added option to authenticate client using root cert chain

src/csharp/Grpc.Core/Credentials.cs

@@ -53,27 +53,63 @@ namespace Grpc.Core
     /// </summary>
     public class SslCredentials : Credentials
     {
-        string pemRootCerts;
+        readonly string rootCertificates;
+        readonly KeyCertificatePair keyCertificatePair;
 
-        public SslCredentials(string pemRootCerts)
+        /// <summary>
+        /// Creates client-side SSL credentials loaded from
+        /// disk file pointed to by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable.
+        /// If that fails, gets the roots certificates from a well known place on disk.
+        /// </summary>
+        public SslCredentials() : this(null, null)
         {
-            this.pemRootCerts = pemRootCerts;
+        }
+
+        /// <summary>
+        /// Creates client-side SSL credentials from
+        /// a string containing PEM encoded root certificates.
+        /// </summary>
+        public SslCredentials(string rootCertificates) : this(rootCertificates, null)
+        {
+        }
+            
+        /// <summary>
+        /// Creates client-side SSL credentials.
+        /// </summary>
+        /// <param name="rootCertificates">string containing PEM encoded server root certificates.</param>
+        /// <param name="keyCertificatePair">a key certificate pair.</param>
+        public SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair)
+        {
+            this.rootCertificates = rootCertificates;
+            this.keyCertificatePair = keyCertificatePair;
         }
 
         /// <summary>
         /// PEM encoding of the server root certificates.
         /// </summary>
-        public string RootCerts
+        public string RootCertificates
+        {
+            get
+            {
+                return this.rootCertificates;
+            }
+        }
+
+        /// <summary>
+        /// Client side key and certificate pair.
+        /// If null, client will not use key and certificate pair.
+        /// </summary>
+        public KeyCertificatePair KeyCertificatePair
         {
             get
             {
-                return this.pemRootCerts;
+                return this.keyCertificatePair;
             }
         }
 
         internal override CredentialsSafeHandle ToNativeCredentials()
         {
-            return CredentialsSafeHandle.CreateSslCredentials(pemRootCerts);
+            return CredentialsSafeHandle.CreateSslCredentials(rootCertificates, keyCertificatePair);
         }
     }
 }

src/csharp/Grpc.Core/Grpc.Core.csproj

@@ -104,6 +104,7 @@
     <Compile Include="AsyncUnaryCall.cs" />
     <Compile Include="VersionInfo.cs" />
     <Compile Include="Internal\CStringSafeHandle.cs" />
+    <Compile Include="KeyCertificatePair.cs" />
   </ItemGroup>
   <ItemGroup>
     <None Include="Grpc.Core.nuspec" />

src/csharp/Grpc.Core/Internal/CredentialsSafeHandle.cs

@@ -50,9 +50,16 @@ namespace Grpc.Core.Internal
         {
         }
 
-        public static CredentialsSafeHandle CreateSslCredentials(string pemRootCerts)
+        public static CredentialsSafeHandle CreateSslCredentials(string pemRootCerts, KeyCertificatePair keyCertPair)
         {
-            return grpcsharp_ssl_credentials_create(pemRootCerts, null, null);
+            if (keyCertPair != null)
+            {
+                return grpcsharp_ssl_credentials_create(pemRootCerts, keyCertPair.CertificateChain, keyCertPair.PrivateKey);
+            }
+            else
+            {
+                return grpcsharp_ssl_credentials_create(pemRootCerts, null, null);
+            }
         }
 
         protected override bool ReleaseHandle()

src/csharp/Grpc.Core/Internal/ServerCredentialsSafeHandle.cs

@@ -51,10 +51,10 @@ namespace Grpc.Core.Internal
         {
         }
 
-        public static ServerCredentialsSafeHandle CreateSslCredentials(string[] keyCertPairCertChainArray, string[] keyCertPairPrivateKeyArray)
+        public static ServerCredentialsSafeHandle CreateSslCredentials(string pemRootCerts, string[] keyCertPairCertChainArray, string[] keyCertPairPrivateKeyArray)
         {
             Preconditions.CheckArgument(keyCertPairCertChainArray.Length == keyCertPairPrivateKeyArray.Length);
-            return grpcsharp_ssl_server_credentials_create(null,
+            return grpcsharp_ssl_server_credentials_create(pemRootCerts,
                                                            keyCertPairCertChainArray, keyCertPairPrivateKeyArray,
                                                            new UIntPtr((ulong)keyCertPairCertChainArray.Length));
         }

