GRPC Core  43.0.0
credentials.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2024 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_CREDENTIALS_H
20 #define GRPC_CREDENTIALS_H
21 
22 #include <stdbool.h>
23 
24 #include <grpc/grpc.h>
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31 
40 
48  gpr_timespec token_lifetime,
49  void* reserved);
50 
57  const char* json_string, const char* scopes_string);
58 
66  const char* json_refresh_token, void* reserved);
67 
71  const char* access_token, void* reserved);
72 
75  const char* authorization_token, const char* authority_selector,
76  void* reserved);
77 
84 typedef struct {
85  const char* token_exchange_service_uri; /* Required. */
86  const char* resource; /* Optional. */
87  const char* audience; /* Optional. */
88  const char* scope; /* Optional. */
89  const char* requested_token_type; /* Optional. */
90  const char* subject_token_path; /* Required. */
91  const char* subject_token_type; /* Required. */
92  const char* actor_token_path; /* Optional. */
93  const char* actor_token_type; /* Optional. */
95 
101  const grpc_sts_credentials_options* options, void* reserved);
102 
105 typedef struct {
107  const char* service_url;
108 
112  const char* method_name;
113 
116 
118  void* reserved;
120 
124 
127  grpc_auth_metadata_context* context);
128 
141  void* user_data, const grpc_metadata* creds_md, size_t num_creds_md,
142  grpc_status_code status, const char* error_details);
143 
146 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
147 
153 typedef struct {
172  int (*get_metadata)(
173  void* state, grpc_auth_metadata_context context,
174  grpc_credentials_plugin_metadata_cb cb, void* user_data,
176  size_t* num_creds_md, grpc_status_code* status,
177  const char** error_details);
178 
181  char* (*debug_string)(void* state);
182 
184  void (*destroy)(void* state);
185 
187  void* state;
188 
190  const char* type;
192 
197  grpc_security_level min_security_level, void* reserved);
198 
204 
224  grpc_call_credentials* call_credentials);
225 
232 
234 typedef struct {
237  const char* private_key;
238 
241  const char* cert_chain;
243 
256  const char* pem_root_certs,
257  const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
258  size_t num_key_cert_pairs);
259 
263 
272  void* user_data, grpc_ssl_server_certificate_config** config);
273 
278 typedef struct {
285  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
286  void* userdata);
293  void (*verify_peer_destruct)(void* userdata);
295 
298 typedef struct {
305  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
306  void* userdata);
313  void (*verify_peer_destruct)(void* userdata);
315 
347  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
348  const verify_peer_options* verify_options, void* reserved);
349 
350 /* Creates an SSL credentials object.
351  The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
352  - pem_root_certs is the NULL-terminated string containing the PEM encoding
353  of the server root certificates. If this parameter is NULL, the
354  implementation will first try to dereference the file pointed by the
355  GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
356  try to get the roots set by grpc_override_ssl_default_roots. Eventually,
357  if all these fail, it will try to get the roots from a well-known place on
358  disk (in the grpc install directory).
359 
360  gRPC has implemented root cache if the underlying OpenSSL library supports
361  it. The gRPC root certificates cache is only applicable on the default
362  root certificates, which is used when this parameter is nullptr. If user
363  provides their own pem_root_certs, when creating an SSL credential object,
364  gRPC would not be able to cache it, and each subchannel will generate a
365  copy of the root store. So it is recommended to avoid providing large room
366  pem with pem_root_certs parameter to avoid excessive memory consumption,
367  particularly on mobile platforms such as iOS.
368  - pem_key_cert_pair is a pointer on the object containing client's private
369  key and certificate chain. This parameter can be NULL if the client does
370  not have such a key/cert pair.
