GRPC C++  1.53.0
grpc_security.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_GRPC_SECURITY_H
20 #define GRPC_GRPC_SECURITY_H
21 
23 
24 #include <grpc/grpc.h>
26 #include <grpc/status.h>
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31 
35 
38  size_t index;
39  const char* name;
41 
43 typedef struct grpc_auth_property {
44  char* name;
45  char* value;
46  size_t value_length;
48 
52 
56 
61 
65  const grpc_auth_context* ctx, const char* name);
66 
70  const grpc_auth_context* ctx);
71 
74  const grpc_auth_context* ctx);
75 
79 
82 
90  const char* name, const char* value,
91  size_t value_length);
92 
95  const char* name,
96  const char* value);
97 
101  grpc_auth_context* ctx, const char* name);
102 
109 
113  size_t capacity);
114 
117 
121 
129 
133 
153  grpc_call_credentials* call_credentials);
154 
162  char** pem_root_certs);
163 
171 
173 typedef struct {
176  const char* private_key;
177 
180  const char* cert_chain;
182 
187 typedef struct {
194  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
195  void* userdata);
202  void (*verify_peer_destruct)(void* userdata);
204 
207 typedef struct {
214  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
215  void* userdata);
222  void (*verify_peer_destruct)(void* userdata);
224 
256  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
257  const verify_peer_options* verify_options, void* reserved);
258 
259 /* Creates an SSL credentials object.
260  The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
261  - pem_root_certs is the NULL-terminated string containing the PEM encoding
262  of the server root certificates. If this parameter is NULL, the
263  implementation will first try to dereference the file pointed by the
264  GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
265  try to get the roots set by grpc_override_ssl_default_roots. Eventually,
266  if all these fail, it will try to get the roots from a well-known place on
267  disk (in the grpc install directory).
268 
269  gRPC has implemented root cache if the underlying OpenSSL library supports
270  it. The gRPC root certificates cache is only applicable on the default
271  root certificates, which is used when this parameter is nullptr. If user
272  provides their own pem_root_certs, when creating an SSL credential object,
273  gRPC would not be able to cache it, and each subchannel will generate a
274  copy of the root store. So it is recommended to avoid providing large room
275  pem with pem_root_certs parameter to avoid excessive memory consumption,
276  particularly on mobile platforms such as iOS.
277  - pem_key_cert_pair is a pointer on the object containing client's private
278  key and certificate chain. This parameter can be NULL if the client does
279  not have such a key/cert pair.
280  - verify_options is an optional verify_peer_options object which holds
281  additional options controlling how peer certificates are verified. For
282  example, you can supply a callback which receives the peer's certificate
283  with which you can do additional verification. Can be NULL, in which
284  case verification will retain default behavior. Any settings in
285  verify_options are copied during this call, so the verify_options
286  object can be released afterwards. */
288  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
289  const grpc_ssl_verify_peer_options* verify_options, void* reserved);
290 
294  grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
295  void* reserved);
296 
302  void* reserved);
303 
308  void* reserved);
309 
311 
319  gpr_timespec token_lifetime,
320  void* reserved);
321 
328  const char* json_string, const char* scopes_string);
329 
337  const char* json_refresh_token, void* reserved);
338 
342  const char* access_token, void* reserved);
343 
346  const char* authorization_token, const char* authority_selector,
347  void* reserved);
348 
355 typedef struct {
356  const char* token_exchange_service_uri; /* Required. */
357  const char* resource; /* Optional. */
358  const char* audience; /* Optional. */
359  const char* scope; /* Optional. */
360  const char* requested_token_type; /* Optional. */
361  const char* subject_token_path; /* Required. */
