Skip to content

Commit

Permalink
Merge pull request grpc#3000 from murgatroid99/node_server_creds_mult…
Browse files Browse the repository at this point in the history
…iple_pairs

Allow Node server credentials to have multiple key/cert pairs
  • Loading branch information
tbetbetbe committed Aug 21, 2015
2 parents 3c807ea + 6b3737d commit b7e55a2
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 13 deletions.
63 changes: 53 additions & 10 deletions src/node/ext/server_credentials.cc
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
namespace grpc {
namespace node {

using v8::Array;
using v8::Exception;
using v8::External;
using v8::Function;
Expand All @@ -52,6 +53,7 @@ using v8::Local;
using v8::Object;
using v8::ObjectTemplate;
using v8::Persistent;
using v8::String;
using v8::Value;

NanCallback *ServerCredentials::constructor;
Expand Down Expand Up @@ -122,25 +124,66 @@ NAN_METHOD(ServerCredentials::CreateSsl) {
// TODO: have the node API support multiple key/cert pairs.
NanScope();
char *root_certs = NULL;
grpc_ssl_pem_key_cert_pair key_cert_pair;
if (::node::Buffer::HasInstance(args[0])) {
root_certs = ::node::Buffer::Data(args[0]);
} else if (!(args[0]->IsNull() || args[0]->IsUndefined())) {
return NanThrowTypeError(
"createSSl's first argument must be a Buffer if provided");
}
if (!::node::Buffer::HasInstance(args[1])) {
return NanThrowTypeError("createSsl's second argument must be a Buffer");
if (!args[1]->IsArray()) {
return NanThrowTypeError(
"createSsl's second argument must be a list of objects");
}
int force_client_auth = 0;
if (args[2]->IsBoolean()) {
force_client_auth = (int)args[2]->BooleanValue();
} else if (!(args[2]->IsUndefined() || args[2]->IsNull())) {
return NanThrowTypeError(
"createSsl's third argument must be a boolean if provided");
}
key_cert_pair.private_key = ::node::Buffer::Data(args[1]);
if (!::node::Buffer::HasInstance(args[2])) {
return NanThrowTypeError("createSsl's third argument must be a Buffer");
Handle<Array> pair_list = Local<Array>::Cast(args[1]);
uint32_t key_cert_pair_count = pair_list->Length();
grpc_ssl_pem_key_cert_pair *key_cert_pairs = new grpc_ssl_pem_key_cert_pair[
key_cert_pair_count];

Handle<String> key_key = NanNew("private_key");
Handle<String> cert_key = NanNew("cert_chain");

for(uint32_t i = 0; i < key_cert_pair_count; i++) {
if (!pair_list->Get(i)->IsObject()) {
delete key_cert_pairs;
return NanThrowTypeError("Key/cert pairs must be objects");
}
Handle<Object> pair_obj = pair_list->Get(i)->ToObject();
if (!pair_obj->HasOwnProperty(key_key)) {
delete key_cert_pairs;
return NanThrowTypeError(
"Key/cert pairs must have a private_key and a cert_chain");
}
if (!pair_obj->HasOwnProperty(cert_key)) {
delete key_cert_pairs;
return NanThrowTypeError(
"Key/cert pairs must have a private_key and a cert_chain");
}
if (!::node::Buffer::HasInstance(pair_obj->Get(key_key))) {
delete key_cert_pairs;
return NanThrowTypeError("private_key must be a Buffer");
}
if (!::node::Buffer::HasInstance(pair_obj->Get(cert_key))) {
delete key_cert_pairs;
return NanThrowTypeError("cert_chain must be a Buffer");
}
key_cert_pairs[i].private_key = ::node::Buffer::Data(
pair_obj->Get(key_key));
key_cert_pairs[i].cert_chain = ::node::Buffer::Data(
pair_obj->Get(cert_key));
}
key_cert_pair.cert_chain = ::node::Buffer::Data(args[2]);
// TODO Add a force_client_auth parameter and pass it as the last parameter
// here.
grpc_server_credentials *creds =
grpc_ssl_server_credentials_create(root_certs, &key_cert_pair, 1, 0);
grpc_ssl_server_credentials_create(root_certs,
key_cert_pairs,
key_cert_pair_count,
force_client_auth);
delete key_cert_pairs;
if (creds == NULL) {
NanReturnNull();
}
Expand Down
4 changes: 2 additions & 2 deletions src/node/interop/interop_server.js
Original file line number Diff line number Diff line change
Expand Up @@ -169,8 +169,8 @@ function getServer(port, tls) {
var key_data = fs.readFileSync(key_path);
var pem_data = fs.readFileSync(pem_path);
server_creds = grpc.ServerCredentials.createSsl(null,
key_data,
pem_data);
[{private_key: key_data,
cert_chain: pem_data}]);
} else {
server_creds = grpc.ServerCredentials.createInsecure();
}
Expand Down
4 changes: 3 additions & 1 deletion src/node/test/server_test.js
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,9 @@ describe('server', function() {
var pem_path = path.join(__dirname, '../test/data/server1.pem');
var key_data = fs.readFileSync(key_path);
var pem_data = fs.readFileSync(pem_path);
var creds = grpc.ServerCredentials.createSsl(null, key_data, pem_data);
var creds = grpc.ServerCredentials.createSsl(null,
[{private_key: key_data,
cert_chain: pem_data}]);
assert.doesNotThrow(function() {
port = server.addHttp2Port('0.0.0.0:0', creds);
});
Expand Down

0 comments on commit b7e55a2

Please sign in to comment.