183 lines
7.1 KiB
JavaScript
183 lines
7.1 KiB
JavaScript
"use strict";
|
|
/*
|
|
* Copyright 2019 gRPC authors.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
*/
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.ChannelCredentials = void 0;
|
|
const tls_1 = require("tls");
|
|
const call_credentials_1 = require("./call-credentials");
|
|
const tls_helpers_1 = require("./tls-helpers");
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
function verifyIsBufferOrNull(obj, friendlyName) {
|
|
if (obj && !(obj instanceof Buffer)) {
|
|
throw new TypeError(`${friendlyName}, if provided, must be a Buffer.`);
|
|
}
|
|
}
|
|
function bufferOrNullEqual(buf1, buf2) {
|
|
if (buf1 === null && buf2 === null) {
|
|
return true;
|
|
}
|
|
else {
|
|
return buf1 !== null && buf2 !== null && buf1.equals(buf2);
|
|
}
|
|
}
|
|
/**
|
|
* A class that contains credentials for communicating over a channel, as well
|
|
* as a set of per-call credentials, which are applied to every method call made
|
|
* over a channel initialized with an instance of this class.
|
|
*/
|
|
class ChannelCredentials {
|
|
constructor(callCredentials) {
|
|
this.callCredentials = callCredentials || call_credentials_1.CallCredentials.createEmpty();
|
|
}
|
|
/**
|
|
* Gets the set of per-call credentials associated with this instance.
|
|
*/
|
|
_getCallCredentials() {
|
|
return this.callCredentials;
|
|
}
|
|
/**
|
|
* Return a new ChannelCredentials instance with a given set of credentials.
|
|
* The resulting instance can be used to construct a Channel that communicates
|
|
* over TLS.
|
|
* @param rootCerts The root certificate data.
|
|
* @param privateKey The client certificate private key, if available.
|
|
* @param certChain The client certificate key chain, if available.
|
|
* @param verifyOptions Additional options to modify certificate verification
|
|
*/
|
|
static createSsl(rootCerts, privateKey, certChain, verifyOptions) {
|
|
var _a;
|
|
verifyIsBufferOrNull(rootCerts, 'Root certificate');
|
|
verifyIsBufferOrNull(privateKey, 'Private key');
|
|
verifyIsBufferOrNull(certChain, 'Certificate chain');
|
|
if (privateKey && !certChain) {
|
|
throw new Error('Private key must be given with accompanying certificate chain');
|
|
}
|
|
if (!privateKey && certChain) {
|
|
throw new Error('Certificate chain must be given with accompanying private key');
|
|
}
|
|
const secureContext = tls_1.createSecureContext({
|
|
ca: (_a = rootCerts !== null && rootCerts !== void 0 ? rootCerts : tls_helpers_1.getDefaultRootsData()) !== null && _a !== void 0 ? _a : undefined,
|
|
key: privateKey !== null && privateKey !== void 0 ? privateKey : undefined,
|
|
cert: certChain !== null && certChain !== void 0 ? certChain : undefined,
|
|
ciphers: tls_helpers_1.CIPHER_SUITES,
|
|
});
|
|
return new SecureChannelCredentialsImpl(secureContext, verifyOptions !== null && verifyOptions !== void 0 ? verifyOptions : {});
|
|
}
|
|
/**
|
|
* Return a new ChannelCredentials instance with credentials created using
|
|
* the provided secureContext. The resulting instances can be used to
|
|
* construct a Channel that communicates over TLS. gRPC will not override
|
|
* anything in the provided secureContext, so the environment variables
|
|
* GRPC_SSL_CIPHER_SUITES and GRPC_DEFAULT_SSL_ROOTS_FILE_PATH will
|
|
* not be applied.
|
|
* @param secureContext The return value of tls.createSecureContext()
|
|
* @param verifyOptions Additional options to modify certificate verification
|
|
*/
|
|
static createFromSecureContext(secureContext, verifyOptions) {
|
|
return new SecureChannelCredentialsImpl(secureContext, verifyOptions !== null && verifyOptions !== void 0 ? verifyOptions : {});
|
|
}
|
|
/**
|
|
* Return a new ChannelCredentials instance with no credentials.
|
|
*/
|
|
static createInsecure() {
|
|
return new InsecureChannelCredentialsImpl();
|
|
}
|
|
}
|
|
exports.ChannelCredentials = ChannelCredentials;
|
|
class InsecureChannelCredentialsImpl extends ChannelCredentials {
|
|
constructor(callCredentials) {
|
|
super(callCredentials);
|
|
}
|
|
compose(callCredentials) {
|
|
throw new Error('Cannot compose insecure credentials');
|
|
}
|
|
_getConnectionOptions() {
|
|
return null;
|
|
}
|
|
_isSecure() {
|
|
return false;
|
|
}
|
|
_equals(other) {
|
|
return other instanceof InsecureChannelCredentialsImpl;
|
|
}
|
|
}
|
|
class SecureChannelCredentialsImpl extends ChannelCredentials {
|
|
constructor(secureContext, verifyOptions) {
|
|
super();
|
|
this.secureContext = secureContext;
|
|
this.verifyOptions = verifyOptions;
|
|
this.connectionOptions = {
|
|
secureContext
|
|
};
|
|
// Node asserts that this option is a function, so we cannot pass undefined
|
|
if (verifyOptions === null || verifyOptions === void 0 ? void 0 : verifyOptions.checkServerIdentity) {
|
|
this.connectionOptions.checkServerIdentity = verifyOptions.checkServerIdentity;
|
|
}
|
|
}
|
|
compose(callCredentials) {
|
|
const combinedCallCredentials = this.callCredentials.compose(callCredentials);
|
|
return new ComposedChannelCredentialsImpl(this, combinedCallCredentials);
|
|
}
|
|
_getConnectionOptions() {
|
|
// Copy to prevent callers from mutating this.connectionOptions
|
|
return Object.assign({}, this.connectionOptions);
|
|
}
|
|
_isSecure() {
|
|
return true;
|
|
}
|
|
_equals(other) {
|
|
if (this === other) {
|
|
return true;
|
|
}
|
|
if (other instanceof SecureChannelCredentialsImpl) {
|
|
return (this.secureContext === other.secureContext &&
|
|
this.verifyOptions.checkServerIdentity === other.verifyOptions.checkServerIdentity);
|
|
}
|
|
else {
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
class ComposedChannelCredentialsImpl extends ChannelCredentials {
|
|
constructor(channelCredentials, callCreds) {
|
|
super(callCreds);
|
|
this.channelCredentials = channelCredentials;
|
|
}
|
|
compose(callCredentials) {
|
|
const combinedCallCredentials = this.callCredentials.compose(callCredentials);
|
|
return new ComposedChannelCredentialsImpl(this.channelCredentials, combinedCallCredentials);
|
|
}
|
|
_getConnectionOptions() {
|
|
return this.channelCredentials._getConnectionOptions();
|
|
}
|
|
_isSecure() {
|
|
return true;
|
|
}
|
|
_equals(other) {
|
|
if (this === other) {
|
|
return true;
|
|
}
|
|
if (other instanceof ComposedChannelCredentialsImpl) {
|
|
return (this.channelCredentials._equals(other.channelCredentials) &&
|
|
this.callCredentials._equals(other.callCredentials));
|
|
}
|
|
else {
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
//# sourceMappingURL=channel-credentials.js.map
|