GRPC Core  18.0.0
grpc_security.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_GRPC_SECURITY_H
20 #define GRPC_GRPC_SECURITY_H
21 
23 
24 #include <grpc/grpc.h>
26 #include <grpc/status.h>
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31 
35 
38  size_t index;
39  const char* name;
41 
43 typedef struct grpc_auth_property {
44  char* name;
45  char* value;
46  size_t value_length;
48 
52 
56 
61 
65  const grpc_auth_context* ctx, const char* name);
66 
70  const grpc_auth_context* ctx);
71 
74  const grpc_auth_context* ctx);
75 
79 
82 
90  const char* name, const char* value,
91  size_t value_length);
92 
95  const char* name,
96  const char* value);
97 
101  grpc_auth_context* ctx, const char* name);
102 
109 
113  size_t capacity);
114 
117 
121 
129 
133 
140 
144 
164  grpc_call_credentials* call_credentials);
165 
173  char** pem_root_certs);
174 
182 
184 typedef struct {
187  const char* private_key;
188 
191  const char* cert_chain;
193 
198 typedef struct {
205  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
206  void* userdata);
213  void (*verify_peer_destruct)(void* userdata);
215 
218 typedef struct {
225  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
226  void* userdata);
233  void (*verify_peer_destruct)(void* userdata);
235 
267  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
268  const verify_peer_options* verify_options, void* reserved);
269 
270 /* Creates an SSL credentials object.
271  The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
272  - pem_root_certs is the NULL-terminated string containing the PEM encoding
273  of the server root certificates. If this parameter is NULL, the
274  implementation will first try to dereference the file pointed by the
275  GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
276  try to get the roots set by grpc_override_ssl_default_roots. Eventually,
277  if all these fail, it will try to get the roots from a well-known place on
278  disk (in the grpc install directory).
279 
280  gRPC has implemented root cache if the underlying OpenSSL library supports
281  it. The gRPC root certificates cache is only applicable on the default
282  root certificates, which is used when this parameter is nullptr. If user
283  provides their own pem_root_certs, when creating an SSL credential object,
284  gRPC would not be able to cache it, and each subchannel will generate a
285  copy of the root store. So it is recommended to avoid providing large room
286  pem with pem_root_certs parameter to avoid excessive memory consumption,
287  particularly on mobile platforms such as iOS.
288  - pem_key_cert_pair is a pointer on the object containing client's private
289  key and certificate chain. This parameter can be NULL if the client does
290  not have such a key/cert pair.
291  - verify_options is an optional verify_peer_options object which holds
292  additional options controlling how peer certificates are verified. For
293  example, you can supply a callback which receives the peer's certificate
294  with which you can do additional verification. Can be NULL, in which
295  case verification will retain default behavior. Any settings in
296  verify_options are copied during this call, so the verify_options
297  object can be released afterwards. */
299  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
300  const grpc_ssl_verify_peer_options* verify_options, void* reserved);
301 
305  grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
306  void* reserved);
307 
313  void* reserved);
314 
319  void* reserved);
320 
322 
330  gpr_timespec token_lifetime,
331  void* reserved);
332 
339  const char* json_string, const char* scopes_string);
340 
348  const char* json_refresh_token, void* reserved);
349 
353  const char* access_token, void* reserved);
354 
357  const char* authorization_token, const char* authority_selector,
358  void* reserved);
359 
366 typedef struct {
367  const char* token_exchange_service_uri; /* Required. */
368  const char* resource; /* Optional. */
369  const char* audience; /* Optional. */
370  const char* scope; /* Optional. */
371  const char* requested_token_type; /* Optional. */
372  const char* subject_token_path; /* Required. */
373  const char* subject_token_type; /* Required. */
374  const char* actor_token_path; /* Optional. */
375  const char* actor_token_type; /* Optional. */
377 
383  const grpc_sts_credentials_options* options, void* reserved);
384 
397  void* user_data, const grpc_metadata* creds_md, size_t num_creds_md,
398  grpc_status_code status, const char* error_details);
399 
402 typedef struct {
404  const char* service_url;
405 
409  const char* method_name;
410 
413 
415  void* reserved;
417 
421 
424  grpc_auth_metadata_context* context);
425 
428 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
429 
435 typedef struct {
454  int (*get_metadata)(
455  void* state, grpc_auth_metadata_context context,
456  grpc_credentials_plugin_metadata_cb cb, void* user_data,
458  size_t* num_creds_md, grpc_status_code* status,
459  const char** error_details);
460 
463  char* (*debug_string)(void* state);