362  const char* subject_token_type; /* Required. */
363  const char* actor_token_path; /* Optional. */
364  const char* actor_token_type; /* Optional. */
366 
372  const grpc_sts_credentials_options* options, void* reserved);
373 
386  void* user_data, const grpc_metadata* creds_md, size_t num_creds_md,
387  grpc_status_code status, const char* error_details);
388 
391 typedef struct {
393  const char* service_url;
394 
398  const char* method_name;
399 
402 
404  void* reserved;
406 
410 
413  grpc_auth_metadata_context* context);
414 
417 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
418 
424 typedef struct {
443  int (*get_metadata)(
444  void* state, grpc_auth_metadata_context context,
445  grpc_credentials_plugin_metadata_cb cb, void* user_data,
447  size_t* num_creds_md, grpc_status_code* status,
448  const char** error_details);
449 
452  char* (*debug_string)(void* state);
453 
455  void (*destroy)(void* state);
456 
458  void* state;
459 
461  const char* type;
463 
468  grpc_security_level min_security_level, void* reserved);
469 
476 
489  const char* pem_root_certs,
490  const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
491  size_t num_key_cert_pairs);
492 
496 
505  void* user_data, grpc_ssl_server_certificate_config** config);
506 
520  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
521  size_t num_key_cert_pairs, int force_client_auth, void* reserved);
522 
528  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
529  size_t num_key_cert_pairs,
530  grpc_ssl_client_certificate_request_type client_certificate_request,
531  void* reserved);
532 
535 
542  grpc_ssl_client_certificate_request_type client_certificate_request,
543  grpc_ssl_server_certificate_config* certificate_config);
544 
554  grpc_ssl_client_certificate_request_type client_certificate_request,
555  grpc_ssl_server_certificate_config_callback cb, void* user_data);
556 
560 
566 
572  grpc_call_credentials* creds);
573 
586  void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
587  const grpc_metadata* response_md, size_t num_response_md,
588  grpc_status_code status, const char* error_details);
589 
591 typedef struct {
596  void (*process)(void* state, grpc_auth_context* context,
597  const grpc_metadata* md, size_t num_md,
598  grpc_process_auth_metadata_done_cb cb, void* user_data);
599  void (*destroy)(void* state);
600  void* state;
602 
605 
617 
624 
631 
641  grpc_alts_credentials_options* options, const char* service_account);
642 
653 
664  const grpc_alts_credentials_options* options);
665 
675  const grpc_alts_credentials_options* options);
676 
691 
702 
713 
721 
729 
737 
746  const char* private_key,
747  const char* cert_chain);
748 
758 
772  const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs);
773 
797  const char* private_key_path, const char* identity_certificate_path,
798  const char* root_cert_path, unsigned int refresh_interval_sec);
799 
808 
815 
825 
840 
848  grpc_tls_credentials_options* options, const char* root_cert_name);
849 
859 
868  grpc_tls_credentials_options* options, const char* identity_cert_name);
869 
888  grpc_tls_credentials_options* options, const char* crl_directory);
889 
897  grpc_tls_credentials_options* options, int verify_server_cert);
898 
908  /* The target name of the server when the client initiates the connection. */
909  /* This field will be nullptr if on the server side. */
910  const char* target_name;
911  /* The information contained in the certificate chain sent from the peer. */
912  struct peer_info {
913  /* The Common Name field on the peer leaf certificate. */
914  const char* common_name;
915  /* The list of Subject Alternative Names on the peer leaf certificate. */
916  struct san_names {
917  char** uri_names;
919  char** dns_names;
921  char** email_names;
923  char** ip_names;
925  } san_names;
926  /* The raw peer leaf certificate. */
927  const char* peer_cert;
928  /* The raw peer certificate chain. Note that it is not always guaranteed to
929  * get the peer full chain. For more, please refer to
930  * GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME defined in file
931  * grpc_security_constants.h.
