diff options
| author | Tim Cooper <tim.cooper@layeh.com> | 2015-08-04 23:34:55 +0300 |
|---|---|---|
| committer | Mikkel Krautz <mikkel@krautz.dk> | 2016-05-08 17:45:52 +0300 |
| commit | 19537ac2184e32b86af73bbbdf95c4228b0072d3 (patch) | |
| tree | 7c0345ae774c54bf3ca6c1003035aecbc0cb40b1 /src/murmur/MurmurGRPCImpl.cpp | |
| parent | 6c68dec477d2b95c7588934f6860918a3ee046dd (diff) | |
grpc: allow connections to be secured using TLS
Diffstat (limited to 'src/murmur/MurmurGRPCImpl.cpp')
| -rw-r--r-- | src/murmur/MurmurGRPCImpl.cpp | 42 |
1 files changed, 36 insertions, 6 deletions
diff --git a/src/murmur/MurmurGRPCImpl.cpp b/src/murmur/MurmurGRPCImpl.cpp index 2d59d23f8..fea0c5184 100644 --- a/src/murmur/MurmurGRPCImpl.cpp +++ b/src/murmur/MurmurGRPCImpl.cpp @@ -112,11 +112,42 @@ static MurmurRPCImpl *service; void RPCStart() { - const QString &address = meta->mp.qsGRPCAddress; + const auto &address = meta->mp.qsGRPCAddress; if (address.isEmpty()) { return; } - service = new MurmurRPCImpl(address); + const auto &cert = meta->mp.qsGRPCCert; + const auto &key = meta->mp.qsGRPCKey; + std::shared_ptr<::grpc::ServerCredentials> credentials; + if (cert.isEmpty() || key.isEmpty()) { + credentials = ::grpc::InsecureServerCredentials(); + } else { + ::grpc::SslServerCredentialsOptions options; + ::grpc::SslServerCredentialsOptions::PemKeyCertPair pair; + { + QFile file(cert); + if (!file.open(QIODevice::ReadOnly)) { + qFatal("could not open gRPC certificate file: %s", cert.toStdString().c_str()); + return; + } + QTextStream stream(&file); + auto contents = stream.readAll(); + pair.cert_chain = contents.toStdString(); + } + { + QFile file(key); + if (!file.open(QIODevice::ReadOnly)) { + qFatal("could not open gRPC key file: %s", key.toStdString().c_str()); + return; + } + QTextStream stream(&file); + auto contents = stream.readAll(); + pair.private_key = contents.toStdString(); + } + options.pem_key_cert_pairs.push_back(pair); + credentials = ::grpc::SslServerCredentials(options); + } + service = new MurmurRPCImpl(address, credentials); } void RPCStop() { @@ -125,9 +156,9 @@ void RPCStop() { } } -MurmurRPCImpl::MurmurRPCImpl(const QString &address) : qtCleanup(this) { +MurmurRPCImpl::MurmurRPCImpl(const QString &address, std::shared_ptr<::grpc::ServerCredentials> credentials) : qtCleanup(this) { ::grpc::ServerBuilder builder; - builder.AddListeningPort(u8(address), grpc::InsecureServerCredentials()); + builder.AddListeningPort(u8(address), credentials); builder.RegisterAsyncService(&aV1Service); mCQ = builder.AddCompletionQueue(); mServer = builder.BuildAndStart(); @@ -198,8 +229,7 @@ void MurmurRPCImpl::cleanup() { } /* - * ToRPC/FromRPC methods convert data to and from grpc protocol buffer - * messages. + * ToRPC/FromRPC methods convert data to/from grpc protocol buffer messages. */ void ToRPC(const ::Server *srv, const ::Channel *c, ::MurmurRPC::Channel *rc) { |