371  - verify_options is an optional verify_peer_options object which holds
372  additional options controlling how peer certificates are verified. For
373  example, you can supply a callback which receives the peer's certificate
374  with which you can do additional verification. Can be NULL, in which
375  case verification will retain default behavior. Any settings in
376  verify_options are copied during this call, so the verify_options
377  object can be released afterwards. */
379  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
380  const grpc_ssl_verify_peer_options* verify_options, void* reserved);
381 
397  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
398  size_t num_key_cert_pairs, int force_client_auth, void* reserved);
399 
405  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
406  size_t num_key_cert_pairs,
407  grpc_ssl_client_certificate_request_type client_certificate_request,
408  void* reserved);
409 
412 
419  grpc_ssl_client_certificate_request_type client_certificate_request,
420  grpc_ssl_server_certificate_config* certificate_config);
421 
431  grpc_ssl_client_certificate_request_type client_certificate_request,
432  grpc_ssl_server_certificate_config_callback cb, void* user_data);
433 
437 
443 
456  void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
457  const grpc_metadata* response_md, size_t num_response_md,
458  grpc_status_code status, const char* error_details);
459 
461 typedef struct {
466  void (*process)(void* state, grpc_auth_context* context,
467  const grpc_metadata* md, size_t num_md,
468  grpc_process_auth_metadata_done_cb cb, void* user_data);
469  void (*destroy)(void* state);
470  void* state;
472 
475 
481  void* reserved);
482 
487  void* reserved);
488 
492  grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
493  void* reserved);
494 
506 
513 
520 
530  grpc_alts_credentials_options* options, const char* service_account);
531 
542 
553  const grpc_alts_credentials_options* options);
554 
564  const grpc_alts_credentials_options* options);
565 
573 
584 
592 
600 
609  const char* private_key,
610  const char* cert_chain);
611 
621 
635  const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs);
636 
660  const char* private_key_path, const char* identity_certificate_path,
661  const char* root_cert_path, unsigned int refresh_interval_sec);
662 
671 
681  /* The target name of the server when the client initiates the connection. */
682  /* This field will be nullptr if on the server side. */
683  const char* target_name;
684  /* The information contained in the certificate chain sent from the peer. */
685  struct peer_info {
686  /* The Common Name field on the peer leaf certificate. */
687  const char* common_name;
688  /* The list of Subject Alternative Names on the peer leaf certificate. */
689  struct san_names {
690  char** uri_names;
692  char** dns_names;
694  char** email_names;
696  char** ip_names;
698  } san_names;
699  /* The raw peer leaf certificate. */
700  const char* peer_cert;
701  /* The raw peer certificate chain. Note that it is not always guaranteed to
702  * get the peer full chain. For more, please refer to
703  * GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME defined in file
704  * grpc_security_constants.h.
705  * TODO(ZhenLian): Consider fixing this in the future. */
706  const char* peer_cert_full_chain;
707  /* The verified root cert subject.
708  * This value will only be filled if the cryptographic peer certificate
709  * verification was successful */
711  } peer_info;
713 
724  grpc_tls_custom_verification_check_request* request, void* callback_arg,
725  grpc_status_code status, const char* error_details);
726 
733 
741  void* user_data;
775  int (*verify)(void* user_data,
778  void* callback_arg, grpc_status_code* sync_status,
779  char** sync_error_details);
795  void (*cancel)(void* user_data,
814  void (*destruct)(void* user_data);
816 
825  grpc_tls_certificate_verifier_external* external_verifier);
826 
837 
845 
854 
868  grpc_tls_on_custom_verification_check_done_cb callback, void* callback_arg,
869  grpc_status_code* sync_status, char** sync_error_details);
870 
881 
888 
899 
909 
917  grpc_tls_credentials_options* options, grpc_tls_version min_tls_version);
918 
926  grpc_tls_credentials_options* options, grpc_tls_version max_tls_version);
927 
935 
943 
951 
961 
976 
984  grpc_tls_credentials_options* options, const char* root_cert_name);
985 
995 
1004  grpc_tls_credentials_options* options, const char* identity_cert_name);
1005 
1015 
1027  grpc_tls_credentials_options* options, const char* crl_directory);
1028 
1036  grpc_tls_credentials_options* options, int verify_server_cert);
1037 
1053  grpc_tls_credentials_options* options, bool send_client_ca_list);
1054 
1061 
1065  size_t capacity);
1066 
1069 
1073 
1081  char** pem_root_certs);
1082 
1090 
1092 
1101 
1108 
1123  grpc_channel_credentials* fallback_credentials);
1124 
1137  grpc_server_credentials* fallback_credentials);
1138 
1153 
1164 
1171 
1182  grpc_tls_certificate_verifier* verifier);
1183 
1196  grpc_tls_credentials_options* options, int check_call_host);
1197 
1216  grpc_tls_credentials_options* options, const char* path);
1217 
1218 #ifdef __cplusplus
1219 }
1220 #endif
1221 
1222 #endif /* GRPC_CREDENTIALS_H */
grpc_arg
A single argument...
