GRPC Core  18.0.0
security_connector.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_SECURITY_CONNECTOR_H
20 #define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_SECURITY_CONNECTOR_H
21 
23 
24 #include <stdbool.h>
25 
26 #include <grpc/grpc_security.h>
27 
35 
37 
39 
40 /* --- security_connector object. ---
41 
42  A security connector object represents away to configure the underlying
43  transport security mechanism and check the resulting trusted peer. */
44 
45 #define GRPC_ARG_SECURITY_CONNECTOR "grpc.security_connector"
46 
48  : public grpc_core::RefCounted<grpc_security_connector> {
49  public:
50  explicit grpc_security_connector(const char* url_scheme)
53  ? "security_connector_refcount"
54  : nullptr),
55  url_scheme_(url_scheme) {}
56  ~grpc_security_connector() override = default;
57 
58  // Checks the peer. Callee takes ownership of the peer object.
59  // When done, sets *auth_context and invokes on_peer_checked.
60  virtual void check_peer(
61  tsi_peer peer, grpc_endpoint* ep,
63  grpc_closure* on_peer_checked) = 0;
64 
65  // Cancels the pending check_peer() request associated with on_peer_checked.
66  // If there is no such request pending, this is a no-op.
67  virtual void cancel_check_peer(grpc_closure* on_peer_checked,
69 
70  /* Compares two security connectors. */
71  virtual int cmp(const grpc_security_connector* other) const = 0;
72 
73  const char* url_scheme() const { return url_scheme_; }
74 
75  private:
76  const char* url_scheme_;
77 };
78 
79 /* Util to encapsulate the connector in a channel arg. */
81 
82 /* Util to get the connector from a channel arg. */
84 
85 /* Util to find the connector from channel args. */
87  const grpc_channel_args* args);
88 
89 /* --- channel_security_connector object. ---
90 
91  A channel security connector object represents a way to configure the
92  underlying transport security mechanism on the client side. */
93 
95  public:
97  const char* url_scheme,
100  /*,
101  grpc_channel_args* channel_args = nullptr*/);
103 
108  virtual bool check_call_host(absl::string_view host,
109  grpc_auth_context* auth_context,
110  grpc_closure* on_call_host_checked,
111  grpc_error_handle* error) = 0;
115  virtual void cancel_check_call_host(grpc_closure* on_call_host_checked,
118  virtual void add_handshakers(const grpc_channel_args* args,
119  grpc_pollset_set* interested_parties,
120  grpc_core::HandshakeManager* handshake_mgr) = 0;
121 
123  return channel_creds_.get();
124  }
126  return channel_creds_.get();
127  }
129  return request_metadata_creds_.get();
130  }
132  return request_metadata_creds_.get();
133  }
134 
135  protected:
136  // Helper methods to be used in subclasses.
138  const grpc_channel_security_connector* other) const;
139 
140  // grpc_channel_args* channel_args() const { return channel_args_.get(); }
143  // void clear_channel_arg() { channel_args_.reset(); }
144 
145  private:
147  grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds_;
148  std::unique_ptr<grpc_channel_args> channel_args_;
149 };
150 
151 /* --- server_security_connector object. ---
152 
153  A server security connector object represents a way to configure the
154  underlying transport security mechanism on the server side. */
155 
157  public:
159  const char* url_scheme,
162 
163  virtual void add_handshakers(const grpc_channel_args* args,
164  grpc_pollset_set* interested_parties,
165  grpc_core::HandshakeManager* handshake_mgr) = 0;
166 
168  return server_creds_.get();
169  }
171  return server_creds_.get();
172  }
173 
174  protected:
175  // Helper methods to be used in subclasses.
