1 /* 2 * 3 * Copyright 2015 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 #ifndef GRPC_GRPC_SECURITY_H 20 #define GRPC_GRPC_SECURITY_H 21 22 #include <stdbool.h> 23 24 #include <grpc/grpc.h> 25 #include <grpc/grpc_security_constants.h> 26 #include <grpc/status.h> 27 #include <grpc/support/port_platform.h> 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 /** --- Authentication Context. --- */ 34 35 typedef struct grpc_auth_context grpc_auth_context; 36 37 typedef struct grpc_auth_property_iterator { 38 const grpc_auth_context* ctx; 39 size_t index; 40 const char* name; 41 } grpc_auth_property_iterator; 42 43 /** value, if not NULL, is guaranteed to be NULL terminated. */ 44 typedef struct grpc_auth_property { 45 char* name; 46 char* value; 47 size_t value_length; 48 } grpc_auth_property; 49 50 /** Returns NULL when the iterator is at the end. */ 51 GRPCAPI const grpc_auth_property* grpc_auth_property_iterator_next( 52 grpc_auth_property_iterator* it); 53 54 /** Iterates over the auth context. */ 55 GRPCAPI grpc_auth_property_iterator 56 grpc_auth_context_property_iterator(const grpc_auth_context* ctx); 57 58 /** Gets the peer identity. Returns an empty iterator (first _next will return 59 NULL) if the peer is not authenticated. */ 60 GRPCAPI grpc_auth_property_iterator 61 grpc_auth_context_peer_identity(const grpc_auth_context* ctx); 62 63 /** Finds a property in the context. May return an empty iterator (first _next 64 will return NULL) if no property with this name was found in the context. */ 65 GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name( 66 const grpc_auth_context* ctx, const char* name); 67 68 /** Gets the name of the property that indicates the peer identity. Will return 69 NULL if the peer is not authenticated. */ 70 GRPCAPI const char* grpc_auth_context_peer_identity_property_name( 71 const grpc_auth_context* ctx); 72 73 /** Returns 1 if the peer is authenticated, 0 otherwise. */ 74 GRPCAPI int grpc_auth_context_peer_is_authenticated( 75 const grpc_auth_context* ctx); 76 77 /** Gets the auth context from the call. Caller needs to call 78 grpc_auth_context_release on the returned context. */ 79 GRPCAPI grpc_auth_context* grpc_call_auth_context(grpc_call* call); 80 81 /** Releases the auth context returned from grpc_call_auth_context. */ 82 GRPCAPI void grpc_auth_context_release(grpc_auth_context* context); 83 84 /** -- 85 The following auth context methods should only be called by a server metadata 86 processor to set properties extracted from auth metadata. 87 -- */ 88 89 /** Add a property. */ 90 GRPCAPI void grpc_auth_context_add_property(grpc_auth_context* ctx, 91 const char* name, const char* value, 92 size_t value_length); 93 94 /** Add a C string property. */ 95 GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context* ctx, 96 const char* name, 97 const char* value); 98 99 /** Sets the property name. Returns 1 if successful or 0 in case of failure 100 (which means that no property with this name exists). */ 101 GRPCAPI int grpc_auth_context_set_peer_identity_property_name( 102 grpc_auth_context* ctx, const char* name); 103 104 /** --- SSL Session Cache. --- 105 106 A SSL session cache object represents a way to cache client sessions 107 between connections. Only ticket-based resumption is supported. */ 108 109 typedef struct grpc_ssl_session_cache grpc_ssl_session_cache; 110 111 /** Create LRU cache for client-side SSL sessions with the given capacity. 112 If capacity is < 1, a default capacity is used instead. */ 113 GRPCAPI grpc_ssl_session_cache* grpc_ssl_session_cache_create_lru( 114 size_t capacity); 115 116 /** Destroy SSL session cache. */ 117 GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache* cache); 118 119 /** Create a channel arg with the given cache object. */ 120 GRPCAPI grpc_arg 121 grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache* cache); 122 123 /** --- grpc_call_credentials object. 124 125 A call credentials object represents a way to authenticate on a particular 126 call. These credentials can be composed with a channel credentials object 127 so that they are sent with every call on this channel. */ 128 129 typedef struct grpc_call_credentials grpc_call_credentials; 130 131 /** Releases a call credentials object. 