GRPC C++  1.30.0
grpc_security.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_GRPC_SECURITY_H
20 #define GRPC_GRPC_SECURITY_H
21 
23 
24 #include <grpc/grpc.h>
26 #include <grpc/status.h>
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31 
35 
38  size_t index;
39  const char* name;
41 
43 typedef struct grpc_auth_property {
44  char* name;
45  char* value;
46  size_t value_length;
48 
52 
56 
61 
65  const grpc_auth_context* ctx, const char* name);
66 
70  const grpc_auth_context* ctx);
71 
74  const grpc_auth_context* ctx);
75 
79 
82 
90  const char* name, const char* value,
91  size_t value_length);
92 
95  const char* name,
96  const char* value);
97 
101  grpc_auth_context* ctx, const char* name);
102 
109 
113  size_t capacity);
114 
117 
121 
128 
132 
138 
146  char** pem_root_certs);
147 
155 
157 typedef struct {
160  const char* private_key;
161 
164  const char* cert_chain;
166 
171 typedef struct {
178  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
179  void* userdata);
186  void (*verify_peer_destruct)(void* userdata);
188 
191 typedef struct {
198  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
199  void* userdata);
206  void (*verify_peer_destruct)(void* userdata);
208 
240  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
241  const verify_peer_options* verify_options, void* reserved);
242 
243 /* Creates an SSL credentials object.
244  The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
245  - pem_root_certs is the NULL-terminated string containing the PEM encoding
246  of the server root certificates. If this parameter is NULL, the
247  implementation will first try to dereference the file pointed by the
248  GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
249  try to get the roots set by grpc_override_ssl_default_roots. Eventually,
250  if all these fail, it will try to get the roots from a well-known place on
251  disk (in the grpc install directory).
252 
253  gRPC has implemented root cache if the underlying OpenSSL library supports
254  it. The gRPC root certificates cache is only applicable on the default
255  root certificates, which is used when this parameter is nullptr. If user
256  provides their own pem_root_certs, when creating an SSL credential object,
257  gRPC would not be able to cache it, and each subchannel will generate a
258  copy of the root store. So it is recommended to avoid providing large room
259  pem with pem_root_certs parameter to avoid excessive memory consumption,
260  particularly on mobile platforms such as iOS.
261  - pem_key_cert_pair is a pointer on the object containing client's private
262  key and certificate chain. This parameter can be NULL if the client does
263  not have such a key/cert pair.
264  - verify_options is an optional verify_peer_options object which holds
265  additional options controlling how peer certificates are verified. For
266  example, you can supply a callback which receives the peer's certificate
267  with which you can do additional verification. Can be NULL, in which
268  case verification will retain default behavior. Any settings in
269  verify_options are copied during this call, so the verify_options
270  object can be released afterwards. */
272  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
273  const grpc_ssl_verify_peer_options* verify_options, void* reserved);
274 
282 
286 
290  grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
291  void* reserved);
292 
296  void* reserved);
297 
302  void* reserved);
303 
305 
313  gpr_timespec token_lifetime,
314  void* reserved);
315 
323  const char* json_refresh_token, void* reserved);
324 
328  const char* access_token, void* reserved);
329 
332  const char* authorization_token, const char* authority_selector,
333  void* reserved);
334 
341 typedef struct {
342  const char* token_exchange_service_uri; /* Required. */
343  const char* resource; /* Optional. */
344  const char* audience; /* Optional. */
345  const char* scope; /* Optional. */
346  const char* requested_token_type; /* Optional. */
347  const char* subject_token_path; /* Required. */
348  const char* subject_token_type; /* Required. */
349  const char* actor_token_path; /* Optional. */
350  const char* actor_token_type; /* Optional. */
352 
358  const grpc_sts_credentials_options* options, void* reserved);
359 
372  void* user_data, const grpc_metadata* creds_md, size_t num_creds_md,
373  grpc_status_code status, const char* error_details);
374 
377 typedef struct {
379  const char* service_url;
380 
384  const char* method_name;
385 
388 
390  void* reserved;
392 
