GRPC Core  18.0.0
grpc_tls_credentials_options.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2018 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
20 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
21 
23 
24 #include <grpc/grpc_security.h>
25 
26 #include "absl/container/inlined_vector.h"
27 
32 
34  : public grpc_core::RefCounted<grpc_tls_error_details> {
35  public:
36  grpc_tls_error_details() : error_details_("") {}
37  void set_error_details(const char* err_details) {
38  error_details_ = err_details;
39  }
40  const std::string& error_details() { return error_details_; }
41 
42  private:
43  std::string error_details_;
44 };
45 
48  : public grpc_core::RefCounted<grpc_tls_server_authorization_check_config> {
49  public:
51  const void* config_user_data,
52  int (*schedule)(void* config_user_data,
54  void (*cancel)(void* config_user_data,
56  void (*destruct)(void* config_user_data));
58 
59  void* context() const { return context_; }
60 
61  void set_context(void* context) { context_ = context; }
62 
64 
66 
67  private:
72  void* context_ = nullptr;
75  void* config_user_data_;
76 
86  int (*schedule_)(void* config_user_data,
88 
90  void (*cancel_)(void* config_user_data,
92 
95  void (*destruct_)(void* config_user_data);
96 };
97 
98 // Contains configurable options specified by callers to configure their certain
99 // security features supported in TLS.
100 // TODO(ZhenLian): consider making this not ref-counted.
102  : public grpc_core::RefCounted<grpc_tls_credentials_options> {
103  public:
104  ~grpc_tls_credentials_options() override = default;
105 
106  // Getters for member fields.
108  return cert_request_type_;
109  }
111  return server_verification_option_;
112  }
113  grpc_tls_version min_tls_version() const { return min_tls_version_; }
114  grpc_tls_version max_tls_version() const { return max_tls_version_; }
117  return server_authorization_check_config_.get();
118  }
119  // Returns the distributor from provider_ if it is set, nullptr otherwise.
121  if (provider_ != nullptr) return provider_->distributor().get();
122  return nullptr;
123  }
124  bool watch_root_cert() { return watch_root_cert_; }
125  const std::string& root_cert_name() { return root_cert_name_; }
126  bool watch_identity_pair() { return watch_identity_pair_; }
127  const std::string& identity_cert_name() { return identity_cert_name_; }
128 
129  // Setters for member fields.
132  cert_request_type_ = type;
133  }
136  server_verification_option_ = server_verification_option;
137  }
139  min_tls_version_ = min_tls_version;
140  }
142  max_tls_version_ = max_tls_version;
143  }
146  config) {
147  server_authorization_check_config_ = std::move(config);
148  }
149  // Sets the provider in the options.
152  provider_ = std::move(provider);
153  }
154  // If need to watch the updates of root certificates with name
155  // |root_cert_name|. The default value is false. If used in tls_credentials,
156  // it should always be set to true unless the root certificates are not
157  // needed.
158  void set_watch_root_cert(bool watch) { watch_root_cert_ = watch; }
159  // Sets the name of root certificates being watched, if |set_watch_root_cert|
160  // is called. If not set, an empty string will be used as the name.
161  void set_root_cert_name(std::string root_cert_name) {
162  root_cert_name_ = std::move(root_cert_name);
163  }
164  // If need to watch the updates of identity certificates with name
165  // |identity_cert_name|.
166  // The default value is false.
167  // If used in tls_credentials, it should always be set to true
168  // unless the identity key-cert pairs are not needed.
169  void set_watch_identity_pair(bool watch) { watch_identity_pair_ = watch; }
170  // Sets the name of identity key-cert pairs being watched, if
171  // |set_watch_identity_pair| is called. If not set, an empty string will
172  // be used as the name.
174  identity_cert_name_ = std::move(identity_cert_name);
175  }
176 
177  private:
178  grpc_ssl_client_certificate_request_type cert_request_type_ =
180  grpc_tls_server_verification_option server_verification_option_ =
182  grpc_tls_version min_tls_version_ = grpc_tls_version::TLS1_2;
183  grpc_tls_version max_tls_version_ = grpc_tls_version::TLS1_3;
185  server_authorization_check_config_;
187  bool watch_root_cert_ = false;
188  std::string root_cert_name_;
189  bool watch_identity_pair_ = false;
190  std::string identity_cert_name_;
191 };
192 
193 #endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
Definition: ref_counted.h:282
T * get() const
Definition: ref_counted_ptr.h:147
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:77
@ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE
Server does not request client certificate.