932  * TODO(ZhenLian): Consider fixing this in the future. */
933  const char* peer_cert_full_chain;
934  } peer_info;
936 
947  grpc_tls_custom_verification_check_request* request, void* callback_arg,
948  grpc_status_code status, const char* error_details);
949 
956 
964  void* user_data;
998  int (*verify)(void* user_data,
1001  void* callback_arg, grpc_status_code* sync_status,
1002  char** sync_error_details);
1018  void (*cancel)(void* user_data,
1037  void (*destruct)(void* user_data);
1039 
1048  grpc_tls_certificate_verifier_external* external_verifier);
1049 
1060 
1068 
1076  grpc_tls_certificate_verifier* verifier);
1077 
1088  grpc_tls_certificate_verifier* verifier);
1089 
1102  grpc_tls_credentials_options* options, int check_call_host);
1103 
1117  grpc_tls_on_custom_verification_check_done_cb callback, void* callback_arg,
1118  grpc_status_code* sync_status, char** sync_error_details);
1119 
1130 
1140  grpc_tls_credentials_options* options);
1141 
1150  grpc_tls_credentials_options* options);
1151 
1158 
1165 
1180  grpc_channel_credentials* fallback_credentials);
1181 
1194  grpc_server_credentials* fallback_credentials);
1195 
1203 
1217  const char* authz_policy, grpc_status_code* code,
1218  const char** error_details);
1219 
1235  const char* authz_policy_path, unsigned int refresh_interval_sec,
1236  grpc_status_code* code, const char** error_details);
1237 
1245 
1264  grpc_tls_credentials_options* options, const char* path);
1265 
1266 #ifdef __cplusplus
1267 }
1268 #endif
1269 
1270 #endif /* GRPC_GRPC_SECURITY_H */
grpc_arg
A single argument...
Definition: grpc_types.h:102
grpc_tls_custom_verification_check_request::peer_info::peer_cert
const char * peer_cert
Definition: grpc_security.h:927
grpc_auth_property_iterator::name
const char * name
Definition: grpc_security.h:39
grpc_tls_credentials_options_set_certificate_provider
GRPCAPI void grpc_tls_credentials_options_set_certificate_provider(grpc_tls_credentials_options *options, grpc_tls_certificate_provider *provider)
EXPERIMENTAL API - Subject to change.
grpc_alts_credentials_options_destroy
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
grpc_tls_custom_verification_check_request::peer_info::peer_cert_full_chain
const char * peer_cert_full_chain
Definition: grpc_security.h:933
GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return.
Definition: grpc_security.h:417
grpc_call_error
grpc_call_error
Result of a grpc call.
Definition: grpc_types.h:479
grpc_ssl_credentials_create_ex
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options, void *reserved)
verify_peer_options::verify_peer_callback_userdata
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:198
grpc_ssl_server_certificate_config
struct grpc_ssl_server_certificate_config grpc_ssl_server_certificate_config
Server certificate config object holds the server's public certificates and associated private keys,...
Definition: grpc_security.h:474
grpc_credentials_plugin_metadata_cb
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: grpc_security.h:385
grpc_tls_identity_pairs_create
GRPCAPI grpc_tls_identity_pairs * grpc_tls_identity_pairs_create()
EXPERIMENTAL API - Subject to change.
grpc_ssl_verify_peer_options
Object that holds additional peer-verification options on a secure channel.
Definition: grpc_security.h:207
grpc_auth_context
struct grpc_auth_context grpc_auth_context
— Authentication Context.
Definition: grpc_security.h:34
grpc_sts_credentials_options::subject_token_path
const char * subject_token_path
Definition: grpc_security.h:361
grpc_tls_certificate_verifier_external::cancel
void(* cancel)(void *user_data, grpc_tls_custom_verification_check_request *request)
A function pointer that cleans up the caller-specified resources when the verifier is still running b...
Definition: grpc_security.h:1018
grpc_tls_credentials_options_set_tls_session_key_log_file_path
GRPCAPI void grpc_tls_credentials_options_set_tls_session_key_log_file_path(grpc_tls_credentials_options *options, const char *path)
— TLS session key logging.
grpc_ssl_pem_key_cert_pair::private_key
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client's private key.
