GRPC C++  1.39.1
grpc_security.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_GRPC_SECURITY_H
20 #define GRPC_GRPC_SECURITY_H
21 
23 
24 #include <grpc/grpc.h>
26 #include <grpc/status.h>
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31 
35 
38  size_t index;
39  const char* name;
41 
43 typedef struct grpc_auth_property {
44  char* name;
45  char* value;
46  size_t value_length;
48 
52 
56 
61 
65  const grpc_auth_context* ctx, const char* name);
66 
70  const grpc_auth_context* ctx);
71 
74  const grpc_auth_context* ctx);
75 
79 
82 
90  const char* name, const char* value,
91  size_t value_length);
92 
95  const char* name,
96  const char* value);
97 
101  grpc_auth_context* ctx, const char* name);
102 
109 
113  size_t capacity);
114 
117 
121 
129 
133 
140 
144 
164  grpc_call_credentials* call_credentials);
165 
173  char** pem_root_certs);
174 
182 
184 typedef struct {
187  const char* private_key;
188 
191  const char* cert_chain;
193 
198 typedef struct {
205  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
206  void* userdata);
213  void (*verify_peer_destruct)(void* userdata);
215 
218 typedef struct {
225  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
226  void* userdata);
233  void (*verify_peer_destruct)(void* userdata);
235 
267  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
268  const verify_peer_options* verify_options, void* reserved);
269 
270 /* Creates an SSL credentials object.
271  The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
272  - pem_root_certs is the NULL-terminated string containing the PEM encoding
273  of the server root certificates. If this parameter is NULL, the
274  implementation will first try to dereference the file pointed by the
275  GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
276  try to get the roots set by grpc_override_ssl_default_roots. Eventually,
277  if all these fail, it will try to get the roots from a well-known place on
278  disk (in the grpc install directory).
279 
280  gRPC has implemented root cache if the underlying OpenSSL library supports
281  it. The gRPC root certificates cache is only applicable on the default
282  root certificates, which is used when this parameter is nullptr. If user
283  provides their own pem_root_certs, when creating an SSL credential object,
284  gRPC would not be able to cache it, and each subchannel will generate a
285  copy of the root store. So it is recommended to avoid providing large room
286  pem with pem_root_certs parameter to avoid excessive memory consumption,
287  particularly on mobile platforms such as iOS.
288  - pem_key_cert_pair is a pointer on the object containing client's private
289  key and certificate chain. This parameter can be NULL if the client does
290  not have such a key/cert pair.
291  - verify_options is an optional verify_peer_options object which holds
292  additional options controlling how peer certificates are verified. For
293  example, you can supply a callback which receives the peer's certificate
294  with which you can do additional verification. Can be NULL, in which
295  case verification will retain default behavior. Any settings in
296  verify_options are copied during this call, so the verify_options
297  object can be released afterwards. */
299  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
300  const grpc_ssl_verify_peer_options* verify_options, void* reserved);
301 
305  grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
306  void* reserved);
307 
313  void* reserved);
314 
319  void* reserved);
320 
322 
330  gpr_timespec token_lifetime,
331  void* reserved);
332 
339  const char* json_string, const char* scopes_string);
340 
348  const char* json_refresh_token, void* reserved);
349 
353  const char* access_token, void* reserved);
354 
357  const char* authorization_token, const char* authority_selector,
358  void* reserved);
359 
366 typedef struct {
367  const char* token_exchange_service_uri; /* Required. */
368  const char* resource; /* Optional. */
369  const char* audience; /* Optional. */
370  const char* scope; /* Optional. */
371  const char* requested_token_type; /* Optional. */
372  const char* subject_token_path; /* Required. */
373  const char* subject_token_type; /* Required. */
374  const char* actor_token_path; /* Optional. */
375  const char* actor_token_type; /* Optional. */
377 
383  const grpc_sts_credentials_options* options, void* reserved);
