial_op->context[GRPC_CONTEXT_SECURITY].value == NULL);

  /* Create a security context for the call and reference the auth context from
     the channel. */
  if (initial_op->context[GRPC_CONTEXT_SECURITY].value != NULL) {
    initial_op->context[GRPC_CONTEXT_SECURITY].destroy(
        initial_op->context[GRPC_CONTEXT_SECURITY].value);
  }
  server_ctx = grpc_server_security_context_create();
  server_ctx->auth_context =
      grpc_auth_context_create(chand->security_connector->auth_context);
  server_ctx->auth_context->pollset = initial_op->bind_pollset;
  initial_op->context[GRPC_CONTEXT_SECURITY].value = server_ctx;
  initial_op->context[GRPC_CONTEXT_SECURITY].destroy =
      grpc_server_security_context_destroy;
  calld->auth_context = server_ctx->auth_context;

  /* Set the metadata callbacks. */
  set_recv_ops_md_callbacks(elem, initial_op);
}
Пример #5
0
static void test_chained_context(void) {
  grpc_auth_context *chained = grpc_auth_context_create(NULL);
  grpc_auth_context *ctx = grpc_auth_context_create(chained);
  grpc_auth_property_iterator it;
  size_t i;

  gpr_log(GPR_INFO, "test_chained_context");
  GRPC_AUTH_CONTEXT_UNREF(chained, "chained");
  grpc_auth_context_add_cstring_property(chained, "name", "padapo");
  grpc_auth_context_add_cstring_property(chained, "foo", "baz");
  grpc_auth_context_add_cstring_property(ctx, "name", "chapi");
  grpc_auth_context_add_cstring_property(ctx, "name", "chap0");
  grpc_auth_context_add_cstring_property(ctx, "foo", "bar");
  GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(ctx, "name") ==
             1);

  GPR_ASSERT(
      strcmp(grpc_auth_context_peer_identity_property_name(ctx), "name") == 0);
  it = grpc_auth_context_property_iterator(ctx);
  for (i = 0; i < ctx->properties.count; i++) {
    const grpc_auth_property *p = grpc_auth_property_iterator_next(&it);
    GPR_ASSERT(p == &ctx->properties.array[i]);
  }
  for (i = 0; i < chained->properties.count; i++) {
    const grpc_auth_property *p = grpc_auth_property_iterator_next(&it);
    GPR_ASSERT(p == &chained->properties.array[i]);
  }
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);

  it = grpc_auth_context_find_properties_by_name(ctx, "foo");
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
             &ctx->properties.array[2]);
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
             &chained->properties.array[1]);
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);

  it = grpc_auth_context_peer_identity(ctx);
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
             &ctx->properties.array[0]);
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
             &ctx->properties.array[1]);
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) ==
             &chained->properties.array[0]);
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);

  GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
Пример #6
0
static void test_empty_context(void) {
  grpc_auth_context *ctx = grpc_auth_context_create(NULL);
  grpc_auth_property_iterator it;

  gpr_log(GPR_INFO, "test_empty_context");
  GPR_ASSERT(ctx != NULL);
  GPR_ASSERT(grpc_auth_context_peer_identity_property_name(ctx) == NULL);
  it = grpc_auth_context_peer_identity(ctx);
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);
  it = grpc_auth_context_property_iterator(ctx);
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);
  it = grpc_auth_context_find_properties_by_name(ctx, "foo");
  GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL);
  GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(ctx, "bar") ==
             0);
  GPR_ASSERT(grpc_auth_context_peer_identity_property_name(ctx) == NULL);
  GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
Пример #7
0
static grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer) {
  /* We bet that iterating over a handful of properties twice will be faster
     than having to realloc on average . */
  size_t auth_prop_count = 1; /* for transport_security_type. */
  size_t i;
  const char *peer_identity_property_name = NULL;
  grpc_auth_context *ctx = NULL;
  for (i = 0; i < peer->property_count; i++) {
    const tsi_peer_property *prop = &peer->properties[i];
    if (prop->name == NULL) continue;
    if (strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) {
      auth_prop_count++;
      /* If there is no subject alt name, have the CN as the identity. */
      if (peer_identity_property_name == NULL) {
        peer_identity_property_name = prop->name;
      }
    } else if (strcmp(prop->name,
                      TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) {
      auth_prop_count++;
      peer_identity_property_name = prop->name;
    }
  }
  ctx = grpc_auth_context_create(NULL, auth_prop_count);
  ctx->properties[0] = grpc_auth_property_init_from_cstring(
      GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
      GRPC_SSL_TRANSPORT_SECURITY_TYPE);
  ctx->property_count = 1;
  for (i = 0; i < peer->property_count; i++) {
    const tsi_peer_property *prop = &peer->properties[i];
    if (prop->name == NULL) continue;
    if (strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) {
      ctx->properties[ctx->property_count++] = grpc_auth_property_init(
          GRPC_X509_CN_PROPERTY_NAME, prop->value.data, prop->value.length);
    } else if (strcmp(prop->name,
                      TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) {
      ctx->properties[ctx->property_count++] = grpc_auth_property_init(
          GRPC_X509_SAN_PROPERTY_NAME, prop->value.data, prop->value.length);
    }
  }
  GPR_ASSERT(auth_prop_count == ctx->property_count);
  return ctx;
}
Пример #8
0
/* Constructor for call_data */
static void init_call_elem(grpc_exec_ctx *exec_ctx, grpc_call_element *elem,
                           grpc_call_element_args *args) {
  /* grab pointers to our data from the call element */
  call_data *calld = elem->call_data;
  channel_data *chand = elem->channel_data;
  grpc_server_security_context *server_ctx = NULL;

  /* initialize members */
  memset(calld, 0, sizeof(*calld));
  grpc_closure_init(&calld->auth_on_recv, auth_on_recv, elem);

  if (args->context[GRPC_CONTEXT_SECURITY].value != NULL) {
    args->context[GRPC_CONTEXT_SECURITY].destroy(
        args->context[GRPC_CONTEXT_SECURITY].value);
  }

  server_ctx = grpc_server_security_context_create();
  server_ctx->auth_context = grpc_auth_context_create(chand->auth_context);
  calld->auth_context = server_ctx->auth_context;

  args->context[GRPC_CONTEXT_SECURITY].value = server_ctx;
  args->context[GRPC_CONTEXT_SECURITY].destroy =
      grpc_server_security_context_destroy;
}