132 The creator of the credentials object is responsible for its release. */ 133 GRPCAPI void grpc_call_credentials_release(grpc_call_credentials* creds); 134 135 /** Creates default credentials to connect to a google gRPC service. 136 WARNING: Do NOT use this credentials to connect to a non-google service as 137 this could result in an oauth2 token leak. The security level of the 138 resulting connection is GRPC_PRIVACY_AND_INTEGRITY. 139 140 If specified, the supplied call credentials object will be attached to the 141 returned channel credentials object. The call_credentials object must remain 142 valid throughout the lifetime of the returned grpc_channel_credentials 143 object. It is expected that the call credentials object was generated 144 according to the Application Default Credentials mechanism and asserts the 145 identity of the default service account of the machine. Supplying any other 146 sort of call credential will result in undefined behavior, up to and 147 including the sudden and unexpected failure of RPCs. 148 149 If nullptr is supplied, the returned channel credentials object will use a 150 call credentials object based on the Application Default Credentials 151 mechanism. 152 */ 153 GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create( 154 grpc_call_credentials* call_credentials); 155 156 /** Callback for getting the SSL roots override from the application. 157 In case of success, *pem_roots_certs must be set to a NULL terminated string 158 containing the list of PEM encoded root certificates. The ownership is passed 159 to the core and freed (laster by the core) with gpr_free. 160 If this function fails and GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is 161 set to a valid path, it will override the roots specified this func */ 162 typedef grpc_ssl_roots_override_result (*grpc_ssl_roots_override_callback)( 163 char** pem_root_certs); 164 165 /** Setup a callback to override the default TLS/SSL roots. 166 This function is not thread-safe and must be called at initialization time 167 before any ssl credentials are created to have the desired side effect. 168 If GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set to a valid path, the 169 callback will not be called. */ 170 GRPCAPI void grpc_set_ssl_roots_override_callback( 171 grpc_ssl_roots_override_callback cb); 172 173 /** Object that holds a private key / certificate chain pair in PEM format. */ 174 typedef struct { 175 /** private_key is the NULL-terminated string containing the PEM encoding of 176 the client's private key. */ 177 const char* private_key; 178 179 /** cert_chain is the NULL-terminated string containing the PEM encoding of 180 the client's certificate chain. */ 181 const char* cert_chain; 182 } grpc_ssl_pem_key_cert_pair; 183 184 /** Deprecated in favor of grpc_ssl_verify_peer_options. It will be removed 185 after all of its call sites are migrated to grpc_ssl_verify_peer_options. 186 Object that holds additional peer-verification options on a secure 187 channel. */ 188 typedef struct { 189 /** If non-NULL this callback will be invoked with the expected 190 target_name, the peer's certificate (in PEM format), and whatever 191 userdata pointer is set below. If a non-zero value is returned by this 192 callback then it is treated as a verification failure. Invocation of 193 the callback is blocking, so any implementation should be light-weight. 194 */ 195 int (*verify_peer_callback)(const char* target_name, const char* peer_pem, 196 void* userdata); 197 /** Arbitrary userdata that will be passed as the last argument to 198 verify_peer_callback. */ 199 void* verify_peer_callback_userdata; 200 /** A destruct callback that will be invoked when the channel is being 201 cleaned up. The userdata argument will be passed to it. The intent is 202 to perform any cleanup associated with that userdata. */ 203 void (*verify_peer_destruct)(void* userdata); 204 } verify_peer_options; 205 206 /** Object that holds additional peer-verification options on a secure 207 channel. */ 208 typedef struct { 209 /** If non-NULL this callback will be invoked with the expected 210 target_name, the peer's certificate (in PEM format), and whatever 211 userdata pointer is set below. If a non-zero value is returned by this 212 callback then it is treated as a verification failure. Invocation of 213 the callback is blocking, so any implementation should be light-weight. 