395 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
396 
402 typedef struct {
421  int (*get_metadata)(
422  void* state, grpc_auth_metadata_context context,
423  grpc_credentials_plugin_metadata_cb cb, void* user_data,
425  size_t* num_creds_md, grpc_status_code* status,
426  const char** error_details);
427 
430  char* (*debug_string)(void* state);
431 
433  void (*destroy)(void* state);
434 
436  void* state;
437 
439  const char* type;
441 
446  grpc_security_level min_security_level, void* reserved);
447 
458  grpc_channel_credentials* creds, const char* target,
459  const grpc_channel_args* args, void* reserved);
460 
466 
471 
478 
491  const char* pem_root_certs,
492  const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
493  size_t num_key_cert_pairs);
494 
498 
507  void* user_data, grpc_ssl_server_certificate_config** config);
508 
522  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
523  size_t num_key_cert_pairs, int force_client_auth, void* reserved);
524 
530  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
531  size_t num_key_cert_pairs,
532  grpc_ssl_client_certificate_request_type client_certificate_request,
533  void* reserved);
534 
537 
544  grpc_ssl_client_certificate_request_type client_certificate_request,
545  grpc_ssl_server_certificate_config* certificate_config);
546 
556  grpc_ssl_client_certificate_request_type client_certificate_request,
557  grpc_ssl_server_certificate_config_callback cb, void* user_data);
558 
562 
568 
575  const char* addr,
576  grpc_server_credentials* creds);
577 
583  grpc_call_credentials* creds);
584 
597  void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
598  const grpc_metadata* response_md, size_t num_response_md,
599  grpc_status_code status, const char* error_details);
600 
602 typedef struct {
607  void (*process)(void* state, grpc_auth_context* context,
608  const grpc_metadata* md, size_t num_md,
609  grpc_process_auth_metadata_done_cb cb, void* user_data);
610  void (*destroy)(void* state);
611  void* state;
613 
616 
628 
635 
642 
652  grpc_alts_credentials_options* options, const char* service_account);
653 
664 
675  const grpc_alts_credentials_options* options);
676 
686  const grpc_alts_credentials_options* options);
687 
702 
713 
720 
724 
729 
734 
738 
742 
750 
762  grpc_tls_server_verification_option server_verification_option);
763 
772 
781 
790 
797  void);
798 
809  grpc_tls_key_materials_config* config, const char* pem_root_certs,
810  const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
811  size_t num_key_cert_pairs);
812 
819  grpc_tls_key_materials_config* config, int version);
820 
827 
832 
839 
866  void* context;
867  void (*destroy_context)(void* ctx);
868 };
869 
893  const void* config_user_data,
894  int (*schedule)(void* config_user_data,
896  void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
897  void (*destruct)(void* config_user_data));
898 
904 
911 
937  int success;
938  const char* target_name;
939  const char* peer_cert;
940  const char* peer_cert_full_chain;
944  void* context;
945  void (*destroy_context)(void* ctx);
946 };
947 
970  const void* config_user_data,
971  int (*schedule)(void* config_user_data,
973  void (*cancel)(void* config_user_data,
975  void (*destruct)(void* config_user_data));
976 
992 
1005  grpc_tls_credentials_options* options);
1006 
1007 #ifdef __cplusplus
1008 }
1009 #endif
1010 
1011 #endif /* GRPC_GRPC_SECURITY_H */
grpc_arg
A single argument...
Definition: grpc_types.h:103
grpc_auth_property_iterator::name
const char * name
Definition: grpc_security.h:39
grpc_alts_credentials_options_destroy
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
grpc_tls_error_details
struct grpc_tls_error_details grpc_tls_error_details
— TLS channel/server credentials — It is used for experimental purpose for now and subject to change.
Definition: grpc_security.h:719
GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return.
Definition: grpc_security.h:395
grpc_call_error
grpc_call_error
Result of a grpc call.
Definition: grpc_types.h:424
grpc_ssl_credentials_create_ex
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options, void *reserved)
verify_peer_options::verify_peer_callback_userdata
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:182
grpc_tls_credential_reload_arg::key_materials_config
grpc_tls_key_materials_config * key_materials_config
Definition: grpc_security.h:862
grpc_tls_server_authorization_check_config
struct grpc_tls_server_authorization_check_config grpc_tls_server_authorization_check_config
Config for TLS server authorization check.
