GRPC Core  9.0.0
grpc_security.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_GRPC_SECURITY_H
20 #define GRPC_GRPC_SECURITY_H
21 
23 
24 #include <grpc/grpc.h>
26 #include <grpc/status.h>
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31 
35 
38  size_t index;
39  const char* name;
41 
43 typedef struct grpc_auth_property {
44  char* name;
45  char* value;
46  size_t value_length;
48 
52 
56 
61 
65  const grpc_auth_context* ctx, const char* name);
66 
70  const grpc_auth_context* ctx);
71 
74  const grpc_auth_context* ctx);
75 
79 
82 
90  const char* name, const char* value,
91  size_t value_length);
92 
95  const char* name,
96  const char* value);
97 
101  grpc_auth_context* ctx, const char* name);
102 
109 
113  size_t capacity);
114 
117 
121 
128 
132 
137 
145  char** pem_root_certs);
146 
154 
156 typedef struct {
159  const char* private_key;
160 
163  const char* cert_chain;
165 
170 typedef struct {
177  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
178  void* userdata);
185  void (*verify_peer_destruct)(void* userdata);
187 
190 typedef struct {
197  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
198  void* userdata);
205  void (*verify_peer_destruct)(void* userdata);
207 
238  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
239  const verify_peer_options* verify_options, void* reserved);
240 
241 /* Creates an SSL credentials object.
242  - pem_root_certs is the NULL-terminated string containing the PEM encoding
243  of the server root certificates. If this parameter is NULL, the
244  implementation will first try to dereference the file pointed by the
245  GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
246  try to get the roots set by grpc_override_ssl_default_roots. Eventually,
247  if all these fail, it will try to get the roots from a well-known place on
248  disk (in the grpc install directory).
249 
250  gRPC has implemented root cache if the underlying OpenSSL library supports
251  it. The gRPC root certificates cache is only applicable on the default
252  root certificates, which is used when this parameter is nullptr. If user
253  provides their own pem_root_certs, when creating an SSL credential object,
254  gRPC would not be able to cache it, and each subchannel will generate a
255  copy of the root store. So it is recommended to avoid providing large room
256  pem with pem_root_certs parameter to avoid excessive memory consumption,
257  particularly on mobile platforms such as iOS.
258  - pem_key_cert_pair is a pointer on the object containing client's private
259  key and certificate chain. This parameter can be NULL if the client does
260  not have such a key/cert pair.
261  - verify_options is an optional verify_peer_options object which holds
262  additional options controlling how peer certificates are verified. For
263  example, you can supply a callback which receives the peer's certificate
264  with which you can do additional verification. Can be NULL, in which
265  case verification will retain default behavior. Any settings in
266  verify_options are copied during this call, so the verify_options
267  object can be released afterwards. */
269  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
270  const grpc_ssl_verify_peer_options* verify_options, void* reserved);
271 
279 
283 
286  grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
287  void* reserved);
288 
292  void* reserved);
293 
298  void* reserved);
299 
301 
309  gpr_timespec token_lifetime,
310  void* reserved);
311 
319  const char* json_refresh_token, void* reserved);
320 
324  const char* access_token, void* reserved);
325 
328  const char* authorization_token, const char* authority_selector,
329  void* reserved);
330 
337 typedef struct {
338  const char* token_exchange_service_uri; /* Required. */
339  const char* resource; /* Optional. */
340  const char* audience; /* Optional. */
341  const char* scope; /* Optional. */
342  const char* requested_token_type; /* Optional. */
343  const char* subject_token_path; /* Required. */
344  const char* subject_token_type; /* Required. */
345  const char* actor_token_path; /* Optional. */
346  const char* actor_token_type; /* Optional. */
348 