214 */ 215 int (*verify_peer_callback)(const char* target_name, const char* peer_pem, 216 void* userdata); 217 /** Arbitrary userdata that will be passed as the last argument to 218 verify_peer_callback. */ 219 void* verify_peer_callback_userdata; 220 /** A destruct callback that will be invoked when the channel is being 221 cleaned up. The userdata argument will be passed to it. The intent is 222 to perform any cleanup associated with that userdata. */ 223 void (*verify_peer_destruct)(void* userdata); 224 } grpc_ssl_verify_peer_options; 225 226 /** Deprecated in favor of grpc_ssl_server_credentials_create_ex. It will be 227 removed after all of its call sites are migrated to 228 grpc_ssl_server_credentials_create_ex. Creates an SSL credentials object. 229 The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY. 230 - pem_root_certs is the NULL-terminated string containing the PEM encoding 231 of the server root certificates. If this parameter is NULL, the 232 implementation will first try to dereference the file pointed by the 233 GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails, 234 try to get the roots set by grpc_override_ssl_default_roots. Eventually, 235 if all these fail, it will try to get the roots from a well-known place on 236 disk (in the grpc install directory). 237 238 gRPC has implemented root cache if the underlying OpenSSL library supports 239 it. The gRPC root certificates cache is only applicable on the default 240 root certificates, which is used when this parameter is nullptr. If user 241 provides their own pem_root_certs, when creating an SSL credential object, 242 gRPC would not be able to cache it, and each subchannel will generate a 243 copy of the root store. So it is recommended to avoid providing large room 244 pem with pem_root_certs parameter to avoid excessive memory consumption, 245 particularly on mobile platforms such as iOS. 246 - pem_key_cert_pair is a pointer on the object containing client's private 247 key and certificate chain. This parameter can be NULL if the client does 248 not have such a key/cert pair. 249 - verify_options is an optional verify_peer_options object which holds 250 additional options controlling how peer certificates are verified. For 251 example, you can supply a callback which receives the peer's certificate 252 with which you can do additional verification. Can be NULL, in which 253 case verification will retain default behavior. Any settings in 254 verify_options are copied during this call, so the verify_options 255 object can be released afterwards. */ 256 GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create( 257 const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, 258 const verify_peer_options* verify_options, void* reserved); 259 260 /* Creates an SSL credentials object. 261 The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY. 262 - pem_root_certs is the NULL-terminated string containing the PEM encoding 263 of the server root certificates. If this parameter is NULL, the 264 implementation will first try to dereference the file pointed by the 265 GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails, 266 try to get the roots set by grpc_override_ssl_default_roots. Eventually, 267 if all these fail, it will try to get the roots from a well-known place on 268 disk (in the grpc install directory). 269 270 gRPC has implemented root cache if the underlying OpenSSL library supports 271 it. The gRPC root certificates cache is only applicable on the default 272 root certificates, which is used when this parameter is nullptr. If user 273 provides their own pem_root_certs, when creating an SSL credential object, 274 gRPC would not be able to cache it, and each subchannel will generate a 275 copy of the root store. So it is recommended to avoid providing large room 276 pem with pem_root_certs parameter to avoid excessive memory consumption, 277 particularly on mobile platforms such as iOS. 278 - pem_key_cert_pair is a pointer on the object containing client's private 279 key and certificate chain. This parameter can be NULL if the client does 280 not have such a key/cert pair. 281 - verify_options is an