Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal to fix #362. #363

Merged
merged 6 commits into from
Feb 19, 2019
Merged

Proposal to fix #362. #363

merged 6 commits into from
Feb 19, 2019

Conversation

Vladlex
Copy link
Contributor

@Vladlex Vladlex commented Jan 30, 2019

Allows a user to set up a channel with a client certificate and key but still use default root certificates.

Allows user to setup a channel with a client certificate and key but still use default root certificates.
Copy link
Collaborator

@MrMage MrMage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this! I think this is a good approach; just a few minor changes.

@@ -75,17 +75,18 @@ public class Channel {
/// Initializes a gRPC channel
///
/// - Parameter address: the address of the server to be called
/// - Parameter certificates: a PEM representation of certificates to use
/// - Parameter certificates: a PEM representation of certificates to use. If nil, use defaults.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: "If nil, the default root certificates provided by gRPC are used."

/// - Parameter clientCertificates: a PEM representation of the client certificates to use
/// - Parameter clientKey: a PEM representation of the client key to use
/// - Parameter arguments: list of channel configuration options
public init(address: String, certificates: String, clientCertificates: String? = nil, clientKey: String? = nil, arguments: [Argument] = []) {
public init(address: String, certificates: String?, clientCertificates: String? = nil, clientKey: String? = nil, arguments: [Argument] = []) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

certificates: String? = nil, or (if that compiles, please try it and let me know if it doesn't) certificates: String = roots_pem().

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MrMage
roots_pem() returns an optional, so we have to either force unwrap roots_pem() either leave argument optional: certificates: String? = roots_pem()
I'm not sure which way better. Looking forward to your decision.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the explanation! I think we should change roots_pem() to forcibly unwrap the results of its two calls instead, at which point it wouldn't need to return an optional. Would you mind adding that?

Copy link
Contributor Author

@Vladlex Vladlex Feb 18, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MrMage

Would you mind adding that?

Sure, thank you.

certificates: String? = nil, or (if that compiles, please try it and let me know if it doesn't)

It doesn't.
We should change roots_pem() access modifier to public to use it as a default value.
To be more specific, compiler fails with following error:
Global function 'roots_pem()' is internal and cannot be referenced from a default argument value.

If this way is inappropriate we can also do something like that to hide roots_pem:

enum RootCertificates {
  case custom(String)
  case `default`
}

But making roots_pem() public looks better to me.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that we should definitely make roots_pem() public.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, so Roots.swift is a generated file which should not be edited according to comment in it.
I suggest to add a static method to gRPC class like that:

public final class gRPC {
    
  /// Default root certificates provided by gRPC
  public static let defaultRootCertificates = roots_pem()!

...

And after that, all should be ok finally.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it! New commit ready for review.

gRPC.initialize()
host = address
let argumentWrappers = arguments.map { $0.toCArg() }
var argumentValues = argumentWrappers.map { $0.wrapped }

underlyingChannel = cgrpc_channel_create_secure(address, certificates, clientCertificates, clientKey, &argumentValues, Int32(arguments.count))
let certificatesToUs = certificates ?? roots_pem()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you mind renaming certificatesToUs to rootCertificates (or dropping it entirely if certificates: String = roots_pem() works)?

@Vladlex
Copy link
Contributor Author

Vladlex commented Feb 18, 2019

Requested changes made are made.

@MrMage
Copy link
Collaborator

MrMage commented Feb 18, 2019

As requested in #363 (comment), would you mind changing roots_pem() to return a non-optional String as well? Can be done by changing lines 41-46 in Roots.swift (and similarly in RootsEncoder.swift) to return String(data: Data(base64Encoded: roots, options: [])!, encoding: .utf8)!.

@Vladlex
Copy link
Contributor Author

Vladlex commented Feb 19, 2019

As requested in #363 (comment), would you mind changing roots_pem() to return a non-optional String as well? Can be done by changing lines 41-46 in Roots.swift (and similarly in RootsEncoder.swift) to return String(data: Data(base64Encoded: roots, options: [])!, encoding: .utf8)!.

Got it. I've changed RootsEncoder's "main.swift", and generated a new one "Roots.swift" with RootsEncoder tool. Channel's initializer was changed accordingly.
Thank you for the explanation!

Copy link
Collaborator

@MrMage MrMage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for all the tweaks, much appreciated!

@MrMage MrMage merged commit 0195dfd into grpc:master Feb 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants