GRPC C++  1.30.0
grpc_security.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_GRPC_SECURITY_H
20 #define GRPC_GRPC_SECURITY_H
21 
22 #include <grpc/support/port_platform.h>
23 
24 #include <grpc/grpc.h>
25 #include <grpc/grpc_security_constants.h>
26 #include <grpc/status.h>
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31 
34 typedef struct grpc_auth_context grpc_auth_context;
35 
36 typedef struct grpc_auth_property_iterator {
37  const grpc_auth_context* ctx;
38  size_t index;
39  const char* name;
40 } grpc_auth_property_iterator;
41 
43 typedef struct grpc_auth_property {
44  char* name;
45  char* value;
46  size_t value_length;
47 } grpc_auth_property;
48 
50 GRPCAPI const grpc_auth_property* grpc_auth_property_iterator_next(
51  grpc_auth_property_iterator* it);
52 
54 GRPCAPI grpc_auth_property_iterator
55 grpc_auth_context_property_iterator(const grpc_auth_context* ctx);
56 
59 GRPCAPI grpc_auth_property_iterator
60 grpc_auth_context_peer_identity(const grpc_auth_context* ctx);
61 
64 GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(
65  const grpc_auth_context* ctx, const char* name);
66 
69 GRPCAPI const char* grpc_auth_context_peer_identity_property_name(
70  const grpc_auth_context* ctx);
71 
73 GRPCAPI int grpc_auth_context_peer_is_authenticated(
74  const grpc_auth_context* ctx);
75 
78 GRPCAPI grpc_auth_context* grpc_call_auth_context(grpc_call* call);
79 
81 GRPCAPI void grpc_auth_context_release(grpc_auth_context* context);
82 
89 GRPCAPI void grpc_auth_context_add_property(grpc_auth_context* ctx,
90  const char* name, const char* value,
91  size_t value_length);
92 
94 GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context* ctx,
95  const char* name,
96  const char* value);
97 
100 GRPCAPI int grpc_auth_context_set_peer_identity_property_name(
101  grpc_auth_context* ctx, const char* name);
102 
108 typedef struct grpc_ssl_session_cache grpc_ssl_session_cache;
109 
112 GRPCAPI grpc_ssl_session_cache* grpc_ssl_session_cache_create_lru(
113  size_t capacity);
114 
116 GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache* cache);
117 
119 GRPCAPI grpc_arg
120 grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache* cache);
121 
127 typedef struct grpc_channel_credentials grpc_channel_credentials;
128 
131 GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials* creds);
132 
137 GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create(void);
138 
145 typedef grpc_ssl_roots_override_result (*grpc_ssl_roots_override_callback)(
146  char** pem_root_certs);
147 
153 GRPCAPI void grpc_set_ssl_roots_override_callback(
154  grpc_ssl_roots_override_callback cb);
155 
157 typedef struct {
160  const char* private_key;
161 
164  const char* cert_chain;
165 } grpc_ssl_pem_key_cert_pair;
166 
171 typedef struct {
178  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
179  void* userdata);
182  void* verify_peer_callback_userdata;
186  void (*verify_peer_destruct)(void* userdata);
187 } verify_peer_options;
188 
191 typedef struct {
198  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
199  void* userdata);
202  void* verify_peer_callback_userdata;
206  void (*verify_peer_destruct)(void* userdata);
207 } grpc_ssl_verify_peer_options;
208 
239 GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create(
240  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
241  const verify_peer_options* verify_options, void* reserved);
242 
243 /* Creates an SSL credentials object.
244  The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
245  - pem_root_certs is the NULL-terminated string containing the PEM encoding
246  of the server root certificates. If this parameter is NULL, the
247  implementation will first try to dereference the file pointed by the
248  GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
249  try to get the roots set by grpc_override_ssl_default_roots. Eventually,
250  if all these fail, it will try to get the roots from a well-known place on
251  disk (in the grpc install directory).
252 
253  gRPC has implemented root cache if the underlying OpenSSL library supports
254  it. The gRPC root certificates cache is only applicable on the default
255  root certificates, which is used when this parameter is nullptr. If user
256  provides their own pem_root_certs, when creating an SSL credential object,
257  gRPC would not be able to cache it, and each subchannel will generate a
258  copy of the root store. So it is recommended to avoid providing large room
259  pem with pem_root_certs parameter to avoid excessive memory consumption,
260  particularly on mobile platforms such as iOS.
