Go to the documentation of this file.
19 #ifndef GRPC_CREDENTIALS_H
20 #define GRPC_CREDENTIALS_H
56 const char* json_string,
const char* scopes_string);
65 const char* json_refresh_token,
void* reserved);
70 const char* access_token,
void* reserved);
74 const char* authorization_token,
const char* authority_selector,
140 void* user_data,
const grpc_metadata* creds_md,
size_t num_creds_md,
145 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
176 const char** error_details);
180 char* (*debug_string)(
void* state);
183 void (*destroy)(
void* state);
261 const char* pem_root_certs,
263 size_t num_key_cert_pairs);
290 int (*verify_peer_callback)(
const char* target_name,
const char* peer_pem,
298 void (*verify_peer_destruct)(
void* userdata);
310 int (*verify_peer_callback)(
const char* target_name,
const char* peer_pem,
318 void (*verify_peer_destruct)(
void* userdata);
403 size_t num_key_cert_pairs,
int force_client_auth,
void* reserved);
411 size_t num_key_cert_pairs,
461 void* user_data,
const grpc_metadata* consumed_md,
size_t num_consumed_md,
474 void (*destroy)(
void* state);
614 const char* private_key,
615 const char* cert_chain);
665 const char* private_key_path,
const char* identity_certificate_path,
666 const char* root_cert_path,
unsigned int refresh_interval_sec);
784 char** sync_error_details);
1086 char** pem_root_certs);
A single argument...
Definition: grpc_types.h:101
const char * peer_cert
Definition: credentials.h:705
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options, void *reserved)
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
GRPCAPI void grpc_tls_credentials_options_set_tls_session_key_log_file_path(grpc_tls_credentials_options *options, const char *path)
— TLS session key logging.
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
const char * peer_cert_full_chain
Definition: credentials.h:711
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: credentials.h:294
GRPCAPI grpc_call_credentials * grpc_sts_credentials_create(const grpc_sts_credentials_options *options, void *reserved)
Creates an STS credentials following the STS Token Exchanged specified in the IETF draft https://tool...
void(* grpc_tls_on_custom_verification_check_done_cb)(grpc_tls_custom_verification_check_request *request, void *callback_arg, grpc_status_code status, const char *error_details)
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:728
grpc_tls_certificate_verifier * grpc_tls_certificate_verifier_external_create(grpc_tls_certificate_verifier_external *external_verifier)
EXPERIMENTAL API - Subject to change.
Object that holds additional peer-verification options on a secure channel.
Definition: credentials.h:303
const char * subject_token_path
Definition: credentials.h:89
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
— server credentials —
void(* cancel)(void *user_data, grpc_tls_custom_verification_check_request *request)
A function pointer that cleans up the caller-specified resources when the verifier is still running b...
Definition: credentials.h:800
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client's private key.
Definition: credentials.h:242
struct grpc_tls_credentials_options grpc_tls_credentials_options
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:577
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: credentials.h:314
const char * resource
Definition: credentials.h:85
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
char ** email_names
Definition: credentials.h:699
struct grpc_ssl_server_certificate_config grpc_ssl_server_certificate_config
Server certificate config object holds the server's public certificates and associated private keys,...
Definition: credentials.h:235
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools....
Definition: credentials.h:83
GRPCAPI void grpc_tls_credentials_options_set_min_tls_version(grpc_tls_credentials_options *options, grpc_tls_version min_tls_version)
EXPERIMENTAL API - Subject to change.
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:73
const char * audience
Definition: credentials.h:86
GRPCAPI void grpc_tls_certificate_provider_release(grpc_tls_certificate_provider *provider)
EXPERIMENTAL API - Subject to change.
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_copy(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
const char * service_url
The fully qualified service url.
Definition: credentials.h:106
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
const char * common_name
Definition: credentials.h:692
GRPCAPI void grpc_tls_credentials_options_set_check_call_host(grpc_tls_credentials_options *options, int check_call_host)
EXPERIMENTAL API - Subject to change.
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client's ALTS credentials options instance.
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
GRPCAPI grpc_tls_identity_pairs * grpc_tls_identity_pairs_create()
EXPERIMENTAL API - Subject to change.
