19 #ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_TLS_SECURITY_CONNECTOR_H
20 #define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_TLS_SECURITY_CONNECTOR_H
29 #define GRPC_TLS_TRANSPORT_SECURITY_TYPE "tls"
43 const char* target_name,
const char* overridden_target_name,
50 const char* target_name,
const char* overridden_target_name,
80 return client_handshaker_factory_;
85 return pem_root_certs_;
90 return pem_key_cert_pair_list_;
98 TlsCertificatesWatcherInterface {
100 explicit TlsChannelCertificateWatcher(
102 : security_connector_(security_connector) {}
103 void OnCertificatesChanged(
104 absl::optional<absl::string_view> root_certs,
105 absl::optional<PemKeyCertPairList> key_cert_pairs)
override;
116 ABSL_EXCLUSIVE_LOCKS_REQUIRED(mu_);
120 static
void ServerAuthorizationCheckDone(
129 ServerAuthorizationCheckArgCreate(
void* user_data);
132 static
void ServerAuthorizationCheckArgDestroy(
137 certificate_watcher_ =
nullptr;
139 std::
string target_name_;
140 std::
string overridden_target_name_;
145 ABSL_GUARDED_BY(mu_) =
nullptr;
147 absl::optional<absl::string_view> pem_root_certs_ ABSL_GUARDED_BY(mu_);
149 ABSL_GUARDED_BY(mu_);
157 CreateTlsServerSecurityConnector(
184 return server_handshaker_factory_;
189 return pem_root_certs_;
194 return pem_key_cert_pair_list_;
202 TlsCertificatesWatcherInterface {
204 explicit TlsServerCertificateWatcher(
206 : security_connector_(security_connector) {}
207 void OnCertificatesChanged(
208 absl::optional<absl::string_view> root_certs,
209 absl::optional<PemKeyCertPairList> key_cert_pairs)
override;
214 TlsServerSecurityConnector* security_connector_ =
nullptr;
220 ABSL_EXCLUSIVE_LOCKS_REQUIRED(mu_);
224 certificate_watcher_ =
nullptr;
228 ABSL_GUARDED_BY(mu_) =
nullptr;
229 absl::optional<absl::string_view> pem_root_certs_ ABSL_GUARDED_BY(mu_);
231 ABSL_GUARDED_BY(mu_);
Definition: security_connector.h:94
const grpc_call_credentials * request_metadata_creds() const
Definition: security_connector.h:128
const grpc_channel_credentials * channel_creds() const
Definition: security_connector.h:122
Definition: handshaker.h:92
friend class RefCountedPtr
Definition: ref_counted.h:337
Definition: ref_counted_ptr.h:35
Definition: tls_security_connector.h:35
void add_handshakers(const grpc_channel_args *args, grpc_pollset_set *interested_parties, HandshakeManager *handshake_mgr) override
Registers handshakers with handshake_mgr.
Definition: tls_security_connector.cc:171
void cancel_check_peer(grpc_closure *, grpc_error_handle error) override
Definition: tls_security_connector.h:63
int cmp(const grpc_security_connector *other_sc) const override
Definition: tls_security_connector.cc:304
static RefCountedPtr< grpc_channel_security_connector > CreateTlsChannelSecurityConnector(RefCountedPtr< grpc_channel_credentials > channel_creds, RefCountedPtr< grpc_tls_credentials_options > options, RefCountedPtr< grpc_call_credentials > request_metadata_creds, const char *target_name, const char *overridden_target_name, tsi_ssl_session_cache *ssl_session_cache)
Definition: tls_security_connector.cc:72
absl::optional< absl::string_view > RootCertsForTesting()
Definition: tls_security_connector.h:83
void check_peer(tsi_peer peer, grpc_endpoint *ep, RefCountedPtr< grpc_auth_context > *auth_context, grpc_closure *on_peer_checked) override
Definition: tls_security_connector.cc:198
tsi_ssl_client_handshaker_factory * ClientHandshakerFactoryForTesting()
Definition: tls_security_connector.h:78
bool check_call_host(absl::string_view host, grpc_auth_context *auth_context, grpc_closure *on_call_host_checked, grpc_error_handle *error) override
Checks that the host that will be set for a call is acceptable.
Definition: tls_security_connector.cc:316
~TlsChannelSecurityConnector() override
Definition: tls_security_connector.cc:153
absl::optional< PemKeyCertPairList > KeyCertPairListForTesting()
Definition: tls_security_connector.h:88
TlsChannelSecurityConnector(RefCountedPtr< grpc_channel_credentials > channel_creds, RefCountedPtr< grpc_tls_credentials_options > options, RefCountedPtr< grpc_call_credentials > request_metadata_creds, const char *target_name, const char *overridden_target_name, tsi_ssl_session_cache *ssl_session_cache)
Definition: tls_security_connector.cc:102
void cancel_check_call_host(grpc_closure *on_call_host_checked, grpc_error_handle error) override
Cancels a pending asynchronous call to grpc_channel_security_connector_check_call_host() with on_call...
Definition: tls_security_connector.cc:330
Definition: tls_security_connector.h:153
void cancel_check_peer(grpc_closure *, grpc_error_handle error) override
Definition: tls_security_connector.h:174
const absl::optional< PemKeyCertPairList > & KeyCertPairListForTesting()
Definition: tls_security_connector.h:192
tsi_ssl_server_handshaker_factory * ServerHandshakerFactoryForTesting()
Definition: tls_security_connector.h:182
const absl::optional< absl::string_view > & RootCertsForTesting()
Definition: tls_security_connector.h:187
Definition: security_connector.h:48
Definition: security_connector.h:156
#define GRPC_ERROR_UNREF(err)
Definition: error.h:254
grpc_error_handle error
Definition: lame_client.cc:54
grpc_error_handle TlsCheckHostName(const char *peer_name, const tsi_peer *peer)
Definition: tls_security_connector.cc:670
Round Robin Policy.
Definition: backend_metric.cc:26
absl::InlinedVector< grpc_core::PemKeyCertPair, 1 > PemKeyCertPairList
Definition: ssl_utils.h:184
Definition: async_unary_call.h:398
struct grpc_pollset_set grpc_pollset_set
Definition: pollset_set.h:31
grpc_security_status
Definition: security_connector.h:38
struct tsi_ssl_session_cache tsi_ssl_session_cache
Definition: ssl_transport_security.h:66
Definition: security_context.h:51
An array of arguments that can be passed around.
Definition: grpc_types.h:132
A closure over a grpc_iomgr_cb_func.
Definition: closure.h:56
Definition: endpoint.h:106
Definition: error_internal.h:41
Definition: grpc_tls_certificate_distributor.h:37
Definition: grpc_tls_credentials_options.h:102
A struct containing all information necessary to schedule/cancel a server authorization check request...
Definition: grpc_security.h:972
Definition: transport_security_interface.h:216
Definition: ssl_transport_security.cc:92
Definition: ssl_transport_security.cc:100