optional verify_peer_options object which holds 282 additional options controlling how peer certificates are verified. For 283 example, you can supply a callback which receives the peer's certificate 284 with which you can do additional verification. Can be NULL, in which 285 case verification will retain default behavior. Any settings in 286 verify_options are copied during this call, so the verify_options 287 object can be released afterwards. */ 288 GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create_ex( 289 const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, 290 const grpc_ssl_verify_peer_options* verify_options, void* reserved); 291 292 /** Creates a composite channel credentials object. The security level of 293 * resulting connection is determined by channel_creds. */ 294 GRPCAPI grpc_channel_credentials* grpc_composite_channel_credentials_create( 295 grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds, 296 void* reserved); 297 298 /** --- composite credentials. */ 299 300 /** Creates a composite call credentials object. */ 301 GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create( 302 grpc_call_credentials* creds1, grpc_call_credentials* creds2, 303 void* reserved); 304 305 /** Creates a compute engine credentials object for connecting to Google. 306 WARNING: Do NOT use this credentials to connect to a non-google service as 307 this could result in an oauth2 token leak. */ 308 GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( 309 void* reserved); 310 311 GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void); 312 313 /** Creates a JWT credentials object. May return NULL if the input is invalid. 314 - json_key is the JSON key string containing the client's private key. 315 - token_lifetime is the lifetime of each Json Web Token (JWT) created with 316 this credentials. It should not exceed grpc_max_auth_token_lifetime or 317 will be cropped to this value. */ 318 GRPCAPI grpc_call_credentials* 319 grpc_service_account_jwt_access_credentials_create(const char* json_key, 320 gpr_timespec token_lifetime, 321 void* reserved); 322 323 /** Builds External Account credentials. 324 - json_string is the JSON string containing the credentials options. 325 - scopes_string contains the scopes to be binded with the credentials. 326 This API is used for experimental purposes for now and may change in the 327 future. */ 328 GRPCAPI grpc_call_credentials* grpc_external_account_credentials_create( 329 const char* json_string, const char* scopes_string); 330 331 /** Creates an Oauth2 Refresh Token credentials object for connecting to Google. 332 May return NULL if the input is invalid. 333 WARNING: Do NOT use this credentials to connect to a non-google service as 334 this could result in an oauth2 token leak. 335 - json_refresh_token is the JSON string containing the refresh token itself 336 along with a client_id and client_secret. */ 337 GRPCAPI grpc_call_credentials* grpc_google_refresh_token_credentials_create( 338 const char* json_refresh_token, void* reserved); 339 340 /** Creates an Oauth2 Access Token credentials with an access token that was 341 acquired by an out of band mechanism. */ 342 GRPCAPI grpc_call_credentials* grpc_access_token_credentials_create( 343 const char* access_token, void* reserved); 344 345 /** Creates an IAM credentials object for connecting to Google. */ 346 GRPCAPI grpc_call_credentials* grpc_google_iam_credentials_create( 347 const char* authorization_token, const char* authority_selector, 348 void* reserved); 349 350 /** Options for creating STS Oauth Token Exchange credentials following the IETF 351 draft https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16. 352 Optional fields may be set to NULL or empty string. It is the responsibility 353 of the caller to ensure that the subject and actor tokens are refreshed on 354 disk at the specified paths. This API is used for experimental purposes for 355 now and may change in the future. */ 356 typedef struct { 357 const char* token_exchange_service_uri; /* Required. */ 358 const char* resource; /* Optional. */ 359 const char* audience; /* Optional. */ 360 const char* scope; /* Optional. */ 361 const char* requested_token_type; /* Optional. */ 362 const char* subject_token_path; /* Required. */ 363 const char* subject_token_type; /* Required. */ 364 const char* actor_token_path; /* Optional. */ 365 const char* actor_token_type; /* Optional. */ 366 } grpc_sts_credentials_options; 367 368 /** Creates an STS credentials following the STS Token Exchanged specifed in the 369 IETF draft https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16. 