Definition: grpc_security.h:176
grpc_status_code
grpc_status_code
Definition: status.h:28
grpc_ssl_server_credentials_create_options_using_config
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
grpc_local_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.
grpc_ssl_verify_peer_options::verify_peer_callback_userdata
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:218
GRPCAPI
#define GRPCAPI
Definition: port_platform.h:651
grpc_sts_credentials_options::resource
const char * resource
Definition: grpc_security.h:357
grpc_tls_custom_verification_check_request::peer_info::san_names::email_names
char ** email_names
Definition: grpc_security.h:921
grpc_sts_credentials_options
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools....
Definition: grpc_security.h:355
grpc_metadata_credentials_plugin::state
void * state
State that will be set as the first parameter of the methods above.
Definition: grpc_security.h:458
grpc_ssl_certificate_config_reload_status
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:73
grpc_sts_credentials_options::audience
const char * audience
Definition: grpc_security.h:358
grpc_auth_metadata_context::service_url
const char * service_url
The fully qualifed service url.
Definition: grpc_security.h:393
grpc_google_iam_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
grpc_auth_property_iterator
struct grpc_auth_property_iterator grpc_auth_property_iterator
grpc_tls_credentials_options_set_certificate_verifier
void grpc_tls_credentials_options_set_certificate_verifier(grpc_tls_credentials_options *options, grpc_tls_certificate_verifier *verifier)
EXPERIMENTAL API - Subject to change.
grpc_process_auth_metadata_done_cb
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: grpc_security.h:585
grpc_ssl_server_credentials_options_destroy
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
grpc_auth_context_peer_is_authenticated
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Returns 1 if the peer is authenticated, 0 otherwise.
grpc_tls_certificate_provider_release
GRPCAPI void grpc_tls_certificate_provider_release(grpc_tls_certificate_provider *provider)
EXPERIMENTAL API - Subject to change.
grpc_tls_custom_verification_check_request::peer_info::common_name
const char * common_name
Definition: grpc_security.h:914
grpc_metadata_credentials_create_from_plugin
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, grpc_security_level min_security_level, void *reserved)
Creates a credentials object from a plugin with a specified minimum security level.
grpc_tls_identity_pairs_destroy
GRPCAPI void grpc_tls_identity_pairs_destroy(grpc_tls_identity_pairs *pairs)
EXPERIMENTAL API - Subject to change.
grpc_tls_credentials_options_set_check_call_host
GRPCAPI void grpc_tls_credentials_options_set_check_call_host(grpc_tls_credentials_options *options, int check_call_host)
EXPERIMENTAL API - Subject to change.
grpc_google_compute_engine_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
grpc_tls_custom_verification_check_request
struct grpc_tls_custom_verification_check_request grpc_tls_custom_verification_check_request
EXPERIMENTAL API - Subject to change.
grpc_call_credentials_release
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
Releases a call credentials object.
grpc_tls_identity_pairs_add_pair
GRPCAPI void grpc_tls_identity_pairs_add_pair(grpc_tls_identity_pairs *pairs, const char *private_key, const char *cert_chain)
EXPERIMENTAL API - Subject to change.
grpc_tls_credentials_create
grpc_channel_credentials * grpc_tls_credentials_create(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_tls_credentials_options_watch_root_certs
GRPCAPI void grpc_tls_credentials_options_watch_root_certs(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_composite_call_credentials_create
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
— composite credentials.
grpc_ssl_server_certificate_config_create
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
grpc_auth_metadata_context_reset
GRPCAPI void grpc_auth_metadata_context_reset(grpc_auth_metadata_context *context)
Releases internal resources held by context.
grpc_tls_on_custom_verification_check_done_cb
void(* grpc_tls_on_custom_verification_check_done_cb)(grpc_tls_custom_verification_check_request *request, void *callback_arg, grpc_status_code status, const char *error_details)
EXPERIMENTAL API - Subject to change.