Definition: grpc_security_constants.h:82
grpc_tls_server_verification_option
Definition: grpc_security_constants.h:137
@ GRPC_TLS_SERVER_VERIFICATION
Default option: performs server certificate verification and hostname verification.
Definition: grpc_security_constants.h:140
grpc_tls_version
The TLS versions that are supported by the SSL stack.
Definition: grpc_security_constants.h:158
@ TLS1_2
Definition: grpc_security_constants.h:158
@ TLS1_3
Definition: grpc_security_constants.h:158
RefCountedPtr< LoadBalancingPolicy::Config > config
Definition: priority.cc:60
Definition: grpc_tls_certificate_distributor.h:37
virtual grpc_core::RefCountedPtr< grpc_tls_certificate_distributor > distributor() const =0
Definition: grpc_tls_credentials_options.h:102
grpc_tls_server_verification_option server_verification_option() const
Definition: grpc_tls_credentials_options.h:110
void set_server_authorization_check_config(grpc_core::RefCountedPtr< grpc_tls_server_authorization_check_config > config)
Definition: grpc_tls_credentials_options.h:144
void set_root_cert_name(std::string root_cert_name)
Definition: grpc_tls_credentials_options.h:161
grpc_ssl_client_certificate_request_type cert_request_type() const
Definition: grpc_tls_credentials_options.h:107
void set_server_verification_option(const grpc_tls_server_verification_option server_verification_option)
Definition: grpc_tls_credentials_options.h:134
void set_max_tls_version(grpc_tls_version max_tls_version)
Definition: grpc_tls_credentials_options.h:141
bool watch_identity_pair()
Definition: grpc_tls_credentials_options.h:126
grpc_tls_version min_tls_version() const
Definition: grpc_tls_credentials_options.h:113
void set_cert_request_type(const grpc_ssl_client_certificate_request_type type)
Definition: grpc_tls_credentials_options.h:130
grpc_tls_server_authorization_check_config * server_authorization_check_config() const
Definition: grpc_tls_credentials_options.h:116
~grpc_tls_credentials_options() override=default
void set_watch_root_cert(bool watch)
Definition: grpc_tls_credentials_options.h:158
grpc_tls_certificate_distributor * certificate_distributor()
Definition: grpc_tls_credentials_options.h:120
grpc_tls_version max_tls_version() const
Definition: grpc_tls_credentials_options.h:114
void set_certificate_provider(grpc_core::RefCountedPtr< grpc_tls_certificate_provider > provider)
Definition: grpc_tls_credentials_options.h:150
const std::string & root_cert_name()
Definition: grpc_tls_credentials_options.h:125
const std::string & identity_cert_name()
Definition: grpc_tls_credentials_options.h:127
bool watch_root_cert()
Definition: grpc_tls_credentials_options.h:124
void set_identity_cert_name(std::string identity_cert_name)
Definition: grpc_tls_credentials_options.h:173
void set_min_tls_version(grpc_tls_version min_tls_version)
Definition: grpc_tls_credentials_options.h:138
void set_watch_identity_pair(bool watch)
Definition: grpc_tls_credentials_options.h:169
Definition: grpc_tls_credentials_options.h:34
grpc_tls_error_details()
Definition: grpc_tls_credentials_options.h:36
void set_error_details(const char *err_details)
Definition: grpc_tls_credentials_options.h:37
const std::string & error_details()
Definition: grpc_tls_credentials_options.h:40
A struct containing all information necessary to schedule/cancel a server authorization check request...
Definition: grpc_security.h:972
TLS server authorization check config.
Definition: grpc_tls_credentials_options.h:48
void * context() const
Definition: grpc_tls_credentials_options.h:59
void Cancel(grpc_tls_server_authorization_check_arg *arg) const
Definition: grpc_tls_credentials_options.cc:70
int Schedule(grpc_tls_server_authorization_check_arg *arg) const
Definition: grpc_tls_credentials_options.cc:53
~grpc_tls_server_authorization_check_config() override
Definition: grpc_tls_credentials_options.cc:47
grpc_tls_server_authorization_check_config(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*destruct)(void *config_user_data))
– gRPC TLS server authorization check API implementation.
Definition: grpc_tls_credentials_options.cc:34
void set_context(void *context)
Definition: grpc_tls_credentials_options.h:61
DiscoveryMechanismType type
Definition: xds_cluster_resolver.cc:73