370 This API is used for experimental purposes for now and may change in the 371 future. */ 372 GRPCAPI grpc_call_credentials* grpc_sts_credentials_create( 373 const grpc_sts_credentials_options* options, void* reserved); 374 375 /** Callback function to be called by the metadata credentials plugin 376 implementation when the metadata is ready. 377 - user_data is the opaque pointer that was passed in the get_metadata method 378 of the grpc_metadata_credentials_plugin (see below). 379 - creds_md is an array of credentials metadata produced by the plugin. It 380 may be set to NULL in case of an error. 381 - num_creds_md is the number of items in the creds_md array. 382 - status must be GRPC_STATUS_OK in case of success or another specific error 383 code otherwise. 384 - error_details contains details about the error if any. In case of success 385 it should be NULL and will be otherwise ignored. */ 386 typedef void (*grpc_credentials_plugin_metadata_cb)( 387 void* user_data, const grpc_metadata* creds_md, size_t num_creds_md, 388 grpc_status_code status, const char* error_details); 389 390 /** Context that can be used by metadata credentials plugin in order to create 391 auth related metadata. */ 392 typedef struct { 393 /** The fully qualifed service url. */ 394 const char* service_url; 395 396 /** The method name of the RPC being called (not fully qualified). 397 The fully qualified method name can be built from the service_url: 398 full_qualified_method_name = ctx->service_url + '/' + ctx->method_name. */ 399 const char* method_name; 400 401 /** The auth_context of the channel which gives the server's identity. */ 402 const grpc_auth_context* channel_auth_context; 403 404 /** Reserved for future use. */ 405 void* reserved; 406 } grpc_auth_metadata_context; 407 408 /** Performs a deep copy from \a from to \a to. **/ 409 GRPCAPI void grpc_auth_metadata_context_copy(grpc_auth_metadata_context* from, 410 grpc_auth_metadata_context* to); 411 412 /** Releases internal resources held by \a context. **/ 413 GRPCAPI void grpc_auth_metadata_context_reset( 414 grpc_auth_metadata_context* context); 415 416 /** Maximum number of metadata entries returnable by a credentials plugin via 417 a synchronous return. */ 418 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4 419 420 /** grpc_metadata_credentials plugin is an API user provided structure used to 421 create grpc_credentials objects that can be set on a channel (composed) or 422 a call. See grpc_credentials_metadata_create_from_plugin below. 423 The grpc client stack will call the get_metadata method of the plugin for 424 every call in scope for the credentials created from it. */ 425 typedef struct { 426 /** The implementation of this method has to be non-blocking, but can 427 be performed synchronously or asynchronously. 428 429 If processing occurs synchronously, returns non-zero and populates 430 creds_md, num_creds_md, status, and error_details. In this case, 431 the caller takes ownership of the entries in creds_md and of 432 error_details. Note that if the plugin needs to return more than 433 GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX entries in creds_md, it must 434 return asynchronously. 435 436 If processing occurs asynchronously, returns zero and invokes \a cb 437 when processing is completed. \a user_data will be passed as the 438 first parameter of the callback. NOTE: \a cb MUST be invoked in a 439 different thread, not from the thread in which \a get_metadata() is 440 invoked. 