UNPKG

@grpc/grpc-js/src/server-credentials.ts

Version:

2.82 kBPlain TextView Raw

1/*
* Copyright 2019 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
17
18import { SecureServerOptions } from 'http2';
19import { CIPHER_SUITES, getDefaultRootsData } from './tls-helpers';
20
21export interface KeyCertPair {
private_key: Buffer;
cert_chain: Buffer;
24}
25
26export abstract class ServerCredentials {
abstract _isSecure(): boolean;
abstract _getSettings(): SecureServerOptions | null;
29
static createInsecure(): ServerCredentials {
  return new InsecureServerCredentials();
}
33
static createSsl(
  rootCerts: Buffer | null,
  keyCertPairs: KeyCertPair[],
  checkClientCertificate = false
): ServerCredentials {
  if (rootCerts !== null && !Buffer.isBuffer(rootCerts)) {
    throw new TypeError('rootCerts must be null or a Buffer');
  }
42
  if (!Array.isArray(keyCertPairs)) {
    throw new TypeError('keyCertPairs must be an array');
  }
46
  if (typeof checkClientCertificate !== 'boolean') {
    throw new TypeError('checkClientCertificate must be a boolean');
  }
50
  const cert = [];
  const key = [];
53
  for (let i = 0; i < keyCertPairs.length; i++) {
    const pair = keyCertPairs[i];
56
    if (pair === null || typeof pair !== 'object') {
      throw new TypeError(`keyCertPair[${i}] must be an object`);
    }
60
    if (!Buffer.isBuffer(pair.private_key)) {
      throw new TypeError(`keyCertPair[${i}].private_key must be a Buffer`);
    }
64
    if (!Buffer.isBuffer(pair.cert_chain)) {
      throw new TypeError(`keyCertPair[${i}].cert_chain must be a Buffer`);
    }
68
    cert.push(pair.cert_chain);
    key.push(pair.private_key);
  }
72
  return new SecureServerCredentials({
    ca: rootCerts || getDefaultRootsData() || undefined,
    cert,
    key,
    requestCert: checkClientCertificate,
    ciphers: CIPHER_SUITES,
  });
}
81}
82
83class InsecureServerCredentials extends ServerCredentials {
_isSecure(): boolean {
  return false;
}
87
_getSettings(): null {
  return null;
}
91}
92
93class SecureServerCredentials extends ServerCredentials {
private options: SecureServerOptions;
95
constructor(options: SecureServerOptions) {
  super();
  this.options = options;
}
100
_isSecure(): boolean {
  return true;
}
104
_getSettings(): SecureServerOptions {
  return this.options;
}
108}

1	`/*`
2	`* Copyright 2019 gRPC authors.`
3	`*`
4	`* Licensed under the Apache License, Version 2.0 (the "License");`
5	`* you may not use this file except in compliance with the License.`
6	`* You may obtain a copy of the License at`
7	`*`
8	`* http://www.apache.org/licenses/LICENSE-2.0`
9	`*`
10	`* Unless required by applicable law or agreed to in writing, software`
11	`* distributed under the License is distributed on an "AS IS" BASIS,`
12	`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
13	`* See the License for the specific language governing permissions and`
14	`* limitations under the License.`
15	`*`
16	`*/`
17
18	`import { SecureServerOptions } from 'http2';`
19	`import { CIPHER_SUITES, getDefaultRootsData } from './tls-helpers';`
20
21	`export interface KeyCertPair {`
22	`private_key: Buffer;`
23	`cert_chain: Buffer;`
24	`}`
25
26	`export abstract class ServerCredentials {`
27	`abstract _isSecure(): boolean;`
28	`abstract _getSettings(): SecureServerOptions \| null;`
29
30	`static createInsecure(): ServerCredentials {`
31	`return new InsecureServerCredentials();`
32	`}`
33
34	`static createSsl(`
35	`rootCerts: Buffer \| null,`
36	`keyCertPairs: KeyCertPair[],`
37	`checkClientCertificate = false`
38	`): ServerCredentials {`
39	`if (rootCerts !== null && !Buffer.isBuffer(rootCerts)) {`
40	`throw new TypeError('rootCerts must be null or a Buffer');`
41	`}`
42
43	`if (!Array.isArray(keyCertPairs)) {`
44	`throw new TypeError('keyCertPairs must be an array');`
45	`}`
46
47	`if (typeof checkClientCertificate !== 'boolean') {`
48	`throw new TypeError('checkClientCertificate must be a boolean');`
49	`}`
50
51	`const cert = [];`
52	`const key = [];`
53
54	`for (let i = 0; i < keyCertPairs.length; i++) {`
55	`const pair = keyCertPairs[i];`
56
57	`if (pair === null \|\| typeof pair !== 'object') {`
58	throw new TypeError(`keyCertPair[${i}] must be an object`);
59	`}`
60
61	`if (!Buffer.isBuffer(pair.private_key)) {`
62	throw new TypeError(`keyCertPair[${i}].private_key must be a Buffer`);
63	`}`
64
65	`if (!Buffer.isBuffer(pair.cert_chain)) {`
66	throw new TypeError(`keyCertPair[${i}].cert_chain must be a Buffer`);
67	`}`
68
69	`cert.push(pair.cert_chain);`
70	`key.push(pair.private_key);`
71	`}`
72
73	`return new SecureServerCredentials({`
74	`ca: rootCerts \|\| getDefaultRootsData() \|\| undefined,`
75	`cert,`
76	`key,`
77	`requestCert: checkClientCertificate,`
78	`ciphers: CIPHER_SUITES,`
79	`});`
80	`}`
81	`}`
82
83	`class InsecureServerCredentials extends ServerCredentials {`
84	`_isSecure(): boolean {`
85	`return false;`
86	`}`
87
88	`_getSettings(): null {`
89	`return null;`
90	`}`
91	`}`
92
93	`class SecureServerCredentials extends ServerCredentials {`
94	`private options: SecureServerOptions;`
95
96	`constructor(options: SecureServerOptions) {`
97	`super();`
98	`this.options = options;`
99	`}`
100
101	`_isSecure(): boolean {`
102	`return true;`
103	`}`
104
105	`_getSettings(): SecureServerOptions {`
106	`return this.options;`
107	`}`
108	`}`