261  - pem_key_cert_pair is a pointer on the object containing client's private
262  key and certificate chain. This parameter can be NULL if the client does
263  not have such a key/cert pair.
264  - verify_options is an optional verify_peer_options object which holds
265  additional options controlling how peer certificates are verified. For
266  example, you can supply a callback which receives the peer's certificate
267  with which you can do additional verification. Can be NULL, in which
268  case verification will retain default behavior. Any settings in
269  verify_options are copied during this call, so the verify_options
270  object can be released afterwards. */
271 GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create_ex(
272  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
273  const grpc_ssl_verify_peer_options* verify_options, void* reserved);
274 
281 typedef struct grpc_call_credentials grpc_call_credentials;
282 
285 GRPCAPI void grpc_call_credentials_release(grpc_call_credentials* creds);
286 
289 GRPCAPI grpc_channel_credentials* grpc_composite_channel_credentials_create(
290  grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
291  void* reserved);
292 
294 GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create(
295  grpc_call_credentials* creds1, grpc_call_credentials* creds2,
296  void* reserved);
297 
301 GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create(
302  void* reserved);
303 
304 GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void);
305 
311 GRPCAPI grpc_call_credentials*
312 grpc_service_account_jwt_access_credentials_create(const char* json_key,
313  gpr_timespec token_lifetime,
314  void* reserved);
315 
322 GRPCAPI grpc_call_credentials* grpc_google_refresh_token_credentials_create(
323  const char* json_refresh_token, void* reserved);
324 
327 GRPCAPI grpc_call_credentials* grpc_access_token_credentials_create(
328  const char* access_token, void* reserved);
329 
331 GRPCAPI grpc_call_credentials* grpc_google_iam_credentials_create(
332  const char* authorization_token, const char* authority_selector,
333  void* reserved);
334 
341 typedef struct {
342  const char* token_exchange_service_uri; /* Required. */
343  const char* resource; /* Optional. */
344  const char* audience; /* Optional. */
345  const char* scope; /* Optional. */
346  const char* requested_token_type; /* Optional. */
347  const char* subject_token_path; /* Required. */
348  const char* subject_token_type; /* Required. */
349  const char* actor_token_path; /* Optional. */
350  const char* actor_token_type; /* Optional. */
351 } grpc_sts_credentials_options;
352 
357 GRPCAPI grpc_call_credentials* grpc_sts_credentials_create(
358  const grpc_sts_credentials_options* options, void* reserved);
359 
371 typedef void (*grpc_credentials_plugin_metadata_cb)(
372  void* user_data, const grpc_metadata* creds_md, size_t num_creds_md,
373  grpc_status_code status, const char* error_details);
374 
377 typedef struct {
379  const char* service_url;
380 
384  const char* method_name;
385 
387  const grpc_auth_context* channel_auth_context;
388 
390  void* reserved;
391 } grpc_auth_metadata_context;
392 
395 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
396 
402 typedef struct {
421  int (*get_metadata)(
422  void* state, grpc_auth_metadata_context context,
423  grpc_credentials_plugin_metadata_cb cb, void* user_data,
424  grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
425  size_t* num_creds_md, grpc_status_code* status,
426  const char** error_details);
427 
430  char* (*debug_string)(void* state);
431 
433  void (*destroy)(void* state);
434 
436  void* state;
437 
439  const char* type;
440 } grpc_metadata_credentials_plugin;
441 
444 GRPCAPI grpc_call_credentials* grpc_metadata_credentials_create_from_plugin(
445  grpc_metadata_credentials_plugin plugin,
446  grpc_security_level min_security_level, void* reserved);
447 
457 GRPCAPI grpc_channel* grpc_secure_channel_create(
458  grpc_channel_credentials* creds, const char* target,
459  const grpc_channel_args* args, void* reserved);
460 
465 typedef struct grpc_server_credentials grpc_server_credentials;
466 
470 GRPCAPI void grpc_server_credentials_release(grpc_server_credentials* creds);
471 
476 typedef struct grpc_ssl_server_certificate_config