441 442 \a context is the information that can be used by the plugin to create 443 auth metadata. */ 444 int (*get_metadata)( 445 void* state, grpc_auth_metadata_context context, 446 grpc_credentials_plugin_metadata_cb cb, void* user_data, 447 grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX], 448 size_t* num_creds_md, grpc_status_code* status, 449 const char** error_details); 450 451 /** Implements debug string of the given plugin. This method returns an 452 * allocated string that the caller needs to free using gpr_free() */ 453 char* (*debug_string)(void* state); 454 455 /** Destroys the plugin state. */ 456 void (*destroy)(void* state); 457 458 /** State that will be set as the first parameter of the methods above. */ 459 void* state; 460 461 /** Type of credentials that this plugin is implementing. */ 462 const char* type; 463 } grpc_metadata_credentials_plugin; 464 465 /** Creates a credentials object from a plugin with a specified minimum security 466 * level. */ 467 GRPCAPI grpc_call_credentials* grpc_metadata_credentials_create_from_plugin( 468 grpc_metadata_credentials_plugin plugin, 469 grpc_security_level min_security_level, void* reserved); 470 471 /** Server certificate config object holds the server's public certificates and 472 associated private keys, as well as any CA certificates needed for client 473 certificate validation (if applicable). Create using 474 grpc_ssl_server_certificate_config_create(). */ 475 typedef struct grpc_ssl_server_certificate_config 476 grpc_ssl_server_certificate_config; 477 478 /** Creates a grpc_ssl_server_certificate_config object. 479 - pem_roots_cert is the NULL-terminated string containing the PEM encoding of 480 the client root certificates. This parameter may be NULL if the server does 481 not want the client to be authenticated with SSL. 482 - pem_key_cert_pairs is an array private key / certificate chains of the 483 server. This parameter cannot be NULL. 484 - num_key_cert_pairs indicates the number of items in the private_key_files 485 and cert_chain_files parameters. It must be at least 1. 486 - It is the caller's responsibility to free this object via 487 grpc_ssl_server_certificate_config_destroy(). */ 488 GRPCAPI grpc_ssl_server_certificate_config* 489 grpc_ssl_server_certificate_config_create( 490 const char* pem_root_certs, 491 const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, 492 size_t num_key_cert_pairs); 493 494 /** Destroys a grpc_ssl_server_certificate_config object. */ 495 GRPCAPI void grpc_ssl_server_certificate_config_destroy( 496 grpc_ssl_server_certificate_config* config); 497 498 /** Callback to retrieve updated SSL server certificates, private keys, and 499 trusted CAs (for client authentication). 500 - user_data parameter, if not NULL, contains opaque data to be used by the 501 callback. 502 - Use grpc_ssl_server_certificate_config_create to create the config. 503 - The caller assumes ownership of the config. */ 504 typedef grpc_ssl_certificate_config_reload_status ( 505 *grpc_ssl_server_certificate_config_callback)( 506 void* user_data, grpc_ssl_server_certificate_config** config); 507 508 /** Deprecated in favor of grpc_ssl_server_credentials_create_ex. 509 Creates an SSL server_credentials object. 510 - pem_roots_cert is the NULL-terminated string containing the PEM encoding of 511 the client root certificates. This parameter may be NULL if the server does 512 not want the client to be authenticated with SSL. 513 - pem_key_cert_pairs is an array private key / certificate chains of the 514 server. This parameter cannot be NULL. 515 - num_key_cert_pairs indicates the number of items in the private_key_files 516 and cert_chain_files parameters. It should be at least 1. 517 - force_client_auth, if set to non-zero will force the client to authenticate 518 with an SSL cert. Note that this option is ignored if pem_root_certs is 519 NULL. */ 520 GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create( 521 const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, 522 size_t num_key_cert_pairs, int force_client_auth, void* reserved); 523 524 /** Deprecated in favor of grpc_ssl_server_credentials_create_with_options. 525 Same as grpc_ssl_server_credentials_create method except uses 526 grpc_ssl_client_certificate_request_type enum to support more ways to 527 authenticate client certificates.*/ 528 GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create_ex( 529 const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, 530 size_t num_key_cert_pairs, 531 grpc_ssl_client_certificate_request_type client_certificate_request, 532 void* reserved); 533 534 typedef struct grpc_ssl_server_credentials_options 535 grpc_ssl_server_credentials_options; 536 537 /** Creates an options object using a certificate config. Use this method when 538 the certificates and keys of the SSL server will not change during the 539 server's lifetime. 