#region Copyright notice and license
// Copyright 2015, Google Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following disclaimer
// in the documentation and/or other materials provided with the
// distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived from
// this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#endregion
using System;
using System.Collections.Generic;
using Grpc.Core.Internal;
using Grpc.Core.Utils;
namespace Grpc.Core
{
///
/// Server side credentials.
///
public abstract class ServerCredentials
{
static readonly ServerCredentials InsecureInstance = new InsecureServerCredentialsImpl();
///
/// Returns instance of credential that provides no security and
/// will result in creating an unsecure server port with no encryption whatsoever.
///
public static ServerCredentials Insecure
{
get
{
return InsecureInstance;
}
}
///
/// Creates native object for the credentials.
///
/// The native credentials.
internal abstract ServerCredentialsSafeHandle ToNativeCredentials();
private sealed class InsecureServerCredentialsImpl : ServerCredentials
{
internal override ServerCredentialsSafeHandle ToNativeCredentials()
{
return null;
}
}
}
///
/// Server-side SSL credentials.
///
public class SslServerCredentials : ServerCredentials
{
readonly IList keyCertificatePairs;
readonly string rootCertificates;
readonly bool forceClientAuth;
///
/// Creates server-side SSL credentials.
///
/// Key-certificates to use.
/// PEM encoded client root certificates used to authenticate client.
/// If true, client will be rejected unless it proves its unthenticity using against rootCertificates.
public SslServerCredentials(IEnumerable keyCertificatePairs, string rootCertificates, bool forceClientAuth)
{
this.keyCertificatePairs = new List(keyCertificatePairs).AsReadOnly();
Preconditions.CheckArgument(this.keyCertificatePairs.Count > 0,
"At least one KeyCertificatePair needs to be provided");
if (forceClientAuth)
{
Preconditions.CheckNotNull(rootCertificates,
"Cannot force client authentication unless you provide rootCertificates.");
}
this.rootCertificates = rootCertificates;
this.forceClientAuth = forceClientAuth;
}
///
/// Creates server-side SSL credentials.
/// This constructor should be use if you do not wish to autheticate client
/// using client root certificates.
///
/// Key-certificates to use.
public SslServerCredentials(IEnumerable keyCertificatePairs) : this(keyCertificatePairs, null, false)
{
}
///
/// Key-certificate pairs.
///
public IList KeyCertificatePairs
{
get
{
return this.keyCertificatePairs;
}
}
///
/// PEM encoded client root certificates.
///
public string RootCertificates
{
get
{
return this.rootCertificates;
}
}
///
/// If true, the authenticity of client check will be enforced.
///
public bool ForceClientAuthentication
{
get
{
return this.forceClientAuth;
}
}
internal override ServerCredentialsSafeHandle ToNativeCredentials()
{
int count = keyCertificatePairs.Count;
string[] certChains = new string[count];
string[] keys = new string[count];
for (int i = 0; i < count; i++)
{
certChains[i] = keyCertificatePairs[i].CertificateChain;
keys[i] = keyCertificatePairs[i].PrivateKey;
}
return ServerCredentialsSafeHandle.CreateSslCredentials(rootCertificates, certChains, keys, forceClientAuth);
}
}
}