477  grpc_ssl_server_certificate_config;
478 
489 GRPCAPI grpc_ssl_server_certificate_config*
490 grpc_ssl_server_certificate_config_create(
491  const char* pem_root_certs,
492  const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
493  size_t num_key_cert_pairs);
494 
496 GRPCAPI void grpc_ssl_server_certificate_config_destroy(
497  grpc_ssl_server_certificate_config* config);
498 
505 typedef grpc_ssl_certificate_config_reload_status (
506  *grpc_ssl_server_certificate_config_callback)(
507  void* user_data, grpc_ssl_server_certificate_config** config);
508 
521 GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create(
522  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
523  size_t num_key_cert_pairs, int force_client_auth, void* reserved);
524 
529 GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create_ex(
530  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
531  size_t num_key_cert_pairs,
532  grpc_ssl_client_certificate_request_type client_certificate_request,
533  void* reserved);
534 
535 typedef struct grpc_ssl_server_credentials_options
536  grpc_ssl_server_credentials_options;
537 
542 GRPCAPI grpc_ssl_server_credentials_options*
543 grpc_ssl_server_credentials_create_options_using_config(
544  grpc_ssl_client_certificate_request_type client_certificate_request,
545  grpc_ssl_server_certificate_config* certificate_config);
546 
554 GRPCAPI grpc_ssl_server_credentials_options*
555 grpc_ssl_server_credentials_create_options_using_config_fetcher(
556  grpc_ssl_client_certificate_request_type client_certificate_request,
557  grpc_ssl_server_certificate_config_callback cb, void* user_data);
558 
560 GRPCAPI void grpc_ssl_server_credentials_options_destroy(
561  grpc_ssl_server_credentials_options* options);
562 
565 GRPCAPI grpc_server_credentials*
566 grpc_ssl_server_credentials_create_with_options(
567  grpc_ssl_server_credentials_options* options);
568 
574 GRPCAPI int grpc_server_add_secure_http2_port(grpc_server* server,
575  const char* addr,
576  grpc_server_credentials* creds);
577 
582 GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call* call,
583  grpc_call_credentials* creds);
584 
596 typedef void (*grpc_process_auth_metadata_done_cb)(
597  void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
598  const grpc_metadata* response_md, size_t num_response_md,
599  grpc_status_code status, const char* error_details);
600 
602 typedef struct {
607  void (*process)(void* state, grpc_auth_context* context,
608  const grpc_metadata* md, size_t num_md,
609  grpc_process_auth_metadata_done_cb cb, void* user_data);
610  void (*destroy)(void* state);
611  void* state;
612 } grpc_auth_metadata_processor;
613 
614 GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(
615  grpc_server_credentials* creds, grpc_auth_metadata_processor processor);
616 
627 typedef struct grpc_alts_credentials_options grpc_alts_credentials_options;
628 
633 GRPCAPI grpc_alts_credentials_options*
634 grpc_alts_credentials_client_options_create(void);
635 
640 GRPCAPI grpc_alts_credentials_options*
641 grpc_alts_credentials_server_options_create(void);
642 
651 GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(
652  grpc_alts_credentials_options* options, const char* service_account);
653 
662 GRPCAPI void grpc_alts_credentials_options_destroy(
663  grpc_alts_credentials_options* options);
664 
674 GRPCAPI grpc_channel_credentials* grpc_alts_credentials_create(
675  const grpc_alts_credentials_options* options);
676 
685 GRPCAPI grpc_server_credentials* grpc_alts_server_credentials_create(
686  const grpc_alts_credentials_options* options);
687 
700 GRPCAPI grpc_channel_credentials* grpc_local_credentials_create(
701  grpc_local_connect_type type);
702 
711 GRPCAPI grpc_server_credentials* grpc_local_server_credentials_create(
712  grpc_local_connect_type type);
713 
719 typedef struct grpc_tls_error_details grpc_tls_error_details;
720 
723 typedef struct grpc_tls_key_materials_config grpc_tls_key_materials_config;
724 
727 typedef struct grpc_tls_credential_reload_config
728  grpc_tls_credential_reload_config;
729 
732 typedef struct grpc_tls_server_authorization_check_config
733  grpc_tls_server_authorization_check_config;
734 
737 typedef struct grpc_tls_credentials_options grpc_tls_credentials_options;
