diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/security/factories.c | 30 | ||||
| -rw-r--r-- | src/core/security/security_context.c | 1 | ||||
| -rw-r--r-- | src/core/security/server_secure_chttp2.c | 70 | ||||
| -rw-r--r-- | src/core/surface/lame_client.c | 2 | ||||
| -rw-r--r-- | src/cpp/client/channel.cc | 40 | ||||
| -rw-r--r-- | src/cpp/client/channel.h | 7 | ||||
| -rw-r--r-- | src/cpp/client/create_channel.cc | 8 | ||||
| -rw-r--r-- | src/cpp/client/credentials.cc | 89 | ||||
| -rw-r--r-- | src/cpp/client/insecure_credentials.cc (renamed from src/core/surface/secure_server_create.c) | 41 | ||||
| -rw-r--r-- | src/cpp/client/secure_credentials.cc | 132 | ||||
| -rw-r--r-- | src/cpp/server/insecure_server_credentials.cc (renamed from src/core/surface/lame_client.h) | 22 | ||||
| -rw-r--r-- | src/cpp/server/secure_server_credentials.cc | 70 | ||||
| -rw-r--r-- | src/cpp/server/server.cc | 27 | ||||
| -rw-r--r-- | src/cpp/server/server_builder.cc | 23 | ||||
| -rw-r--r-- | src/cpp/server/server_credentials.cc | 22 |
15 files changed, 329 insertions, 255 deletions
diff --git a/src/core/security/factories.c b/src/core/security/factories.c index c9701b9080..02267d5545 100644 --- a/src/core/security/factories.c +++ b/src/core/security/factories.c @@ -33,9 +33,9 @@ #include <string.h> +#include <grpc/grpc.h> #include "src/core/security/credentials.h" #include "src/core/security/security_context.h" -#include "src/core/surface/lame_client.h" #include <grpc/support/alloc.h> #include <grpc/support/log.h> #include <grpc/support/useful.h> @@ -50,31 +50,3 @@ grpc_channel *grpc_secure_channel_create(grpc_credentials *creds, return grpc_secure_channel_create_with_factories( factories, GPR_ARRAY_SIZE(factories), creds, target, args); } - -grpc_server *grpc_secure_server_create(grpc_server_credentials *creds, - grpc_completion_queue *cq, - const grpc_channel_args *args) { - grpc_security_status status = GRPC_SECURITY_ERROR; - grpc_security_context *ctx = NULL; - grpc_server *server = NULL; - if (creds == NULL) return NULL; /* TODO(ctiller): Return lame server. */ - - if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) { - status = grpc_ssl_server_security_context_create( - grpc_ssl_server_credentials_get_config(creds), &ctx); - } else if (!strcmp(creds->type, - GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) { - ctx = grpc_fake_server_security_context_create(); - status = GRPC_SECURITY_OK; - } - - if (status != GRPC_SECURITY_OK) { - gpr_log(GPR_ERROR, - "Unable to create secure server with credentials of type %s.", - creds->type); - return NULL; /* TODO(ctiller): Return lame server. */ - } - server = grpc_secure_server_create_internal(cq, args, ctx); - grpc_security_context_unref(ctx); - return server; -} diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c index 9dce5af740..0a65480b2f 100644 --- a/src/core/security/security_context.c +++ b/src/core/security/security_context.c @@ -42,7 +42,6 @@ #include "src/core/support/env.h" #include "src/core/support/file.h" #include "src/core/support/string.h" -#include "src/core/surface/lame_client.h" #include "src/core/transport/chttp2/alpn.h" #include <grpc/support/alloc.h> #include <grpc/support/log.h> diff --git a/src/core/security/server_secure_chttp2.c b/src/core/security/server_secure_chttp2.c index c88f0726bb..4dcd4b5524 100644 --- a/src/core/security/server_secure_chttp2.c +++ b/src/core/security/server_secure_chttp2.c @@ -33,6 +33,8 @@ #include <grpc/grpc.h> +#include <string.h> + #include "src/core/channel/http_filter.h" #include "src/core/channel/http_server_filter.h" #include "src/core/iomgr/resolve_address.h" @@ -66,37 +68,64 @@ static void on_secure_transport_setup_done(void *server, } } -static void on_accept(void *server, grpc_endpoint *tcp) { - const grpc_channel_args *args = grpc_server_get_channel_args(server); - grpc_security_context *ctx = grpc_find_security_context_in_args(args); - GPR_ASSERT(ctx); - grpc_setup_secure_transport(ctx, tcp, on_secure_transport_setup_done, server); -} +typedef struct { + grpc_tcp_server *tcp; + grpc_security_context *ctx; + grpc_server *server; +} secured_port; -/* Note: the following code is the same with server_chttp2.c */ +static void on_accept(void *spp, grpc_endpoint *tcp) { + secured_port *sp = spp; + grpc_setup_secure_transport(sp->ctx, tcp, on_secure_transport_setup_done, sp->server); +} /* Server callback: start listening on our ports */ -static void start(grpc_server *server, void *tcpp, grpc_pollset **pollsets, +static void start(grpc_server *server, void *spp, grpc_pollset **pollsets, size_t pollset_count) { - grpc_tcp_server *tcp = tcpp; - grpc_tcp_server_start(tcp, pollsets, pollset_count, on_accept, server); + secured_port *sp = spp; + grpc_tcp_server_start(sp->tcp, pollsets, pollset_count, on_accept, sp); } /* Server callback: destroy the tcp listener (so we don't generate further callbacks) */ -static void destroy(grpc_server *server, void *tcpp) { - grpc_tcp_server *tcp = tcpp; - grpc_tcp_server_destroy(tcp); +static void destroy(grpc_server *server, void *spp) { + secured_port *sp = spp; + grpc_tcp_server_destroy(sp->tcp); + grpc_security_context_unref(sp->ctx); + gpr_free(sp); } -int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr) { +int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds) { grpc_resolved_addresses *resolved = NULL; grpc_tcp_server *tcp = NULL; size_t i; unsigned count = 0; int port_num = -1; int port_temp; + grpc_security_status status = GRPC_SECURITY_ERROR; + grpc_security_context *ctx = NULL; + secured_port *sp = NULL; + + /* create security context */ + if (creds == NULL) goto error; + + if (!strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) { + status = grpc_ssl_server_security_context_create( + grpc_ssl_server_credentials_get_config(creds), &ctx); + } else if (!strcmp(creds->type, + GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY)) { + ctx = grpc_fake_server_security_context_create(); + status = GRPC_SECURITY_OK; + } + if (status != GRPC_SECURITY_OK) { + gpr_log(GPR_ERROR, + "Unable to create secure server with credentials of type %s.", + creds->type); + goto error; + } + + /* resolve address */ resolved = grpc_blocking_resolve_address(addr, "https"); if (!resolved) { goto error; @@ -132,18 +161,29 @@ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr) { } grpc_resolved_addresses_destroy(resolved); + sp = gpr_malloc(sizeof(secured_port)); + sp->tcp = tcp; + sp->ctx = ctx; + sp->server = server; + /* Register with the server only upon success */ - grpc_server_add_listener(server, tcp, start, destroy); + grpc_server_add_listener(server, sp, start, destroy); return port_num; /* Error path: cleanup and return */ error: + if (ctx) { + grpc_security_context_unref(ctx); + } if (resolved) { grpc_resolved_addresses_destroy(resolved); } if (tcp) { grpc_tcp_server_destroy(tcp); } + if (sp) { + gpr_free(sp); + } return 0; } diff --git a/src/core/surface/lame_client.c b/src/core/surface/lame_client.c index 57f6ddf0f7..b40c48381f 100644 --- a/src/core/surface/lame_client.c +++ b/src/core/surface/lame_client.c @@ -31,7 +31,7 @@ * */ -#include "src/core/surface/lame_client.h" +#include <grpc/grpc.h> #include <string.h> diff --git a/src/cpp/client/channel.cc b/src/cpp/client/channel.cc index ca69d66cbb..65bd135d5c 100644 --- a/src/cpp/client/channel.cc +++ b/src/cpp/client/channel.cc @@ -54,43 +54,23 @@ namespace grpc { -Channel::Channel(const grpc::string &target, const ChannelArguments &args) - : target_(target) { - grpc_channel_args channel_args; - args.SetChannelArgs(&channel_args); - c_channel_ = grpc_channel_create( - target_.c_str(), channel_args.num_args > 0 ? &channel_args : nullptr); -} - -Channel::Channel(const grpc::string &target, - const std::unique_ptr<Credentials> &creds, - const ChannelArguments &args) - : target_(args.GetSslTargetNameOverride().empty() - ? target - : args.GetSslTargetNameOverride()) { - grpc_channel_args channel_args; - args.SetChannelArgs(&channel_args); - grpc_credentials *c_creds = creds ? creds->GetRawCreds() : nullptr; - c_channel_ = grpc_secure_channel_create( - c_creds, target.c_str(), - channel_args.num_args > 0 ? &channel_args : nullptr); -} +Channel::Channel(const grpc::string& target, grpc_channel* channel) + : target_(target), c_channel_(channel) {} Channel::~Channel() { grpc_channel_destroy(c_channel_); } -Call Channel::CreateCall(const RpcMethod &method, ClientContext *context, - CompletionQueue *cq) { - auto c_call = - grpc_channel_create_call( - c_channel_, cq->cq(), method.name(), - context->authority().empty() ? target_.c_str() - : context->authority().c_str(), - context->RawDeadline()); +Call Channel::CreateCall(const RpcMethod& method, ClientContext* context, + CompletionQueue* cq) { + auto c_call = grpc_channel_create_call(c_channel_, cq->cq(), method.name(), + context->authority().empty() + ? target_.c_str() + : context->authority().c_str(), + context->RawDeadline()); context->set_call(c_call); return Call(c_call, this, cq); } -void Channel::PerformOpsOnCall(CallOpBuffer *buf, Call *call) { +void Channel::PerformOpsOnCall(CallOpBuffer* buf, Call* call) { static const size_t MAX_OPS = 8; size_t nops = MAX_OPS; grpc_op ops[MAX_OPS]; diff --git a/src/cpp/client/channel.h b/src/cpp/client/channel.h index 06f5a8ffdf..f5c9e0f616 100644 --- a/src/cpp/client/channel.h +++ b/src/cpp/client/channel.h @@ -51,10 +51,7 @@ class StreamContextInterface; class Channel final : public ChannelInterface { public: - Channel(const grpc::string &target, const ChannelArguments &args); - Channel(const grpc::string &target, const std::unique_ptr<Credentials> &creds, - const ChannelArguments &args); - + Channel(const grpc::string &target, grpc_channel *c_channel); ~Channel() override; virtual Call CreateCall(const RpcMethod &method, ClientContext *context, @@ -63,7 +60,7 @@ class Channel final : public ChannelInterface { private: const grpc::string target_; - grpc_channel *c_channel_; // owned + grpc_channel *const c_channel_; // owned }; } // namespace grpc diff --git a/src/cpp/client/create_channel.cc b/src/cpp/client/create_channel.cc index 583e072799..57d215d0f3 100644 --- a/src/cpp/client/create_channel.cc +++ b/src/cpp/client/create_channel.cc @@ -40,14 +40,10 @@ namespace grpc { class ChannelArguments; -std::shared_ptr<ChannelInterface> CreateChannelDeprecated( - const grpc::string &target, const ChannelArguments &args) { - return std::shared_ptr<ChannelInterface>(new Channel(target, args)); -} - std::shared_ptr<ChannelInterface> CreateChannel( const grpc::string &target, const std::unique_ptr<Credentials> &creds, const ChannelArguments &args) { - return std::shared_ptr<ChannelInterface>(new Channel(target, creds, args)); + return creds ? creds->CreateChannel(target, args) : + std::shared_ptr<ChannelInterface>(new Channel(target, grpc_lame_client_channel_create())); } } // namespace grpc diff --git a/src/cpp/client/credentials.cc b/src/cpp/client/credentials.cc index a140f551e0..e806284988 100644 --- a/src/cpp/client/credentials.cc +++ b/src/cpp/client/credentials.cc @@ -31,97 +31,10 @@ * */ -#include <string> - -#include <grpc/grpc_security.h> -#include <grpc/support/log.h> - #include <grpc++/credentials.h> namespace grpc { -Credentials::Credentials(grpc_credentials *c_creds) : creds_(c_creds) {} - -Credentials::~Credentials() { grpc_credentials_release(creds_); } -grpc_credentials *Credentials::GetRawCreds() { return creds_; } - -std::unique_ptr<Credentials> CredentialsFactory::GoogleDefaultCredentials() { - grpc_credentials *c_creds = grpc_google_default_credentials_create(); - std::unique_ptr<Credentials> cpp_creds(new Credentials(c_creds)); - return cpp_creds; -} - -// Builds SSL Credentials given SSL specific options -std::unique_ptr<Credentials> CredentialsFactory::SslCredentials( - const SslCredentialsOptions &options) { - grpc_ssl_pem_key_cert_pair pem_key_cert_pair = { - options.pem_private_key.c_str(), options.pem_cert_chain.c_str()}; - - grpc_credentials *c_creds = grpc_ssl_credentials_create( - options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(), - options.pem_private_key.empty() ? nullptr : &pem_key_cert_pair); - std::unique_ptr<Credentials> cpp_creds( - c_creds == nullptr ? nullptr : new Credentials(c_creds)); - return cpp_creds; -} - -// Builds credentials for use when running in GCE -std::unique_ptr<Credentials> CredentialsFactory::ComputeEngineCredentials() { - grpc_credentials *c_creds = grpc_compute_engine_credentials_create(); - std::unique_ptr<Credentials> cpp_creds( - c_creds == nullptr ? nullptr : new Credentials(c_creds)); - return cpp_creds; -} - -// Builds service account credentials. -std::unique_ptr<Credentials> CredentialsFactory::ServiceAccountCredentials( - const grpc::string &json_key, const grpc::string &scope, - std::chrono::seconds token_lifetime) { - gpr_timespec lifetime = gpr_time_from_seconds( - token_lifetime.count() > 0 ? token_lifetime.count() : 0); - grpc_credentials *c_creds = grpc_service_account_credentials_create( - json_key.c_str(), scope.c_str(), lifetime); - std::unique_ptr<Credentials> cpp_creds( - c_creds == nullptr ? nullptr : new Credentials(c_creds)); - return cpp_creds; -} - -// Builds JWT credentials. -std::unique_ptr<Credentials> CredentialsFactory::JWTCredentials( - const grpc::string &json_key, std::chrono::seconds token_lifetime) { - gpr_timespec lifetime = gpr_time_from_seconds( - token_lifetime.count() > 0 ? token_lifetime.count() : 0); - grpc_credentials *c_creds = - grpc_jwt_credentials_create(json_key.c_str(), lifetime); - std::unique_ptr<Credentials> cpp_creds( - c_creds == nullptr ? nullptr : new Credentials(c_creds)); - return cpp_creds; -} - -// Builds IAM credentials. -std::unique_ptr<Credentials> CredentialsFactory::IAMCredentials( - const grpc::string &authorization_token, - const grpc::string &authority_selector) { - grpc_credentials *c_creds = grpc_iam_credentials_create( - authorization_token.c_str(), authority_selector.c_str()); - std::unique_ptr<Credentials> cpp_creds( - c_creds == nullptr ? nullptr : new Credentials(c_creds)); - return cpp_creds; -} - -// Combines two credentials objects into a composite credentials. -std::unique_ptr<Credentials> CredentialsFactory::CompositeCredentials( - const std::unique_ptr<Credentials> &creds1, - const std::unique_ptr<Credentials> &creds2) { - // Note that we are not saving unique_ptrs to the two credentials - // passed in here. This is OK because the underlying C objects (i.e., - // creds1 and creds2) into grpc_composite_credentials_create will see their - // refcounts incremented. - grpc_credentials *c_creds = grpc_composite_credentials_create( - creds1->GetRawCreds(), creds2->GetRawCreds()); - std::unique_ptr<Credentials> cpp_creds( - c_creds == nullptr ? nullptr : new Credentials(c_creds)); - return cpp_creds; -} +Credentials::~Credentials() {} } // namespace grpc diff --git a/src/core/surface/secure_server_create.c b/src/cpp/client/insecure_credentials.cc index 1d5b927997..8180d1e60e 100644 --- a/src/core/surface/secure_server_create.c +++ b/src/cpp/client/insecure_credentials.cc @@ -31,27 +31,32 @@ * */ -#include <grpc/grpc.h> +#include <string> -#include "src/core/channel/channel_args.h" -#include "src/core/security/security_context.h" -#include "src/core/surface/completion_queue.h" -#include "src/core/surface/server.h" +#include <grpc/grpc.h> #include <grpc/support/log.h> -grpc_server *grpc_secure_server_create_internal( - grpc_completion_queue *cq, const grpc_channel_args *args, - grpc_security_context *context) { - grpc_arg context_arg; - grpc_channel_args *args_copy; - grpc_server *server; - if (grpc_find_security_context_in_args(args) != NULL) { - gpr_log(GPR_ERROR, "Cannot