384 
397  void* user_data, const grpc_metadata* creds_md, size_t num_creds_md,
398  grpc_status_code status, const char* error_details);
399 
402 typedef struct {
404  const char* service_url;
405 
409  const char* method_name;
410 
413 
415  void* reserved;
417 
421 
424  grpc_auth_metadata_context* context);
425 
428 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
429 
435 typedef struct {
454  int (*get_metadata)(
455  void* state, grpc_auth_metadata_context context,
456  grpc_credentials_plugin_metadata_cb cb, void* user_data,
458  size_t* num_creds_md, grpc_status_code* status,
459  const char** error_details);
460 
463  char* (*debug_string)(void* state);
464 
466  void (*destroy)(void* state);
467 
469  void* state;
470 
472  const char* type;
474 
479  grpc_security_level min_security_level, void* reserved);
480 
491  grpc_channel_credentials* creds, const char* target,
492  const grpc_channel_args* args, void* reserved);
493 
499 
504 
511 
524  const char* pem_root_certs,
525  const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
526  size_t num_key_cert_pairs);
527 
531 
540  void* user_data, grpc_ssl_server_certificate_config** config);
541 
555  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
556  size_t num_key_cert_pairs, int force_client_auth, void* reserved);
557 
563  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
564  size_t num_key_cert_pairs,
565  grpc_ssl_client_certificate_request_type client_certificate_request,
566  void* reserved);
567 
570 
577  grpc_ssl_client_certificate_request_type client_certificate_request,
578  grpc_ssl_server_certificate_config* certificate_config);
579 
589  grpc_ssl_client_certificate_request_type client_certificate_request,
590  grpc_ssl_server_certificate_config_callback cb, void* user_data);
591 
595 
601 
608  const char* addr,
609  grpc_server_credentials* creds);
610 
616  grpc_call_credentials* creds);
617 
630  void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
631  const grpc_metadata* response_md, size_t num_response_md,
632  grpc_status_code status, const char* error_details);
633 
635 typedef struct {
640  void (*process)(void* state, grpc_auth_context* context,
641  const grpc_metadata* md, size_t num_md,
642  grpc_process_auth_metadata_done_cb cb, void* user_data);
643  void (*destroy)(void* state);
644  void* state;
646 
649 
661 
668 
675 
685  grpc_alts_credentials_options* options, const char* service_account);
686 
697 
708  const grpc_alts_credentials_options* options);
709 
719  const grpc_alts_credentials_options* options);
720 
735 
746 
753 
758 
764 
770 
777 
784 
792  const char* private_key,
793  const char* cert_chain);
794 
803 
816  const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs);
817 
840  const char* private_key_path, const char* identity_certificate_path,
841  const char* root_cert_path, unsigned int refresh_interval_sec);
842 
850 
856 
865 
875  grpc_tls_server_verification_option server_verification_option);
876 
885 
899 
906  grpc_tls_credentials_options* options, const char* root_cert_name);
907 
916 
923  grpc_tls_credentials_options* options, const char* identity_cert_name);
924 
934 
940 
947 
975  int success;
976  const char* target_name;
977  const char* peer_cert;
978  const char* peer_cert_full_chain;
984  void* context;
985  void (*destroy_context)(void* ctx);
986 };
987 
1010  const void* config_user_data,
1011  int (*schedule)(void* config_user_data,
1013  void (*cancel)(void* config_user_data,
1015  void (*destruct)(void* config_user_data));
1016 
1024 
1033  grpc_tls_credentials_options* options);
1034 
1042  grpc_tls_credentials_options* options);
1043 
1050 
1057 
1072  grpc_channel_credentials* fallback_credentials);
1073 
1086  grpc_server_credentials* fallback_credentials);
1087 
1095 
1109  const char* authz_policy, grpc_status_code* code,
1110  const char** error_details);
1111 
1119 
1120 #ifdef __cplusplus
1121 }
1122 #endif
1123 
1124 #endif /* GRPC_GRPC_SECURITY_H */
grpc_status_code
Definition: status.h:26
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
GRPCAPI const grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Returns NULL when the iterator is at the end.
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: grpc_security.h:396
struct grpc_tls_server_authorization_check_config grpc_tls_server_authorization_check_config
Config for TLS server authorization check.