738 
741 GRPCAPI grpc_tls_credentials_options* grpc_tls_credentials_options_create(void);
742 
747 GRPCAPI int grpc_tls_credentials_options_set_cert_request_type(
748  grpc_tls_credentials_options* options,
749  grpc_ssl_client_certificate_request_type type);
750 
760 GRPCAPI int grpc_tls_credentials_options_set_server_verification_option(
761  grpc_tls_credentials_options* options,
762  grpc_tls_server_verification_option server_verification_option);
763 
769 GRPCAPI int grpc_tls_credentials_options_set_key_materials_config(
770  grpc_tls_credentials_options* options,
771  grpc_tls_key_materials_config* config);
772 
778 GRPCAPI int grpc_tls_credentials_options_set_credential_reload_config(
779  grpc_tls_credentials_options* options,
780  grpc_tls_credential_reload_config* config);
781 
787 GRPCAPI int grpc_tls_credentials_options_set_server_authorization_check_config(
788  grpc_tls_credentials_options* options,
789  grpc_tls_server_authorization_check_config* config);
790 
796 GRPCAPI grpc_tls_key_materials_config* grpc_tls_key_materials_config_create(
797  void);
798 
808 GRPCAPI int grpc_tls_key_materials_config_set_key_materials(
809  grpc_tls_key_materials_config* config, const char* pem_root_certs,
810  const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
811  size_t num_key_cert_pairs);
812 
818 GRPCAPI int grpc_tls_key_materials_config_set_version(
819  grpc_tls_key_materials_config* config, int version);
820 
825 GRPCAPI int grpc_tls_key_materials_config_get_version(
826  grpc_tls_key_materials_config* config);
827 
831 typedef struct grpc_tls_credential_reload_arg grpc_tls_credential_reload_arg;
832 
837 typedef void (*grpc_tls_on_credential_reload_done_cb)(
838  grpc_tls_credential_reload_arg* arg);
839 
859 struct grpc_tls_credential_reload_arg {
860  grpc_tls_on_credential_reload_done_cb cb;
861  void* cb_user_data;
862  grpc_tls_key_materials_config* key_materials_config;
863  grpc_ssl_certificate_config_reload_status status;
864  grpc_tls_error_details* error_details;
865  grpc_tls_credential_reload_config* config;
866  void* context;
867  void (*destroy_context)(void* ctx);
868 };
869 
891 GRPCAPI grpc_tls_credential_reload_config*
892 grpc_tls_credential_reload_config_create(
893  const void* config_user_data,
894  int (*schedule)(void* config_user_data,
895  grpc_tls_credential_reload_arg* arg),
896  void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
897  void (*destruct)(void* config_user_data));
898 
902 typedef struct grpc_tls_server_authorization_check_arg
903  grpc_tls_server_authorization_check_arg;
904 
909 typedef void (*grpc_tls_on_server_authorization_check_done_cb)(
910  grpc_tls_server_authorization_check_arg* arg);
911 
934 struct grpc_tls_server_authorization_check_arg {
935  grpc_tls_on_server_authorization_check_done_cb cb;
936  void* cb_user_data;
937  int success;
938  const char* target_name;
939  const char* peer_cert;
940  const char* peer_cert_full_chain;
941  grpc_status_code status;
942  grpc_tls_error_details* error_details;
943  grpc_tls_server_authorization_check_config* config;
944  void* context;
945  void (*destroy_context)(void* ctx);
946 };
947 
968 GRPCAPI grpc_tls_server_authorization_check_config*
969 grpc_tls_server_authorization_check_config_create(
970  const void* config_user_data,
971  int (*schedule)(void* config_user_data,
972  grpc_tls_server_authorization_check_arg* arg),
973  void (*cancel)(void* config_user_data,
974  grpc_tls_server_authorization_check_arg* arg),
975  void (*destruct)(void* config_user_data));
976 
990 grpc_channel_credentials* grpc_tls_credentials_create(
991  grpc_tls_credentials_options* options);
992 
1004 grpc_server_credentials* grpc_tls_server_credentials_create(
1005  grpc_tls_credentials_options* options);
1006 
1007 #ifdef __cplusplus
1008 }
1009 #endif
1010 
1011 #endif /* GRPC_GRPC_SECURITY_H */
grpc_arg
A single argument...
Definition: grpc_types.h:103
grpc_auth_property_iterator::name
const char * name
Definition: grpc_security.h:39
grpc_alts_credentials_options_destroy
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
grpc_tls_error_details
struct grpc_tls_error_details grpc_tls_error_details
— TLS channel/server credentials — It is used for experimental purpose for now and subject to change.