set security context in channel args."); +#include <grpc++/channel_arguments.h> +#include <grpc++/credentials.h> +#include "src/cpp/client/channel.h" + +namespace grpc { + +namespace { +class InsecureCredentialsImpl final : public Credentials { + public: + std::shared_ptr<grpc::ChannelInterface> CreateChannel(const string& target, const grpc::ChannelArguments& args) override { + grpc_channel_args channel_args; + args.SetChannelArgs(&channel_args); + return std::shared_ptr<ChannelInterface>(new Channel(target, grpc_channel_create(target.c_str(), &channel_args))); } - context_arg = grpc_security_context_to_arg(context); - args_copy = grpc_channel_args_copy_and_add(args, &context_arg); - server = grpc_server_create_from_filters(cq, NULL, 0, args_copy); - grpc_channel_args_destroy(args_copy); - return server; + SecureCredentials* AsSecureCredentials() { return nullptr; } +}; +} // namespace + +std::unique_ptr<Credentials> InsecureCredentials() { + return std::unique_ptr<Credentials>(new InsecureCredentialsImpl()); } + +} // namespace grpc diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc new file mode 100644 index 0000000000..175f88f6a9 --- /dev/null +++ b/src/cpp/client/secure_credentials.cc @@ -0,0 +1,132 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <string> + +#include <grpc/grpc_security.h> +#include <grpc/support/log.h> + +#include <grpc++/channel_arguments.h> +#include <grpc++/credentials.h> +#include "src/cpp/client/channel.h" + +namespace grpc { + +class SecureCredentials final : public Credentials { + public: + explicit SecureCredentials(grpc_credentials* c_creds) : c_creds_(c_creds) {} + ~SecureCredentials() override { grpc_credentials_release(c_creds_); } + grpc_credentials* GetRawCreds() { return c_creds_; } + + std::shared_ptr<grpc::ChannelInterface> CreateChannel( + const string& target, const grpc::ChannelArguments& args) override { + grpc_channel_args channel_args; + args.SetChannelArgs(&channel_args); + return std::shared_ptr<ChannelInterface>(new Channel( + target, + grpc_secure_channel_create(c_creds_, target.c_str(), &channel_args))); + } + + SecureCredentials* AsSecureCredentials() { + return this; + } + + private: + grpc_credentials* const c_creds_; +}; + +namespace { +std::unique_ptr<Credentials> WrapCredentials(grpc_credentials* creds) { + return creds == nullptr + ? nullptr + : std::unique_ptr<Credentials>(new SecureCredentials(creds)); +} +} // namespace + +std::unique_ptr<Credentials> GoogleDefaultCredentials() { + return WrapCredentials(grpc_google_default_credentials_create()); +} + +// Builds SSL Credentials given SSL specific options +std::unique_ptr<Credentials> SslCredentials( + const SslCredentialsOptions& options) { + grpc_ssl_pem_key_cert_pair pem_key_cert_pair = { + options.pem_private_key.c_str(), options.pem_cert_chain.c_str()}; + + grpc_credentials* c_creds = grpc_ssl_credentials_create( + options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(), + options.pem_private_key.empty() ? nullptr : &pem_key_cert_pair); + return WrapCredentials(c_creds); +} + +// Builds credentials for use when running in GCE +std::unique_ptr<Credentials> ComputeEngineCredentials() { + return WrapCredentials(grpc_compute_engine_credentials_create()); +} + +// Builds service account credentials. +std::unique_ptr<Credentials> ServiceAccountCredentials( + const grpc::string& json_key, const grpc::string& scope, + std::chrono::seconds token_lifetime) { + gpr_timespec lifetime = gpr_time_from_seconds( + token_lifetime.count() > 0 ? token_lifetime.count() : 0); + return WrapCredentials(grpc_service_account_credentials_create( + json_key.c_str(), scope.c_str(), lifetime)); +} + +// Builds IAM credentials. +std::unique_ptr<Credentials> IAMCredentials( + const grpc::string& authorization_token, + const grpc::string& authority_selector) { + return