Definition: grpc_types.h:102
grpc_tls_custom_verification_check_request::peer_info::peer_cert
const char * peer_cert
Definition: credentials.h:700
grpc_ssl_server_credentials_create_ex
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
grpc_ssl_credentials_create_ex
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options, void *reserved)
grpc_ssl_server_credentials_create_options_using_config_fetcher
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
grpc_tls_credentials_options_set_tls_session_key_log_file_path
GRPCAPI void grpc_tls_credentials_options_set_tls_session_key_log_file_path(grpc_tls_credentials_options *options, const char *path)
— TLS session key logging.
grpc_ssl_session_cache_destroy
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
grpc_tls_custom_verification_check_request::peer_info::peer_cert_full_chain
const char * peer_cert_full_chain
Definition: credentials.h:706
verify_peer_options::verify_peer_callback_userdata
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: credentials.h:289
grpc_sts_credentials_create
GRPCAPI grpc_call_credentials * grpc_sts_credentials_create(const grpc_sts_credentials_options *options, void *reserved)
Creates an STS credentials following the STS Token Exchanged specified in the IETF draft https://tool...
grpc_tls_on_custom_verification_check_done_cb
void(* grpc_tls_on_custom_verification_check_done_cb)(grpc_tls_custom_verification_check_request *request, void *callback_arg, grpc_status_code status, const char *error_details)
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:723
grpc_tls_certificate_verifier_external_create
grpc_tls_certificate_verifier * grpc_tls_certificate_verifier_external_create(grpc_tls_certificate_verifier_external *external_verifier)
EXPERIMENTAL API - Subject to change.
grpc_ssl_verify_peer_options
Object that holds additional peer-verification options on a secure channel.
Definition: credentials.h:298
grpc_sts_credentials_options::subject_token_path
const char * subject_token_path
Definition: credentials.h:90
grpc_ssl_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
— server credentials —
grpc_tls_certificate_verifier_external::cancel
void(* cancel)(void *user_data, grpc_tls_custom_verification_check_request *request)
A function pointer that cleans up the caller-specified resources when the verifier is still running b...
Definition: credentials.h:795
grpc_ssl_pem_key_cert_pair::private_key
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client's private key.
Definition: credentials.h:237
grpc_tls_credentials_options
struct grpc_tls_credentials_options grpc_tls_credentials_options
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:572
grpc_alts_credentials_client_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
grpc_ssl_verify_peer_options::verify_peer_callback_userdata
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: credentials.h:309
GRPCAPI
#define GRPCAPI
Definition: port_platform.h:725
grpc_sts_credentials_options::resource
const char * resource
Definition: credentials.h:86
grpc_ssl_server_credentials_create_with_options
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
grpc_tls_custom_verification_check_request::peer_info::san_names::email_names
char ** email_names
Definition: credentials.h:694
grpc_ssl_server_certificate_config
struct grpc_ssl_server_certificate_config grpc_ssl_server_certificate_config
Server certificate config object holds the server's public certificates and associated private keys,...
Definition: credentials.h:230
grpc_sts_credentials_options
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools....
Definition: credentials.h:84
grpc_metadata_credentials_plugin::state
void * state
State that will be set as the first parameter of the methods above.
Definition: credentials.h:187
grpc_tls_credentials_options_set_min_tls_version
GRPCAPI void grpc_tls_credentials_options_set_min_tls_version(grpc_tls_credentials_options *options, grpc_tls_version min_tls_version)
EXPERIMENTAL API - Subject to change.
grpc_ssl_certificate_config_reload_status
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:73
grpc_sts_credentials_options::audience
const char * audience
Definition: credentials.h:87
grpc_tls_certificate_provider_release
GRPCAPI void grpc_tls_certificate_provider_release(grpc_tls_certificate_provider *provider)
EXPERIMENTAL API - Subject to change.
grpc_tls_credentials_options_copy
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_copy(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_auth_metadata_context::service_url
const char * service_url
The fully qualifed service url.
Definition: credentials.h:107
grpc_alts_credentials_server_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
grpc_ssl_server_certificate_config_create
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
grpc_tls_custom_verification_check_request::peer_info::common_name
const char * common_name
Definition: credentials.h:687
grpc_tls_credentials_options_set_check_call_host
GRPCAPI void grpc_tls_credentials_options_set_check_call_host(grpc_tls_credentials_options *options, int check_call_host)
EXPERIMENTAL API - Subject to change.
grpc_alts_credentials_client_options_add_target_service_account
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client's ALTS credentials options instance.
grpc_alts_credentials_options_destroy
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
grpc_tls_identity_pairs_create
GRPCAPI grpc_tls_identity_pairs * grpc_tls_identity_pairs_create()
EXPERIMENTAL API - Subject to change.
grpc_ssl_server_credentials_create_options_using_config
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
grpc_auth_metadata_context_reset
GRPCAPI void grpc_auth_metadata_context_reset(grpc_auth_metadata_context *context)
Releases internal resources held by context.
grpc_google_default_credentials_create
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(grpc_call_credentials *call_credentials)
Creates default credentials to connect to a google gRPC service.
grpc_tls_credentials_create
grpc_channel_credentials * grpc_tls_credentials_create(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_tls_identity_pairs
struct grpc_tls_identity_pairs grpc_tls_identity_pairs
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:591
grpc_tls_custom_verification_check_request::peer_info::san_names::dns_names
char ** dns_names
Definition: credentials.h:692
grpc_metadata_credentials_create_from_plugin
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, grpc_security_level min_security_level, void *reserved)
Creates a credentials object from a plugin with a specified minimum security level.
grpc_ssl_pem_key_cert_pair::cert_chain
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chai...
Definition: credentials.h:241
grpc_tls_custom_verification_check_request::peer_info::san_names
struct grpc_tls_custom_verification_check_request::peer_info::san_names san_names
grpc_auth_metadata_context::reserved
void * reserved
Reserved for future use.
Definition: credentials.h:118
grpc_tls_credentials_options_set_cert_request_type
GRPCAPI void grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
EXPERIMENTAL API - Subject to change.
grpc_tls_custom_verification_check_request::peer_info
Definition: credentials.h:685
grpc_ssl_server_certificate_config_destroy
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
grpc_xds_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_xds_server_credentials_create(grpc_server_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
grpc_google_refresh_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
grpc_tls_certificate_verifier_verify
int grpc_tls_certificate_verifier_verify(grpc_tls_certificate_verifier *verifier, grpc_tls_custom_verification_check_request *request, grpc_tls_on_custom_verification_check_done_cb callback, void *callback_arg, grpc_status_code *sync_status, char **sync_error_details)
EXPERIMENTAL API - Subject to change.
grpc_ssl_server_credentials_options_destroy
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
grpc_xds_credentials_create
GRPCAPI grpc_channel_credentials * grpc_xds_credentials_create(grpc_channel_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
grpc_metadata
A single metadata element.
