6 files changed, 51 insertions, 11 deletions
diff --git a/include/grpc++/server.h b/include/grpc++/server.h
index 443b4d42f2..5fa371ba62 100644
--- a/include/grpc++/server.h
+++ b/include/grpc++/server.h
@@ -55,6 +55,7 @@ namespace grpc {
 class AsyncServerContext;
 class RpcService;
 class RpcServiceMethod;
+class ServerCredentials;
 class ThreadPoolInterface;
 
 // Currently it only supports handling rpcs in a single thread.
@@ -69,7 +70,7 @@ class Server {
   friend class ServerBuilder;
 
   // ServerBuilder use only
-  explicit Server(ThreadPoolInterface* thread_pool);
+  Server(ThreadPoolInterface* thread_pool, ServerCredentials* creds);
   Server();
   // Register a service. This call does not take ownership of the service.
   // The service must exist for the lifetime of the Server instance.
@@ -104,6 +105,8 @@ class Server {
   ThreadPoolInterface* thread_pool_;
   // Whether the thread pool is created and owned by the server.
   bool thread_pool_owned_;
+  // Whether the server is created with credentials.
+  bool secure_;
 };
 
 }  // namespace grpc
diff --git a/include/grpc++/server_builder.h b/include/grpc++/server_builder.h
index 89e9a25107..cf27452010 100644
--- a/include/grpc++/server_builder.h
+++ b/include/grpc++/server_builder.h
@@ -43,6 +43,7 @@ namespace grpc {
 
 class RpcService;
 class Server;
+class ServerCredentials;
 class ThreadPoolInterface;
 
 class ServerBuilder {
@@ -57,6 +58,10 @@ class ServerBuilder {
   // Add a listening port. Can be called multiple times.
   void AddPort(const grpc::string& addr);
 
+  // Set a ServerCredentials. Can only be called once.
+  // TODO(yangg) move this to be part of AddPort
+  void SetCredentials(const std::shared_ptr<ServerCredentials>& creds);
+
   // Set the thread pool used for running appliation rpc handlers.
   // Does not take ownership.
   void SetThreadPool(ThreadPoolInterface* thread_pool);
@@ -67,6 +72,7 @@ class ServerBuilder {
  private:
   std::vector<RpcService*> services_;
   std::vector<grpc::string> ports_;
+  std::shared_ptr<ServerCredentials> creds_;
   ThreadPoolInterface* thread_pool_;
 };
 
diff --git a/include/grpc++/server_credentials.h b/include/grpc++/server_credentials.h
index f758ad5510..cf08870f42 100644
--- a/include/grpc++/server_credentials.h
+++ b/include/grpc++/server_credentials.h
@@ -53,6 +53,7 @@ class ServerCredentials final {
   grpc_server_credentials* GetRawCreds();
 
   friend class ServerCredentialsFactory;
+  friend class Server;
 
   grpc_server_credentials* creds_;
 };
diff --git a/src/cpp/server/server.cc b/src/cpp/server/server.cc
index 9bf4073238..2130befa7d 100644
--- a/src/cpp/server/server.cc
+++ b/src/cpp/server/server.cc
@@ -35,26 +35,34 @@
 #include <utility>
 
 #include <grpc/grpc.h>
+#include <grpc/grpc_security.h>
 #include <grpc/support/log.h>
 #include "src/cpp/server/rpc_service_method.h"
 #include "src/cpp/server/server_rpc_handler.h"
 #include "src/cpp/server/thread_pool.h"
 #include <grpc++/async_server_context.h>
 #include <grpc++/completion_queue.h>
+#include <grpc++/server_credentials.h>
 
 namespace grpc {
 
 // TODO(rocking): consider a better default value like num of cores.
 static const int kNumThreads = 4;
 
