19 #ifndef GRPC_GRPC_SECURITY_H 20 #define GRPC_GRPC_SECURITY_H 90 const char* name,
const char* value,
145 char** pem_root_certs);
177 int (*verify_peer_callback)(
const char* target_name,
const char* peer_pem,
185 void (*verify_peer_destruct)(
void* userdata);
197 int (*verify_peer_callback)(
const char* target_name,
const char* peer_pem,
205 void (*verify_peer_destruct)(
void* userdata);
319 const char* json_refresh_token,
void* reserved);
324 const char* access_token,
void* reserved);
328 const char* authorization_token,
const char* authority_selector,
368 void* user_data,
const grpc_metadata* creds_md,
size_t num_creds_md,
391 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4 422 const char** error_details);
425 void (*destroy)(
void* state);
587 void* user_data,
const grpc_metadata* consumed_md,
size_t num_consumed_md,
600 void (*destroy)(
void* state);
779 size_t num_key_cert_pairs);
858 const void* config_user_data,
859 int (*schedule)(
void* config_user_data,
862 void (*destruct)(
void* config_user_data));
934 const void* config_user_data,
935 int (*schedule)(
void* config_user_data,
937 void (*cancel)(
void* config_user_data,
939 void (*destruct)(
void* config_user_data));
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:53
grpc_ssl_pem_key_cert_pair * pem_key_cert_pairs
Definition: ssl_credentials.h:50
const char * actor_token_path
Definition: grpc_security.h:345
Definition: security_context.h:49
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Finds a property in the context.
Definition: security_context.cc:203
GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, const char *name, const char *value)
Add a C string property.
Definition: security_context.cc:262
grpc_tls_credential_reload_config * config
Definition: grpc_security.h:831
const char * peer_cert
Definition: grpc_security.h:904
char * pem_root_certs
Definition: ssl_credentials.h:52
GRPCAPI grpc_auth_property_iterator grpc_auth_context_property_iterator(const grpc_auth_context *ctx)
Iterates over the auth context.
Definition: security_context.cc:169
size_t value_length
Definition: grpc_security.h:46
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds)
— Call specific credentials.
Definition: security_context.cc:42
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
Definition: ssl_utils.cc:361
Definition: ssl_credentials.cc:157
GRPCAPI int grpc_tls_credentials_options_set_key_materials_config(grpc_tls_credentials_options *options, grpc_tls_key_materials_config *config)
Set grpc_tls_key_materials_config field in credentials options with the provided config struct whose ...
Definition: grpc_tls_credentials_options.cc:95
GRPCAPI int grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
Set grpc_ssl_client_certificate_request_type field in credentials options with the provided type...
Definition: grpc_tls_credentials_options.cc:82
A struct containing all information necessary to schedule/cancel a server authorization check request...
Definition: grpc_security.h:899
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: grpc_security.h:108
An array of arguments that can be passed around.
Definition: grpc_types.h:132
char * value
Definition: grpc_security.h:45
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
Definition: composite_credentials.cc:199
Definition: credentials.h:99
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
Definition: local_credentials.cc:51
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
Definition: jwt_credentials.cc:161
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
Definition: credentials.cc:199
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
Definition: ssl_credentials.cc:122
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
Definition: ssl_credentials.cc:241
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: grpc_security.h:380
grpc_linked_mdelem status
Definition: lame_client.cc:44
A struct containing all information necessary to schedule/cancel a credential reload request...
Definition: grpc_security.h:825
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:909
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
Definition: alts_credentials.cc:100
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: grpc_security.h:144
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create(void)
Create an empty TLS credentials options.
Definition: grpc_tls_credentials_options.cc:78
grpc_ssl_certificate_config_reload_status status
Definition: grpc_security.h:829
GRPCAPI int grpc_tls_key_materials_config_set_version(grpc_tls_key_materials_config *config, int version)
Set grpc_tls_key_materials_config instance with a provided version number, which is used to keep trac...
Definition: grpc_tls_credentials_options.cc:160
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client's private key...
Definition: grpc_security.h:159
grpc_tls_on_server_authorization_check_done_cb cb
Definition: grpc_security.h:900
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client's ALTS credentials options instance...
Definition: grpc_alts_credentials_client_options.cc:47
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
Definition: grpc_alts_credentials_server_options.cc:39
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
Definition: oauth2_credentials.cc:480
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:181
const char * token_exchange_service_uri
Definition: grpc_security.h:338
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: grpc_security.h:367
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:833
const char * error_details
Definition: grpc_security.h:906
A single argument...
