grpc
/
grpc-node
mirror of https://github.com/grpc/grpc-node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

grpc-js: Add support for TLS-related environment variables

This commit is contained in:
murgatroid99 2019-12-05 17:51:25 -08:00
parent cb0792818c
commit 36cf935e7d
3 changed files with 40 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/grpc-js/src/channel-credentials.ts
View File

@ -18,7 +18,7 @@
import { ConnectionOptions, createSecureContext, PeerCertificate } from 'tls'; import { ConnectionOptions, createSecureContext, PeerCertificate } from 'tls';
import { CallCredentials } from './call-credentials'; import { CallCredentials } from './call-credentials';
import { Call } from '.'; import {CIPHER_SUITES, getDefaultRootsData} from './tls-helpers';
// tslint:disable-next-line:no-any // tslint:disable-next-line:no-any
function verifyIsBufferOrNull(obj: any, friendlyName: string): void { function verifyIsBufferOrNull(obj: any, friendlyName: string): void {
@ -141,7 +141,7 @@ export abstract class ChannelCredentials {
); );
} }
return new SecureChannelCredentialsImpl( return new SecureChannelCredentialsImpl(
rootCerts || null, rootCerts || getDefaultRootsData(),
privateKey || null, privateKey || null,
certChain || null, certChain || null,
verifyOptions || {} verifyOptions || {}
@ -190,6 +190,7 @@ class SecureChannelCredentialsImpl extends ChannelCredentials {
ca: rootCerts || undefined, ca: rootCerts || undefined,
key: privateKey || undefined, key: privateKey || undefined,
cert: certChain || undefined, cert: certChain || undefined,
ciphers: CIPHER_SUITES
}); });
this.connectionOptions = { secureContext }; this.connectionOptions = { secureContext };
if (verifyOptions && verifyOptions.checkServerIdentity) { if (verifyOptions && verifyOptions.checkServerIdentity) {

4
packages/grpc-js/src/server-credentials.ts
View File

@ -16,6 +16,7 @@
*/ */
import { SecureServerOptions } from 'http2'; import { SecureServerOptions } from 'http2';
import {CIPHER_SUITES, getDefaultRootsData} from './tls-helpers';
export interface KeyCertPair { export interface KeyCertPair {
private_key: Buffer; private_key: Buffer;
@ -70,10 +71,11 @@ export abstract class ServerCredentials {
} }
return new SecureServerCredentials({ return new SecureServerCredentials({
ca: rootCerts || undefined, ca: rootCerts || getDefaultRootsData() || undefined,
cert, cert,
key, key,
requestCert: checkClientCertificate, requestCert: checkClientCertificate,
ciphers: CIPHER_SUITES
}); });
} }
} }

34
packages/grpc-js/src/tls-helpers.ts Normal file
View File

@ -0,0 +1,34 @@
/*
* Copyright 2019 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
import * as fs from 'fs';
export const CIPHER_SUITES: string | undefined = process.env.GRPC_SSL_CIPHER_SUITES;
const DEFAULT_ROOTS_FILE_PATH = process.env.GRPC_DEFAULT_SSL_ROOTS_FILE_PATH;
let defaultRootsData: Buffer | null = null;
export function getDefaultRootsData(): Buffer | null {
if (DEFAULT_ROOTS_FILE_PATH) {
if (defaultRootsData === null) {
defaultRootsData = fs.readFileSync(DEFAULT_ROOTS_FILE_PATH);
}
return defaultRootsData;
}
return null;
}