Definition: grpc_security.h:756
struct grpc_authorization_policy_provider grpc_authorization_policy_provider
EXPERIMENTAL - Subject to change.
Definition: grpc_security.h:1093
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
GRPCAPI void grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
Sets the options of whether to request and verify client certs.
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
struct grpc_alts_credentials_options grpc_alts_credentials_options
— ALTS channel/server credentials —
Definition: grpc_security.h:660
GRPCAPI void grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options *options, const char *root_cert_name)
Sets the name of the root certificates being watched.
grpc_server_credentials * grpc_tls_server_credentials_create(grpc_tls_credentials_options *options)
Creates a TLS server credential object based on the grpc_tls_credentials_options specified by callers...
struct grpc_call_credentials grpc_call_credentials
— grpc_call_credentials object.
Definition: grpc_security.h:128
GRPCAPI grpc_tls_identity_pairs * grpc_tls_identity_pairs_create()
Creates a grpc_tls_identity_pairs that stores a list of identity credential data, including identity ...
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return.
Definition: grpc_security.h:428
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: grpc_security.h:629
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
GRPCAPI grpc_auth_context * grpc_call_auth_context(grpc_call *call)
Gets the auth context from the call.
GRPCAPI void grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options *options)
If set, gRPC stack will keep watching the identity key-cert pairs with name |identity_cert_name|.
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(grpc_call_credentials *call_credentials)
Creates default credentials to connect to a google gRPC service.
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
GRPCAPI void grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options *options, grpc_tls_server_authorization_check_config *config)
Sets the configuration for a custom authorization check performed at the end of the handshake.
GRPCAPI grpc_auth_property_iterator grpc_auth_context_peer_identity(const grpc_auth_context *ctx)
Gets the peer identity.
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, grpc_security_level min_security_level, void *reserved)
Creates a credentials object from a plugin with a specified minimum security level.
struct grpc_tls_identity_pairs grpc_tls_identity_pairs
A struct that stores the credential data presented to the peer in handshake to show local identity.
Definition: grpc_security.h:776
GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds)
— Server-side secure ports.
GRPCAPI void grpc_authorization_policy_provider_release(grpc_authorization_policy_provider *provider)
EXPERIMENTAL - Subject to change.
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options, void *reserved)
GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds)
Releases a channel credentials object.
GRPCAPI const char * grpc_auth_context_peer_identity_property_name(const grpc_auth_context *ctx)
Gets the name of the property that indicates the peer identity.
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Returns 1 if the peer is authenticated, 0 otherwise.
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
— composite credentials.
GRPCAPI void grpc_tls_credentials_options_set_server_verification_option(grpc_tls_credentials_options *options, grpc_tls_server_verification_option server_verification_option)
Sets the options of whether to choose certain checks, e.g.
GRPCAPI void grpc_tls_identity_pairs_add_pair(grpc_tls_identity_pairs *pairs, const char *private_key, const char *cert_chain)
Adds a identity private key and a identity certificate chain to grpc_tls_identity_pairs.
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: grpc_security.h:108
GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, const char *name, const char *value)
Add a C string property.
GRPCAPI void grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options *options, const char *identity_cert_name)
Sets the name of the identity certificates being watched.
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
GRPCAPI grpc_authorization_policy_provider * grpc_authorization_policy_provider_static_data_create(const char *authz_policy, grpc_status_code *code, const char **error_details)
EXPERIMENTAL - Subject to change.
GRPCAPI void grpc_auth_metadata_context_copy(grpc_auth_metadata_context *from, grpc_auth_metadata_context *to)
Performs a deep copy from from to to.
struct grpc_auth_property grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: grpc_security.h:172
grpc_channel_credentials * grpc_tls_credentials_create(grpc_tls_credentials_options *options)
Creates a TLS channel credential object based on the grpc_tls_credentials_options specified by caller...
GRPCAPI grpc_server_credentials * grpc_xds_server_credentials_create(grpc_server_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: grpc_security.h:539
GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds)
Releases a server_credentials object.
