/*
*
* Copyright 2015 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
#include <node.h>
#include "call.h"
#include "call_credentials.h"
#include "channel_credentials.h"
#include "util.h"
#include "grpc/grpc.h"
#include "grpc/grpc_security.h"
#include "grpc/support/log.h"
namespace grpc {
namespace node {
using Nan::Callback;
using Nan::EscapableHandleScope;
using Nan::HandleScope;
using Nan::Maybe;
using Nan::MaybeLocal;
using Nan::ObjectWrap;
using Nan::Persistent;
using Nan::Utf8String;
using v8::Array;
using v8::Context;
using v8::Exception;
using v8::External;
using v8::Function;
using v8::FunctionTemplate;
using v8::Integer;
using v8::Local;
using v8::Object;
using v8::ObjectTemplate;
using v8::Value;
Nan::Callback *ChannelCredentials::constructor;
Persistent<FunctionTemplate> ChannelCredentials::fun_tpl;
ChannelCredentials::ChannelCredentials(grpc_channel_credentials *credentials)
: wrapped_credentials(credentials) {}
ChannelCredentials::~ChannelCredentials() {
grpc_channel_credentials_release(wrapped_credentials);
}
static int verify_peer_callback_wrapper(const char* servername, const char* cert, void* userdata) {
Nan::HandleScope scope;
Nan::TryCatch try_catch;
Nan::Callback *callback = (Nan::Callback*)userdata;
const unsigned argc = 2;
Local<Value> argv[argc];
if (servername == NULL) {
argv[0] = Nan::Null();
} else {
argv[0] = Nan::New<v8::String>(servername).ToLocalChecked();
}
if (cert == NULL) {
argv[1] = Nan::Null();
} else {
argv[1] = Nan::New<v8::String>(cert).ToLocalChecked();
}
MaybeLocal<Value> result = Nan::Call(*callback, argc, argv);
// Catch any exception and return with a distinct status code which indicates this
if (try_catch.HasCaught()) {
return 2;
}
// If the result is an error, return a failure
if (result.ToLocalChecked()->IsNativeError()) {
return 1;
}
return 0;
}
static void verify_peer_callback_destruct(void *userdata) {
Nan::Callback *callback = (Nan::Callback*)userdata;
delete callback;
}
void ChannelCredentials::Init(Local<Object> exports) {
HandleScope scope;
Local<FunctionTemplate> tpl = Nan::New<FunctionTemplate>(New);
tpl->SetClassName(Nan::New("ChannelCredentials").ToLocalChecked());
tpl->InstanceTemplate()->SetInternalFieldCount(1);
Nan::SetPrototypeMethod(tpl, "compose", Compose);
fun_tpl.Reset(tpl);
Local<Function> ctr = Nan::GetFunction(tpl).ToLocalChecked();
Nan::Set(
ctr, Nan::New("createSsl").ToLocalChecked(),
Nan::GetFunction(Nan::New<FunctionTemplate>(CreateSsl)).ToLocalChecked());
Nan::Set(ctr, Nan::New("createInsecure").ToLocalChecked(),
Nan::GetFunction(Nan::New<FunctionTemplate>(CreateInsecure))
.ToLocalChecked());
Nan::Set(exports, Nan::New("ChannelCredentials").ToLocalChecked(), ctr);
constructor = new Nan::Callback(ctr);
}
bool ChannelCredentials::HasInstance(Local<Value> val) {
HandleScope scope;
return Nan::New(fun_tpl)->HasInstance(val);
}
Local<Value> ChannelCredentials::WrapStruct(
grpc_channel_credentials *credentials) {
EscapableHandleScope scope;
const int argc = 1;
Local<Value> argv[argc] = {
Nan::New<External>(reinterpret_cast<void *>(credentials))};
MaybeLocal<Object> maybe_instance =
Nan::NewInstance(constructor->GetFunction(), argc, argv);
if (maybe_instance.IsEmpty()) {
return scope.Escape(Nan::Null());
} else {
return scope.Escape(maybe_instance.ToLocalChecked());
}
}
grpc_channel_credentials *ChannelCredentials::GetWrappedCredentials() {
return wrapped_credentials;
}
NAN_METHOD(ChannelCredentials::New) {
if (info.IsConstructCall()) {
if (!info[0]->IsExternal()) {
return Nan::ThrowTypeError(
"ChannelCredentials can only be created with the provided functions");
