GRPC Core  18.0.0
ssl_credentials.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2016 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H
19 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H
20 
22 
24 
26 
28  public:
29  grpc_ssl_credentials(const char* pem_root_certs,
30  grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
31  const grpc_ssl_verify_peer_options* verify_options);
32 
33  ~grpc_ssl_credentials() override;
34 
38  const char* target, const grpc_channel_args* args,
39  grpc_channel_args** new_args) override;
40 
41  // TODO(mattstev): Plumb to wrapped languages. Until then, setting the TLS
42  // version should be done for testing purposes only.
43  void set_min_tls_version(grpc_tls_version min_tls_version);
44  void set_max_tls_version(grpc_tls_version max_tls_version);
45 
46  private:
47  void build_config(const char* pem_root_certs,
48  grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
49  const grpc_ssl_verify_peer_options* verify_options);
50 
51  grpc_ssl_config config_;
52 };
53 
56  size_t num_key_cert_pairs = 0;
57  char* pem_root_certs = nullptr;
58 };
59 
62  void* user_data;
63 };
64 
66  public:
70 
72  create_security_connector(const grpc_channel_args* /* args */) override;
73 
74  bool has_cert_config_fetcher() const {
75  return certificate_config_fetcher_.cb != nullptr;
76  }
77 
81  return certificate_config_fetcher_.cb(certificate_config_fetcher_.user_data,
82  config);
83  }
84 
85  // TODO(mattstev): Plumb to wrapped languages. Until then, setting the TLS
86  // version should be done for testing purposes only.
87  void set_min_tls_version(grpc_tls_version min_tls_version);
88  void set_max_tls_version(grpc_tls_version max_tls_version);
89 
90  const grpc_ssl_server_config& config() const { return config_; }
91 
92  private:
93  void build_config(
94  const char* pem_root_certs,
95  grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs,
96  grpc_ssl_client_certificate_request_type client_certificate_request);
97 
98  grpc_ssl_server_config config_;
99  grpc_ssl_server_certificate_config_fetcher certificate_config_fetcher_;
100 };
101 
103  const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
104  size_t num_key_cert_pairs);
105 
107  size_t num_key_cert_pairs);
108 
109 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H */
Definition: ref_counted_ptr.h:35
Definition: ssl_credentials.h:27
void set_max_tls_version(grpc_tls_version max_tls_version)
Definition: ssl_credentials.cc:125
void set_min_tls_version(grpc_tls_version min_tls_version)
Definition: ssl_credentials.cc:120
grpc_core::RefCountedPtr< grpc_channel_security_connector > create_security_connector(grpc_core::RefCountedPtr< grpc_call_credentials > call_creds, const char *target, const grpc_channel_args *args, grpc_channel_args **new_args) override
Definition: ssl_credentials.cc:64
grpc_ssl_credentials(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options)
Definition: ssl_credentials.cc:47
~grpc_ssl_credentials() override
Definition: ssl_credentials.cc:54
Definition: ssl_credentials.h:65
grpc_core::RefCountedPtr< grpc_server_security_connector > create_security_connector(const grpc_channel_args *) override
Definition: ssl_credentials.cc:193
bool has_cert_config_fetcher() const
Definition: ssl_credentials.h:74
~grpc_ssl_server_credentials() override
Definition: ssl_credentials.cc:187
const grpc_ssl_server_config & config() const
Definition: ssl_credentials.h:90
void set_min_tls_version(grpc_tls_version min_tls_version)
Definition: ssl_credentials.cc:227
grpc_ssl_certificate_config_reload_status FetchCertConfig(grpc_ssl_server_certificate_config **config)
Definition: ssl_credentials.h:78
grpc_ssl_server_credentials(const grpc_ssl_server_credentials_options &options)
Definition: ssl_credentials.cc:173
void set_max_tls_version(grpc_tls_version max_tls_version)
Definition: ssl_credentials.cc:232
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: grpc_security.h:539
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:77
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:71
grpc_tls_version
The TLS versions that are supported by the SSL stack.
Definition: grpc_security_constants.h:158
#define GPR_DEBUG_ASSERT(x)
Definition: log.h:101
void grpc_tsi_ssl_pem_key_cert_pairs_destroy(tsi_ssl_pem_key_cert_pair *kp, size_t num_key_cert_pairs)
Definition: ssl_credentials.cc:37
tsi_ssl_pem_key_cert_pair * grpc_convert_grpc_to_tsi_cert_pairs(const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Definition: ssl_credentials.cc:198
An array of arguments that can be passed around.
Definition: grpc_types.h:132
Definition: credentials.h:102
Definition: credentials.h:224
Definition: ssl_security_connector.h:32
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:184
Definition: ssl_credentials.h:60
void * user_data
Definition: ssl_credentials.h:62
grpc_ssl_server_certificate_config_callback cb
Definition: ssl_credentials.h:61
Definition: ssl_credentials.h:54
size_t num_key_cert_pairs
Definition: ssl_credentials.h:56
grpc_ssl_pem_key_cert_pair * pem_key_cert_pairs
Definition: ssl_credentials.h:55
char * pem_root_certs
Definition: ssl_credentials.h:57
Definition: ssl_security_connector.h:62
Definition: ssl_credentials.cc:167
Object that holds additional peer-verification options on a secure channel.
Definition: grpc_security.h:218
Definition: ssl_transport_security.h:86