Definition: grpc_security.h:732
grpc_ssl_server_certificate_config
struct grpc_ssl_server_certificate_config grpc_ssl_server_certificate_config
Server certificate config object holds the server's public certificates and associated private keys,...
Definition: grpc_security.h:476
grpc_credentials_plugin_metadata_cb
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: grpc_security.h:371
grpc_server_credentials_release
GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds)
Releases a server_credentials object.
grpc_ssl_verify_peer_options
Object that holds additional peer-verification options on a secure channel.
Definition: grpc_security.h:191
grpc_auth_context
struct grpc_auth_context grpc_auth_context
— Authentication Context.
Definition: grpc_security.h:34
grpc_auth_property_iterator
struct grpc_auth_property_iterator grpc_auth_property_iterator
grpc_sts_credentials_options::subject_token_path
const char * subject_token_path
Definition: grpc_security.h:347
grpc_status_code
grpc_status_code
Definition: status.h:26
grpc_ssl_pem_key_cert_pair::private_key
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client's private key.
Definition: grpc_security.h:160
grpc_auth_property
struct grpc_auth_property grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
grpc_ssl_server_credentials_create_options_using_config
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
grpc_local_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.
grpc_ssl_verify_peer_options::verify_peer_callback_userdata
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:202
grpc_tls_server_authorization_check_config_create
GRPCAPI grpc_tls_server_authorization_check_config * grpc_tls_server_authorization_check_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_server_authorization_check_config instance.
grpc_sts_credentials_options::resource
const char * resource
Definition: grpc_security.h:343
grpc_sts_credentials_options
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools....
Definition: grpc_security.h:341
grpc_metadata_credentials_plugin::state
void * state
State that will be set as the first parameter of the methods above.
Definition: grpc_security.h:436
grpc_ssl_certificate_config_reload_status
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:56
grpc_sts_credentials_options::audience
const char * audience
Definition: grpc_security.h:344
grpc_tls_credential_reload_arg::status
grpc_ssl_certificate_config_reload_status status
Definition: grpc_security.h:863
grpc_auth_metadata_context::service_url
const char * service_url
The fully qualifed service url.
Definition: grpc_security.h:379
grpc_google_iam_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
grpc_tls_server_authorization_check_arg::config
grpc_tls_server_authorization_check_config * config
Definition: grpc_security.h:943
grpc_tls_credential_reload_arg::config
grpc_tls_credential_reload_config * config
Definition: grpc_security.h:865
grpc_process_auth_metadata_done_cb
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: grpc_security.h:596
grpc_ssl_server_credentials_options_destroy
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
grpc_auth_context_peer_is_authenticated
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Returns 1 if the peer is authenticated, 0 otherwise.
grpc_tls_server_authorization_check_arg::destroy_context
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:945
grpc_tls_server_authorization_check_arg::peer_cert_full_chain
const char * peer_cert_full_chain
Definition: grpc_security.h:940
grpc_metadata_credentials_create_from_plugin
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, grpc_security_level min_security_level, void *reserved)
Creates a credentials object from a plugin with a specified minimum security level.
grpc_google_compute_engine_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
grpc_tls_server_authorization_check_arg::error_details
grpc_tls_error_details * error_details
Definition: grpc_security.h:942
grpc_call_credentials_release
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
Releases a call credentials object.
grpc_tls_credentials_create
grpc_channel_credentials * grpc_tls_credentials_create(grpc_tls_credentials_options *options)
This method creates a TLS channel credential object.
grpc_tls_server_authorization_check_arg::peer_cert
const char * peer_cert
Definition: grpc_security.h:939
grpc_composite_call_credentials_create
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
Creates a composite call credentials object.
grpc_ssl_server_certificate_config_create
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
grpc_ssl_pem_key_cert_pair::cert_chain
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chai...
Definition: grpc_security.h:164
grpc_channel_args
An array of arguments that can be passed around.