Definition: grpc_types.h:210
grpc_tls_custom_verification_check_request::peer_info::san_names::uri_names
char ** uri_names
Definition: credentials.h:690
grpc_auth_metadata_context::method_name
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: credentials.h:112
grpc_tls_certificate_verifier_external
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:740
GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return.
Definition: credentials.h:146
grpc_tls_custom_verification_check_request::peer_info::san_names::ip_names_size
size_t ip_names_size
Definition: credentials.h:697
grpc_insecure_credentials_create
GRPCAPI grpc_channel_credentials * grpc_insecure_credentials_create()
— insecure credentials —
grpc_tls_custom_verification_check_request::target_name
const char * target_name
Definition: credentials.h:683
grpc_composite_call_credentials_create
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
— composite credentials —
grpc_channel_credentials
struct grpc_channel_credentials grpc_channel_credentials
— grpc_channel_credentials object.
Definition: grpc.h:287
grpc_sts_credentials_options::actor_token_path
const char * actor_token_path
Definition: credentials.h:92
grpc_tls_certificate_provider_file_watcher_create
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_file_watcher_create(const char *private_key_path, const char *identity_certificate_path, const char *root_cert_path, unsigned int refresh_interval_sec)
EXPERIMENTAL API - Subject to change.
grpc_auth_context
struct grpc_auth_context grpc_auth_context
Definition: credentials.h:39
grpc_sts_credentials_options::scope
const char * scope
Definition: credentials.h:88
grpc_tls_credentials_options_set_root_cert_name
GRPCAPI void grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options *options, const char *root_cert_name)
EXPERIMENTAL API - Subject to change.
grpc_tls_certificate_verifier_external
struct grpc_tls_certificate_verifier_external grpc_tls_certificate_verifier_external
EXPERIMENTAL API - Subject to change.
grpc_status_code
grpc_status_code
Definition: status.h:28
grpc_tls_certificate_verifier_external::destruct
void(* destruct)(void *user_data)
A function pointer that does some additional destruction work when the verifier is destroyed.
Definition: credentials.h:814
grpc.h
grpc_ssl_roots_override_result
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:66
grpc_tls_certificate_verifier_external::user_data
void * user_data
Definition: credentials.h:741
grpc_tls_credentials_options_create
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create(void)
EXPERIMENTAL API - Subject to change.
grpc_tls_certificate_verifier_external::verify
int(* verify)(void *user_data, grpc_tls_custom_verification_check_request *request, grpc_tls_on_custom_verification_check_done_cb callback, void *callback_arg, grpc_status_code *sync_status, char **sync_error_details)
A function pointer containing the verification logic that will be performed after the TLS handshake i...
Definition: credentials.h:775
grpc_tls_custom_verification_check_request::peer_info::san_names::uri_names_size
size_t uri_names_size
Definition: credentials.h:691
grpc_ssl_client_certificate_request_type
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:79
grpc_set_ssl_roots_override_callback
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
grpc_tls_version
grpc_tls_version
The TLS versions that are supported by the SSL stack.
Definition: grpc_security_constants.h:146
grpc_metadata_credentials_plugin
grpc_metadata_credentials plugin is an API user provided structure used to create grpc_credentials ob...
Definition: credentials.h:153
grpc_ssl_session_cache_create_channel_arg
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
grpc_tls_credentials_options_set_max_tls_version
GRPCAPI void grpc_tls_credentials_options_set_max_tls_version(grpc_tls_credentials_options *options, grpc_tls_version max_tls_version)
EXPERIMENTAL API - Subject to change.
grpc_alts_credentials_create
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
grpc_tls_credentials_options_set_certificate_verifier
void grpc_tls_credentials_options_set_certificate_verifier(grpc_tls_credentials_options *options, grpc_tls_certificate_verifier *verifier)
EXPERIMENTAL API - Subject to change.
grpc_sts_credentials_options::token_exchange_service_uri
const char * token_exchange_service_uri
Definition: credentials.h:85
grpc_composite_channel_credentials_create
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
grpc_alts_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
grpc_ssl_session_cache
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: credentials.h:1060
verify_peer_options
Deprecated in favor of grpc_ssl_verify_peer_options.