464 
466  void (*destroy)(void* state);
467 
469  void* state;
470 
472  const char* type;
474 
479  grpc_security_level min_security_level, void* reserved);
480 
491  grpc_channel_credentials* creds, const char* target,
492  const grpc_channel_args* args, void* reserved);
493 
499 
504 
511 
524  const char* pem_root_certs,
526  size_t num_key_cert_pairs);
527 
531 
540  void* user_data, grpc_ssl_server_certificate_config** config);
541 
556  size_t num_key_cert_pairs, int force_client_auth, void* reserved);
557 
564  size_t num_key_cert_pairs,
565  grpc_ssl_client_certificate_request_type client_certificate_request,
566  void* reserved);
567 
570 
579 
590  grpc_ssl_server_certificate_config_callback cb, void* user_data);
591 
595 
601 
608  const char* addr,
609  grpc_server_credentials* creds);
610 
616  grpc_call_credentials* creds);
617 
630  void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
631  const grpc_metadata* response_md, size_t num_response_md,
632  grpc_status_code status, const char* error_details);
633 
635 typedef struct {
640  void (*process)(void* state, grpc_auth_context* context,
641  const grpc_metadata* md, size_t num_md,
642  grpc_process_auth_metadata_done_cb cb, void* user_data);
643  void (*destroy)(void* state);
644  void* state;
646 
649 
661 
668 
675 
685  grpc_alts_credentials_options* options, const char* service_account);
686 
697 
708  const grpc_alts_credentials_options* options);
709 
719  const grpc_alts_credentials_options* options);
720 
735 
746 
753 
758 
764 
770 
777 
784 
792  const char* private_key,
793  const char* cert_chain);
794 
803 
816  const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs);
817 
840  const char* private_key_path, const char* identity_certificate_path,
841  const char* root_cert_path, unsigned int refresh_interval_sec);
842 
850 
856 
865 
875  grpc_tls_server_verification_option server_verification_option);
876 
885 
899 
906  grpc_tls_credentials_options* options, const char* root_cert_name);
907 
916 
923  grpc_tls_credentials_options* options, const char* identity_cert_name);
924 
934 
940 
947 
975  int success;
976  const char* target_name;
977  const char* peer_cert;
978  const char* peer_cert_full_chain;
984  void* context;
985  void (*destroy_context)(void* ctx);
986 };
987 
1010  const void* config_user_data,
1011  int (*schedule)(void* config_user_data,
1013  void (*cancel)(void* config_user_data,
1015  void (*destruct)(void* config_user_data));
1016 
1024 
1033  grpc_tls_credentials_options* options);
1034 
1042  grpc_tls_credentials_options* options);
1043 
1050 
1057 
1072  grpc_channel_credentials* fallback_credentials);
1073 
1086  grpc_server_credentials* fallback_credentials);
1087 
1095 
1109  const char* authz_policy, grpc_status_code* code,
1110  const char** error_details);
1111 
1119 
1120 #ifdef __cplusplus
1121 }
1122 #endif
1123 
1124 #endif /* GRPC_GRPC_SECURITY_H */
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
Definition: ssl_credentials.cc:275
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
Definition: iam_credentials.cc:67
GRPCAPI const grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Returns NULL when the iterator is at the end.
Definition: security_context.cc:178
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
Definition: ssl_credentials.cc:262
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: grpc_security.h:396
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
Definition: ssl_credentials.cc:292
GRPCAPI void grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
Sets the options of whether to request and verify client certs.
Definition: grpc_tls_credentials_options.cc:94
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
Definition: ssl_credentials.cc:237
GRPCAPI void grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options *options, const char *root_cert_name)
Sets the name of the root certificates being watched.
Definition: grpc_tls_credentials_options.cc:124
grpc_server_credentials * grpc_tls_server_credentials_create(grpc_tls_credentials_options *options)
Creates a TLS server credential object based on the grpc_tls_credentials_options specified by callers...
Definition: tls_credentials.cc:126
GRPCAPI grpc_tls_identity_pairs * grpc_tls_identity_pairs_create()
Creates a grpc_tls_identity_pairs that stores a list of identity credential data, including identity ...
Definition: grpc_tls_certificate_distributor.cc:331
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
Definition: grpc_alts_credentials_server_options.cc:39
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return.
Definition: grpc_security.h:428
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: grpc_security.h:629
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
Definition: credentials.cc:115
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.
Definition: local_credentials.cc:62
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
Definition: grpc_alts_credentials_options.cc:38
GRPCAPI grpc_auth_context * grpc_call_auth_context(grpc_call *call)
Gets the auth context from the call.