src/csharp/Grpc.Core/KeyCertificatePair.cs

+#region Copyright notice and license
+
+// Copyright 2015, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#endregion
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+
+using Grpc.Core.Internal;
+using Grpc.Core.Utils;
+
+namespace Grpc.Core
+{
+    /// <summary>
+    /// Key certificate pair (in PEM encoding).
+    /// </summary>
+    public sealed class KeyCertificatePair
+    {
+        readonly string certificateChain;
+        readonly string privateKey;
+
+        /// <summary>
+        /// Creates a new certificate chain - private key pair.
+        /// </summary>
+        /// <param name="certificateChain">PEM encoded certificate chain.</param>
+        /// <param name="privateKey">PEM encoded private key.</param>
+        public KeyCertificatePair(string certificateChain, string privateKey)
+        {
+            this.certificateChain = Preconditions.CheckNotNull(certificateChain);
+            this.privateKey = Preconditions.CheckNotNull(privateKey);
+        }
+
+        /// <summary>
+        /// PEM encoded certificate chain.
+        /// </summary>
+        public string CertificateChain
+        {
+            get
+            {
+                return certificateChain;
+            }
+        }
+
+        /// <summary>
+        /// PEM encoded private key.
+        /// </summary>
+        public string PrivateKey
+        {
+            get
+            {
+                return privateKey;
+            }
+        }
+    }
+}

src/csharp/Grpc.Core/ServerCredentials.cs

@@ -35,6 +35,7 @@ using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using Grpc.Core.Internal;
+using Grpc.Core.Utils;
 
 namespace Grpc.Core
 {
@@ -51,59 +52,69 @@ namespace Grpc.Core
     }
 
     /// <summary>
-    /// Key certificate pair (in PEM encoding).
+    /// Server-side SSL credentials.
     /// </summary>
-    public class KeyCertificatePair
+    public class SslServerCredentials : ServerCredentials
     {
-        readonly string certChain;
-        readonly string privateKey;
+        readonly IList<KeyCertificatePair> keyCertificatePairs;
+        readonly string rootCertificates;
 
-        public KeyCertificatePair(string certChain, string privateKey)
+        /// <summary>
+        /// Creates server-side SSL credentials.
+        /// </summary>
+        /// <param name="rootCertificates">PEM encoded client root certificates used to authenticate client.</param>
+        /// <param name="keyCertificatePairs">Key-certificates to use.</param>
+        public SslServerCredentials(IEnumerable<KeyCertificatePair> keyCertificatePairs, string rootCertificates)
         {
-            this.certChain = certChain;
-            this.privateKey = privateKey;
+            this.rootCertificates = rootCertificates;
+            this.keyCertificatePairs = new List<KeyCertificatePair>(keyCertificatePairs).AsReadOnly();
+            Preconditions.CheckArgument(this.keyCertificatePairs.Count == 0,
+                "At least one KeyCertificatePair needs to be provided");
         }
 
-        public string CertChain
+        /// <summary>
+        /// Creates server-side SSL credentials.
+        /// This constructor should be use if you do not wish to autheticate client
+        /// using client root certificates.
+        /// </summary>
+        /// <param name="keyCertificatePairs">Key-certificates to use.</param>
+        public SslServerCredentials(IEnumerable<KeyCertificatePair> keyCertificatePairs) : this(keyCertificatePairs, null)
         {
-            get
-            {
-                return certChain;
-            }
         }
 
-        public string PrivateKey
+        /// <summary>
+        /// Key-certificate pairs.
+        /// </summary>
+        public IList<KeyCertificatePair> KeyCertificatePairs
         {
             get
             {
-                return privateKey;
+                return this.keyCertificatePairs;
             }
         }
-    }
 
-    /// <summary>
-    /// Server-side SSL credentials.
-    /// </summary>
-    public class SslServerCredentials : ServerCredentials
-    {
-        ImmutableList<KeyCertificatePair> keyCertPairs;
-
-        public SslServerCredentials(ImmutableList<KeyCertificatePair> keyCertPairs)
+        /// <summary>
+        /// PEM encoded client root certificates.
+        /// </summary>
+        public string RootCertificates
         {
-            this.keyCertPairs = keyCertPairs;
+            get
+            {
+                return this.rootCertificates;
+            }
         }
 
         internal override ServerCredentialsSafeHandle ToNativeCredentials()
         {
-            int count = keyCertPairs.Count;
+            int count = keyCertificatePairs.Count;
             string[] certChains = new string[count];
             string[] keys = new string[count];
             for (int i = 0; i < count; i++)
             {
-                certChains[i] = keyCertPairs[i].CertChain;
-                keys[i] = keyCertPairs[i].PrivateKey;
+                certChains[i] = keyCertificatePairs[i].CertificateChain;
+                keys[i] = keyCertificatePairs[i].PrivateKey;
             }
-            return ServerCredentialsSafeHandle.CreateSslCredentials(certChains, keys);
+            return ServerCredentialsSafeHandle.CreateSslCredentials(rootCertificates, certChains, keys);
         }
     }
 }