Definition: grpc_types.h:103
Definition: credentials.h:225
GRPCAPI int grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options *options, grpc_tls_server_authorization_check_config *config)
Set grpc_tls_server_authorization_check_config field in credentials options with the provided config ...
Definition: grpc_tls_credentials_options.cc:121
char * name
Definition: grpc_security.h:44
void * reserved
Reserved for future use.
Definition: grpc_security.h:386
GRPCAPI grpc_channel * grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved)
— Secure channel creation.
Definition: secure_channel_create.cc:193
GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, const char *value, size_t value_length)
– The following auth context methods should only be called by a server metadata processor to set pro...
Definition: security_context.cc:242
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
Definition: ssl_credentials.cc:329
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(void)
Creates default credentials to connect to a google gRPC service.
Definition: google_default_credentials.cc:279
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: grpc_security.h:586
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
Definition: ssl_utils.cc:56
grpc_call_error
Result of a grpc call.
Definition: grpc_types.h:407
size_t num_key_cert_pairs
Definition: ssl_credentials.h:51
void * context
Definition: grpc_security.h:908
GRPCAPI grpc_auth_context * grpc_call_auth_context(grpc_call *call)
Gets the auth context from the call.
Definition: security_context.cc:65
GRPCAPI int grpc_tls_credentials_options_set_credential_reload_config(grpc_tls_credentials_options *options, grpc_tls_credential_reload_config *config)
Set grpc_tls_credential_reload_config field in credentials options with the provided config struct wh...
Definition: grpc_tls_credentials_options.cc:108
GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds)
— Server-side secure ports.
Definition: server_secure_chttp2.cc:40
const grpc_auth_context * ctx
Definition: grpc_security.h:37
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
Definition: ssl_credentials.cc:358
Definition: grpc_tls_credentials_options.h:218
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
Definition: ssl_utils.cc:366
GRPCAPI const grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Returns NULL when the iterator is at the end.
Definition: security_context.cc:178
Definition: credentials.h:263
grpc_ssl_client_certificate_request_type client_certificate_request
Definition: ssl_credentials.cc:158
const char * service_url
The fully qualifed service url.
Definition: grpc_security.h:375
const char * name
Definition: grpc_security.h:39
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
Releases a call credentials object.
Definition: credentials.cc:132
size_t index
Definition: grpc_security.h:38
void(* grpc_tls_on_server_authorization_check_done_cb)(grpc_tls_server_authorization_check_arg *arg)
callback function provided by gRPC used to handle the result of server authorization check...
Definition: grpc_security.h:874
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return...
Definition: grpc_security.h:391
const char * scope
Definition: grpc_security.h:341
Definition: grpc_security.h:36
grpc_status_code status
Definition: grpc_security.h:905
TLS server authorization check config.
Definition: grpc_tls_credentials_options.h:138
GRPCAPI grpc_tls_key_materials_config * grpc_tls_key_materials_config_create(void)
— TLS key materials config.
Definition: grpc_tls_credentials_options.cc:135
Object that holds additional peer-verification options on a secure channel.
Definition: grpc_security.h:190
Definition: ssl_credentials.h:49
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:156
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server's identity.
Definition: grpc_security.h:383
struct grpc_auth_property_iterator grpc_auth_property_iterator
Definition: grpc_alts_credentials_options.h:35
const char * requested_token_type
Definition: grpc_security.h:342
const char * error_details
Definition: grpc_security.h:830
GRPCAPI grpc_auth_property_iterator grpc_auth_context_peer_identity(const grpc_auth_context *ctx)
Gets the peer identity.
Definition: security_context.cc:214
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
Definition: ssl_credentials.cc:271
void(* grpc_tls_on_credential_reload_done_cb)(grpc_tls_credential_reload_arg *arg)
A callback function provided by gRPC to handle the result of credential reload.
Definition: grpc_security.h:805
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options, void *reserved)
Definition: ssl_credentials.cc:138
GRPCAPI grpc_tls_server_authorization_check_config * grpc_tls_server_authorization_check_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_server_authorization_check_config instance.
Definition: grpc_tls_credentials_options.cc:200
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:59
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chai...
Definition: grpc_security.h:163
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
Definition: grpc_alts_credentials_client_options.cc:75
grpc_tls_server_authorization_check_config * config
Definition: grpc_security.h:907
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.