Definition: credentials.h:278
grpc_credentials_plugin_metadata_cb
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: credentials.h:140
grpc_tls_certificate_provider_static_data_create
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_static_data_create(const char *root_certificate, grpc_tls_identity_pairs *pem_key_cert_pairs)
EXPERIMENTAL API - Subject to change.
grpc_tls_custom_verification_check_request::peer_info::san_names::ip_names
char ** ip_names
Definition: credentials.h:696
grpc_tls_custom_verification_check_request::peer_info::san_names
Definition: credentials.h:689
grpc_insecure_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_insecure_server_credentials_create()
EXPERIMENTAL API - Subject to change.
grpc_tls_credentials_options_set_identity_cert_name
GRPCAPI void grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options *options, const char *identity_cert_name)
EXPERIMENTAL API - Subject to change.
grpc_tls_certificate_verifier_release
void grpc_tls_certificate_verifier_release(grpc_tls_certificate_verifier *verifier)
EXPERIMENTAL API - Subject to change.
grpc_access_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was acquired by an out of band m...
grpc_auth_metadata_context_copy
GRPCAPI void grpc_auth_metadata_context_copy(grpc_auth_metadata_context *from, grpc_auth_metadata_context *to)
Performs a deep copy from from to to.
grpc_security_level
grpc_security_level
Definition: grpc_security_constants.h:131
grpc_ssl_server_certificate_config_callback
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: credentials.h:271
grpc_service_account_jwt_access_credentials_create
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
grpc_tls_credentials_options_set_crl_directory
GRPCAPI void grpc_tls_credentials_options_set_crl_directory(grpc_tls_credentials_options *options, const char *crl_directory)
Deprecated in favor of grpc_tls_credentials_options_set_crl_provider.
grpc_metadata_credentials_plugin::type
const char * type
Type of credentials that this plugin is implementing.
Definition: credentials.h:190
grpc_ssl_credentials_create
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
grpc_local_credentials_create
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
grpc_auth_metadata_context::channel_auth_context
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server's identity.
Definition: credentials.h:115
grpc_tls_credentials_options_set_certificate_provider
GRPCAPI void grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options *options, grpc_tls_certificate_provider *provider)
EXPERIMENTAL API - Subject to change.
grpc_sts_credentials_options::requested_token_type
const char * requested_token_type
Definition: credentials.h:89
grpc_ssl_session_cache_create_lru
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
grpc_process_auth_metadata_done_cb
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: credentials.h:455
grpc_tls_custom_verification_check_request::peer_info::san_names::dns_names_size
size_t dns_names_size
Definition: credentials.h:693
grpc_ssl_roots_override_callback
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: credentials.h:1080
grpc_auth_metadata_processor
Pluggable server-side metadata processor object.
Definition: credentials.h:461
grpc_security_constants.h
grpc_tls_certificate_verifier_host_name_create
grpc_tls_certificate_verifier * grpc_tls_certificate_verifier_host_name_create()
EXPERIMENTAL API - Subject to change.
grpc_tls_server_credentials_create
grpc_server_credentials * grpc_tls_server_credentials_create(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_tls_credentials_options_watch_identity_key_cert_pairs
GRPCAPI void grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_tls_credentials_options_set_verify_server_cert
GRPCAPI void grpc_tls_credentials_options_set_verify_server_cert(grpc_tls_credentials_options *options, int verify_server_cert)
EXPERIMENTAL API - Subject to change.
