#region Copyright notice and license // Copyright 2015, Google Inc. // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are // met: // // * Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above // copyright notice, this list of conditions and the following disclaimer // in the documentation and/or other materials provided with the // distribution. // * Neither the name of Google Inc. nor the names of its // contributors may be used to endorse or promote products derived from // this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #endregion using System; using System.Collections.Generic; using System.Threading.Tasks; using Grpc.Core.Internal; using Grpc.Core.Utils; namespace Grpc.Core { /// /// Client-side channel credentials. Used for creation of a secure channel. /// public abstract class ChannelCredentials { static readonly ChannelCredentials InsecureInstance = new InsecureCredentialsImpl(); /// /// Returns instance of credentials that provides no security and /// will result in creating an unsecure channel with no encryption whatsoever. /// public static ChannelCredentials Insecure { get { return InsecureInstance; } } /// /// Creates a new instance of ChannelCredentials class by composing /// given channel credentials with call credentials. /// /// Channel credentials. /// Call credentials. /// The new composite ChannelCredentials public static ChannelCredentials Create(ChannelCredentials channelCredentials, CallCredentials callCredentials) { return new CompositeChannelCredentials(channelCredentials, callCredentials); } /// /// Creates a new instance of ChannelCredentials by wrapping /// an instance of CallCredentials. /// /// Call credentials. /// The ChannelCredentials wrapping given call credentials. public static ChannelCredentials Create(CallCredentials callCredentials) { return new WrappedCallCredentials(callCredentials); } /// /// Creates native object for the credentials. May return null if insecure channel /// should be created. /// /// The native credentials. internal abstract CredentialsSafeHandle ToNativeCredentials(); /// /// Returns true if this credential type allows being composed by CompositeCredentials. /// internal virtual bool IsComposable { get { return false; } } private sealed class InsecureCredentialsImpl : ChannelCredentials { internal override CredentialsSafeHandle ToNativeCredentials() { return null; } } } /// /// Client-side SSL credentials. /// public sealed class SslCredentials : ChannelCredentials { readonly string rootCertificates; readonly KeyCertificatePair keyCertificatePair; /// /// Creates client-side SSL credentials loaded from /// disk file pointed to by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable. /// If that fails, gets the roots certificates from a well known place on disk. /// public SslCredentials() : this(null, null) { } /// /// Creates client-side SSL credentials from /// a string containing PEM encoded root certificates. /// public SslCredentials(string rootCertificates) : this(rootCertificates, null) { } /// /// Creates client-side SSL credentials. /// /// string containing PEM encoded server root certificates. /// a key certificate pair. public SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair) { this.rootCertificates = rootCertificates; this.keyCertificatePair = keyCertificatePair; } /// /// PEM encoding of the server root certificates. /// public string RootCertificates { get { return this.rootCertificates; } } /// /// Client side key and certificate pair. /// If null, client will not use key and certificate pair. /// public KeyCertificatePair KeyCertificatePair { get { return this.keyCertificatePair; } } // Composing composite makes no sense. internal override bool IsComposable { get { return true; } } internal override CredentialsSafeHandle ToNativeCredentials() { return CredentialsSafeHandle.CreateSslCredentials(rootCertificates, keyCertificatePair); } } /// /// Credentials that allow composing one object and /// one or more objects into a single . /// internal sealed class CompositeChannelCredentials : ChannelCredentials { readonly ChannelCredentials channelCredentials; readonly CallCredentials callCredentials; /// /// Initializes a new instance of CompositeChannelCredentials class. /// The resulting credentials object will be composite of all the credentials specified as parameters. /// /// channelCredentials to compose /// channelCredentials to compose public CompositeChannelCredentials(ChannelCredentials channelCredentials, CallCredentials callCredentials) { this.channelCredentials = Preconditions.CheckNotNull(channelCredentials); this.callCredentials = Preconditions.CheckNotNull(callCredentials); Preconditions.CheckArgument(channelCredentials.IsComposable, "Supplied channel credentials do not allow composition."); } internal override CredentialsSafeHandle ToNativeCredentials() { using (var cred1 = channelCredentials.ToNativeCredentials()) using (var cred2 = callCredentials.ToNativeCredentials()) { var nativeComposite = CredentialsSafeHandle.CreateComposite(cred1, cred2); if (nativeComposite.IsInvalid) { throw new ArgumentException("Error creating native composite credentials. Likely, this is because you are trying to compose incompatible credentials."); } return nativeComposite; } } } /// /// Credentials wrapping as . /// internal sealed class WrappedCallCredentials : ChannelCredentials { readonly CallCredentials callCredentials; /// /// Wraps instance of CallCredentials as ChannelCredentials. /// /// credentials to wrap public WrappedCallCredentials(CallCredentials callCredentials) { this.callCredentials = Preconditions.CheckNotNull(callCredentials); } internal override CredentialsSafeHandle ToNativeCredentials() { return callCredentials.ToNativeCredentials(); } } }