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
GRPCAPI void grpc_auth_metadata_context_reset(grpc_auth_metadata_context *context)
Releases internal resources held by context.
grpc_channel_credentials * grpc_tls_credentials_create(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
struct grpc_tls_identity_pairs grpc_tls_identity_pairs
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:596
char ** dns_names
Definition: credentials.h:697
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, grpc_security_level min_security_level, void *reserved)
Creates a credentials object from a plugin with a specified minimum security level.
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chai...
Definition: credentials.h:246
struct grpc_tls_custom_verification_check_request::peer_info::san_names san_names
void * reserved
Reserved for future use.
Definition: credentials.h:117
GRPCAPI void grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:690
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
GRPCAPI grpc_server_credentials * grpc_xds_server_credentials_create(grpc_server_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
int grpc_tls_certificate_verifier_verify(grpc_tls_certificate_verifier *verifier, grpc_tls_custom_verification_check_request *request, grpc_tls_on_custom_verification_check_done_cb callback, void *callback_arg, grpc_status_code *sync_status, char **sync_error_details)
EXPERIMENTAL API - Subject to change.
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
GRPCAPI grpc_channel_credentials * grpc_xds_credentials_create(grpc_channel_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
char ** uri_names
Definition: credentials.h:695
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: credentials.h:111
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:745
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return.
Definition: credentials.h:145
size_t ip_names_size
Definition: credentials.h:702
GRPCAPI grpc_channel_credentials * grpc_insecure_credentials_create()
— insecure credentials —
const char * target_name
Definition: credentials.h:688
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
— composite credentials —
struct grpc_channel_credentials grpc_channel_credentials
— grpc_channel_credentials object.
Definition: grpc.h:286
const char * actor_token_path
Definition: credentials.h:91
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_file_watcher_create(const char *private_key_path, const char *identity_certificate_path, const char *root_cert_path, unsigned int refresh_interval_sec)
EXPERIMENTAL API - Subject to change.
struct grpc_auth_context grpc_auth_context
Definition: credentials.h:38
const char * scope
Definition: credentials.h:87
GRPCAPI void grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options *options, const char *root_cert_name)
EXPERIMENTAL API - Subject to change.
struct grpc_tls_certificate_verifier_external grpc_tls_certificate_verifier_external
EXPERIMENTAL API - Subject to change.
grpc_status_code
Definition: status.h:28
void(* destruct)(void *user_data)
A function pointer that does some additional destruction work when the verifier is destroyed.
Definition: credentials.h:819
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:66
void * user_data
Definition: credentials.h:746
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create(void)
EXPERIMENTAL API - Subject to change.
int(* verify)(void *user_data, grpc_tls_custom_verification_check_request *request, grpc_tls_on_custom_verification_check_done_cb callback, void *callback_arg, grpc_status_code *sync_status, char **sync_error_details)
A function pointer containing the verification logic that will be performed after the TLS handshake i...
Definition: credentials.h:780
size_t uri_names_size
Definition: credentials.h:696
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:79
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
grpc_tls_version
The TLS versions that are supported by the SSL stack.
Definition: grpc_security_constants.h:146
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
GRPCAPI void grpc_tls_credentials_options_set_max_tls_version(grpc_tls_credentials_options *options, grpc_tls_version max_tls_version)
EXPERIMENTAL API - Subject to change.
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
void grpc_tls_credentials_options_set_certificate_verifier(grpc_tls_credentials_options *options, grpc_tls_certificate_verifier *verifier)
EXPERIMENTAL API - Subject to change.
const char * token_exchange_service_uri
Definition: credentials.h:84
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: credentials.h:1065
Deprecated in favor of grpc_ssl_verify_peer_options.
Definition: credentials.h:283
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: credentials.h:139
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_static_data_create(const char *root_certificate, grpc_tls_identity_pairs *pem_key_cert_pairs)
EXPERIMENTAL API - Subject to change.
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(grpc_call_credentials *call_creds_for_tls, grpc_call_credentials *call_creds_for_alts)
Creates default credentials to connect to a google gRPC service.
char ** ip_names
Definition: credentials.h:701
Definition: credentials.h:694
GRPCAPI grpc_server_credentials * grpc_insecure_server_credentials_create()
EXPERIMENTAL API - Subject to change.
