[VOL-3386] Add support for secure gRPC in openolt-agent
The init script of the openolt service may start with '--enable-tls <TLS_OPTION>' argument for the gRPC server.
Default is insecure with no '--enable-tls' argument.
The TLS capability depends upon the certificates stored at the keystore/ directory: 1. root.crt (CA public key), 2. server.crt (public key), 3.server.key (private key).
Four unit tests are added for the secure gRPC server which work with the keystore-test/ directory.
The certificates stored at the keystore-test/ directory are self-signed certificates, valid until Apr 11 23:16:58 2031 GMT.
Change-Id: I4d18a98a0193f501f922360c79f54b0fcedf14a5
diff --git a/agent/src/core_utils.h b/agent/src/core_utils.h
index 0f7cfe7..3d4668c 100644
--- a/agent/src/core_utils.h
+++ b/agent/src/core_utils.h
@@ -25,6 +25,7 @@
#include "core.h"
#include "core_data.h"
#include "error_format.h"
+#include <grpc/grpc_security_constants.h>
extern "C"
{
@@ -117,4 +118,8 @@
const device_flow_params* get_device_flow_params(uint64_t voltha_flow_id);
trap_to_host_packet_type get_trap_to_host_packet_type(const ::openolt::Classifier& classifier);
bool is_packet_allowed(bcmolt_access_control_receive_eth_packet_data *data, int32_t gemport_id);
+std::pair<grpc_ssl_client_certificate_request_type, bool> get_grpc_tls_option(const char* tls_option);
+const std::string &get_grpc_tls_option();
+bool is_grpc_secure();
+std::pair<std::string, bool> read_from_txt_file(const std::string& file_name);
#endif // OPENOLT_CORE_UTILS_H_