Definition: security_context.cc:65
GRPCAPI void grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options *options)
If set, gRPC stack will keep watching the identity key-cert pairs with name |identity_cert_name|.
Definition: grpc_tls_credentials_options.cc:130
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
Definition: ssl_utils.cc:506
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
Definition: json_token.cc:47
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(grpc_call_credentials *call_credentials)
Creates default credentials to connect to a google gRPC service.
Definition: google_default_credentials.cc:345
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
Definition: ssl_utils.cc:61
GRPCAPI void grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options *options, grpc_tls_server_authorization_check_config *config)
Sets the configuration for a custom authorization check performed at the end of the handshake.
Definition: grpc_tls_credentials_options.cc:142
GRPCAPI grpc_auth_property_iterator grpc_auth_context_peer_identity(const grpc_auth_context *ctx)
Gets the peer identity.
Definition: security_context.cc:214
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
Definition: ssl_utils.cc:530
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, grpc_security_level min_security_level, void *reserved)
Creates a credentials object from a plugin with a specified minimum security level.
Definition: plugin_credentials.cc:262
GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds)
— Server-side secure ports.
Definition: server_secure_chttp2.cc:69
GRPCAPI void grpc_authorization_policy_provider_release(grpc_authorization_policy_provider *provider)
EXPERIMENTAL - Subject to change.
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options, void *reserved)
Definition: ssl_credentials.cc:148
GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds)
Releases a channel credentials object.
Definition: credentials.cc:42
GRPCAPI const char * grpc_auth_context_peer_identity_property_name(const grpc_auth_context *ctx)
Gets the name of the property that indicates the peer identity.
Definition: security_context.cc:140
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Returns 1 if the peer is authenticated, 0 otherwise.
Definition: security_context.cc:164
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
Definition: alts_credentials.cc:107
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
Definition: ssl_credentials.cc:326
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
— composite credentials.
Definition: composite_credentials.cc:183
GRPCAPI void grpc_tls_credentials_options_set_server_verification_option(grpc_tls_credentials_options *options, grpc_tls_server_verification_option server_verification_option)
Sets the options of whether to choose certain checks, e.g.
Definition: grpc_tls_credentials_options.cc:101
GRPCAPI void grpc_tls_identity_pairs_add_pair(grpc_tls_identity_pairs *pairs, const char *private_key, const char *cert_chain)
Adds a identity private key and a identity certificate chain to grpc_tls_identity_pairs.
Definition: grpc_tls_certificate_distributor.cc:335
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
Definition: local_credentials.cc:52
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: grpc_security.h:108
GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, const char *name, const char *value)
Add a C string property.
Definition: security_context.cc:262
GRPCAPI void grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options *options, const char *identity_cert_name)
Sets the name of the identity certificates being watched.
Definition: grpc_tls_credentials_options.cc:136
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
Definition: ssl_credentials.cc:132
GRPCAPI grpc_authorization_policy_provider * grpc_authorization_policy_provider_static_data_create(const char *authz_policy, grpc_status_code *code, const char **error_details)
EXPERIMENTAL - Subject to change.
GRPCAPI void grpc_auth_metadata_context_copy(grpc_auth_metadata_context *from, grpc_auth_metadata_context *to)
Performs a deep copy from from to to.
Definition: client_auth_filter.cc:119
struct grpc_auth_property grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: grpc_security.h:172
grpc_channel_credentials * grpc_tls_credentials_create(grpc_tls_credentials_options *options)
Creates a TLS channel credential object based on the grpc_tls_credentials_options specified by caller...
Definition: tls_credentials.cc:117
GRPCAPI grpc_server_credentials * grpc_xds_server_credentials_create(grpc_server_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
Definition: xds_credentials.cc:240
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: grpc_security.h:539
GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds)
Releases a server_credentials object.
Definition: credentials.cc:98
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
Definition: composite_credentials.cc:218
GRPCAPI grpc_tls_server_authorization_check_config * grpc_tls_server_authorization_check_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_server_authorization_check_config instance.
Definition: grpc_tls_credentials_options.cc:152
GRPCAPI void grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options *options)
If set, gRPC stack will keep watching the root certificates with name |root_cert_name|.
Definition: grpc_tls_credentials_options.cc:118
GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, const char *value, size_t value_length)
– The following auth context methods should only be called by a server metadata
Definition: security_context.cc:242
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client's ALTS credentials options instance.
Definition: grpc_alts_credentials_client_options.cc:47
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name)
Sets the property name.