354  const grpc_sts_credentials_options* options, void* reserved);
355 
368  void* user_data, const grpc_metadata* creds_md, size_t num_creds_md,
369  grpc_status_code status, const char* error_details);
370 
373 typedef struct {
375  const char* service_url;
376 
380  const char* method_name;
381 
384 
386  void* reserved;
388 
391 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
392 
398 typedef struct {
417  int (*get_metadata)(
418  void* state, grpc_auth_metadata_context context,
419  grpc_credentials_plugin_metadata_cb cb, void* user_data,
421  size_t* num_creds_md, grpc_status_code* status,
422  const char** error_details);
423 
425  void (*destroy)(void* state);
426 
428  void* state;
429 
431  const char* type;
433 
436  grpc_metadata_credentials_plugin plugin, void* reserved);
437 
448  grpc_channel_credentials* creds, const char* target,
449  const grpc_channel_args* args, void* reserved);
450 
456 
461 
468 
481  const char* pem_root_certs,
483  size_t num_key_cert_pairs);
484 
488 
497  void* user_data, grpc_ssl_server_certificate_config** config);
498 
513  size_t num_key_cert_pairs, int force_client_auth, void* reserved);
514 
521  size_t num_key_cert_pairs,
522  grpc_ssl_client_certificate_request_type client_certificate_request,
523  void* reserved);
524 
527 
536 
547  grpc_ssl_server_certificate_config_callback cb, void* user_data);
548 
552 
558 
565  const char* addr,
566  grpc_server_credentials* creds);
567 
573  grpc_call_credentials* creds);
574 
587  void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
588  const grpc_metadata* response_md, size_t num_response_md,
589  grpc_status_code status, const char* error_details);
590 
592 typedef struct {
597  void (*process)(void* state, grpc_auth_context* context,
598  const grpc_metadata* md, size_t num_md,
599  grpc_process_auth_metadata_done_cb cb, void* user_data);
600  void (*destroy)(void* state);
601  void* state;
603 
606 
618 
625 
632 
642  grpc_alts_credentials_options* options, const char* service_account);
643 
654 
664  const grpc_alts_credentials_options* options);
665 
675  const grpc_alts_credentials_options* options);
676 
689 
700 
707 
712 
717 
721 
725 
733 
742 
751 
760 
767  void);
768 
777  grpc_tls_key_materials_config* config, const char* pem_root_certs,
778  const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
779  size_t num_key_cert_pairs);
780 
787  grpc_tls_key_materials_config* config, int version);
788 
795 
800 
807 
830  const char* error_details;
832  void* context;
833  void (*destroy_context)(void* ctx);
834 };
835 
858  const void* config_user_data,
859  int (*schedule)(void* config_user_data,
861  void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
862  void (*destruct)(void* config_user_data));
863 
869 
876 
902  int success;
903  const char* target_name;
904  const char* peer_cert;
906  const char* error_details;
908  void* context;
909  void (*destroy_context)(void* ctx);
910 };
911 
934  const void* config_user_data,
935  int (*schedule)(void* config_user_data,
937  void (*cancel)(void* config_user_data,
939  void (*destruct)(void* config_user_data));
940 
957 
971 
972 #ifdef __cplusplus
973 }
974 #endif
975 
976 #endif /* GRPC_GRPC_SECURITY_H */
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:53
grpc_ssl_pem_key_cert_pair * pem_key_cert_pairs
Definition: ssl_credentials.h:50
const char * actor_token_path
Definition: grpc_security.h:345
Definition: security_context.h:49
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Finds a property in the context.
Definition: security_context.cc:203
GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, const char *name, const char *value)
Add a C string property.
Definition: security_context.cc:262
grpc_tls_credential_reload_config * config
Definition: grpc_security.h:831
const char * peer_cert
Definition: grpc_security.h:904
char * pem_root_certs
Definition: ssl_credentials.h:52
GRPCAPI grpc_auth_property_iterator grpc_auth_context_property_iterator(const grpc_auth_context *ctx)
Iterates over the auth context.
Definition: security_context.cc:169
size_t value_length
Definition: grpc_security.h:46
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds)
— Call specific credentials.