Definition: local_credentials.cc:61
GRPCAPI grpc_tls_credential_reload_config * grpc_tls_credential_reload_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_credential_reload_config instance.
Definition: grpc_tls_credentials_options.cc:183
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
Definition: ssl_credentials.cc:294
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:46
void * cb_user_data
Definition: grpc_security.h:901
GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds)
Releases a server_credentials object.
Definition: credentials.cc:182
grpc_tls_on_credential_reload_done_cb cb
Definition: grpc_security.h:826
void * cb_user_data
Definition: grpc_security.h:827
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
Definition: oauth2_credentials.cc:402
value, if not NULL, is guaranteed to be NULL terminated.
Definition: grpc_security.h:43
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
Creates a composite call credentials object.
Definition: composite_credentials.cc:164
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, void *reserved)
Creates a credentials object from a plugin.
Definition: plugin_credentials.cc:248
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
Definition: iam_credentials.cc:65
const char * resource
Definition: grpc_security.h:339
struct grpc_auth_property grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
const char * subject_token_path
Definition: grpc_security.h:343
const char * actor_token_type
Definition: grpc_security.h:346
int success
Definition: grpc_security.h:902
GRPCAPI void grpc_auth_context_release(grpc_auth_context *context)
Releases the auth context returned from grpc_call_auth_context.
Definition: security_context.cc:90
void * context
Definition: grpc_security.h:832
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name)
Sets the property name.
Definition: security_context.cc:147
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was acquired by an out of band m...
Definition: oauth2_credentials.cc:731
TLS credential reload config.
Definition: grpc_tls_credentials_options.h:62
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools...
Definition: grpc_security.h:337
Deprecated in favor of grpc_ssl_verify_peer_options.
Definition: grpc_security.h:170
GRPCAPI const char * grpc_auth_context_peer_identity_property_name(const grpc_auth_context *ctx)
Gets the name of the property that indicates the peer identity.
Definition: security_context.cc:140
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
Definition: ssl_utils.cc:390
Analogous to struct timespec.
Definition: gpr_types.h:47
grpc_server_credentials * grpc_tls_spiffe_server_credentials_create(grpc_tls_credentials_options *options)
This method creates a TLS server credential object.
Definition: spiffe_credentials.cc:122
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
Definition: ssl_credentials.cc:216
grpc_ssl_server_certificate_config * certificate_config
Definition: ssl_credentials.cc:159
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
Definition: grpc_alts_credentials_options.cc:38
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: grpc_security.h:496
GRPCAPI grpc_call_credentials * grpc_sts_credentials_create(const grpc_sts_credentials_options *options, void *reserved)
Creates an STS credentials following the STS Token Exchanged specifed in the IETF draft https://tools...
Definition: oauth2_credentials.cc:681
TLS key materials config.
Definition: grpc_tls_credentials_options.h:31
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
Definition: ssl_credentials.cc:305
grpc_status_code
Definition: status.h:26
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
Definition: json_token.cc:45
const char * target_name
Definition: grpc_security.h:903
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:201
GRPCAPI int grpc_tls_key_materials_config_get_version(grpc_tls_key_materials_config *config)
Get the version number of a grpc_tls_key_materials_config instance.
Definition: grpc_tls_credentials_options.cc:172
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
Definition: ssl_credentials.cc:254
GRPCAPI int grpc_tls_key_materials_config_set_key_materials(grpc_tls_key_materials_config *config, const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair **pem_key_cert_pairs, size_t num_key_cert_pairs)
Set grpc_tls_key_materials_config instance with provided a TLS certificate.
Definition: grpc_tls_credentials_options.cc:139
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:112
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Returns 1 if the peer is authenticated, 0 otherwise.
Definition: security_context.cc:164
Context that can be used by metadata credentials plugin in order to create auth related metadata...
Definition: grpc_security.h:373
grpc_channel_credentials * grpc_tls_spiffe_credentials_create(grpc_tls_credentials_options *options)
— SPIFFE channel/server credentials —
Definition: spiffe_credentials.cc:113
const char * audience
Definition: grpc_security.h:340
grpc_tls_key_materials_config * key_materials_config
Definition: grpc_security.h:828
Definition: server.cc:222
GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds)
Releases a channel credentials object.
Definition: credentials.cc:42
const char * subject_token_type
Definition: grpc_security.h:344
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
Definition: alts_credentials.cc:106