Definition: grpc_types.h:132
grpc_ssl_session_cache_create_lru
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
grpc_auth_context_release
GRPCAPI void grpc_auth_context_release(grpc_auth_context *context)
Releases the auth context returned from grpc_call_auth_context.
grpc_server_credentials_set_auth_metadata_processor
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
grpc_tls_credentials_options_set_key_materials_config
GRPCAPI int grpc_tls_credentials_options_set_key_materials_config(grpc_tls_credentials_options *options, grpc_tls_key_materials_config *config)
Set grpc_tls_key_materials_config field in credentials options with the provided config struct whose ...
grpc_access_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was acquired by an out of band m...
grpc_tls_credential_reload_config
struct grpc_tls_credential_reload_config grpc_tls_credential_reload_config
Config for TLS credential reload.
Definition: grpc_security.h:727
grpc_auth_metadata_context::reserved
void * reserved
Reserved for future use.
Definition: grpc_security.h:390
grpc_tls_server_credentials_create
grpc_server_credentials * grpc_tls_server_credentials_create(grpc_tls_credentials_options *options)
This method creates a TLS server credential object.
grpc_auth_property_iterator_next
const GRPCAPI grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Returns NULL when the iterator is at the end.
grpc_ssl_credentials_create
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
grpc_tls_credential_reload_arg::destroy_context
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:867
grpc_service_account_jwt_access_credentials_create
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
grpc_tls_server_authorization_check_arg::context
void * context
Definition: grpc_security.h:944
status.h
grpc_auth_context_set_peer_identity_property_name
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name)
Sets the property name.
grpc_metadata
A single metadata element.
Definition: grpc_types.h:502
grpc_auth_metadata_context::method_name
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: grpc_security.h:384
grpc_ssl_server_credentials_create_ex
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
grpc_auth_property_iterator::ctx
const grpc_auth_context * ctx
Definition: grpc_security.h:37
grpc_alts_credentials_client_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
grpc_tls_credentials_options_set_server_verification_option
GRPCAPI int grpc_tls_credentials_options_set_server_verification_option(grpc_tls_credentials_options *options, grpc_tls_server_verification_option server_verification_option)
Set grpc_tls_server_verification_option field in credentials options with the provided server_verific...
grpc_sts_credentials_create
GRPCAPI grpc_call_credentials * grpc_sts_credentials_create(const grpc_sts_credentials_options *options, void *reserved)
Creates an STS credentials following the STS Token Exchanged specifed in the IETF draft https://tools...
grpc_tls_credential_reload_config_create
GRPCAPI grpc_tls_credential_reload_config * grpc_tls_credential_reload_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_credential_reload_config instance.
grpc_ssl_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
grpc_sts_credentials_options::actor_token_path
const char * actor_token_path
Definition: grpc_security.h:349
grpc_tls_server_authorization_check_arg::cb
grpc_tls_on_server_authorization_check_done_cb cb
Definition: grpc_security.h:935
grpc_channel_credentials_release
GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds)
Releases a channel credentials object.
grpc_max_auth_token_lifetime
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
grpc_sts_credentials_options::scope
const char * scope
Definition: grpc_security.h:345
grpc_alts_credentials_client_options_add_target_service_account
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client's ALTS credentials options instance.
grpc_auth_property::name
char * name
Definition: grpc_security.h:44
grpc_auth_property_iterator
Definition: grpc_security.h:36
grpc.h
grpc_ssl_roots_override_result
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:49
grpc_call
struct grpc_call grpc_call
A Call represents an RPC.
Definition: grpc_types.h:70
grpc_auth_property::value_length
size_t value_length
Definition: grpc_security.h:46
grpc_tls_key_materials_config_get_version
GRPCAPI int grpc_tls_key_materials_config_get_version(grpc_tls_key_materials_config *config)
Get the version number of a grpc_tls_key_materials_config instance.
grpc_alts_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
grpc_tls_credential_reload_arg::cb_user_data
void * cb_user_data
Definition: grpc_security.h:861
grpc_auth_context_add_cstring_property
GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, const char *name, const char *value)
Add a C string property.
grpc_server
struct grpc_server grpc_server
A server listens to some port and responds to request calls.
Definition: grpc_types.h:65
grpc_ssl_client_certificate_request_type
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:62
grpc_metadata_credentials_plugin
grpc_metadata_credentials plugin is an API user provided structure used to create grpc_credentials ob...