Definition: security_context.cc:147
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Finds a property in the context.
Definition: security_context.cc:203
GRPCAPI void grpc_tls_server_authorization_check_config_release(grpc_tls_server_authorization_check_config *config)
Releases a grpc_tls_server_authorization_check_config object.
Definition: grpc_tls_credentials_options.cc:170
GRPCAPI grpc_call_credentials * grpc_sts_credentials_create(const grpc_sts_credentials_options *options, void *reserved)
Creates an STS credentials following the STS Token Exchanged specifed in the IETF draft https://tools...
Definition: oauth2_credentials.cc:697
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
Definition: oauth2_credentials.cc:500
GRPCAPI void grpc_tls_certificate_provider_release(grpc_tls_certificate_provider *provider)
Releases a grpc_tls_certificate_provider object.
Definition: grpc_tls_certificate_provider.cc:399
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
Definition: ssl_credentials.cc:379
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was acquired by an out of band m...
Definition: oauth2_credentials.cc:748
GRPCAPI void grpc_auth_context_release(grpc_auth_context *context)
Releases the auth context returned from grpc_call_auth_context.
Definition: security_context.cc:90
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds)
— Call specific credentials.
Definition: security_context.cc:42
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_file_watcher_create(const char *private_key_path, const char *identity_certificate_path, const char *root_cert_path, unsigned int refresh_interval_sec)
Creates a grpc_tls_certificate_provider that will watch the credential changes on the file system.
Definition: grpc_tls_certificate_provider.cc:389
void(* grpc_tls_on_server_authorization_check_done_cb)(grpc_tls_server_authorization_check_arg *arg)
callback function provided by gRPC used to handle the result of server authorization check.
Definition: grpc_security.h:945
GRPCAPI grpc_channel_credentials * grpc_xds_credentials_create(grpc_channel_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
Definition: xds_credentials.cc:234
GRPCAPI void grpc_tls_identity_pairs_destroy(grpc_tls_identity_pairs *pairs)
Destroys a grpc_tls_identity_pairs object.
Definition: grpc_tls_certificate_distributor.cc:344
grpc_channel_credentials * grpc_insecure_credentials_create()
EXPERIMENTAL API - Subject to change.
Definition: insecure_credentials.cc:58
GRPCAPI grpc_channel * grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved)
— Secure channel creation.
Definition: secure_channel_create.cc:173
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create(void)
Creates an grpc_tls_credentials_options.
Definition: grpc_tls_credentials_options.cc:89
GRPCAPI void grpc_auth_metadata_context_reset(grpc_auth_metadata_context *context)
Releases internal resources held by context.
Definition: client_auth_filter.cc:132
grpc_server_credentials * grpc_insecure_server_credentials_create()
EXPERIMENTAL API - Subject to change.
Definition: insecure_credentials.cc:62
GRPCAPI void grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options *options, grpc_tls_certificate_provider *provider)
Sets the credential provider in the options.
Definition: grpc_tls_credentials_options.cc:108
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
Definition: ssl_credentials.cc:315
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
Definition: alts_credentials.cc:101
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
Definition: grpc_alts_credentials_client_options.cc:75
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
Definition: ssl_utils.cc:501
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
Definition: jwt_credentials.cc:154
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
Releases a call credentials object.
Definition: credentials.cc:48
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
Definition: ssl_credentials.cc:350
struct grpc_auth_property_iterator grpc_auth_property_iterator
GRPCAPI grpc_auth_property_iterator grpc_auth_context_property_iterator(const grpc_auth_context *ctx)
Iterates over the auth context.
Definition: security_context.cc:169
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_static_data_create(const char *root_certificate, grpc_tls_identity_pairs *pem_key_cert_pairs)
Creates a grpc_tls_certificate_provider that will load credential data from static string during init...
Definition: grpc_tls_certificate_provider.cc:371
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
Definition: oauth2_credentials.cc:419
GRPCAPI grpc_call_credentials * grpc_external_account_credentials_create(const char *json_string, const char *scopes_string)
Builds External Account credentials.
Definition: external_account_credentials.cc:477
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:77
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:155
grpc_security_level
Definition: grpc_security_constants.h:129
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:71
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:64
grpc_tls_server_verification_option
Definition: grpc_security_constants.h:137
grpc_call_error
Result of a grpc call.
Definition: grpc_types.h:441
#define GRPCAPI
Definition: port_platform.h:562
grpc_status_code
Definition: status.h:26
RefCountedPtr< LoadBalancingPolicy::Config > config
Definition: priority.cc:60
Analogous to struct timespec.