Definition: grpc_security.h:946
grpc_authorization_policy_provider_file_watcher_create
GRPCAPI grpc_authorization_policy_provider * grpc_authorization_policy_provider_file_watcher_create(const char *authz_policy_path, unsigned int refresh_interval_sec, grpc_status_code *code, const char **error_details)
EXPERIMENTAL - Subject to change.
grpc_tls_custom_verification_check_request::peer_info::san_names::dns_names
char ** dns_names
Definition: grpc_security.h:919
grpc_ssl_pem_key_cert_pair::cert_chain
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chai...
Definition: grpc_security.h:180
grpc_tls_credentials_options_set_identity_cert_name
GRPCAPI void grpc_tls_credentials_options_set_identity_cert_name(grpc_tls_credentials_options *options, const char *identity_cert_name)
EXPERIMENTAL API - Subject to change.
grpc_tls_certificate_verifier_cancel
void grpc_tls_certificate_verifier_cancel(grpc_tls_certificate_verifier *verifier, grpc_tls_custom_verification_check_request *request)
EXPERIMENTAL API - Subject to change.
grpc_ssl_session_cache_create_lru
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
grpc_auth_context_release
GRPCAPI void grpc_auth_context_release(grpc_auth_context *context)
Releases the auth context returned from grpc_call_auth_context.
grpc_auth_property
struct grpc_auth_property grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
grpc_server_credentials_set_auth_metadata_processor
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
grpc_access_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was acquired by an out of band m...
grpc_tls_custom_verification_check_request::peer_info::san_names
struct grpc_tls_custom_verification_check_request::peer_info::san_names san_names
grpc_auth_metadata_context::reserved
void * reserved
Reserved for future use.
Definition: grpc_security.h:404
grpc_tls_server_credentials_create
grpc_server_credentials * grpc_tls_server_credentials_create(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_auth_property_iterator_next
const GRPCAPI grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Returns NULL when the iterator is at the end.
grpc_tls_custom_verification_check_request::peer_info
Definition: grpc_security.h:912
grpc_ssl_credentials_create
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
grpc_insecure_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_insecure_server_credentials_create()
EXPERIMENTAL API - Subject to change.
grpc_service_account_jwt_access_credentials_create
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
status.h
grpc_auth_context_set_peer_identity_property_name
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name)
Sets the property name.
grpc_metadata
A single metadata element.
Definition: grpc_types.h:549
grpc_tls_custom_verification_check_request::peer_info::san_names::uri_names
char ** uri_names
Definition: grpc_security.h:917
grpc_auth_metadata_context::method_name
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: grpc_security.h:398
grpc_tls_certificate_provider
struct grpc_tls_certificate_provider grpc_tls_certificate_provider
EXPERIMENTAL API - Subject to change.
Definition: grpc_security.h:720
grpc_ssl_server_credentials_create_ex
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
grpc_auth_property_iterator::ctx
const grpc_auth_context * ctx
Definition: grpc_security.h:37
grpc_tls_certificate_verifier_external
EXPERIMENTAL API - Subject to change.
Definition: grpc_security.h:963
grpc_alts_credentials_client_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
grpc_tls_custom_verification_check_request::peer_info::san_names::ip_names_size
size_t ip_names_size
Definition: grpc_security.h:924
grpc_tls_custom_verification_check_request::target_name
const char * target_name
Definition: grpc_security.h:910
grpc_sts_credentials_create
GRPCAPI grpc_call_credentials * grpc_sts_credentials_create(const grpc_sts_credentials_options *options, void *reserved)
Creates an STS credentials following the STS Token Exchanged specifed in the IETF draft https://tools...
grpc_channel_credentials
struct grpc_channel_credentials grpc_channel_credentials
— grpc_channel_credentials object.