-Server::Server(ThreadPoolInterface* thread_pool)
+Server::Server(ThreadPoolInterface* thread_pool, ServerCredentials* creds)
     : started_(false),
       shutdown_(false),
       num_running_cb_(0),
       thread_pool_(thread_pool == nullptr ? new ThreadPool(kNumThreads)
                                           : thread_pool),
-      thread_pool_owned_(thread_pool == nullptr) {
-  server_ = grpc_server_create(cq_.cq(), nullptr);
+      thread_pool_owned_(thread_pool == nullptr),
+      secure_(creds != nullptr) {
+  if (creds) {
+    server_ =
+        grpc_secure_server_create(creds->GetRawCreds(), cq_.cq(), nullptr);
+  } else {
+    server_ = grpc_server_create(cq_.cq(), nullptr);
+  }
 }
 
 Server::Server() {
@@ -83,7 +91,12 @@ void Server::RegisterService(RpcService* service) {
 
 void Server::AddPort(const grpc::string& addr) {
   GPR_ASSERT(!started_);
-  int success = grpc_server_add_http2_port(server_, addr.c_str());
+  int success;
+  if (secure_) {
+    success = grpc_server_add_secure_http2_port(server_, addr.c_str());
+  } else {
+    success = grpc_server_add_http2_port(server_, addr.c_str());
+  }
   GPR_ASSERT(success);
 }
 
diff --git a/src/cpp/server/server_builder.cc b/src/cpp/server/server_builder.cc
index d5d0689bc5..d74d8cb65f 100644
--- a/src/cpp/server/server_builder.cc
+++ b/src/cpp/server/server_builder.cc
@@ -33,6 +33,7 @@
 
 #include <grpc++/server_builder.h>
 
+#include <grpc/support/log.h>
 #include <grpc++/server.h>
 
 namespace grpc {
@@ -47,12 +48,18 @@ void ServerBuilder::AddPort(const grpc::string& addr) {
   ports_.push_back(addr);
 }
 
+void ServerBuilder::SetCredentials(
+    const std::shared_ptr<ServerCredentials>& creds) {
+  GPR_ASSERT(!creds_);
+  creds_ = creds;
+}
+
 void ServerBuilder::SetThreadPool(ThreadPoolInterface* thread_pool) {
   thread_pool_ = thread_pool;
 }
 
 std::unique_ptr<Server> ServerBuilder::BuildAndStart() {
-  std::unique_ptr<Server> server(new Server(thread_pool_));
+  std::unique_ptr<Server> server(new Server(thread_pool_, creds_.get()));
   for (auto* service : services_) {
     server->RegisterService(service);
   }
diff --git a/src/cpp/server/server_credentials.cc b/src/cpp/server/server_credentials.cc
index d23a09f3c1..f9ca1622ba 100644
--- a/src/cpp/server/server_credentials.cc
+++ b/src/cpp/server/server_credentials.cc
@@ -49,12 +49,22 @@ grpc_server_credentials* ServerCredentials::GetRawCreds() { return creds_; }
 
 std::shared_ptr<ServerCredentials> ServerCredentialsFactory::SslCredentials(
     const SslServerCredentialsOptions& options) {
+  const unsigned char* pem_root_certs =
+      options.pem_root_certs.empty() ? nullptr
+                                     : reinterpret_cast<const unsigned char*>(
+                                           options.pem_root_certs.c_str());
+  const unsigned char* pem_private_key =
+      options.pem_private_key.empty() ? nullptr
+                                      : reinterpret_cast<const unsigned char*>(
+                                            options.pem_private_key.c_str());
+  const unsigned char* pem_cert_chain =
+      options.pem_cert_chain.empty() ? nullptr
+                                     : reinterpret_cast<const unsigned char*>(
+                                           options.pem_cert_chain.c_str());
+
   grpc_server_credentials* c_creds = grpc_ssl_server_credentials_create(
-      reinterpret_cast<const unsigned char*>(options.pem_root_certs.c_str()),
-      options.pem_root_certs.size(),
-      reinterpret_cast<const unsigned char*>(options.pem_private_key.c_str()),
-      options.pem_private_key.size(),
-      reinterpret_cast<const unsigned char*>(options.pem_cert_chain.c_str()),
+      pem_root_certs, options.pem_root_certs.size(), pem_private_key,
+      options.pem_private_key.size(), pem_cert_chain,
       options.pem_cert_chain.size());
   return std::shared_ptr<ServerCredentials>(new ServerCredentials(c_creds));
 }