540 - Takes ownership of the certificate_config parameter. */ 541 GRPCAPI grpc_ssl_server_credentials_options* 542 grpc_ssl_server_credentials_create_options_using_config( 543 grpc_ssl_client_certificate_request_type client_certificate_request, 544 grpc_ssl_server_certificate_config* certificate_config); 545 546 /** Creates an options object using a certificate config fetcher. Use this 547 method to reload the certificates and keys of the SSL server without 548 interrupting the operation of the server. Initial certificate config will be 549 fetched during server initialization. 550 - user_data parameter, if not NULL, contains opaque data which will be passed 551 to the fetcher (see definition of 552 grpc_ssl_server_certificate_config_callback). */ 553 GRPCAPI grpc_ssl_server_credentials_options* 554 grpc_ssl_server_credentials_create_options_using_config_fetcher( 555 grpc_ssl_client_certificate_request_type client_certificate_request, 556 grpc_ssl_server_certificate_config_callback cb, void* user_data); 557 558 /** Destroys a grpc_ssl_server_credentials_options object. */ 559 GRPCAPI void grpc_ssl_server_credentials_options_destroy( 560 grpc_ssl_server_credentials_options* options); 561 562 /** Creates an SSL server_credentials object using the provided options struct. 563 - Takes ownership of the options parameter. */ 564 GRPCAPI grpc_server_credentials* 565 grpc_ssl_server_credentials_create_with_options( 566 grpc_ssl_server_credentials_options* options); 567 568 /** --- Call specific credentials. --- */ 569 570 /** Sets a credentials to a call. Can only be called on the client side before 571 grpc_call_start_batch. */ 572 GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call* call, 573 grpc_call_credentials* creds); 574 575 /** --- Auth Metadata Processing --- */ 576 577 /** Callback function that is called when the metadata processing is done. 578 - Consumed metadata will be removed from the set of metadata available on the 579 call. consumed_md may be NULL if no metadata has been consumed. 580 - Response metadata will be set on the response. response_md may be NULL. 581 - status is GRPC_STATUS_OK for success or a specific status for an error. 582 Common error status for auth metadata processing is either 583 GRPC_STATUS_UNAUTHENTICATED in case of an authentication failure or 584 GRPC_STATUS PERMISSION_DENIED in case of an authorization failure. 585 - error_details gives details about the error. May be NULL. */ 586 typedef void (*grpc_process_auth_metadata_done_cb)( 587 void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md, 588 const grpc_metadata* response_md, size_t num_response_md, 589 grpc_status_code status, const char* error_details); 590 591 /** Pluggable server-side metadata processor object. */ 592 typedef struct { 593 /** The context object is read/write: it contains the properties of the 594 channel peer and it is the job of the process function to augment it with 595 properties derived from the passed-in metadata. 596 The lifetime of these objects is guaranteed until cb is invoked. */ 597 void (*process)(void* state, grpc_auth_context* context, 598 const grpc_metadata* md, size_t num_md, 599 grpc_process_auth_metadata_done_cb cb, void* user_data); 600 void (*destroy)(void* state); 601 void* state; 602 } grpc_auth_metadata_processor; 603 604 GRPCAPI void grpc_server_credentials_set_auth_metadata_processor( 605 grpc_server_credentials* creds, grpc_auth_metadata_processor processor); 606 607 /** --- ALTS channel/server credentials --- **/ 608 609 /** 610 * Main interface for ALTS credentials options. The options will contain 611 * information that will be passed from grpc to TSI layer such as RPC protocol 612 * versions. ALTS client (channel) and server credentials will have their own 613 * implementation of this interface. The APIs listed in this header are 614 * thread-compatible. It is used for experimental purpose for now and subject 615 * to change. 616 */ 617 typedef struct grpc_alts_credentials_options grpc_alts_credentials_options; 618 619 /** 620 * This method creates a grpc ALTS credentials client options instance. 