177  const grpc_server_security_connector* other) const;
178 
179  private:
181 };
182 
183 #endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_SECURITY_CONNECTOR_H */
Definition: security_connector.h:94
grpc_channel_credentials * mutable_channel_creds()
Definition: security_connector.h:125
grpc_channel_security_connector(const char *url_scheme, grpc_core::RefCountedPtr< grpc_channel_credentials > channel_creds, grpc_core::RefCountedPtr< grpc_call_credentials > request_metadata_creds)
Definition: security_connector.cc:51
virtual void add_handshakers(const grpc_channel_args *args, grpc_pollset_set *interested_parties, grpc_core::HandshakeManager *handshake_mgr)=0
Registers handshakers with handshake_mgr.
grpc_call_credentials * mutable_request_metadata_creds()
Definition: security_connector.h:131
virtual void cancel_check_call_host(grpc_closure *on_call_host_checked, grpc_error_handle error)=0
Cancels a pending asynchronous call to grpc_channel_security_connector_check_call_host() with on_call...
const grpc_call_credentials * request_metadata_creds() const
Definition: security_connector.h:128
~grpc_channel_security_connector() override
Definition: security_connector.cc:59
const grpc_channel_credentials * channel_creds() const
Definition: security_connector.h:122
virtual bool check_call_host(absl::string_view host, grpc_auth_context *auth_context, grpc_closure *on_call_host_checked, grpc_error_handle *error)=0
Checks that the host that will be set for a call is acceptable.
int channel_security_connector_cmp(const grpc_channel_security_connector *other) const
Definition: security_connector.cc:67
Definition: handshaker.h:92
Definition: ref_counted.h:282
T * get() const
Definition: ref_counted_ptr.h:147
Definition: trace.h:61
Definition: security_connector.h:48
~grpc_security_connector() override=default
virtual void cancel_check_peer(grpc_closure *on_peer_checked, grpc_error_handle error)=0
const char * url_scheme() const
Definition: security_connector.h:73
grpc_security_connector(const char *url_scheme)
Definition: security_connector.h:50
virtual void check_peer(tsi_peer peer, grpc_endpoint *ep, grpc_core::RefCountedPtr< grpc_auth_context > *auth_context, grpc_closure *on_peer_checked)=0
virtual int cmp(const grpc_security_connector *other) const =0
Definition: security_connector.h:156
int server_security_connector_cmp(const grpc_server_security_connector *other) const
Definition: security_connector.cc:78
grpc_server_security_connector(const char *url_scheme, grpc_core::RefCountedPtr< grpc_server_credentials > server_creds)
Definition: security_connector.cc:43
const grpc_server_credentials * server_creds() const
Definition: security_connector.h:167
grpc_server_credentials * mutable_server_creds()
Definition: security_connector.h:170
virtual void add_handshakers(const grpc_channel_args *args, grpc_pollset_set *interested_parties, grpc_core::HandshakeManager *handshake_mgr)=0
~grpc_server_security_connector() override
grpc_error_handle error
Definition: lame_client.cc:54
Round Robin Policy.
Definition: backend_metric.cc:26
struct grpc_pollset_set grpc_pollset_set
Definition: pollset_set.h:31
grpc_security_connector * grpc_security_connector_find_in_args(const grpc_channel_args *args)
Definition: security_connector.cc:122
grpc_security_status
Definition: security_connector.h:38
@ GRPC_SECURITY_ERROR
Definition: security_connector.h:38
@ GRPC_SECURITY_OK
Definition: security_connector.h:38
grpc_core::DebugOnlyTraceFlag grpc_trace_security_connector_refcount
grpc_security_connector * grpc_security_connector_from_arg(const grpc_arg *arg)
Definition: security_connector.cc:112
grpc_arg grpc_security_connector_to_arg(grpc_security_connector *sc)
Definition: security_connector.cc:106
A single argument...
Definition: grpc_types.h:103
Definition: security_context.h:51
Definition: credentials.h:173
An array of arguments that can be passed around.
Definition: grpc_types.h:132
Definition: credentials.h:102
A closure over a grpc_iomgr_cb_func.
Definition: closure.h:56
Definition: endpoint.h:106
Definition: error_internal.h:41
Definition: credentials.h:224
Definition: transport_security_interface.h:216
#define GRPC_TRACE_FLAG_ENABLED(f)
Definition: trace.h:112