Definition: grpc.h:294
grpc_ssl_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
grpc_sts_credentials_options::actor_token_path
const char * actor_token_path
Definition: grpc_security.h:363
grpc_external_account_credentials_create
GRPCAPI grpc_call_credentials * grpc_external_account_credentials_create(const char *json_string, const char *scopes_string)
Builds External Account credentials.
grpc_max_auth_token_lifetime
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
grpc_sts_credentials_options::scope
const char * scope
Definition: grpc_security.h:359
grpc_alts_credentials_client_options_add_target_service_account
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client's ALTS credentials options instance.
grpc_auth_property::name
char * name
Definition: grpc_security.h:44
grpc_auth_property_iterator
Definition: grpc_security.h:36
grpc_tls_certificate_verifier_external::destruct
void(* destruct)(void *user_data)
A function pointer that does some additional destruction work when the verifier is destroyed.
Definition: grpc_security.h:1037
grpc.h
grpc_ssl_roots_override_result
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:66
grpc_call
struct grpc_call grpc_call
A Call represents an RPC.
Definition: grpc_types.h:69
grpc_tls_certificate_verifier_external::user_data
void * user_data
Definition: grpc_security.h:964
grpc_auth_property::value_length
size_t value_length
Definition: grpc_security.h:46
grpc_insecure_credentials_create
GRPCAPI grpc_channel_credentials * grpc_insecure_credentials_create()
EXPERIMENTAL API - Subject to change.
grpc_tls_certificate_verifier
struct grpc_tls_certificate_verifier grpc_tls_certificate_verifier
EXPERIMENTAL API - Subject to change.
Definition: grpc_security.h:955
grpc_alts_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
grpc_tls_certificate_verifier_external::verify
int(* verify)(void *user_data, grpc_tls_custom_verification_check_request *request, grpc_tls_on_custom_verification_check_done_cb callback, void *callback_arg, grpc_status_code *sync_status, char **sync_error_details)
A function pointer containing the verification logic that will be performed after the TLS handshake i...
Definition: grpc_security.h:998
grpc_auth_context_add_cstring_property
GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, const char *name, const char *value)
Add a C string property.
grpc_tls_custom_verification_check_request::peer_info::san_names::uri_names_size
size_t uri_names_size
Definition: grpc_security.h:918
grpc_ssl_client_certificate_request_type
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:79
grpc_metadata_credentials_plugin
grpc_metadata_credentials plugin is an API user provided structure used to create grpc_credentials ob...
Definition: grpc_security.h:424
grpc_call_auth_context
GRPCAPI grpc_auth_context * grpc_call_auth_context(grpc_call *call)
Gets the auth context from the call.
grpc_auth_property::value
char * value
Definition: grpc_security.h:45
grpc_ssl_session_cache
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: grpc_security.h:108
grpc_composite_channel_credentials_create
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
grpc_sts_credentials_options::token_exchange_service_uri
const char * token_exchange_service_uri
Definition: grpc_security.h:356
verify_peer_options
Deprecated in favor of grpc_ssl_verify_peer_options.
Definition: grpc_security.h:187
grpc_ssl_roots_override_callback
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: grpc_security.h:161
grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
Definition: grpc_security.h:43
grpc_auth_context_property_iterator
GRPCAPI grpc_auth_property_iterator grpc_auth_context_property_iterator(const grpc_auth_context *ctx)
Iterates over the auth context.
grpc_tls_certificate_verifier_no_op_create
grpc_tls_certificate_verifier * grpc_tls_certificate_verifier_no_op_create()
EXPERIMENTAL API - Subject to change.
grpc_call_set_credentials
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds)
— Call specific credentials.
grpc_tls_custom_verification_check_request::peer_info::san_names::ip_names
char ** ip_names
Definition: grpc_security.h:923
grpc_authorization_policy_provider
struct grpc_authorization_policy_provider grpc_authorization_policy_provider
EXPERIMENTAL - Subject to change.
Definition: grpc_security.h:1201
grpc_tls_custom_verification_check_request::peer_info::san_names
Definition: grpc_security.h:916
grpc_tls_credentials_options
struct grpc_tls_credentials_options grpc_tls_credentials_options
— TLS channel/server credentials — It is used for experimental purpose for now and subject to change.
