1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #include "channel_credentials.h"
20 
21 #include <ext/standard/sha1.h>
22 #include <ext/spl/spl_exceptions.h>
23 #include <zend_exceptions.h>
24 
25 #include <grpc/support/alloc.h>
26 #include <grpc/support/string_util.h>
27 
28 #include "call_credentials.h"
29 #include "channel.h"
30 
31 zend_class_entry *grpc_ce_channel_credentials;
32 PHP_GRPC_DECLARE_OBJECT_HANDLER(channel_credentials_ce_handlers)
33 static char *default_pem_root_certs = NULL;
34 
get_ssl_roots_override(char ** pem_root_certs)35 static grpc_ssl_roots_override_result get_ssl_roots_override(
36     char **pem_root_certs) {
37   if (!default_pem_root_certs) {
38     *pem_root_certs = NULL;
39     return GRPC_SSL_ROOTS_OVERRIDE_FAIL;
40   }
41   *pem_root_certs = gpr_strdup(default_pem_root_certs);
42   return GRPC_SSL_ROOTS_OVERRIDE_OK;
43 }
44 
45 /* Frees and destroys an instance of wrapped_grpc_channel_credentials */
46 PHP_GRPC_FREE_WRAPPED_FUNC_START(wrapped_grpc_channel_credentials)
47   if (p->hashstr != NULL) {
48     free(p->hashstr);
49     p->hashstr = NULL;
50   }
51   if (p->wrapped != NULL) {
52     grpc_channel_credentials_release(p->wrapped);
53     p->wrapped = NULL;
54   }
PHP_GRPC_FREE_WRAPPED_FUNC_END()55 PHP_GRPC_FREE_WRAPPED_FUNC_END()
56 
57 /* Initializes an instance of wrapped_grpc_channel_credentials to be
58  * associated with an object of a class specified by class_type */
59 php_grpc_zend_object create_wrapped_grpc_channel_credentials(
60     zend_class_entry *class_type TSRMLS_DC) {
61   PHP_GRPC_ALLOC_CLASS_OBJECT(wrapped_grpc_channel_credentials);
62   zend_object_std_init(&intern->std, class_type TSRMLS_CC);
63   object_properties_init(&intern->std, class_type);
64   PHP_GRPC_FREE_CLASS_OBJECT(wrapped_grpc_channel_credentials,
65                              channel_credentials_ce_handlers);
66 }
67 
grpc_php_wrap_channel_credentials(grpc_channel_credentials * wrapped,char * hashstr,zend_bool has_call_creds TSRMLS_DC)68 zval *grpc_php_wrap_channel_credentials(grpc_channel_credentials *wrapped,
69                                         char *hashstr,
70                                         zend_bool has_call_creds TSRMLS_DC) {
71   zval *credentials_object;
72   PHP_GRPC_MAKE_STD_ZVAL(credentials_object);
73   object_init_ex(credentials_object, grpc_ce_channel_credentials);
74   wrapped_grpc_channel_credentials *credentials =
75     PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_channel_credentials,
76                                 credentials_object);
77   credentials->wrapped = wrapped;
78   credentials->hashstr = hashstr;
79   credentials->has_call_creds = has_call_creds;
80   return credentials_object;
81 }
82 
83 /**
84  * Set default roots pem.
85  * @param string $pem_roots PEM encoding of the server root certificates
86  * @return void
87  */
PHP_METHOD(ChannelCredentials,setDefaultRootsPem)88 PHP_METHOD(ChannelCredentials, setDefaultRootsPem) {
89   char *pem_roots;
90   php_grpc_int pem_roots_length;
91 
92   /* "s" == 1 string */
93   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &pem_roots,
94                             &pem_roots_length) == FAILURE) {
95     zend_throw_exception(spl_ce_InvalidArgumentException,
96                          "setDefaultRootsPem expects 1 string", 1 TSRMLS_CC);
97     return;
98   }
99   default_pem_root_certs = gpr_realloc(default_pem_root_certs, (pem_roots_length + 1) * sizeof(char));
100   memcpy(default_pem_root_certs, pem_roots, pem_roots_length + 1);
101 }
102 
103 /**
104  * Create a default channel credentials object.
