1 files changed, 61 insertions, 28 deletions

diff --git a/src/csharp/Grpc.Core/ServerCredentials.cs b/src/csharp/Grpc.Core/ServerCredentials.cs
index ab7d0b4914..32ed4b78a1 100644
--- a/src/csharp/Grpc.Core/ServerCredentials.cs
+++ b/src/csharp/Grpc.Core/ServerCredentials.cs
@@ -35,6 +35,7 @@ using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using Grpc.Core.Internal;
+using Grpc.Core.Utils;
 
 namespace Grpc.Core
 {
@@ -43,67 +44,99 @@ namespace Grpc.Core
     /// </summary>
     public abstract class ServerCredentials
     {
+        static readonly ServerCredentials InsecureInstance = new InsecureServerCredentialsImpl();
+
+        /// <summary>
+        /// Returns instance of credential that provides no security and 
+        /// will result in creating an unsecure server port with no encryption whatsoever.
+        /// </summary>
+        public static ServerCredentials Insecure
+        {
+            get
+            {
+                return InsecureInstance;
+            }
+        }
+
         /// <summary>
         /// Creates native object for the credentials.
         /// </summary>
         /// <returns>The native credentials.</returns>
         internal abstract ServerCredentialsSafeHandle ToNativeCredentials();
+
+        private sealed class InsecureServerCredentialsImpl : ServerCredentials
+        {
+            internal override ServerCredentialsSafeHandle ToNativeCredentials()
+            {
+                return null;
+            }
+        }
     }
 
     /// <summary>
-    /// Key certificate pair (in PEM encoding).
+    /// Server-side SSL credentials.
     /// </summary>
-    public class KeyCertificatePair
+    public class SslServerCredentials : ServerCredentials
     {
-        readonly string certChain;
-        readonly string privateKey;
+        readonly IList<KeyCertificatePair> keyCertificatePairs;
+        readonly string rootCertificates;
 
-        public KeyCertificatePair(string certChain, string privateKey)
+        /// <summary>
+        /// Creates server-side SSL credentials.
+        /// </summary>
+        /// <param name="rootCertificates">PEM encoded client root certificates used to authenticate client.</param>
+        /// <param name="keyCertificatePairs">Key-certificates to use.</param>
+        public SslServerCredentials(IEnumerable<KeyCertificatePair> keyCertificatePairs, string rootCertificates)
         {
-            this.certChain = certChain;
-            this.privateKey = privateKey;
+            this.keyCertificatePairs = new List<KeyCertificatePair>(keyCertificatePairs).AsReadOnly();
+            Preconditions.CheckArgument(this.keyCertificatePairs.Count > 0,
+                "At least one KeyCertificatePair needs to be provided");
+            this.rootCertificates = rootCertificates;
         }
 
-        public string CertChain
+        /// <summary>
+        /// Creates server-side SSL credentials.
+        /// This constructor should be use if you do not wish to autheticate client
+        /// using client root certificates.
+        /// </summary>
+        /// <param name="keyCertificatePairs">Key-certificates to use.</param>
+        public SslServerCredentials(IEnumerable<KeyCertificatePair> keyCertificatePairs) : this(keyCertificatePairs, null)
         {
-            get
-            {
-                return certChain;
-            }
         }
 
-        public string PrivateKey
+        /// <summary>
+        /// Key-certificate pairs.
+        /// </summary>
+        public IList<KeyCertificatePair> KeyCertificatePairs
         {
             get
             {
-                return privateKey;
+                return this.keyCertificatePairs;
             }
         }
-    }
-
-    /// <summary>
-    /// Server-side SSL credentials.
-    /// </summary>
-    public class SslServerCredentials : ServerCredentials
-    {
-        ImmutableList<KeyCertificatePair> keyCertPairs;
 
-        public SslServerCredentials(ImmutableList<KeyCertificatePair> keyCertPairs)
+        /// <summary>
+        /// PEM encoded client root certificates.
+        /// </summary>
+        public string RootCertificates
         {
-            this.keyCertPairs = keyCertPairs;
+            get
+            {
+                return this.rootCertificates;
+            }
         }
 
         internal override ServerCredentialsSafeHandle ToNativeCredentials()
         {
-            int count = keyCertPairs.Count;
+            int count = keyCertificatePairs.Count;
             string[] certChains = new string[count];
             string[] keys = new string[count];
             for (int i = 0; i < count; i++)
             {
-                certChains[i] = keyCertPairs[i].CertChain;
-                keys[i] = keyCertPairs[i].PrivateKey;
+                certChains[i] = keyCertificatePairs[i].CertificateChain;
+                keys[i] = keyCertificatePairs[i].PrivateKey;
             }
-            return ServerCredentialsSafeHandle.CreateSslCredentials(certChains, keys);
+            return ServerCredentialsSafeHandle.CreateSslCredentials(rootCertificates, certChains, keys);
         }
     }
 }