WrapCredentials(grpc_iam_credentials_create( + authorization_token.c_str(), authority_selector.c_str())); +} + +// Combines two credentials objects into a composite credentials. +std::unique_ptr<Credentials> CompositeCredentials( + const std::unique_ptr<Credentials>& creds1, + const std::unique_ptr<Credentials>& creds2) { + // Note that we are not saving unique_ptrs to the two credentials + // passed in here. This is OK because the underlying C objects (i.e., + // creds1 and creds2) into grpc_composite_credentials_create will see their + // refcounts incremented. + SecureCredentials* s1 = creds1->AsSecureCredentials(); + SecureCredentials* s2 = creds2->AsSecureCredentials(); + if (s1 && s2) { + return WrapCredentials(grpc_composite_credentials_create( + s1->GetRawCreds(), s2->GetRawCreds())); + } + return nullptr; +} + +} // namespace grpc diff --git a/src/core/surface/lame_client.h b/src/cpp/server/insecure_server_credentials.cc index 2bd97b95eb..a99e1104cb 100644 --- a/src/core/surface/lame_client.h +++ b/src/cpp/server/insecure_server_credentials.cc @@ -31,12 +31,22 @@ * */ -#ifndef __GRPC_INTERNAL_SURFACE_LAME_CLIENT_H_ -#define __GRPC_INTERNAL_SURFACE_LAME_CLIENT_H_ +#include <grpc/grpc_security.h> -#include <grpc/grpc.h> +#include <grpc++/server_credentials.h> -/* Create a lame client: this client fails every operation attempted on it. */ -grpc_channel *grpc_lame_client_channel_create(void); +namespace grpc { +namespace { +class InsecureServerCredentialsImpl final : public ServerCredentials { + public: + int AddPortToServer(const grpc::string& addr, grpc_server* server) { + return grpc_server_add_http2_port(server, addr.c_str()); + } +}; +} // namespace -#endif /* __GRPC_INTERNAL_SURFACE_LAME_CLIENT_H_ */ +std::shared_ptr<ServerCredentials> InsecureServerCredentials() { + return std::shared_ptr<ServerCredentials>(new InsecureServerCredentialsImpl()); +} + +} // namespace grpc diff --git a/src/cpp/server/secure_server_credentials.cc b/src/cpp/server/secure_server_credentials.cc new file mode 100644 index 0000000000..f90838b086 --- /dev/null +++ b/src/cpp/server/secure_server_credentials.cc @@ -0,0 +1,70 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <grpc/grpc_security.h> + +#include <grpc++/server_credentials.h> + +namespace grpc { + +namespace { +class SecureServerCredentials final : public ServerCredentials { + public: + explicit SecureServerCredentials(grpc_server_credentials* creds) : creds_(creds) {} + ~SecureServerCredentials() override { + grpc_server_credentials_release(creds_); + } + + int AddPortToServer(const grpc::string& addr, grpc_server* server) override { + return grpc_server_add_secure_http2_port(server, addr.c_str(), creds_); + } + + private: + grpc_server_credentials* const creds_; +}; +} // namespace + +std::shared_ptr<ServerCredentials> SslServerCredentials( + const SslServerCredentialsOptions &options) { + std::vector<grpc_ssl_pem_key_cert_pair> pem_key_cert_pairs; + for (const auto &key_cert_pair : options.pem_key_cert_pairs) { + pem_key_cert_pairs.push_back( + {key_cert_pair.private_key.c_str(), key_cert_pair.cert_chain.c_str()}); + } + grpc_server_credentials *c_creds = grpc_ssl_server_credentials_create( + options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(), + &pem_key_cert_pairs[0], pem_key_cert_pairs.size()); + return std::shared_ptr<ServerCredentials>(new SecureServerCredentials(c_creds)); +} + +} // namespace grpc diff --git a/src/cpp/server/server.cc b/src/cpp/server/server.cc index 178fa1a716..dc48546541 100644 --- a/src/cpp/server/server.cc +++ b/src/cpp/server/server.cc @@ -169,26 +169,13 @@ class Server::SyncRequest final : public CompletionQueueTag { grpc_completion_queue* cq_; }; -Server::Server(ThreadPoolInterface* thread_pool, bool thread_pool_owned, - ServerCredentials* creds) +Server::Server(ThreadPoolInterface* thread_pool, bool thread_pool_owned) : started_(false), shutdown_(false), num_running_cb_(0), + server_(grpc_server_create(cq_.cq(), nullptr)), thread_pool_(thread_pool), - thread_pool_owned_(thread_pool_owned), - secure_(creds != nullptr) { - if (creds) { - server_ = - grpc_secure_server_create(creds->GetRawCreds(), cq_.cq(), nullptr); - } else { - server_ = grpc_server_create(cq_.cq(), nullptr); - } -} - -Server::Server() { - // Should not be called. - GPR_ASSERT(false); -} + thread_pool_owned_(thread_pool_owned) {} Server::~Server() { std::unique_lock<std::mutex> lock(mu_); @@ -238,13 +225,9 @@ bool Server::RegisterAsyncService(AsynchronousService* service) { return true; } -int Server::AddPort(const grpc::string& addr) { +int Server::AddPort(const grpc::string& addr, ServerCredentials* creds) { GPR_ASSERT(!started_); - if (secure_) { - return grpc_server_add_secure_http2_port(server_, addr.c_str()); - } else { - return grpc_server_add_http2_port(server_, addr.c_str()); - } + return creds->AddPortToServer(addr, server_); } bool Server::Start() { diff --git a/src/cpp/server/server_builder.cc b/src/cpp/server/server_builder.cc index 3c2093c363..d8b3f74939 100644 --- a/src/cpp/server/server_builder.cc +++ b/src/cpp/server/server_builder.cc @@ -51,14 +51,10 @@ void ServerBuilder::RegisterAsyncService(AsynchronousService* service) { async_services_.push_back(service); } -void ServerBuilder::AddPort(const grpc::string& addr) { - ports_.push_back(addr); -} - -void ServerBuilder::SetCredentials( - const std::shared_ptr<ServerCredentials>& creds) { - GPR_ASSERT(!creds_); - creds_ = creds; +void ServerBuilder::AddPort(const grpc::string& addr, + std::shared_ptr<ServerCredentials> creds, + int* selected_port) { + ports_.push_back(Port{addr, creds, selected_port}); } void ServerBuilder::SetThreadPool(ThreadPoolInterface* thread_pool) { @@ -71,14 +67,13 @@ std::unique_ptr<Server> ServerBuilder::BuildAndStart() { gpr_log(GPR_ERROR, "Mixing async and sync services is unsupported for now"); return nullptr; } - if (!thread_pool_ && services_.size()) { + if (!thread_pool_ && !services_.empty()) { int cores = gpr_cpu_num_cores(); if (!cores) cores = 4; thread_pool_ = new ThreadPool(cores); thread_pool_owned = true; } - std::unique_ptr<Server> server( - new Server(thread_pool_, thread_pool_owned, creds_.get())); + std::unique_ptr<Server> server(new Server(thread_pool_, thread_pool_owned)); for (auto* service : services_) { if (!server->RegisterService(service)) { return nullptr; @@ -90,8 +85,10 @@ std::unique_ptr<Server> ServerBuilder::BuildAndStart() { } } for (auto& port : ports_) { - if (!server->AddPort(port)) { - return nullptr; + int r = server->AddPort(port.addr, port.creds.get()); + if (!r) return nullptr; + if (port.selected_port != nullptr) { + *port.selected_port = r; } } if (!server->Start()) { diff --git a/src/cpp/server/server_credentials.cc b/src/cpp/server/server_credentials.cc index 69ad000ccc..6bdb465baa 100644 --- a/src/cpp/server/server_credentials.cc +++ b/src/cpp/server/server_credentials.cc @@ -37,26 +37,6 @@ namespace grpc { -ServerCredentials::ServerCredentials(grpc_server_credentials *c_creds) - : creds_(c_creds) {} - -ServerCredentials::~ServerCredentials() { - grpc_server_credentials_release(creds_); -} - -grpc_server_credentials *ServerCredentials::GetRawCreds() { return creds_; } - -std::shared_ptr<ServerCredentials> ServerCredentialsFactory::SslCredentials( - const SslServerCredentialsOptions &options) { - std::vector<grpc_ssl_pem_key_cert_pair> pem_key_cert_pairs; - for (const auto &key_cert_pair : options.pem_key_cert_pairs) { - pem_key_cert_pairs.push_back( - {key_cert_pair.private_key.c_str(), key_cert_pair.cert_chain.c_str()}); - } - grpc_server_credentials *c_creds = grpc_ssl_server_credentials_create( - options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(), - &pem_key_cert_pairs[0], pem_key_cert_pairs.size()); - return std::shared_ptr<ServerCredentials>(new ServerCredentials(c_creds)); -} +ServerCredentials::~ServerCredentials() {} } // namespace grpc |