aboutsummaryrefslogtreecommitdiffstats
path: root/library/cpp/grpc/server
diff options
context:
space:
mode:
authormolotkov-and <molotkov-and@ydb.tech>2022-11-18 12:50:29 +0300
committermolotkov-and <molotkov-and@ydb.tech>2022-11-18 12:50:29 +0300
commita45acb262bfb6f7d06d70f9f04a763d61e811966 (patch)
tree2e4eacaa4f1ecfba0bea894abf4888b7718712ad /library/cpp/grpc/server
parentd563b5b3a6578243440353c5cfafdb56cc05fff3 (diff)
downloadydb-a45acb262bfb6f7d06d70f9f04a763d61e811966.tar.gz
Authorization of registration node
Diffstat (limited to 'library/cpp/grpc/server')
-rw-r--r--library/cpp/grpc/server/grpc_async_ctx_base.h10
-rw-r--r--library/cpp/grpc/server/grpc_request.h4
-rw-r--r--library/cpp/grpc/server/grpc_request_base.h2
-rw-r--r--library/cpp/grpc/server/grpc_server.cpp6
-rw-r--r--library/cpp/grpc/server/grpc_server.h1
5 files changed, 23 insertions, 0 deletions
diff --git a/library/cpp/grpc/server/grpc_async_ctx_base.h b/library/cpp/grpc/server/grpc_async_ctx_base.h
index 51356d4ce5..079bce4102 100644
--- a/library/cpp/grpc/server/grpc_async_ctx_base.h
+++ b/library/cpp/grpc/server/grpc_async_ctx_base.h
@@ -69,6 +69,16 @@ public:
return values;
}
+ TVector<TStringBuf> FindClientCert() const {
+ auto authContext = Context.auth_context();
+
+ TVector<TStringBuf> values;
+ for (auto& value: authContext->FindPropertyValues(GRPC_X509_PEM_CERT_PROPERTY_NAME)) {
+ values.emplace_back(value.data(), value.size());
+ }
+ return values;
+ }
+
grpc_compression_level GetCompressionLevel() const {
return Context.compression_level();
}
diff --git a/library/cpp/grpc/server/grpc_request.h b/library/cpp/grpc/server/grpc_request.h
index a3a5c291f0..c4b7e9c040 100644
--- a/library/cpp/grpc/server/grpc_request.h
+++ b/library/cpp/grpc/server/grpc_request.h
@@ -170,6 +170,10 @@ public:
return TBaseAsyncContext<TService>::GetPeerMetaValues(key);
}
+ TVector<TStringBuf> FindClientCert() const override {
+ return TBaseAsyncContext<TService>::FindClientCert();
+ }
+
grpc_compression_level GetCompressionLevel() const override {
return TBaseAsyncContext<TService>::GetCompressionLevel();
}
diff --git a/library/cpp/grpc/server/grpc_request_base.h b/library/cpp/grpc/server/grpc_request_base.h
index 105f9515d0..42b78ed7df 100644
--- a/library/cpp/grpc/server/grpc_request_base.h
+++ b/library/cpp/grpc/server/grpc_request_base.h
@@ -82,6 +82,8 @@ public:
//! Returns peer optional metavalue
virtual TVector<TStringBuf> GetPeerMetaValues(TStringBuf key) const = 0;
+ virtual TVector<TStringBuf> FindClientCert() const = 0;
+
//! Returns request compression level
virtual grpc_compression_level GetCompressionLevel() const = 0;
diff --git a/library/cpp/grpc/server/grpc_server.cpp b/library/cpp/grpc/server/grpc_server.cpp
index 7437b7a8f5..97472206e2 100644
--- a/library/cpp/grpc/server/grpc_server.cpp
+++ b/library/cpp/grpc/server/grpc_server.cpp
@@ -3,6 +3,7 @@
#include <util/string/join.h>
#include <util/generic/yexception.h>
#include <util/system/thread.h>
+#include <util/generic/map.h>
#include <grpc++/resource_quota.h>
#include <contrib/libs/grpc/src/core/lib/iomgr/socket_mutator.h>
@@ -64,6 +65,11 @@ void TGRpcServer::Start() {
grpc::SslServerCredentialsOptions sslOps;
sslOps.pem_root_certs = std::move(Options_.SslData->Root);
sslOps.pem_key_cert_pairs.push_back(keycert);
+
+ if (Options_.SslData->DoRequestClientCertificate) {
+ sslOps.client_certificate_request = GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY;
+ }
+
credentials = grpc::SslServerCredentials(sslOps);
}
if (Options_.ExternalListener) {
diff --git a/library/cpp/grpc/server/grpc_server.h b/library/cpp/grpc/server/grpc_server.h
index d6814a90a0..c9b48a6676 100644
--- a/library/cpp/grpc/server/grpc_server.h
+++ b/library/cpp/grpc/server/grpc_server.h
@@ -25,6 +25,7 @@ struct TSslData {
TString Cert;
TString Key;
TString Root;
+ bool DoRequestClientCertificate = false;
};
struct IExternalListener
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-27 08:14:25 +0000