Definition: gpr_types.h:47
Definition: grpc_alts_credentials_options.h:35
A single argument...
Definition: grpc_types.h:103
Definition: security_context.h:51
Context that can be used by metadata credentials plugin in order to create auth related metadata.
Definition: grpc_security.h:402
void * reserved
Reserved for future use.
Definition: grpc_security.h:415
const char * service_url
The fully qualifed service url.
Definition: grpc_security.h:404
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server's identity.
Definition: grpc_security.h:412
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: grpc_security.h:409
Pluggable server-side metadata processor object.
Definition: grpc_security.h:635
void * state
Definition: grpc_security.h:644
Definition: grpc_security.h:36
const char * name
Definition: grpc_security.h:39
const grpc_auth_context * ctx
Definition: grpc_security.h:37
size_t index
Definition: grpc_security.h:38
value, if not NULL, is guaranteed to be NULL terminated.
Definition: grpc_security.h:43
size_t value_length
Definition: grpc_security.h:46
char * name
Definition: grpc_security.h:44
char * value
Definition: grpc_security.h:45
Definition: authorization_policy_provider.h:24
Definition: credentials.h:173
Definition: call.cc:139
An array of arguments that can be passed around.
Definition: grpc_types.h:132
Definition: credentials.h:102
Definition: channel.h:105
grpc_metadata_credentials plugin is an API user provided structure used to create grpc_credentials ob...
Definition: grpc_security.h:435
void * state
State that will be set as the first parameter of the methods above.
Definition: grpc_security.h:469
const char * type
Type of credentials that this plugin is implementing.
Definition: grpc_security.h:472
A single metadata element.
Definition: grpc_types.h:519
Definition: credentials.h:224
Definition: server.h:450
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:184
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client's private key.
Definition: grpc_security.h:187
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chai...
Definition: grpc_security.h:191
Definition: ssl_credentials.h:54
size_t num_key_cert_pairs
Definition: ssl_credentials.h:56
grpc_ssl_pem_key_cert_pair * pem_key_cert_pairs
Definition: ssl_credentials.h:55
char * pem_root_certs
Definition: ssl_credentials.h:57
Definition: ssl_credentials.cc:167
grpc_ssl_server_certificate_config * certificate_config
Definition: ssl_credentials.cc:169
grpc_ssl_client_certificate_request_type client_certificate_request
Definition: ssl_credentials.cc:168
Object that holds additional peer-verification options on a secure channel.
Definition: grpc_security.h:218
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:229
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools....
Definition: grpc_security.h:366
const char * requested_token_type
Definition: grpc_security.h:371
const char * scope
Definition: grpc_security.h:370
const char * actor_token_type
Definition: grpc_security.h:375
const char * subject_token_path
Definition: grpc_security.h:372
const char * subject_token_type
Definition: grpc_security.h:373
const char * actor_token_path
Definition: grpc_security.h:374
const char * audience
Definition: grpc_security.h:369
const char * token_exchange_service_uri
Definition: grpc_security.h:367
const char * resource
Definition: grpc_security.h:368
Definition: grpc_tls_certificate_provider.h:45
Definition: grpc_tls_credentials_options.h:102
Definition: grpc_tls_credentials_options.h:34
Definition: grpc_tls_certificate_distributor.h:31
grpc_core::PemKeyCertPairList pem_key_cert_pairs
Definition: grpc_tls_certificate_distributor.h:32
A struct containing all information necessary to schedule/cancel a server authorization check request...
Definition: grpc_security.h:972
grpc_tls_error_details * error_details
Definition: grpc_security.h:982
void * cb_user_data
Definition: grpc_security.h:974
int success
Definition: grpc_security.h:975
const char * target_name
Definition: grpc_security.h:976
grpc_tls_server_authorization_check_config * config
Definition: grpc_security.h:983
grpc_tls_on_server_authorization_check_done_cb cb
Definition: grpc_security.h:973
void * context
Definition: grpc_security.h:984
size_t subject_alternative_names_size
Definition: grpc_security.h:980
const char * peer_cert_full_chain
Definition: grpc_security.h:978
const char * peer_cert
Definition: grpc_security.h:977
char ** subject_alternative_names
Definition: grpc_security.h:979
grpc_status_code status
Definition: grpc_security.h:981
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:985
TLS server authorization check config.
Definition: grpc_tls_credentials_options.h:48
Deprecated in favor of grpc_ssl_verify_peer_options.
Definition: grpc_security.h:198
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:209
DiscoveryMechanismType type
Definition: xds_cluster_resolver.cc:73