grpc_max_auth_token_lifetime
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
grpc_tls_custom_verification_check_request
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:680
grpc_call_credentials
struct grpc_call_credentials grpc_call_credentials
— grpc_call_credentials object —
Definition: credentials.h:38
grpc_external_account_credentials_create
GRPCAPI grpc_call_credentials * grpc_external_account_credentials_create(const char *json_string, const char *scopes_string)
Builds External Account credentials.
grpc_alts_credentials_options
struct grpc_alts_credentials_options grpc_alts_credentials_options
— ALTS channel/server credentials —
Definition: credentials.h:505
grpc_tls_identity_pairs_destroy
GRPCAPI void grpc_tls_identity_pairs_destroy(grpc_tls_identity_pairs *pairs)
EXPERIMENTAL API - Subject to change.
grpc_sts_credentials_options::actor_token_type
const char * actor_token_type
Definition: credentials.h:93
grpc_tls_credentials_options_set_send_client_ca_list
GRPCAPI void grpc_tls_credentials_options_set_send_client_ca_list(grpc_tls_credentials_options *options, bool send_client_ca_list)
EXPERIMENTAL API - Subject to change.
grpc_server_credentials_set_auth_metadata_processor
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
gpr_timespec
Analogous to struct timespec.
Definition: time.h:48
grpc_server_credentials
struct grpc_server_credentials grpc_server_credentials
— grpc_server_credentials object.
Definition: grpc.h:299
grpc_tls_certificate_verifier
struct grpc_tls_certificate_verifier grpc_tls_certificate_verifier
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:732
grpc_call_credentials_release
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
— channel credentials —
grpc_auth_metadata_context
Context that can be used by metadata credentials plugin in order to create auth related metadata.
Definition: credentials.h:105
grpc_tls_custom_verification_check_request
struct grpc_tls_custom_verification_check_request grpc_tls_custom_verification_check_request
EXPERIMENTAL API - Subject to change.
grpc_sts_credentials_options::subject_token_type
const char * subject_token_type
Definition: credentials.h:91
grpc_tls_credentials_options_watch_root_certs
GRPCAPI void grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_tls_custom_verification_check_request::peer_info
struct grpc_tls_custom_verification_check_request::peer_info peer_info
grpc_tls_custom_verification_check_request::peer_info::verified_root_cert_subject
const char * verified_root_cert_subject
Definition: credentials.h:710
grpc_tls_credentials_options_destroy
GRPCAPI void grpc_tls_credentials_options_destroy(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_tls_certificate_provider
struct grpc_tls_certificate_provider grpc_tls_certificate_provider
— TLS channel/server credentials — It is used for experimental purpose for now and subject to change.
Definition: credentials.h:583
grpc_local_connect_type
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:143
grpc_google_iam_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
grpc_ssl_pem_key_cert_pair
Object that holds a private key / certificate chain pair in PEM format.
Definition: credentials.h:234
grpc_tls_custom_verification_check_request::peer_info::san_names::email_names_size
size_t email_names_size
Definition: credentials.h:695
grpc_tls_certificate_verifier_cancel
void grpc_tls_certificate_verifier_cancel(grpc_tls_certificate_verifier *verifier, grpc_tls_custom_verification_check_request *request)
EXPERIMENTAL API - Subject to change.
grpc_ssl_server_credentials_options
struct grpc_ssl_server_credentials_options grpc_ssl_server_credentials_options
Definition: credentials.h:410
grpc_auth_metadata_processor::state
void * state
Definition: credentials.h:470
grpc_google_compute_engine_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
grpc_tls_certificate_verifier_no_op_create
grpc_tls_certificate_verifier * grpc_tls_certificate_verifier_no_op_create()
EXPERIMENTAL API - Subject to change.
grpc_tls_identity_pairs_add_pair
GRPCAPI void grpc_tls_identity_pairs_add_pair(grpc_tls_identity_pairs *pairs, const char *private_key, const char *cert_chain)
EXPERIMENTAL API - Subject to change.
port_platform.h
grpc_local_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.