src/core/lib/security/security_connector/insecure/insecure_security_connector.cc

   1 //
   2 //
   3 // Copyright 2020 gRPC authors.
   4 //
   5 // Licensed under the Apache License, Version 2.0 (the "License");
   6 // you may not use this file except in compliance with the License.
   7 // You may obtain a copy of the License at
   8 //
   9 //     http://www.apache.org/licenses/LICENSE-2.0
  10 //
  11 // Unless required by applicable law or agreed to in writing, software
  12 // distributed under the License is distributed on an "AS IS" BASIS,
  13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 // See the License for the specific language governing permissions and
  15 // limitations under the License.
  16 //
  17 //
  18
  19 #include <grpc/support/port_platform.h>
  20
  21 #include "src/core/lib/security/security_connector/insecure/insecure_security_connector.h"
  22
  23 #include "src/core/lib/gprpp/ref_counted_ptr.h"
  24 #include "src/core/lib/security/transport/security_handshaker.h"
  25 #include "src/core/tsi/local_transport_security.h"
  26
  27 namespace grpc_core {
  28
  29 const char kInsecureTransportSecurityType[] = "insecure";
  30
  31 // check_call_host and cancel_check_call_host are no-ops since we want to
  32 // provide an insecure channel.
  33 bool InsecureChannelSecurityConnector::check_call_host(
  34     absl::string_view host, grpc_auth_context* auth_context,
  35     grpc_closure* on_call_host_checked, grpc_error** error) {
  36   *error = GRPC_ERROR_NONE;
  37   return true;
  38 }
  39
  40 void InsecureChannelSecurityConnector::cancel_check_call_host(
  41     grpc_closure* on_call_host_checked, grpc_error* error) {
  42   GRPC_ERROR_UNREF(error);
  43 }
  44
  45 // add_handshakers should have been a no-op but we need to add a minimalist
  46 // security handshaker so that check_peer is invoked and an auth_context is
  47 // created with the security level of TSI_SECURITY_NONE.
  48 void InsecureChannelSecurityConnector::add_handshakers(
  49     const grpc_channel_args* args, grpc_pollset_set* /* interested_parties */,
  50     HandshakeManager* handshake_manager) {
  51   tsi_handshaker* handshaker = nullptr;
  52   // Re-use local_tsi_handshaker_create as a minimalist handshaker.
  53   GPR_ASSERT(tsi_local_handshaker_create(true /* is_client */, &handshaker) ==
  54              TSI_OK);
  55   handshake_manager->Add(SecurityHandshakerCreate(handshaker, this, args));
  56 }
  57
  58 void InsecureChannelSecurityConnector::check_peer(
  59     tsi_peer peer, grpc_endpoint* ep,
  60     RefCountedPtr<grpc_auth_context>* auth_context,
  61     grpc_closure* on_peer_checked) {
  62   *auth_context = MakeAuthContext();
  63   tsi_peer_destruct(&peer);
  64   ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, GRPC_ERROR_NONE);
  65 }
  66
  67 int InsecureChannelSecurityConnector::cmp(
  68     const grpc_security_connector* other_sc) const {
  69   return channel_security_connector_cmp(
  70       static_cast<const grpc_channel_security_connector*>(other_sc));
  71 }
  72
  73 RefCountedPtr<grpc_auth_context>
  74 InsecureChannelSecurityConnector::MakeAuthContext() {
  75   auto ctx = MakeRefCounted<grpc_auth_context>(nullptr);
  76   grpc_auth_context_add_cstring_property(
  77       ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
  78       kInsecureTransportSecurityType);
  79   GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(
  80                  ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME) == 1);
  81   const char* security_level = tsi_security_level_to_string(TSI_SECURITY_NONE);
  82   grpc_auth_context_add_property(ctx.get(),
  83                                  GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME,
  84                                  security_level, strlen(security_level));
  85   return ctx;
  86 }
  87
  88 }  // namespace grpc_core