Definition: grpc_security.h:719
GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return.
Definition: grpc_security.h:395
grpc_call_error
grpc_call_error
Result of a grpc call.
Definition: grpc_types.h:424
grpc_ssl_credentials_create_ex
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options, void *reserved)
verify_peer_options::verify_peer_callback_userdata
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:182
grpc_tls_credential_reload_arg::key_materials_config
grpc_tls_key_materials_config * key_materials_config
Definition: grpc_security.h:862
grpc_tls_server_authorization_check_config
struct grpc_tls_server_authorization_check_config grpc_tls_server_authorization_check_config
Config for TLS server authorization check.
Definition: grpc_security.h:732
grpc_ssl_server_certificate_config
struct grpc_ssl_server_certificate_config grpc_ssl_server_certificate_config
Server certificate config object holds the server's public certificates and associated private keys,...
Definition: grpc_security.h:476
grpc_credentials_plugin_metadata_cb
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: grpc_security.h:371
grpc_server_credentials_release
GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds)
Releases a server_credentials object.
grpc_ssl_verify_peer_options
Object that holds additional peer-verification options on a secure channel.
Definition: grpc_security.h:191
grpc_auth_context
struct grpc_auth_context grpc_auth_context
— Authentication Context.
Definition: grpc_security.h:34
grpc_auth_property_iterator
struct grpc_auth_property_iterator grpc_auth_property_iterator
grpc_sts_credentials_options::subject_token_path
const char * subject_token_path
Definition: grpc_security.h:347
grpc_status_code
grpc_status_code
Definition: status.h:26
grpc_ssl_pem_key_cert_pair::private_key
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client's private key.
Definition: grpc_security.h:160
grpc_auth_property
struct grpc_auth_property grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
grpc_ssl_server_credentials_create_options_using_config
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
grpc_local_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.
grpc_ssl_verify_peer_options::verify_peer_callback_userdata
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:202
grpc_tls_server_authorization_check_config_create
GRPCAPI grpc_tls_server_authorization_check_config * grpc_tls_server_authorization_check_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_server_authorization_check_config instance.
grpc_sts_credentials_options::resource
const char * resource
Definition: grpc_security.h:343
grpc_sts_credentials_options
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools....
Definition: grpc_security.h:341
grpc_metadata_credentials_plugin::state
void * state
State that will be set as the first parameter of the methods above.
Definition: grpc_security.h:436
grpc_ssl_certificate_config_reload_status
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:56
grpc_sts_credentials_options::audience
const char * audience
Definition: grpc_security.h:344
grpc_tls_credential_reload_arg::status
grpc_ssl_certificate_config_reload_status status
Definition: grpc_security.h:863
grpc_auth_metadata_context::service_url
const char * service_url
The fully qualifed service url.
Definition: grpc_security.h:379
grpc_google_iam_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
grpc_tls_server_authorization_check_arg::config
grpc_tls_server_authorization_check_config * config
Definition: grpc_security.h:943
grpc_tls_credential_reload_arg::config
grpc_tls_credential_reload_config * config
Definition: grpc_security.h:865
grpc_process_auth_metadata_done_cb
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: grpc_security.h:596
grpc_ssl_server_credentials_options_destroy
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
grpc_auth_context_peer_is_authenticated
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Returns 1 if the peer is authenticated, 0 otherwise.
grpc_tls_server_authorization_check_arg::destroy_context
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:945
grpc_tls_server_authorization_check_arg::peer_cert_full_chain
const char * peer_cert_full_chain
Definition: grpc_security.h:940
grpc_metadata_credentials_create_from_plugin
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, grpc_security_level min_security_level, void *reserved)
Creates a credentials object from a plugin with a specified minimum security level.
grpc_google_compute_engine_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
grpc_tls_server_authorization_check_arg::error_details
grpc_tls_error_details * error_details
Definition: grpc_security.h:942
grpc_call_credentials_release
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
Releases a call credentials object.
grpc_tls_credentials_create
grpc_channel_credentials * grpc_tls_credentials_create(grpc_tls_credentials_options *options)
This method creates a TLS channel credential object.
grpc_tls_server_authorization_check_arg::peer_cert
const char * peer_cert
Definition: grpc_security.h:939
grpc_composite_call_credentials_create
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
Creates a composite call credentials object.
grpc_ssl_server_certificate_config_create
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
grpc_ssl_pem_key_cert_pair::cert_chain
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chai...
