src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc

   1 //
   2 // Copyright 2020 gRPC authors.
   3 //
   4 // Licensed under the Apache License, Version 2.0 (the "License");
   5 // you may not use this file except in compliance with the License.
   6 // You may obtain a copy of the License at
   7 //
   8 //     http://www.apache.org/licenses/LICENSE-2.0
   9 //
  10 // Unless required by applicable law or agreed to in writing, software
  11 // distributed under the License is distributed on an "AS IS" BASIS,
  12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 // See the License for the specific language governing permissions and
  14 // limitations under the License.
  15 //
  16
  17 #include <grpc/support/port_platform.h>
  18
  19 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
  20
  21 #include <grpc/support/alloc.h>
  22 #include <grpc/support/log.h>
  23 #include <grpc/support/string_util.h>
  24
  25 #include "src/core/lib/surface/api_trace.h"
  26
  27 namespace grpc_core {
  28
  29 StaticDataCertificateProvider::StaticDataCertificateProvider(
  30     std::string root_certificate,
  31     grpc_core::PemKeyCertPairList pem_key_cert_pairs)
  32     : distributor_(MakeRefCounted<grpc_tls_certificate_distributor>()),
  33       root_certificate_(std::move(root_certificate)),
  34       pem_key_cert_pairs_(std::move(pem_key_cert_pairs)) {
  35   distributor_->SetWatchStatusCallback([this](std::string cert_name,
  36                                               bool root_being_watched,
  37                                               bool identity_being_watched) {
  38     if (!root_being_watched && !identity_being_watched) return;
  39     absl::optional<std::string> root_certificate;
  40     absl::optional<grpc_core::PemKeyCertPairList> pem_key_cert_pairs;
  41     if (root_being_watched) {
  42       root_certificate = root_certificate_;
  43     }
  44     if (identity_being_watched) {
  45       pem_key_cert_pairs = pem_key_cert_pairs_;
  46     }
  47     distributor_->SetKeyMaterials(cert_name, std::move(root_certificate),
  48                                   std::move(pem_key_cert_pairs));
  49   });
  50 }
  51
  52 }  // namespace grpc_core
  53
  54 /** -- Wrapper APIs declared in grpc_security.h -- **/
  55
  56 grpc_tls_certificate_provider* grpc_tls_certificate_provider_static_data_create(
  57     const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs) {
  58   GPR_ASSERT(root_certificate != nullptr || pem_key_cert_pairs != nullptr);
  59   grpc_core::PemKeyCertPairList identity_pairs_core;
  60   if (pem_key_cert_pairs != nullptr) {
  61     identity_pairs_core = std::move(pem_key_cert_pairs->pem_key_cert_pairs);
  62     delete pem_key_cert_pairs;
  63   }
  64   std::string root_cert_core;
  65   if (root_certificate != nullptr) {
  66     root_cert_core = root_certificate;
  67   }
  68   return new grpc_core::StaticDataCertificateProvider(
  69       std::move(root_cert_core), std::move(identity_pairs_core));
  70 }
  71
  72 void grpc_tls_certificate_provider_release(
  73     grpc_tls_certificate_provider* provider) {
  74   GRPC_API_TRACE("grpc_tls_certificate_provider_release(provider=%p)", 1,
  75                  (provider));
  76   grpc_core::ExecCtx exec_ctx;
  77   if (provider != nullptr) provider->Unref();
  78 }