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
struct grpc_tls_credentials_options grpc_tls_credentials_options
A struct that can be specified by callers to configure underlying TLS behaviors.
Definition: grpc_security.h:763
GRPCAPI grpc_tls_server_authorization_check_config * grpc_tls_server_authorization_check_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_server_authorization_check_config instance.
GRPCAPI void grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options *options)
If set, gRPC stack will keep watching the root certificates with name |root_cert_name|.
GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, const char *value, size_t value_length)
– The following auth context methods should only be called by a server metadata
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client's ALTS credentials options instance.
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name)
Sets the property name.
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Finds a property in the context.
GRPCAPI void grpc_tls_server_authorization_check_config_release(grpc_tls_server_authorization_check_config *config)
Releases a grpc_tls_server_authorization_check_config object.
struct grpc_auth_context grpc_auth_context
— Authentication Context.
Definition: grpc_security.h:34
GRPCAPI grpc_call_credentials * grpc_sts_credentials_create(const grpc_sts_credentials_options *options, void *reserved)
Creates an STS credentials following the STS Token Exchanged specifed in the IETF draft https://tools...
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
GRPCAPI void grpc_tls_certificate_provider_release(grpc_tls_certificate_provider *provider)
Releases a grpc_tls_certificate_provider object.
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was acquired by an out of band m...
struct grpc_server_credentials grpc_server_credentials
— grpc_server_credentials object.
Definition: grpc_security.h:498
GRPCAPI void grpc_auth_context_release(grpc_auth_context *context)
Releases the auth context returned from grpc_call_auth_context.
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds)
— Call specific credentials.
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_file_watcher_create(const char *private_key_path, const char *identity_certificate_path, const char *root_cert_path, unsigned int refresh_interval_sec)
Creates a grpc_tls_certificate_provider that will watch the credential changes on the file system.
struct grpc_channel_credentials grpc_channel_credentials
— grpc_channel_credentials object.
Definition: grpc_security.h:139
void(* grpc_tls_on_server_authorization_check_done_cb)(grpc_tls_server_authorization_check_arg *arg)
callback function provided by gRPC used to handle the result of server authorization check.
Definition: grpc_security.h:945
struct grpc_tls_certificate_provider grpc_tls_certificate_provider
A struct provides ways to gain credential data that will be used in the TLS handshake.
Definition: grpc_security.h:769
GRPCAPI grpc_channel_credentials * grpc_xds_credentials_create(grpc_channel_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
GRPCAPI void grpc_tls_identity_pairs_destroy(grpc_tls_identity_pairs *pairs)
Destroys a grpc_tls_identity_pairs object.
grpc_channel_credentials * grpc_insecure_credentials_create()
EXPERIMENTAL API - Subject to change.
GRPCAPI grpc_channel * grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved)
— Secure channel creation.
struct grpc_ssl_server_certificate_config grpc_ssl_server_certificate_config
Server certificate config object holds the server's public certificates and associated private keys,...
Definition: grpc_security.h:509
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create(void)
Creates an grpc_tls_credentials_options.
GRPCAPI void grpc_auth_metadata_context_reset(grpc_auth_metadata_context *context)
Releases internal resources held by context.
grpc_server_credentials * grpc_insecure_server_credentials_create()
EXPERIMENTAL API - Subject to change.
GRPCAPI void grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options *options, grpc_tls_certificate_provider *provider)
Sets the credential provider in the options.
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
struct grpc_ssl_server_credentials_options grpc_ssl_server_credentials_options
Definition: grpc_security.h:568
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
Releases a call credentials object.
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
struct grpc_auth_property_iterator grpc_auth_property_iterator
struct grpc_tls_error_details grpc_tls_error_details
— TLS channel/server credentials — It is used for experimental purpose for now and subject to change.
Definition: grpc_security.h:752
GRPCAPI grpc_auth_property_iterator grpc_auth_context_property_iterator(const grpc_auth_context *ctx)
Iterates over the auth context.
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_static_data_create(const char *root_certificate, grpc_tls_identity_pairs *pem_key_cert_pairs)
Creates a grpc_tls_certificate_provider that will load credential data from static string during init...