Definition: grpc_security.h:402
grpc_call_auth_context
GRPCAPI grpc_auth_context * grpc_call_auth_context(grpc_call *call)
Gets the auth context from the call.
grpc_server_add_secure_http2_port
GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds)
— Server-side secure ports.
grpc_auth_property::value
char * value
Definition: grpc_security.h:45
grpc_tls_key_materials_config_set_key_materials
GRPCAPI int grpc_tls_key_materials_config_set_key_materials(grpc_tls_key_materials_config *config, const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair **pem_key_cert_pairs, size_t num_key_cert_pairs)
Set grpc_tls_key_materials_config instance with provided a TLS certificate.
grpc_ssl_session_cache
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: grpc_security.h:108
grpc_google_default_credentials_create
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(void)
Creates default credentials to connect to a google gRPC service.
grpc_composite_channel_credentials_create
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
grpc_tls_server_verification_option
grpc_tls_server_verification_option
Definition: grpc_security_constants.h:122
grpc_sts_credentials_options::token_exchange_service_uri
const char * token_exchange_service_uri
Definition: grpc_security.h:342
grpc_tls_credential_reload_arg::cb
grpc_tls_on_credential_reload_done_cb cb
Definition: grpc_security.h:860
grpc_tls_key_materials_config
struct grpc_tls_key_materials_config grpc_tls_key_materials_config
Config for TLS key materials.
Definition: grpc_security.h:723
verify_peer_options
Deprecated in favor of grpc_ssl_verify_peer_options.
Definition: grpc_security.h:171
grpc_ssl_roots_override_callback
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: grpc_security.h:145
grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
Definition: grpc_security.h:43
grpc_auth_context_property_iterator
GRPCAPI grpc_auth_property_iterator grpc_auth_context_property_iterator(const grpc_auth_context *ctx)
Iterates over the auth context.
grpc_call_set_credentials
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds)
— Call specific credentials.
grpc_tls_credentials_options
struct grpc_tls_credentials_options grpc_tls_credentials_options
TLS credentials options.
Definition: grpc_security.h:737
grpc_tls_on_server_authorization_check_done_cb
void(* grpc_tls_on_server_authorization_check_done_cb)(grpc_tls_server_authorization_check_arg *arg)
callback function provided by gRPC used to handle the result of server authorization check.
Definition: grpc_security.h:909
grpc_alts_credentials_create
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
grpc_security_level
grpc_security_level
Definition: grpc_security_constants.h:114
grpc_tls_credential_reload_arg
A struct containing all information necessary to schedule/cancel a credential reload request.
Definition: grpc_security.h:859
grpc_alts_credentials_server_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
grpc_tls_server_authorization_check_arg::status
grpc_status_code status
Definition: grpc_security.h:941
grpc_google_refresh_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
grpc_metadata_credentials_plugin::type
const char * type
Type of credentials that this plugin is implementing.
Definition: grpc_security.h:439
grpc_tls_credentials_options_create
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create(void)
Create an empty TLS credentials options.
grpc_ssl_server_credentials_create_options_using_config_fetcher
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
grpc_auth_metadata_context::channel_auth_context
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server's identity.
Definition: grpc_security.h:387
grpc_ssl_server_certificate_config_callback
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: grpc_security.h:506
grpc_tls_credential_reload_arg::context
void * context
Definition: grpc_security.h:866
grpc_auth_context_peer_identity
GRPCAPI grpc_auth_property_iterator grpc_auth_context_peer_identity(const grpc_auth_context *ctx)
Gets the peer identity.
grpc_sts_credentials_options::requested_token_type
const char * requested_token_type
Definition: grpc_security.h:346
grpc_tls_credentials_options_set_server_authorization_check_config
GRPCAPI int grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options *options, grpc_tls_server_authorization_check_config *config)
Set grpc_tls_server_authorization_check_config field in credentials options with the provided config ...
grpc_set_ssl_roots_override_callback
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
grpc_auth_metadata_processor
Pluggable server-side metadata processor object.