105  * @return ChannelCredentials The new default channel credentials object
106  */
PHP_METHOD(ChannelCredentials,createDefault)107 PHP_METHOD(ChannelCredentials, createDefault) {
108   grpc_channel_credentials *creds = grpc_google_default_credentials_create();
109   zval *creds_object = grpc_php_wrap_channel_credentials(creds, NULL, false
110                                                          TSRMLS_CC);
111   RETURN_DESTROY_ZVAL(creds_object);
112 }
113 
114 /**
115  * Create SSL credentials.
116  * @param string $pem_root_certs PEM encoding of the server root certificates
117  * @param string $pem_key_cert_pair.private_key PEM encoding of the client's
118  *                                              private key (optional)
119  * @param string $pem_key_cert_pair.cert_chain PEM encoding of the client's
120  *                                             certificate chain (optional)
121  * @return ChannelCredentials The new SSL credentials object
122  */
PHP_METHOD(ChannelCredentials,createSsl)123 PHP_METHOD(ChannelCredentials, createSsl) {
124   char *pem_root_certs = NULL;
125   grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
126 
127   php_grpc_int root_certs_length = 0;
128   php_grpc_int private_key_length = 0;
129   php_grpc_int cert_chain_length = 0;
130 
131   pem_key_cert_pair.private_key = pem_key_cert_pair.cert_chain = NULL;
132 
133   grpc_set_ssl_roots_override_callback(get_ssl_roots_override);
134 
135   /* "|s!s!s!" == 3 optional nullable strings */
136   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s!s!s!",
137                             &pem_root_certs, &root_certs_length,
138                             &pem_key_cert_pair.private_key,
139                             &private_key_length,
140                             &pem_key_cert_pair.cert_chain,
141                             &cert_chain_length) == FAILURE) {
142     zend_throw_exception(spl_ce_InvalidArgumentException,
143                          "createSsl expects 3 optional strings", 1 TSRMLS_CC);
144     return;
145   }
146 
147   php_grpc_int hashkey_len = root_certs_length + cert_chain_length;
148   char *hashkey = emalloc(hashkey_len + 1);
149   if (root_certs_length > 0) {
150     strcpy(hashkey, pem_root_certs);
151   }
152   if (cert_chain_length > 0) {
153     strcpy(hashkey, pem_key_cert_pair.cert_chain);
154   }
155 
156   char *hashstr = malloc(41);
157   generate_sha1_str(hashstr, hashkey, hashkey_len);
158 
159   grpc_channel_credentials *creds = grpc_ssl_credentials_create(
160       pem_root_certs,
161       pem_key_cert_pair.private_key == NULL ? NULL : &pem_key_cert_pair, NULL, NULL);
162   zval *creds_object = grpc_php_wrap_channel_credentials(creds, hashstr, false
163                                                          TSRMLS_CC);
164   efree(hashkey);
165   RETURN_DESTROY_ZVAL(creds_object);
166 }
167 
168 /**
169  * Create composite credentials from two existing credentials.