Definition: security_context.cc:42
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
Definition: ssl_utils.cc:361
Definition: ssl_credentials.cc:157
GRPCAPI int grpc_tls_credentials_options_set_key_materials_config(grpc_tls_credentials_options *options, grpc_tls_key_materials_config *config)
Set grpc_tls_key_materials_config field in credentials options with the provided config struct whose ...
Definition: grpc_tls_credentials_options.cc:95
GRPCAPI int grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
Set grpc_ssl_client_certificate_request_type field in credentials options with the provided type...
Definition: grpc_tls_credentials_options.cc:82
A struct containing all information necessary to schedule/cancel a server authorization check request...
Definition: grpc_security.h:899
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: grpc_security.h:108
An array of arguments that can be passed around.
Definition: grpc_types.h:132
Definition: channel.h:66
char * value
Definition: grpc_security.h:45
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
Definition: composite_credentials.cc:199
Definition: credentials.h:99
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
Definition: local_credentials.cc:51
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
Definition: jwt_credentials.cc:161
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
Definition: credentials.cc:199
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
Definition: ssl_credentials.cc:122
grpc_metadata_credentials plugin is an API user provided structure used to create grpc_credentials ob...
Definition: grpc_security.h:398
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
Definition: ssl_credentials.cc:241
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: grpc_security.h:380
grpc_linked_mdelem status
Definition: lame_client.cc:44
A struct containing all information necessary to schedule/cancel a credential reload request...
Definition: grpc_security.h:825
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:909
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
Definition: alts_credentials.cc:100
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: grpc_security.h:144
const char * type
Type of credentials that this plugin is implementing.
Definition: grpc_security.h:431
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create(void)
Create an empty TLS credentials options.
Definition: grpc_tls_credentials_options.cc:78
grpc_ssl_certificate_config_reload_status status
Definition: grpc_security.h:829
GRPCAPI int grpc_tls_key_materials_config_set_version(grpc_tls_key_materials_config *config, int version)
Set grpc_tls_key_materials_config instance with a provided version number, which is used to keep trac...
Definition: grpc_tls_credentials_options.cc:160
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client&#39;s private key...
Definition: grpc_security.h:159
grpc_tls_on_server_authorization_check_done_cb cb
Definition: grpc_security.h:900
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client&#39;s ALTS credentials options instance...
Definition: grpc_alts_credentials_client_options.cc:47
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
Definition: grpc_alts_credentials_server_options.cc:39
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
Definition: oauth2_credentials.cc:480
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:181
const char * token_exchange_service_uri
Definition: grpc_security.h:338
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: grpc_security.h:367
void(* destroy_context)(void *ctx)
Definition: grpc_security.h:833
const char * error_details
Definition: grpc_security.h:906
A single argument...
Definition: grpc_types.h:103
void * state
Definition: grpc_security.h:601
Definition: credentials.h:225
GRPCAPI int grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options *options, grpc_tls_server_authorization_check_config *config)
Set grpc_tls_server_authorization_check_config field in credentials options with the provided config ...
Definition: grpc_tls_credentials_options.cc:121
char * name
Definition: grpc_security.h:44
void * reserved
Reserved for future use.
Definition: grpc_security.h:386
GRPCAPI grpc_channel * grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved)
— Secure channel creation.
Definition: secure_channel_create.cc:193
GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, const char *value, size_t value_length)
– The following auth context methods should only be called by a server metadata processor to set pro...
Definition: security_context.cc:242
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
Definition: ssl_credentials.cc:329
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(void)
Creates default credentials to connect to a google gRPC service.
Definition: google_default_credentials.cc:279
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: grpc_security.h:586
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
Definition: ssl_utils.cc:56
grpc_call_error
Result of a grpc call.
Definition: grpc_types.h:407
size_t num_key_cert_pairs
Definition: ssl_credentials.h:51
void * context
Definition: grpc_security.h:908
GRPCAPI grpc_auth_context * grpc_call_auth_context(grpc_call *call)
Gets the auth context from the call.