Definition: grpc_security.h:712
grpc_alts_credentials_create
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
grpc_tls_certificate_verifier_host_name_create
grpc_tls_certificate_verifier * grpc_tls_certificate_verifier_host_name_create()
EXPERIMENTAL API - Subject to change.
grpc_security_level
grpc_security_level
Definition: grpc_security_constants.h:131
grpc_alts_credentials_server_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
grpc_google_refresh_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
grpc_metadata_credentials_plugin::type
const char * type
Type of credentials that this plugin is implementing.
Definition: grpc_security.h:461
grpc_tls_credentials_options_set_cert_request_type
GRPCAPI void grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
EXPERIMENTAL API - Subject to change.
grpc_tls_credentials_options_create
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create(void)
EXPERIMENTAL API - Subject to change.
grpc_tls_credentials_options_set_verify_server_cert
GRPCAPI void grpc_tls_credentials_options_set_verify_server_cert(grpc_tls_credentials_options *options, int verify_server_cert)
EXPERIMENTAL API - Subject to change.
grpc_tls_certificate_verifier_verify
int grpc_tls_certificate_verifier_verify(grpc_tls_certificate_verifier *verifier, grpc_tls_custom_verification_check_request *request, grpc_tls_on_custom_verification_check_done_cb callback, void *callback_arg, grpc_status_code *sync_status, char **sync_error_details)
EXPERIMENTAL API - Subject to change.
grpc_ssl_server_credentials_create_options_using_config_fetcher
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
grpc_auth_metadata_context::channel_auth_context
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server's identity.
Definition: grpc_security.h:401
grpc_ssl_server_certificate_config_callback
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: grpc_security.h:504
grpc_tls_identity_pairs
struct grpc_tls_identity_pairs grpc_tls_identity_pairs
EXPERIMENTAL API - Subject to change.
Definition: grpc_security.h:728
grpc_tls_certificate_verifier_external_create
grpc_tls_certificate_verifier * grpc_tls_certificate_verifier_external_create(grpc_tls_certificate_verifier_external *external_verifier)
EXPERIMENTAL API - Subject to change.
grpc_auth_context_peer_identity
GRPCAPI grpc_auth_property_iterator grpc_auth_context_peer_identity(const grpc_auth_context *ctx)
Gets the peer identity.
grpc_sts_credentials_options::requested_token_type
const char * requested_token_type
Definition: grpc_security.h:360
grpc_authorization_policy_provider_static_data_create
GRPCAPI grpc_authorization_policy_provider * grpc_authorization_policy_provider_static_data_create(const char *authz_policy, grpc_status_code *code, const char **error_details)
EXPERIMENTAL - Subject to change.
grpc_tls_custom_verification_check_request::peer_info::san_names::dns_names_size
size_t dns_names_size
Definition: grpc_security.h:920
grpc_set_ssl_roots_override_callback
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
grpc_auth_metadata_processor
Pluggable server-side metadata processor object.
Definition: grpc_security.h:591
grpc_security_constants.h
grpc_tls_credentials_options_watch_identity_key_cert_pairs
GRPCAPI void grpc_tls_credentials_options_watch_identity_key_cert_pairs(grpc_tls_credentials_options *options)
EXPERIMENTAL API - Subject to change.
grpc_tls_certificate_verifier_release
void grpc_tls_certificate_verifier_release(grpc_tls_certificate_verifier *verifier)
EXPERIMENTAL API - Subject to change.
grpc_auth_context_add_property
GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, const char *value, size_t value_length)
– The following auth context methods should only be called by a server metadata
grpc_tls_credentials_options_set_root_cert_name
GRPCAPI void grpc_tls_credentials_options_set_root_cert_name(grpc_tls_credentials_options *options, const char *root_cert_name)
EXPERIMENTAL API - Subject to change.
grpc_tls_custom_verification_check_request
EXPERIMENTAL API - Subject to change.