170  * @param ChannelCredentials $cred1_obj The first credential
171  * @param CallCredentials $cred2_obj The second credential
172  * @return ChannelCredentials The new composite credentials object
173  */
PHP_METHOD(ChannelCredentials,createComposite)174 PHP_METHOD(ChannelCredentials, createComposite) {
175   zval *cred1_obj;
176   zval *cred2_obj;
177 
178   grpc_set_ssl_roots_override_callback(get_ssl_roots_override);
179 
180   /* "OO" == 2 Objects */
181   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "OO", &cred1_obj,
182                             grpc_ce_channel_credentials, &cred2_obj,
183                             grpc_ce_call_credentials) == FAILURE) {
184     zend_throw_exception(spl_ce_InvalidArgumentException,
185                          "createComposite expects 2 Credentials", 1 TSRMLS_CC);
186     return;
187   }
188   wrapped_grpc_channel_credentials *cred1 =
189     PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_channel_credentials, cred1_obj);
190   wrapped_grpc_call_credentials *cred2 =
191     PHP_GRPC_GET_WRAPPED_OBJECT(wrapped_grpc_call_credentials, cred2_obj);
192   grpc_channel_credentials *creds =
193     grpc_composite_channel_credentials_create(cred1->wrapped, cred2->wrapped,
194                                               NULL);
195   // wrapped_grpc_channel_credentials object should keeps it's own
196   // allocation. Otherwise it conflicts free hashstr with call.c.
197   php_grpc_int cred1_len = strlen(cred1->hashstr);
198   char *cred1_hashstr = malloc(cred1_len+1);
199   strcpy(cred1_hashstr, cred1->hashstr);
200   zval *creds_object =
201     grpc_php_wrap_channel_credentials(creds, cred1_hashstr, true TSRMLS_CC);
202   RETURN_DESTROY_ZVAL(creds_object);
203 }
204 
205 /**
206  * Create insecure channel credentials
207  * @return null
208  */
PHP_METHOD(ChannelCredentials,createInsecure)209 PHP_METHOD(ChannelCredentials, createInsecure) {
210   RETURN_NULL();
211 }
212 
213 ZEND_BEGIN_ARG_INFO_EX(arginfo_setDefaultRootsPem, 0, 0, 1)
214   ZEND_ARG_INFO(0, pem_roots)
215 ZEND_END_ARG_INFO()
216 
217 ZEND_BEGIN_ARG_INFO_EX(arginfo_createDefault, 0, 0, 0)
218 ZEND_END_ARG_INFO()
219 
220 ZEND_BEGIN_ARG_INFO_EX(arginfo_createSsl, 0, 0, 0)
221   ZEND_ARG_INFO(0, pem_root_certs)
222   ZEND_ARG_INFO(0, pem_private_key)
223   ZEND_ARG_INFO(0, pem_cert_chain)
224 ZEND_END_ARG_INFO()
225 
226 ZEND_BEGIN_ARG_INFO_EX(arginfo_createComposite, 0, 0, 2)
227   ZEND_ARG_INFO(0, channel_creds)
228   ZEND_ARG_INFO(0, call_creds)
229 ZEND_END_ARG_INFO()
230 
231 ZEND_BEGIN_ARG_INFO_EX(arginfo_createInsecure, 0, 0, 0)
232 ZEND_END_ARG_INFO()
233 
234 static zend_function_entry channel_credentials_methods[] = {
235   PHP_ME(ChannelCredentials, setDefaultRootsPem, arginfo_setDefaultRootsPem,
236          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
237   PHP_ME(ChannelCredentials, createDefault, arginfo_createDefault,
238          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
239   PHP_ME(ChannelCredentials, createSsl, arginfo_createSsl,
240          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
241   PHP_ME(ChannelCredentials, createComposite, arginfo_createComposite,
242          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
243   PHP_ME(ChannelCredentials, createInsecure, arginfo_createInsecure,
244          ZEND_ACC_PUBLIC | ZEND_ACC_STATIC)
245   PHP_FE_END
246 };
247 
grpc_init_channel_credentials(TSRMLS_D)248 void grpc_init_channel_credentials(TSRMLS_D) {
249   zend_class_entry ce;
250   INIT_CLASS_ENTRY(ce, "Grpc\\ChannelCredentials",
251                    channel_credentials_methods);
252   ce.create_object = create_wrapped_grpc_channel_credentials;
253   grpc_ce_channel_credentials = zend_register_internal_class(&ce TSRMLS_CC);
254   PHP_GRPC_INIT_HANDLER(wrapped_grpc_channel_credentials,
255                         channel_credentials_ce_handlers);
256 }
257