GRPCAPI void grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options *options, const char *identity_cert_name)
EXPERIMENTAL API - Subject to change.
void grpc_tls_certificate_verifier_release(grpc_tls_certificate_verifier *verifier)
EXPERIMENTAL API - Subject to change.
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was acquired by an out of band m...
GRPCAPI void grpc_auth_metadata_context_copy(grpc_auth_metadata_context *from, grpc_auth_metadata_context *to)
Performs a deep copy from from to to.
grpc_security_level
Definition: grpc_security_constants.h:131
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: credentials.h:276
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
GRPCAPI void grpc_tls_credentials_options_set_crl_directory(grpc_tls_credentials_options *options, const char *crl_directory)
Deprecated in favor of grpc_tls_credentials_options_set_crl_provider.
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server's identity.
Definition: credentials.h:114
GRPCAPI void grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options *options, grpc_tls_certificate_provider *provider)
EXPERIMENTAL API - Subject to change.
const char * requested_token_type
Definition: credentials.h:88
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: credentials.h:460
size_t dns_names_size
Definition: credentials.h:698
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: credentials.h:1085
grpc_tls_certificate_verifier * grpc_tls_certificate_verifier_host_name_create()
EXPERIMENTAL API - Subject to change.
grpc_server_credentials * grpc_tls_server_credentials_create(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
GRPCAPI void grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
GRPCAPI void grpc_tls_credentials_options_set_verify_server_cert(grpc_tls_credentials_options *options, int verify_server_cert)
EXPERIMENTAL API - Subject to change.
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:685
struct grpc_call_credentials grpc_call_credentials
— grpc_call_credentials object —
Definition: credentials.h:37
GRPCAPI grpc_call_credentials * grpc_external_account_credentials_create(const char *json_string, const char *scopes_string)
Builds External Account credentials.
struct grpc_alts_credentials_options grpc_alts_credentials_options
— ALTS channel/server credentials —
Definition: credentials.h:510
GRPCAPI void grpc_tls_identity_pairs_destroy(grpc_tls_identity_pairs *pairs)
EXPERIMENTAL API - Subject to change.
const char * actor_token_type
Definition: credentials.h:92
GRPCAPI void grpc_tls_credentials_options_set_send_client_ca_list(grpc_tls_credentials_options *options, bool send_client_ca_list)
EXPERIMENTAL API - Subject to change.
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
Analogous to struct timespec.
Definition: time.h:47
struct grpc_server_credentials grpc_server_credentials
— grpc_server_credentials object.
Definition: grpc.h:298
struct grpc_tls_certificate_verifier grpc_tls_certificate_verifier
EXPERIMENTAL API - Subject to change.
Definition: credentials.h:737
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
— channel credentials —
Context that can be used by metadata credentials plugin in order to create auth related metadata.
Definition: credentials.h:104
struct grpc_tls_custom_verification_check_request grpc_tls_custom_verification_check_request
EXPERIMENTAL API - Subject to change.
const char * subject_token_type
Definition: credentials.h:90
GRPCAPI void grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
struct grpc_tls_custom_verification_check_request::peer_info peer_info
const char * verified_root_cert_subject
Definition: credentials.h:715
GRPCAPI void grpc_tls_credentials_options_destroy(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
struct grpc_tls_certificate_provider grpc_tls_certificate_provider
— TLS channel/server credentials — It is used for experimental purpose for now and subject to change.
Definition: credentials.h:588
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:143
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
Object that holds a private key / certificate chain pair in PEM format.
Definition: credentials.h:239
size_t email_names_size
Definition: credentials.h:700
void grpc_tls_certificate_verifier_cancel(grpc_tls_certificate_verifier *verifier, grpc_tls_custom_verification_check_request *request)
EXPERIMENTAL API - Subject to change.
struct grpc_ssl_server_credentials_options grpc_ssl_server_credentials_options
Definition: credentials.h:415
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
grpc_tls_certificate_verifier * grpc_tls_certificate_verifier_no_op_create()
EXPERIMENTAL API - Subject to change.
GRPCAPI void grpc_tls_identity_pairs_add_pair(grpc_tls_identity_pairs *pairs, const char *private_key, const char *cert_chain)
EXPERIMENTAL API - Subject to change.
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.