Definition: grpc_security.h:164
grpc_channel_args
An array of arguments that can be passed around.
Definition: grpc_types.h:132
grpc_ssl_session_cache_create_lru
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
grpc_auth_context_release
GRPCAPI void grpc_auth_context_release(grpc_auth_context *context)
Releases the auth context returned from grpc_call_auth_context.
grpc_server_credentials_set_auth_metadata_processor
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
grpc_tls_credentials_options_set_key_materials_config
GRPCAPI int grpc_tls_credentials_options_set_key_materials_config(grpc_tls_credentials_options *options, grpc_tls_key_materials_config *config)
Set grpc_tls_key_materials_config field in credentials options with the provided config struct whose ...
grpc_access_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was acquired by an out of band m...
grpc_tls_credential_reload_config
struct grpc_tls_credential_reload_config grpc_tls_credential_reload_config
Config for TLS credential reload.
Definition: grpc_security.h:727
grpc_auth_metadata_context::reserved
void * reserved
Reserved for future use.
Definition: grpc_security.h:390
grpc_tls_server_credentials_create
grpc_server_credentials * grpc_tls_server_credentials_create(grpc_tls_credentials_options *options)
This method creates a TLS server credential object.
grpc_auth_property_iterator_next
const GRPCAPI grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Returns NULL when the iterator is at the end.
grpc_ssl_credentials_create
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
grpc_tls_credential_reload_arg::destroy_context
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:867
grpc_service_account_jwt_access_credentials_create
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
grpc_tls_server_authorization_check_arg::context
void * context
Definition: grpc_security.h:944
status.h
grpc_auth_context_set_peer_identity_property_name
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name)
Sets the property name.
grpc_metadata
A single metadata element.
Definition: grpc_types.h:502
grpc_auth_metadata_context::method_name
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: grpc_security.h:384
grpc_ssl_server_credentials_create_ex
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
grpc_auth_property_iterator::ctx
const grpc_auth_context * ctx
Definition: grpc_security.h:37
grpc_alts_credentials_client_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
grpc_tls_credentials_options_set_server_verification_option
GRPCAPI int grpc_tls_credentials_options_set_server_verification_option(grpc_tls_credentials_options *options, grpc_tls_server_verification_option server_verification_option)
Set grpc_tls_server_verification_option field in credentials options with the provided server_verific...
grpc_sts_credentials_create
GRPCAPI grpc_call_credentials * grpc_sts_credentials_create(const grpc_sts_credentials_options *options, void *reserved)
Creates an STS credentials following the STS Token Exchanged specifed in the IETF draft https://tools...
grpc_tls_credential_reload_config_create
GRPCAPI grpc_tls_credential_reload_config * grpc_tls_credential_reload_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_credential_reload_config instance.
grpc_ssl_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
grpc_sts_credentials_options::actor_token_path
const char * actor_token_path
Definition: grpc_security.h:349
grpc_tls_server_authorization_check_arg::cb
grpc_tls_on_server_authorization_check_done_cb cb
Definition: grpc_security.h:935
grpc_channel_credentials_release
GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds)
Releases a channel credentials object.
grpc_max_auth_token_lifetime
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
grpc_sts_credentials_options::scope
const char * scope
Definition: grpc_security.h:345
grpc_alts_credentials_client_options_add_target_service_account
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client's ALTS credentials options instance.
grpc_auth_property::name
char * name
Definition: grpc_security.h:44
grpc_auth_property_iterator
Definition: grpc_security.h:36
grpc.h
grpc_ssl_roots_override_result
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:49
grpc_call
struct grpc_call grpc_call
A Call represents an RPC.
Definition: grpc_types.h:70
grpc_auth_property::value_length
size_t value_length
Definition: grpc_security.h:46
grpc_tls_key_materials_config_get_version
GRPCAPI int grpc_tls_key_materials_config_get_version(grpc_tls_key_materials_config *config)
Get the version number of a grpc_tls_key_materials_config instance.
grpc_alts_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
grpc_tls_credential_reload_arg::cb_user_data
void * cb_user_data
Definition: grpc_security.h:861
grpc_auth_context_add_cstring_property
GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, const char *name, const char *value)
Add a C string property.
grpc_server
struct grpc_server grpc_server
A server listens to some port and responds to request calls.
