Coverage Report

Created: 2026-06-15 07:01

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/grpc-swift/Sources/GRPC/ClientConnectionConfiguration+NIOSSL.swift
Line
Count
Source
1
/*
2
 * Copyright 2019, gRPC Authors All rights reserved.
3
 *
4
 * Licensed under the Apache License, Version 2.0 (the "License");
5
 * you may not use this file except in compliance with the License.
6
 * You may obtain a copy of the License at
7
 *
8
 *     http://www.apache.org/licenses/LICENSE-2.0
9
 *
10
 * Unless required by applicable law or agreed to in writing, software
11
 * distributed under the License is distributed on an "AS IS" BASIS,
12
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
 * See the License for the specific language governing permissions and
14
 * limitations under the License.
15
 */
16
#if canImport(NIOSSL)
17
import NIOSSL
18
19
extension ClientConnection.Configuration {
20
  /// TLS configuration for a `ClientConnection`.
21
  ///
22
  /// Note that this configuration is a subset of `NIOSSL.TLSConfiguration` where certain options
23
  /// are removed from the user's control to ensure the configuration complies with the gRPC
24
  /// specification.
25
  @available(*, deprecated, renamed: "GRPCTLSConfiguration")
26
  public struct TLS {
27
    public private(set) var configuration: TLSConfiguration
28
29
    /// Value to use for TLS SNI extension; this must not be an address.
30
    public var hostnameOverride: String?
31
32
    /// The certificates to offer during negotiation. If not present, no certificates will be offered.
33
    public var certificateChain: [NIOSSLCertificateSource] {
34
0
      get {
35
0
        return self.configuration.certificateChain
36
0
      }
37
0
      set {
38
0
        self.configuration.certificateChain = newValue
39
0
      }
40
    }
41
42
    /// The private key associated with the leaf certificate.
43
    public var privateKey: NIOSSLPrivateKeySource? {
44
0
      get {
45
0
        return self.configuration.privateKey
46
0
      }
47
0
      set {
48
0
        self.configuration.privateKey = newValue
49
0
      }
50
    }
51
52
    /// The trust roots to use to validate certificates. This only needs to be provided if you
53
    /// intend to validate certificates.
54
    public var trustRoots: NIOSSLTrustRoots? {
55
0
      get {
56
0
        return self.configuration.trustRoots
57
0
      }
58
0
      set {
59
0
        self.configuration.trustRoots = newValue
60
0
      }
61
    }
62
63
    /// Whether to verify remote certificates.
64
    public var certificateVerification: CertificateVerification {
65
0
      get {
66
0
        return self.configuration.certificateVerification
67
0
      }
68
0
      set {
69
0
        self.configuration.certificateVerification = newValue
70
0
      }
71
    }
72
73
    /// A custom verification callback that allows completely overriding the certificate verification logic for this connection.
74
    public var customVerificationCallback: NIOSSLCustomVerificationCallback?
75
76
    /// TLS Configuration with suitable defaults for clients.
77
    ///
78
    /// This is a wrapper around `NIOSSL.TLSConfiguration` to restrict input to values which comply
79
    /// with the gRPC protocol.
80
    ///
81
    /// - Parameter certificateChain: The certificate to offer during negotiation, defaults to an
82
    ///     empty array.
83
    /// - Parameter privateKey: The private key associated with the leaf certificate. This defaults
84
    ///     to `nil`.
85
    /// - Parameter trustRoots: The trust roots to validate certificates, this defaults to using a
86
    ///     root provided by the platform.
87
    /// - Parameter certificateVerification: Whether to verify the remote certificate. Defaults to
88
    ///     `.fullVerification`.
89
    /// - Parameter hostnameOverride: Value to use for TLS SNI extension; this must not be an IP
90
    ///     address, defaults to `nil`.
91
    /// - Parameter customVerificationCallback: A callback to provide to override the certificate verification logic,
92
    ///     defaults to `nil`.
93
    public init(
94
      certificateChain: [NIOSSLCertificateSource] = [],
95
      privateKey: NIOSSLPrivateKeySource? = nil,
96
      trustRoots: NIOSSLTrustRoots = .default,
97
      certificateVerification: CertificateVerification = .fullVerification,
98
      hostnameOverride: String? = nil,
99
      customVerificationCallback: NIOSSLCustomVerificationCallback? = nil
100
0
    ) {
101
0
      var configuration = TLSConfiguration.makeClientConfiguration()
102
0
      configuration.minimumTLSVersion = .tlsv12
103
0
      configuration.certificateVerification = certificateVerification
104
0
      configuration.trustRoots = trustRoots
105
0
      configuration.certificateChain = certificateChain
106
0
      configuration.privateKey = privateKey
107
0
      configuration.applicationProtocols = GRPCApplicationProtocolIdentifier.client
108
0
109
0
      self.configuration = configuration
110
0
      self.hostnameOverride = hostnameOverride
111
0
      self.customVerificationCallback = customVerificationCallback
112
0
    }
113
114
    /// Creates a TLS Configuration using the given `NIOSSL.TLSConfiguration`.
115
    ///
116
    /// - Note: If no ALPN tokens are set in `configuration.applicationProtocols` then "grpc-exp"
117
    ///   and "h2" will be used.
118
    /// - Parameters:
119
    ///   - configuration: The `NIOSSL.TLSConfiguration` to base this configuration on.
120
    ///   - hostnameOverride: The hostname override to use for the TLS SNI extension.
121
0
    public init(configuration: TLSConfiguration, hostnameOverride: String? = nil) {
122
0
      self.configuration = configuration
123
0
      self.hostnameOverride = hostnameOverride
124
0
125
0
      // Set the ALPN tokens if none were set.
126
0
      if self.configuration.applicationProtocols.isEmpty {
127
0
        self.configuration.applicationProtocols = GRPCApplicationProtocolIdentifier.client
128
0
      }
129
0
    }
130
  }
131
}
132
133
#endif  // canImport(NIOSSL)