Definition: grpc_security.h:907
grpc_auth_metadata_context_copy
GRPCAPI void grpc_auth_metadata_context_copy(grpc_auth_metadata_context *from, grpc_auth_metadata_context *to)
Performs a deep copy from from to to.
grpc_ssl_server_credentials_options
struct grpc_ssl_server_credentials_options grpc_ssl_server_credentials_options
Definition: grpc_security.h:533
grpc_tls_credentials_options_set_crl_directory
GRPCAPI void grpc_tls_credentials_options_set_crl_directory(grpc_tls_credentials_options *options, const char *crl_directory)
EXPERIMENTAL API - Subject to change.
grpc_auth_context_peer_identity_property_name
const GRPCAPI char * grpc_auth_context_peer_identity_property_name(const grpc_auth_context *ctx)
Gets the name of the property that indicates the peer identity.
grpc_ssl_session_cache_destroy
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
grpc_ssl_server_credentials_create_with_options
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
grpc_google_default_credentials_create
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(grpc_call_credentials *call_credentials)
Creates default credentials to connect to a google gRPC service.
grpc_auth_context_find_properties_by_name
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Finds a property in the context.
grpc_sts_credentials_options::actor_token_type
const char * actor_token_type
Definition: grpc_security.h:364
grpc_tls_certificate_provider_file_watcher_create
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_file_watcher_create(const char *private_key_path, const char *identity_certificate_path, const char *root_cert_path, unsigned int refresh_interval_sec)
EXPERIMENTAL API - Subject to change.
grpc_auth_property_iterator::index
size_t index
Definition: grpc_security.h:38
grpc_xds_credentials_create
GRPCAPI grpc_channel_credentials * grpc_xds_credentials_create(grpc_channel_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
grpc_authorization_policy_provider_release
GRPCAPI void grpc_authorization_policy_provider_release(grpc_authorization_policy_provider *provider)
EXPERIMENTAL - Subject to change.
gpr_timespec
Analogous to struct timespec.
Definition: time.h:48
grpc_server_credentials
struct grpc_server_credentials grpc_server_credentials
— grpc_server_credentials object.
Definition: grpc.h:306
grpc_xds_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_xds_server_credentials_create(grpc_server_credentials *fallback_credentials)
EXPERIMENTAL API - Subject to change.
grpc_auth_metadata_context
Context that can be used by metadata credentials plugin in order to create auth related metadata.
Definition: grpc_security.h:391
grpc_sts_credentials_options::subject_token_type
const char * subject_token_type
Definition: grpc_security.h:362
grpc_tls_custom_verification_check_request::peer_info
struct grpc_tls_custom_verification_check_request::peer_info peer_info
grpc_local_connect_type
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:143
grpc_tls_certificate_verifier_external
struct grpc_tls_certificate_verifier_external grpc_tls_certificate_verifier_external
EXPERIMENTAL API - Subject to change.
grpc_tls_certificate_provider_static_data_create
GRPCAPI grpc_tls_certificate_provider * grpc_tls_certificate_provider_static_data_create(const char *root_certificate, grpc_tls_identity_pairs *pem_key_cert_pairs)
EXPERIMENTAL API - Subject to change.
grpc_ssl_pem_key_cert_pair
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:173
grpc_tls_custom_verification_check_request::peer_info::san_names::email_names_size
size_t email_names_size
Definition: grpc_security.h:922
grpc_ssl_session_cache_create_channel_arg
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
grpc_ssl_server_certificate_config_destroy
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
grpc_local_credentials_create
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
grpc_auth_metadata_processor::state
void * state
Definition: grpc_security.h:600
port_platform.h
grpc_call_credentials
struct grpc_call_credentials grpc_call_credentials
— grpc_call_credentials object.
Definition: grpc_security.h:128
grpc_alts_credentials_options
struct grpc_alts_credentials_options grpc_alts_credentials_options
— ALTS channel/server credentials —
Definition: grpc_security.h:616