Definition: grpc_security.h:602
grpc_security_constants.h
grpc_secure_channel_create
GRPCAPI grpc_channel * grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved)
— Secure channel creation.
grpc_channel_credentials
struct grpc_channel_credentials grpc_channel_credentials
— grpc_channel_credentials object.
Definition: grpc_security.h:127
grpc_tls_key_materials_config_set_version
GRPCAPI int grpc_tls_key_materials_config_set_version(grpc_tls_key_materials_config *config, int version)
Set grpc_tls_key_materials_config instance with a provided version number, which is used to keep trac...
grpc_auth_context_add_property
GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, const char *value, size_t value_length)
– The following auth context methods should only be called by a server metadata
grpc_channel
struct grpc_channel grpc_channel
The Channel interface allows creation of Call objects.
Definition: grpc_types.h:62
GRPCAPI
#define GRPCAPI
Definition: port_platform.h:615
grpc_ssl_server_credentials_options
struct grpc_ssl_server_credentials_options grpc_ssl_server_credentials_options
Definition: grpc_security.h:535
grpc_tls_server_authorization_check_arg
A struct containing all information necessary to schedule/cancel a server authorization check request...
Definition: grpc_security.h:934
grpc_auth_context_peer_identity_property_name
const GRPCAPI char * grpc_auth_context_peer_identity_property_name(const grpc_auth_context *ctx)
Gets the name of the property that indicates the peer identity.
grpc_tls_server_authorization_check_arg::cb_user_data
void * cb_user_data
Definition: grpc_security.h:936
grpc_ssl_session_cache_destroy
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
grpc_ssl_server_credentials_create_with_options
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
grpc_auth_context_find_properties_by_name
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Finds a property in the context.
grpc_sts_credentials_options::actor_token_type
const char * actor_token_type
Definition: grpc_security.h:350
grpc_auth_property_iterator::index
size_t index
Definition: grpc_security.h:38
grpc_tls_credentials_options_set_cert_request_type
GRPCAPI int grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
Set grpc_ssl_client_certificate_request_type field in credentials options with the provided type.
gpr_timespec
Analogous to struct timespec.
Definition: gpr_types.h:47
grpc_tls_server_authorization_check_arg::target_name
const char * target_name
Definition: grpc_security.h:938
grpc_server_credentials
struct grpc_server_credentials grpc_server_credentials
— grpc_server_credentials object.
Definition: grpc_security.h:465
grpc_auth_metadata_context
Context that can be used by metadata credentials plugin in order to create auth related metadata.
Definition: grpc_security.h:377
grpc_sts_credentials_options::subject_token_type
const char * subject_token_type
Definition: grpc_security.h:348
grpc_tls_credential_reload_arg::error_details
grpc_tls_error_details * error_details
Definition: grpc_security.h:864
grpc_local_connect_type
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:140
grpc_tls_credentials_options_set_credential_reload_config
GRPCAPI int grpc_tls_credentials_options_set_credential_reload_config(grpc_tls_credentials_options *options, grpc_tls_credential_reload_config *config)
Set grpc_tls_credential_reload_config field in credentials options with the provided config struct wh...
grpc_ssl_pem_key_cert_pair
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:157
grpc_ssl_session_cache_create_channel_arg
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
grpc_tls_server_authorization_check_arg::success
int success
Definition: grpc_security.h:937
grpc_ssl_server_certificate_config_destroy
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
grpc_local_credentials_create
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
grpc_tls_key_materials_config_create
GRPCAPI grpc_tls_key_materials_config * grpc_tls_key_materials_config_create(void)
— TLS key materials config.
grpc_auth_metadata_processor::state
void * state
Definition: grpc_security.h:611
grpc_tls_on_credential_reload_done_cb
void(* grpc_tls_on_credential_reload_done_cb)(grpc_tls_credential_reload_arg *arg)
A callback function provided by gRPC to handle the result of credential reload.
Definition: grpc_security.h:837
port_platform.h
grpc_call_credentials
struct grpc_call_credentials grpc_call_credentials
— grpc_call_credentials object.
Definition: grpc_security.h:281
grpc_alts_credentials_options
struct grpc_alts_credentials_options grpc_alts_credentials_options
— ALTS channel/server credentials —
Definition: grpc_security.h:627