2 // Copyright 2020 gRPC authors.
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
17 #include <grpc/support/port_platform.h>
19 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
21 #include <grpc/support/alloc.h>
22 #include <grpc/support/log.h>
23 #include <grpc/support/string_util.h>
25 #include "src/core/lib/surface/api_trace.h"
29 StaticDataCertificateProvider::StaticDataCertificateProvider(
30 std::string root_certificate,
31 grpc_core::PemKeyCertPairList pem_key_cert_pairs)
32 : distributor_(MakeRefCounted<grpc_tls_certificate_distributor>()),
33 root_certificate_(std::move(root_certificate)),
34 pem_key_cert_pairs_(std::move(pem_key_cert_pairs)) {
35 distributor_->SetWatchStatusCallback([this](std::string cert_name,
36 bool root_being_watched,
37 bool identity_being_watched) {
38 if (!root_being_watched && !identity_being_watched) return;
39 absl::optional<std::string> root_certificate;
40 absl::optional<grpc_core::PemKeyCertPairList> pem_key_cert_pairs;
41 if (root_being_watched) {
42 root_certificate = root_certificate_;
44 if (identity_being_watched) {
45 pem_key_cert_pairs = pem_key_cert_pairs_;
47 distributor_->SetKeyMaterials(cert_name, std::move(root_certificate),
48 std::move(pem_key_cert_pairs));
52 } // namespace grpc_core
54 /** -- Wrapper APIs declared in grpc_security.h -- **/
56 grpc_tls_certificate_provider* grpc_tls_certificate_provider_static_data_create(
57 const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs) {
58 GPR_ASSERT(root_certificate != nullptr || pem_key_cert_pairs != nullptr);
59 grpc_core::PemKeyCertPairList identity_pairs_core;
60 if (pem_key_cert_pairs != nullptr) {
61 identity_pairs_core = std::move(pem_key_cert_pairs->pem_key_cert_pairs);
62 delete pem_key_cert_pairs;
64 std::string root_cert_core;
65 if (root_certificate != nullptr) {
66 root_cert_core = root_certificate;
68 return new grpc_core::StaticDataCertificateProvider(
69 std::move(root_cert_core), std::move(identity_pairs_core));
72 void grpc_tls_certificate_provider_release(
73 grpc_tls_certificate_provider* provider) {
74 GRPC_API_TRACE("grpc_tls_certificate_provider_release(provider=%p)", 1,
76 grpc_core::ExecCtx exec_ctx;
77 if (provider != nullptr) provider->Unref();