Client authentication for gRPC

This adds client authentication using TLS certificates when it is enabled in gRPC. This just the basic feature right now. You either have access or you do not. Access is granted by putting the certificate digests of the authorized users into the murmur.ini file.
author: John Mckay <adenosine3p@gmail.com> 2019-11-24 03:45:32 +0300
committer: John Mckay <adenosine3p@gmail.com> 2019-11-30 07:10:04 +0300
commit: f046c74aba68ed21b0855587bd54843dae29ff8e (patch)
tree: d36972363368f6e62f7d411d152975ba43203a73 /src/murmur/MurmurGRPCImpl.h
parent: fbdf2f1211064838392b25caf2b7d507af4f9098 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/src/murmur/MurmurGRPCImpl.h b/src/murmur/MurmurGRPCImpl.h
index 3592a62f2..a3074e9c9 100644
--- a/src/murmur/MurmurGRPCImpl.h
+++ b/src/murmur/MurmurGRPCImpl.h
@@ -22,8 +22,10 @@
 #include <atomic>
 
 #include <QMultiHash>
+#include <QSet>
 
 #include <grpc++/grpc++.h>
+#include <grpc++/security/auth_context.h>
 
 class RPCCall;
 
@@ -37,6 +39,15 @@ namespace MurmurRPC {
 	}
 }
 
+class MurmurRPCAuthenticator : public ::grpc_impl::AuthMetadataProcessor {
+	public:
+		MurmurRPCAuthenticator();
+		grpc::Status Process(const InputMetadata&, ::grpc::AuthContext*, OutputMetadata*, OutputMetadata*);
+		bool IsBlocking() const;
+	protected:
+		QSet<QByteArray> m_gRPCUsers;
+};
+
 class MurmurRPCImpl : public QThread {
 		Q_OBJECT;
 		std::unique_ptr<grpc::Server> m_server;
author	John Mckay <adenosine3p@gmail.com>	2019-11-24 03:45:32 +0300
committer	John Mckay <adenosine3p@gmail.com>	2019-11-30 07:10:04 +0300
commit	f046c74aba68ed21b0855587bd54843dae29ff8e (patch)
tree	d36972363368f6e62f7d411d152975ba43203a73 /src/murmur/MurmurGRPCImpl.h
parent	fbdf2f1211064838392b25caf2b7d507af4f9098 (diff)