19 #ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_SSL_UTILS_H
20 #define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_SSL_UTILS_H
26 #include "absl/strings/str_split.h"
27 #include "absl/strings/string_view.h"
44 #define GRPC_SSL_URL_SCHEME "https"
54 absl::string_view other_target_name,
55 absl::string_view overridden_target_name,
56 absl::string_view other_overridden_target_name);
59 absl::string_view target_name,
60 absl::string_view overridden_target_name,
74 const char* security_level);
92 bool skip_server_certificate_verification,
tsi_tls_version min_tls_version,
98 const char* pem_root_certs,
105 const tsi_peer* peer,
const char* transport_security_type);
110 absl::string_view peer_name);
134 static void InitRootStore();
137 static void InitRootStoreOnce();
153 private_key_ = std::move(other.private_key_);
154 cert_chain_ = std::move(other.cert_chain_);
157 private_key_ = std::move(other.private_key_);
158 cert_chain_ = std::move(other.cert_chain_);
177 const std::string&
cert_chain()
const {
return cert_chain_; }
180 std::string private_key_;
181 std::string cert_chain_;
Definition: ssl_utils.h:116
static const char * GetPemRootCerts()
Definition: ssl_utils.cc:553
static const tsi_ssl_root_certs_store * GetRootStore()
Definition: ssl_utils.cc:548
static grpc_slice ComputePemRootCerts()
Definition: ssl_utils.cc:561
Definition: ssl_utils.h:146
PemKeyCertPair(PemKeyCertPair &&other) noexcept
Definition: ssl_utils.h:152
const std::string & cert_chain() const
Definition: ssl_utils.h:177
bool operator==(const PemKeyCertPair &other) const
Definition: ssl_utils.h:171
PemKeyCertPair & operator=(const PemKeyCertPair &other)
Definition: ssl_utils.h:165
PemKeyCertPair & operator=(PemKeyCertPair &&other) noexcept
Definition: ssl_utils.h:156
PemKeyCertPair(const PemKeyCertPair &other)
Definition: ssl_utils.h:163
const std::string & private_key() const
Definition: ssl_utils.h:176
PemKeyCertPair(absl::string_view private_key, absl::string_view cert_chain)
Definition: ssl_utils.h:148
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:77
grpc_security_level
Definition: grpc_security_constants.h:129
grpc_tls_version
The TLS versions that are supported by the SSL stack.
Definition: grpc_security_constants.h:158
grpc_error_handle error
Definition: lame_client.cc:54
Round Robin Policy.
Definition: backend_metric.cc:26
absl::InlinedVector< grpc_core::PemKeyCertPair, 1 > PemKeyCertPairList
Definition: ssl_utils.h:184
grpc_security_status
Definition: security_connector.h:38
struct tsi_ssl_session_cache tsi_ssl_session_cache
Definition: ssl_transport_security.h:66
grpc_core::RefCountedPtr< grpc_auth_context > grpc_ssl_peer_to_auth_context(const tsi_peer *peer, const char *transport_security_type)
Definition: ssl_utils.cc:261
const char ** grpc_fill_alpn_protocol_strings(size_t *num_alpn_protocols)
Definition: ssl_utils.cc:205
grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init(tsi_ssl_pem_key_cert_pair *key_cert_pair, const char *pem_root_certs, bool skip_server_certificate_verification, tsi_tls_version min_tls_version, tsi_tls_version max_tls_version, tsi_ssl_session_cache *ssl_session_cache, tsi_ssl_client_handshaker_factory **handshaker_factory)
Definition: ssl_utils.cc:415
grpc_security_level grpc_tsi_security_level_string_to_enum(const char *security_level)
Definition: ssl_utils.cc:95
int grpc_ssl_host_matches_name(const tsi_peer *peer, absl::string_view peer_name)
Definition: ssl_utils.cc:216
tsi_client_certificate_request_type grpc_get_tsi_client_certificate_request_type(grpc_ssl_client_certificate_request_type grpc_request_type)
Definition: ssl_utils.cc:120
grpc_error_handle grpc_ssl_check_peer_name(absl::string_view peer_name, const tsi_peer *peer)
Definition: ssl_utils.cc:172
grpc_error_handle grpc_ssl_check_alpn(const tsi_peer *peer)
Definition: ssl_utils.cc:155
const char * grpc_get_ssl_cipher_suites(void)
Definition: ssl_utils.cc:90
const char * grpc_security_level_to_string(grpc_security_level security_level)
Definition: ssl_utils.cc:105
tsi_peer grpc_shallow_peer_from_ssl_auth_context(const grpc_auth_context *auth_context)
Definition: ssl_utils.cc:357
void grpc_shallow_peer_destruct(tsi_peer *peer)
Definition: ssl_utils.cc:411
int grpc_ssl_cmp_target_name(absl::string_view target_name, absl::string_view other_target_name, absl::string_view overridden_target_name, absl::string_view other_overridden_target_name)
Definition: ssl_utils.cc:231
tsi_tls_version grpc_get_tsi_tls_version(grpc_tls_version tls_version)
Definition: ssl_utils.cc:143
bool grpc_ssl_check_call_host(absl::string_view host, absl::string_view target_name, absl::string_view overridden_target_name, grpc_auth_context *auth_context, grpc_error_handle *error)
Definition: ssl_utils.cc:183
bool grpc_check_security_level(grpc_security_level channel_level, grpc_security_level call_cred_level)
Definition: ssl_utils.cc:114
grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(tsi_ssl_pem_key_cert_pair *key_cert_pairs, size_t num_key_cert_pairs, const char *pem_root_certs, grpc_ssl_client_certificate_request_type client_certificate_request, tsi_tls_version min_tls_version, tsi_tls_version max_tls_version, tsi_ssl_server_handshaker_factory **handshaker_factory)
Definition: ssl_utils.cc:467
Definition: security_context.h:51
Definition: error_internal.h:41
A grpc_slice s, if initialized, represents the byte range s.bytes[0..s.length-1].
Definition: slice.h:60
Definition: transport_security_interface.h:216
Definition: ssl_transport_security.cc:92
Definition: ssl_transport_security.h:86
Definition: ssl_transport_security.cc:83
Definition: ssl_transport_security.cc:100
tsi_tls_version
Definition: transport_security_interface.h:67
tsi_client_certificate_request_type
Definition: transport_security_interface.h:58