diff options
author | Yang Gao <yangg@google.com> | 2018-09-13 08:39:50 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-09-13 08:39:50 -0700 |
commit | 8bce2a643b9d49413b537933fd433c831f4d85fc (patch) | |
tree | 742339a959f36f348c9ed98199f723d7c0d7aa5d /test/cpp/util | |
parent | ea232d16d37b8e88806fca3843a360cc338d1a17 (diff) | |
parent | 916a686ef3b69a9036ed0423c62a2ce1c53ef062 (diff) |
Merge pull request #16299 from Capstan/cli-client-cert
Add flags to use client certs for cli.
Diffstat (limited to 'test/cpp/util')
-rw-r--r-- | test/cpp/util/cli_credentials.cc | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/test/cpp/util/cli_credentials.cc b/test/cpp/util/cli_credentials.cc index 0a922617bb..1125b2d945 100644 --- a/test/cpp/util/cli_credentials.cc +++ b/test/cpp/util/cli_credentials.cc @@ -19,6 +19,11 @@ #include "test/cpp/util/cli_credentials.h" #include <gflags/gflags.h> +#include <grpc/slice.h> +#include <grpc/support/log.h> +#include <grpcpp/impl/codegen/slice.h> + +#include "src/core/lib/iomgr/load_file.h" DEFINE_bool( enable_ssl, false, @@ -35,6 +40,14 @@ DEFINE_string( "If not empty, treat the server host name as this for ssl/tls certificate " "validation."); DEFINE_string( + ssl_client_cert, "", + "If not empty, load this PEM formated client certificate file. Requires " + "use of --ssl_client_key."); +DEFINE_string( + ssl_client_key, "", + "If not empty, load this PEM formated private key. Requires use of " + "--ssl_client_cert"); +DEFINE_string( channel_creds_type, "", "The channel creds type: insecure, ssl, gdc (Google Default Credentials) " "or alts."); @@ -99,7 +112,27 @@ CliCredentials::GetChannelCredentials() const { if (FLAGS_channel_creds_type.compare("insecure") == 0) { return grpc::InsecureChannelCredentials(); } else if (FLAGS_channel_creds_type.compare("ssl") == 0) { - return grpc::SslCredentials(grpc::SslCredentialsOptions()); + grpc::SslCredentialsOptions ssl_creds_options; + // TODO(@Capstan): This won't affect Google Default Credentials using SSL. + if (!FLAGS_ssl_client_cert.empty()) { + grpc_slice cert_slice = grpc_empty_slice(); + GRPC_LOG_IF_ERROR( + "load_file", + grpc_load_file(FLAGS_ssl_client_cert.c_str(), 1, &cert_slice)); + ssl_creds_options.pem_cert_chain = + grpc::StringFromCopiedSlice(cert_slice); + grpc_slice_unref(cert_slice); + } + if (!FLAGS_ssl_client_key.empty()) { + grpc_slice key_slice = grpc_empty_slice(); + GRPC_LOG_IF_ERROR( + "load_file", + grpc_load_file(FLAGS_ssl_client_key.c_str(), 1, &key_slice)); + ssl_creds_options.pem_private_key = + grpc::StringFromCopiedSlice(key_slice); + grpc_slice_unref(key_slice); + } + return grpc::SslCredentials(ssl_creds_options); } else if (FLAGS_channel_creds_type.compare("gdc") == 0) { return grpc::GoogleDefaultCredentials(); } else if (FLAGS_channel_creds_type.compare("alts") == 0) { @@ -178,6 +211,8 @@ const grpc::string CliCredentials::GetCredentialUsage() const { " overrides --use_auth\n" " ; (deprecated)\n" " --ssl_target ; Set server host for ssl validation\n" + " --ssl_client_cert ; Client cert for ssl\n" + " --ssl_client_key ; Client private key for ssl\n" " --channel_creds_type ; Set to insecure, ssl, gdc, or alts\n" " --call_creds ; Set to none, or" " access_token=<token>\n"; |