}
Local<External> ext = info[0].As<External>();
grpc_channel_credentials *creds_value =
reinterpret_cast<grpc_channel_credentials *>(ext->Value());
ChannelCredentials *credentials = new ChannelCredentials(creds_value);
credentials->Wrap(info.This());
info.GetReturnValue().Set(info.This());
return;
} else {
// This should never be called directly
return Nan::ThrowTypeError(
"ChannelCredentials can only be created with the provided functions");
}
}
NAN_METHOD(ChannelCredentials::CreateSsl) {
StringOrNull root_certs;
StringOrNull private_key;
StringOrNull cert_chain;
if (::node::Buffer::HasInstance(info[0])) {
root_certs.assign(info[0]);
} else if (!(info[0]->IsNull() || info[0]->IsUndefined())) {
return Nan::ThrowTypeError("createSsl's first argument must be a Buffer");
}
if (::node::Buffer::HasInstance(info[1])) {
private_key.assign(info[1]);
} else if (!(info[1]->IsNull() || info[1]->IsUndefined())) {
return Nan::ThrowTypeError(
"createSSl's second argument must be a Buffer if provided");
}
if (::node::Buffer::HasInstance(info[2])) {
cert_chain.assign(info[2]);
} else if (!(info[2]->IsNull() || info[2]->IsUndefined())) {
return Nan::ThrowTypeError(
"createSSl's third argument must be a Buffer if provided");
}
grpc_ssl_pem_key_cert_pair key_cert_pair = {private_key.get(),
cert_chain.get()};
if (private_key.isAssigned() != cert_chain.isAssigned()) {
return Nan::ThrowError(
"createSsl's second and third arguments must be"
" provided or omitted together");
}
verify_peer_options verify_options = {NULL, NULL, NULL};
if (!info[3]->IsUndefined()) {
if (!info[3]->IsObject()) {
return Nan::ThrowTypeError("createSsl's fourth argument must be an object");
}
Local<Object> object = info[3]->ToObject();
Local<Value> checkServerIdentityValue = Nan::Get(object,
Nan::New("checkServerIdentity").ToLocalChecked()).ToLocalChecked();
if (!checkServerIdentityValue->IsUndefined()) {
if (!checkServerIdentityValue->IsFunction()) {
return Nan::ThrowTypeError("Value of checkServerIdentity must be a function.");
}
Nan::Callback *callback = new Callback(Local<Function>::Cast(
checkServerIdentityValue));
verify_options.verify_peer_callback = verify_peer_callback_wrapper;
verify_options.verify_peer_callback_userdata = (void*)callback;
verify_options.verify_peer_destruct = verify_peer_callback_destruct;
}
}
grpc_channel_credentials *creds = grpc_ssl_credentials_create(
root_certs.get(), private_key.isAssigned() ? &key_cert_pair : NULL,
&verify_options, NULL);
if (creds == NULL) {
info.GetReturnValue().SetNull();
} else {
info.GetReturnValue().Set(WrapStruct(creds));
}
}
NAN_METHOD(ChannelCredentials::Compose) {
if (!ChannelCredentials::HasInstance(info.This())) {
return Nan::ThrowTypeError(
"compose can only be called on ChannelCredentials objects");
}
if (!CallCredentials::HasInstance(info[0])) {
return Nan::ThrowTypeError(
"compose's first argument must be a CallCredentials object");
}
ChannelCredentials *self =
ObjectWrap::Unwrap<ChannelCredentials>(info.This());
if (self->wrapped_credentials == NULL) {
return Nan::ThrowTypeError("Cannot compose insecure credential");
}
CallCredentials *other = ObjectWrap::Unwrap<CallCredentials>(
Nan::To<Object>(info[0]).ToLocalChecked());
grpc_channel_credentials *creds = grpc_composite_channel_credentials_create(
self->wrapped_credentials, other->GetWrappedCredentials(), NULL);
if (creds == NULL) {
info.GetReturnValue().SetNull();
} else {
info.GetReturnValue().Set(WrapStruct(creds));
}
}
NAN_METHOD(ChannelCredentials::CreateInsecure) {
info.GetReturnValue().Set(WrapStruct(NULL));
}
} // namespace node
} // namespace grpc