Definition: security_context.cc:65
GRPCAPI int grpc_tls_credentials_options_set_credential_reload_config(grpc_tls_credentials_options *options, grpc_tls_credential_reload_config *config)
Set grpc_tls_credential_reload_config field in credentials options with the provided config struct wh...
Definition: grpc_tls_credentials_options.cc:108
GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds)
— Server-side secure ports.
Definition: server_secure_chttp2.cc:40
const grpc_auth_context * ctx
Definition: grpc_security.h:37
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
Definition: ssl_credentials.cc:358
Definition: grpc_tls_credentials_options.h:218
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
Definition: ssl_utils.cc:366
GRPCAPI const grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Returns NULL when the iterator is at the end.
Definition: security_context.cc:178
Definition: credentials.h:263
grpc_ssl_client_certificate_request_type client_certificate_request
Definition: ssl_credentials.cc:158
const char * service_url
The fully qualifed service url.
Definition: grpc_security.h:375
const char * name
Definition: grpc_security.h:39
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
Releases a call credentials object.
Definition: credentials.cc:132
size_t index
Definition: grpc_security.h:38
void(* grpc_tls_on_server_authorization_check_done_cb)(grpc_tls_server_authorization_check_arg *arg)
callback function provided by gRPC used to handle the result of server authorization check...
Definition: grpc_security.h:874
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return...
Definition: grpc_security.h:391
const char * scope
Definition: grpc_security.h:341
Definition: grpc_security.h:36
grpc_status_code status
Definition: grpc_security.h:905
TLS server authorization check config.
Definition: grpc_tls_credentials_options.h:138
GRPCAPI grpc_tls_key_materials_config * grpc_tls_key_materials_config_create(void)
— TLS key materials config.
Definition: grpc_tls_credentials_options.cc:135
Object that holds additional peer-verification options on a secure channel.
Definition: grpc_security.h:190
Definition: ssl_credentials.h:49
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:156
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server&#39;s identity.
Definition: grpc_security.h:383
A single metadata element.
Definition: grpc_types.h:485
struct grpc_auth_property_iterator grpc_auth_property_iterator
Definition: grpc_alts_credentials_options.h:35
const char * requested_token_type
Definition: grpc_security.h:342
const char * error_details
Definition: grpc_security.h:830
GRPCAPI grpc_auth_property_iterator grpc_auth_context_peer_identity(const grpc_auth_context *ctx)
Gets the peer identity.
Definition: security_context.cc:214
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
Definition: ssl_credentials.cc:271
void(* grpc_tls_on_credential_reload_done_cb)(grpc_tls_credential_reload_arg *arg)
A callback function provided by gRPC to handle the result of credential reload.
Definition: grpc_security.h:805
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options, void *reserved)
Definition: ssl_credentials.cc:138
GRPCAPI grpc_tls_server_authorization_check_config * grpc_tls_server_authorization_check_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_server_authorization_check_config instance.
Definition: grpc_tls_credentials_options.cc:200
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:59
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client&#39;s certificate chai...
Definition: grpc_security.h:163
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
Definition: grpc_alts_credentials_client_options.cc:75
grpc_tls_server_authorization_check_config * config
Definition: grpc_security.h:907
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.
Definition: local_credentials.cc:61
GRPCAPI grpc_tls_credential_reload_config * grpc_tls_credential_reload_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_credential_reload_config instance.
Definition: grpc_tls_credentials_options.cc:183
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
Definition: ssl_credentials.cc:294
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:46
Pluggable server-side metadata processor object.
Definition: grpc_security.h:592
#define GRPCAPI
Definition: port_platform.h:608
void * state
State that will be set as the first parameter of the methods above.
Definition: grpc_security.h:428
void * cb_user_data
Definition: grpc_security.h:901
GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds)
Releases a server_credentials object.
