grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Address PR comments

This commit is contained in:
Andrey Ermolov 2023-10-16 16:22:51 +00:00
parent b16af8b654
commit 21f430135c
3 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security/advancedtls/crl.go
View File

@ -116,8 +116,8 @@ func NewCRL(b []byte) (*CRL, error) {
return crlExt, nil return crlExt, nil
} }
// ReadCRLFile reads a file from the provided path, and returns constructed // ReadCRLFile reads a file from the provided path, and returns constructed CRL
// from it. // struct from it.
func ReadCRLFile(path string) (*CRL, error) { func ReadCRLFile(path string) (*CRL, error) {
b, err := os.ReadFile(path) b, err := os.ReadFile(path)
if err != nil { if err != nil {

14
security/advancedtls/crl_provider.go
View File

@ -31,10 +31,13 @@ const defaultCRLRefreshDuration = 1 * time.Hour
// CRLProvider is the interface to be implemented to enable custom CRL provider // CRLProvider is the interface to be implemented to enable custom CRL provider
// behavior. // behavior.
// //
// The interface defines how the data is read, but doesn't prescribe a way // The interface defines how gRPC gets CRLs from the provider during handshakes,
// CRL are loaded and stored. Such implementations can be used in // but doesn't prescribe a specific way to load and store CRLs. Such
// RevocationConfig of advancedtls.ClientOptions and/or // implementations can be used in RevocationConfig of advancedtls.ClientOptions
// advancedtls.ServerOptions . // and/or advancedtls.ServerOptions.
// Please note that checking CRLs is being directly on the path of connection
// establishment, so implementations of the CRL function need to be fast, and
// slow things such as file IO should be done asynchronously.
// TODO(erm-g): Add link to related gRFC once it's ready. // TODO(erm-g): Add link to related gRFC once it's ready.
// Please refer to https://github.com/grpc/proposal/ for more details. // Please refer to https://github.com/grpc/proposal/ for more details.
type CRLProvider interface { type CRLProvider interface {
@ -47,9 +50,6 @@ type CRLProvider interface {
// StaticCRLProvider implements CRLProvider interface by accepting raw content // StaticCRLProvider implements CRLProvider interface by accepting raw content
// of CRL files at creation time and storing parsed CRL structs in-memory. // of CRL files at creation time and storing parsed CRL structs in-memory.
type StaticCRLProvider struct { type StaticCRLProvider struct {
// TODO CRL is sort of our internal representation - provide an API for
// people to read into it, or provide a simpler type in the API then
// internally convert to this form
crls map[string]*CRL crls map[string]*CRL
} }

1
security/advancedtls/crl_provider_test.go
View File

@ -128,7 +128,6 @@ func (s) TestFileWatcherCRLProviderConfig(t *testing.T) {
// that its correctly processed. Additionally, we also check if number of // that its correctly processed. Additionally, we also check if number of
// invocations of custom callback is correct. // invocations of custom callback is correct.
func (s) TestFileWatcherCRLProvider(t *testing.T) { func (s) TestFileWatcherCRLProvider(t *testing.T) {
// testdata.Path("crl") contains 5 non-crl files.
nonCRLFilesSet := make(map[string]struct{}) nonCRLFilesSet := make(map[string]struct{})
customCallback := func(err error) { customCallback := func(err error) {
nonCRLFilesSet[err.Error()] = struct{}{} nonCRLFilesSet[err.Error()] = struct{}{}