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
GRPCAPI grpc_call_credentials * grpc_external_account_credentials_create(const char *json_string, const char *scopes_string)
Builds External Account credentials.
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:77
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:155
grpc_security_level
Definition: grpc_security_constants.h:129
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:71
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:64
grpc_tls_server_verification_option
Definition: grpc_security_constants.h:137
grpc_call_error
Result of a grpc call.
Definition: grpc_types.h:441
struct grpc_call grpc_call
A Call represents an RPC.
Definition: grpc_types.h:70
struct grpc_server grpc_server
A server listens to some port and responds to request calls.
Definition: grpc_types.h:65
struct grpc_channel grpc_channel
The Channel interface allows creation of Call objects.
Definition: grpc_types.h:62
#define GRPCAPI
Definition: port_platform.h:562
Analogous to struct timespec.
Definition: gpr_types.h:47
A single argument...
Definition: grpc_types.h:103
Context that can be used by metadata credentials plugin in order to create auth related metadata.
Definition: grpc_security.h:402
void * reserved
Reserved for future use.
Definition: grpc_security.h:415
const char * service_url
The fully qualifed service url.
Definition: grpc_security.h:404
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server's identity.
Definition: grpc_security.h:412
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: grpc_security.h:409
Pluggable server-side metadata processor object.
Definition: grpc_security.h:635
void * state
Definition: grpc_security.h:644
Definition: grpc_security.h:36
const char * name
Definition: grpc_security.h:39
const grpc_auth_context * ctx
Definition: grpc_security.h:37
size_t index
Definition: grpc_security.h:38
value, if not NULL, is guaranteed to be NULL terminated.
Definition: grpc_security.h:43
size_t value_length
Definition: grpc_security.h:46
char * name
Definition: grpc_security.h:44
char * value
Definition: grpc_security.h:45
An array of arguments that can be passed around.
Definition: grpc_types.h:132
grpc_metadata_credentials plugin is an API user provided structure used to create grpc_credentials ob...
Definition: grpc_security.h:435
void * state
State that will be set as the first parameter of the methods above.
Definition: grpc_security.h:469
const char * type
Type of credentials that this plugin is implementing.
Definition: grpc_security.h:472
A single metadata element.
Definition: grpc_types.h:519
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:184
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client's private key.
Definition: grpc_security.h:187
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chai...
Definition: grpc_security.h:191
Object that holds additional peer-verification options on a secure channel.
Definition: grpc_security.h:218
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:229
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools....
Definition: grpc_security.h:366
const char * requested_token_type
Definition: grpc_security.h:371
const char * scope
Definition: grpc_security.h:370
const char * actor_token_type
Definition: grpc_security.h:375
const char * subject_token_path
Definition: grpc_security.h:372
const char * subject_token_type
Definition: grpc_security.h:373
const char * actor_token_path
Definition: grpc_security.h:374
const char * audience
Definition: grpc_security.h:369
const char * token_exchange_service_uri
Definition: grpc_security.h:367
const char * resource
Definition: grpc_security.h:368
A struct containing all information necessary to schedule/cancel a server authorization check request...
Definition: grpc_security.h:972
grpc_tls_error_details * error_details
Definition: grpc_security.h:982
void * cb_user_data
Definition: grpc_security.h:974
int success
Definition: grpc_security.h:975
const char * target_name
Definition: grpc_security.h:976
grpc_tls_server_authorization_check_config * config
Definition: grpc_security.h:983
grpc_tls_on_server_authorization_check_done_cb cb
Definition: grpc_security.h:973
void * context
Definition: grpc_security.h:984
size_t subject_alternative_names_size
Definition: grpc_security.h:980
const char * peer_cert_full_chain
Definition: grpc_security.h:978
const char * peer_cert
Definition: grpc_security.h:977
char ** subject_alternative_names
Definition: grpc_security.h:979
grpc_status_code status
Definition: grpc_security.h:981
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:985
Deprecated in favor of grpc_ssl_verify_peer_options.
Definition: grpc_security.h:198
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:209