Definition: grpc_types.h:65
grpc_ssl_client_certificate_request_type
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:62
grpc_metadata_credentials_plugin
grpc_metadata_credentials plugin is an API user provided structure used to create grpc_credentials ob...
Definition: grpc_security.h:402
grpc_call_auth_context
GRPCAPI grpc_auth_context * grpc_call_auth_context(grpc_call *call)
Gets the auth context from the call.
grpc_server_add_secure_http2_port
GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds)
— Server-side secure ports.
grpc_auth_property::value
char * value
Definition: grpc_security.h:45
grpc_tls_key_materials_config_set_key_materials
GRPCAPI int grpc_tls_key_materials_config_set_key_materials(grpc_tls_key_materials_config *config, const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair **pem_key_cert_pairs, size_t num_key_cert_pairs)
Set grpc_tls_key_materials_config instance with provided a TLS certificate.
grpc_ssl_session_cache
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: grpc_security.h:108
grpc_google_default_credentials_create
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(void)
Creates default credentials to connect to a google gRPC service.
grpc_composite_channel_credentials_create
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
grpc_tls_server_verification_option
grpc_tls_server_verification_option
Definition: grpc_security_constants.h:122
grpc_sts_credentials_options::token_exchange_service_uri
const char * token_exchange_service_uri
Definition: grpc_security.h:342
grpc_tls_credential_reload_arg::cb
grpc_tls_on_credential_reload_done_cb cb
Definition: grpc_security.h:860
grpc_tls_key_materials_config
struct grpc_tls_key_materials_config grpc_tls_key_materials_config
Config for TLS key materials.
Definition: grpc_security.h:723
verify_peer_options
Deprecated in favor of grpc_ssl_verify_peer_options.
Definition: grpc_security.h:171
grpc_ssl_roots_override_callback
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: grpc_security.h:145
grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
Definition: grpc_security.h:43
grpc_auth_context_property_iterator
GRPCAPI grpc_auth_property_iterator grpc_auth_context_property_iterator(const grpc_auth_context *ctx)
Iterates over the auth context.
grpc_call_set_credentials
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds)
— Call specific credentials.
grpc_tls_credentials_options
struct grpc_tls_credentials_options grpc_tls_credentials_options
TLS credentials options.
Definition: grpc_security.h:737
grpc_tls_on_server_authorization_check_done_cb
void(* grpc_tls_on_server_authorization_check_done_cb)(grpc_tls_server_authorization_check_arg *arg)
callback function provided by gRPC used to handle the result of server authorization check.
Definition: grpc_security.h:909
grpc_alts_credentials_create
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
grpc_security_level
grpc_security_level
Definition: grpc_security_constants.h:114
grpc_tls_credential_reload_arg
A struct containing all information necessary to schedule/cancel a credential reload request.
Definition: grpc_security.h:859
grpc_alts_credentials_server_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
grpc_tls_server_authorization_check_arg::status
grpc_status_code status
Definition: grpc_security.h:941
grpc_google_refresh_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
grpc_metadata_credentials_plugin::type
const char * type
Type of credentials that this plugin is implementing.
Definition: grpc_security.h:439
grpc_tls_credentials_options_create
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create(void)
Create an empty TLS credentials options.
grpc_ssl_server_credentials_create_options_using_config_fetcher
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
grpc_auth_metadata_context::channel_auth_context
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server's identity.
Definition: grpc_security.h:387
grpc_ssl_server_certificate_config_callback
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: grpc_security.h:506
grpc_tls_credential_reload_arg::context
void * context
Definition: grpc_security.h:866
grpc_auth_context_peer_identity
GRPCAPI grpc_auth_property_iterator grpc_auth_context_peer_identity(const grpc_auth_context *ctx)
Gets the peer identity.
grpc_sts_credentials_options::requested_token_type
const char * requested_token_type
Definition: grpc_security.h:346
grpc_tls_credentials_options_set_server_authorization_check_config
GRPCAPI int grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options *options, grpc_tls_server_authorization_check_config *config)
Set grpc_tls_server_authorization_check_config field in credentials options with the provided config ...
grpc_set_ssl_roots_override_callback
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
grpc_auth_metadata_processor
Pluggable server-side metadata processor object.