Definition: credentials.cc:182
grpc_tls_on_credential_reload_done_cb cb
Definition: grpc_security.h:826
void * cb_user_data
Definition: grpc_security.h:827
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
Definition: oauth2_credentials.cc:402
value, if not NULL, is guaranteed to be NULL terminated.
Definition: grpc_security.h:43
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
Creates a composite call credentials object.
Definition: composite_credentials.cc:164
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, void *reserved)
Creates a credentials object from a plugin.
Definition: plugin_credentials.cc:248
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
Definition: iam_credentials.cc:65
const char * resource
Definition: grpc_security.h:339
struct grpc_auth_property grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
const char * subject_token_path
Definition: grpc_security.h:343
const char * actor_token_type
Definition: grpc_security.h:346
int success
Definition: grpc_security.h:902
GRPCAPI void grpc_auth_context_release(grpc_auth_context *context)
Releases the auth context returned from grpc_call_auth_context.
Definition: security_context.cc:90
void * context
Definition: grpc_security.h:832
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name)
Sets the property name.
Definition: security_context.cc:147
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was acquired by an out of band m...
Definition: oauth2_credentials.cc:731
TLS credential reload config.
Definition: grpc_tls_credentials_options.h:62
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools...
Definition: grpc_security.h:337
Deprecated in favor of grpc_ssl_verify_peer_options.
Definition: grpc_security.h:170
GRPCAPI const char * grpc_auth_context_peer_identity_property_name(const grpc_auth_context *ctx)
Gets the name of the property that indicates the peer identity.
Definition: security_context.cc:140
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
Definition: ssl_utils.cc:390
Analogous to struct timespec.
Definition: gpr_types.h:47
grpc_server_credentials * grpc_tls_spiffe_server_credentials_create(grpc_tls_credentials_options *options)
This method creates a TLS server credential object.
Definition: spiffe_credentials.cc:122
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
Definition: ssl_credentials.cc:216
grpc_ssl_server_certificate_config * certificate_config
Definition: ssl_credentials.cc:159
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
Definition: grpc_alts_credentials_options.cc:38
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: grpc_security.h:496
GRPCAPI grpc_call_credentials * grpc_sts_credentials_create(const grpc_sts_credentials_options *options, void *reserved)
Creates an STS credentials following the STS Token Exchanged specifed in the IETF draft https://tools...
Definition: oauth2_credentials.cc:681
TLS key materials config.
Definition: grpc_tls_credentials_options.h:31
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
Definition: ssl_credentials.cc:305
grpc_status_code
Definition: status.h:26
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
Definition: json_token.cc:45
const char * target_name
Definition: grpc_security.h:903
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:201
Definition: call.cc:134
GRPCAPI int grpc_tls_key_materials_config_get_version(grpc_tls_key_materials_config *config)
Get the version number of a grpc_tls_key_materials_config instance.
Definition: grpc_tls_credentials_options.cc:172
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
Definition: ssl_credentials.cc:254
GRPCAPI int grpc_tls_key_materials_config_set_key_materials(grpc_tls_key_materials_config *config, const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair **pem_key_cert_pairs, size_t num_key_cert_pairs)
Set grpc_tls_key_materials_config instance with provided a TLS certificate.
Definition: grpc_tls_credentials_options.cc:139
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:112
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Returns 1 if the peer is authenticated, 0 otherwise.
Definition: security_context.cc:164
Context that can be used by metadata credentials plugin in order to create auth related metadata...
Definition: grpc_security.h:373
grpc_channel_credentials * grpc_tls_spiffe_credentials_create(grpc_tls_credentials_options *options)
— SPIFFE channel/server credentials —
Definition: spiffe_credentials.cc:113
const char * audience
Definition: grpc_security.h:340
grpc_tls_key_materials_config * key_materials_config
Definition: grpc_security.h:828
Definition: server.cc:222
GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds)
Releases a channel credentials object.
Definition: credentials.cc:42
const char * subject_token_type
Definition: grpc_security.h:344
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
Definition: alts_credentials.cc:106