namespace {
-grpc_core::RefCountedPtr<grpc_auth_context> local_auth_context_create() {
+grpc_core::RefCountedPtr<grpc_auth_context> local_auth_context_create(
+ const tsi_peer* peer) {
/* Create auth context. */
grpc_core::RefCountedPtr<grpc_auth_context> ctx =
grpc_core::MakeRefCounted<grpc_auth_context>(nullptr);
GRPC_LOCAL_TRANSPORT_SECURITY_TYPE);
GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(
ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME) == 1);
+ GPR_ASSERT(peer->property_count == 1);
+ const tsi_peer_property* prop = &peer->properties[0];
+ GPR_ASSERT(prop != nullptr);
+ GPR_ASSERT(strcmp(prop->name, TSI_SECURITY_LEVEL_PEER_PROPERTY) == 0);
+ grpc_auth_context_add_property(ctx.get(),
+ GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME,
+ prop->value.data, prop->value.length);
return ctx;
}
-void local_check_peer(grpc_security_connector* /*sc*/, tsi_peer /*peer*/,
+void local_check_peer(grpc_security_connector* sc, tsi_peer peer,
grpc_endpoint* ep,
grpc_core::RefCountedPtr<grpc_auth_context>* auth_context,
grpc_closure* on_peer_checked,
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, error);
return;
}
+ // Add TSI_SECURITY_LEVEL_PEER_PROPERTY type peer property.
+ size_t new_property_count = peer.property_count + 1;
+ tsi_peer_property* new_properties = static_cast<tsi_peer_property*>(
+ gpr_zalloc(sizeof(*new_properties) * new_property_count));
+ for (size_t i = 0; i < peer.property_count; i++) {
+ new_properties[i] = peer.properties[i];
+ }
+ if (peer.properties != nullptr) gpr_free(peer.properties);
+ peer.properties = new_properties;
+ const char* security_level =
+ type == LOCAL_TCP
+ ? tsi_security_level_to_string(TSI_SECURITY_NONE)
+ : tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY);
+ tsi_result result = tsi_construct_string_peer_property_from_cstring(
+ TSI_SECURITY_LEVEL_PEER_PROPERTY, security_level,
+ &peer.properties[peer.property_count]);
+ if (result != TSI_OK) return;
+ peer.property_count++;
/* Create an auth context which is necessary to pass the santiy check in
* {client, server}_auth_filter that verifies if the peer's auth context is
* obtained during handshakes. The auth context is only checked for its
* existence and not actually used.
*/
- *auth_context = local_auth_context_create();
+ *auth_context = local_auth_context_create(&peer);
+ tsi_peer_destruct(&peer);
error = *auth_context != nullptr ? GRPC_ERROR_NONE
: GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"Could not create local auth context");