Definition: grpc_security.h:602
grpc_security_constants.h
grpc_secure_channel_create
GRPCAPI grpc_channel * grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved)
— Secure channel creation.
grpc_channel_credentials
struct grpc_channel_credentials grpc_channel_credentials
— grpc_channel_credentials object.
Definition: grpc_security.h:127
grpc_tls_key_materials_config_set_version
GRPCAPI int grpc_tls_key_materials_config_set_version(grpc_tls_key_materials_config *config, int version)
Set grpc_tls_key_materials_config instance with a provided version number, which is used to keep trac...
grpc_auth_context_add_property
GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, const char *value, size_t value_length)
– The following auth context methods should only be called by a server metadata
grpc_channel
struct grpc_channel grpc_channel
The Channel interface allows creation of Call objects.
Definition: grpc_types.h:62
GRPCAPI
#define GRPCAPI
Definition: port_platform.h:615
grpc_ssl_server_credentials_options
struct grpc_ssl_server_credentials_options grpc_ssl_server_credentials_options
Definition: grpc_security.h:535
grpc_tls_server_authorization_check_arg
A struct containing all information necessary to schedule/cancel a server authorization check request...
Definition: grpc_security.h:934
grpc_auth_context_peer_identity_property_name
const GRPCAPI char * grpc_auth_context_peer_identity_property_name(const grpc_auth_context *ctx)
Gets the name of the property that indicates the peer identity.
grpc_tls_server_authorization_check_arg::cb_user_data
void * cb_user_data
Definition: grpc_security.h:936
grpc_ssl_session_cache_destroy
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
grpc_ssl_server_credentials_create_with_options
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
grpc_auth_context_find_properties_by_name
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Finds a property in the context.
grpc_sts_credentials_options::actor_token_type
const char * actor_token_type
Definition: grpc_security.h:350
grpc_auth_property_iterator::index
size_t index
Definition: grpc_security.h:38
grpc_tls_credentials_options_set_cert_request_type
GRPCAPI int grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
Set grpc_ssl_client_certificate_request_type field in credentials options with the provided type.
gpr_timespec
Analogous to struct timespec.
Definition: gpr_types.h:47
grpc_tls_server_authorization_check_arg::target_name
const char * target_name
Definition: grpc_security.h:938
grpc_server_credentials
struct grpc_server_credentials grpc_server_credentials
— grpc_server_credentials object.
Definition: grpc_security.h:465
grpc_auth_metadata_context
Context that can be used by metadata credentials plugin in order to create auth related metadata.
Definition: grpc_security.h:377
grpc_sts_credentials_options::subject_token_type
const char * subject_token_type
Definition: grpc_security.h:348
grpc_tls_credential_reload_arg::error_details
grpc_tls_error_details * error_details
Definition: grpc_security.h:864
grpc_local_connect_type
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:140
grpc_tls_credentials_options_set_credential_reload_config
GRPCAPI int grpc_tls_credentials_options_set_credential_reload_config(grpc_tls_credentials_options *options, grpc_tls_credential_reload_config *config)
Set grpc_tls_credential_reload_config field in credentials options with the provided config struct wh...
grpc_ssl_pem_key_cert_pair
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:157
grpc_ssl_session_cache_create_channel_arg
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
grpc_tls_server_authorization_check_arg::success
int success
Definition: grpc_security.h:937
grpc_ssl_server_certificate_config_destroy
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
grpc_local_credentials_create
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
grpc_tls_key_materials_config_create
GRPCAPI grpc_tls_key_materials_config * grpc_tls_key_materials_config_create(void)
— TLS key materials config.
grpc_auth_metadata_processor::state
void * state
Definition: grpc_security.h:611
grpc_tls_on_credential_reload_done_cb
void(* grpc_tls_on_credential_reload_done_cb)(grpc_tls_credential_reload_arg *arg)
A callback function provided by gRPC to handle the result of credential reload.
Definition: grpc_security.h:837
port_platform.h
grpc_call_credentials
struct grpc_call_credentials grpc_call_credentials
— grpc_call_credentials object.
Definition: grpc_security.h:281
grpc_alts_credentials_options
struct grpc_alts_credentials_options grpc_alts_credentials_options
— ALTS channel/server credentials —
Definition: grpc_security.h:627
Generated on Tue Jun 30 2020 18:16:56 for GRPC C++ by   doxygen 1.8.16