621 * It is used for experimental purpose for now and subject to change. 622 */ 623 GRPCAPI grpc_alts_credentials_options* 624 grpc_alts_credentials_client_options_create(void); 625 626 /** 627 * This method creates a grpc ALTS credentials server options instance. 628 * It is used for experimental purpose for now and subject to change. 629 */ 630 GRPCAPI grpc_alts_credentials_options* 631 grpc_alts_credentials_server_options_create(void); 632 633 /** 634 * This method adds a target service account to grpc client's ALTS credentials 635 * options instance. It is used for experimental purpose for now and subject 636 * to change. 637 * 638 * - options: grpc ALTS credentials options instance. 639 * - service_account: service account of target endpoint. 640 */ 641 GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account( 642 grpc_alts_credentials_options* options, const char* service_account); 643 644 /** 645 * This method destroys a grpc_alts_credentials_options instance by 646 * de-allocating all of its occupied memory. It is used for experimental purpose 647 * for now and subject to change. 648 * 649 * - options: a grpc_alts_credentials_options instance that needs to be 650 * destroyed. 651 */ 652 GRPCAPI void grpc_alts_credentials_options_destroy( 653 grpc_alts_credentials_options* options); 654 655 /** 656 * This method creates an ALTS channel credential object. The security 657 * level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY. 658 * It is used for experimental purpose for now and subject to change. 659 * 660 * - options: grpc ALTS credentials options instance for client. 661 * 662 * It returns the created ALTS channel credential object. 663 */ 664 GRPCAPI grpc_channel_credentials* grpc_alts_credentials_create( 665 const grpc_alts_credentials_options* options); 666 667 /** 668 * This method creates an ALTS server credential object. It is used for 669 * experimental purpose for now and subject to change. 670 * 671 * - options: grpc ALTS credentials options instance for server. 672 * 673 * It returns the created ALTS server credential object. 674 */ 675 GRPCAPI grpc_server_credentials* grpc_alts_server_credentials_create( 676 const grpc_alts_credentials_options* options); 677 678 /** --- Local channel/server credentials --- **/ 679 680 /** 681 * This method creates a local channel credential object. The security level 682 * of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY for UDS and 683 * GRPC_SECURITY_NONE for LOCAL_TCP. It is used for experimental purpose 684 * for now and subject to change. 685 * 686 * - type: local connection type 687 * 688 * It returns the created local channel credential object. 689 */ 690 GRPCAPI grpc_channel_credentials* grpc_local_credentials_create( 691 grpc_local_connect_type type); 692 693 /** 694 * This method creates a local server credential object. It is used for 695 * experimental purpose for now and subject to change. 696 * 697 * - type: local connection type 698 * 699 * It returns the created local server credential object. 700 */ 701 GRPCAPI grpc_server_credentials* grpc_local_server_credentials_create( 702 grpc_local_connect_type type); 703 704 /** --- TLS channel/server credentials --- 705 * It is used for experimental purpose for now and subject to change. */ 706 707 /** 708 * EXPERIMENTAL API - Subject to change 709 * 710 * A struct that can be specified by callers to configure underlying TLS 711 * behaviors. 712 */ 713 typedef struct grpc_tls_credentials_options grpc_tls_credentials_options; 714 715 /** 716 * EXPERIMENTAL API - Subject to change 717 * 718 * A struct provides ways to gain credential data that will be used in the TLS 719 * handshake. 720 */ 721 typedef struct grpc_tls_certificate_provider grpc_tls_certificate_provider; 722 723 /** 724 * EXPERIMENTAL API - Subject to change 725 * 726 * A struct that stores the credential data presented to the peer in handshake 727 * to show local identity. 728 */ 729 typedef struct grpc_tls_identity_pairs grpc_tls_identity_pairs; 730 731 /** 732 * EXPERIMENTAL API - Subject to change 733 * 734 * Creates a grpc_tls_identity_pairs that stores a list of identity credential 735 * data, including identity private key and identity certificate chain. 736 */ 737 GRPCAPI grpc_tls_identity_pairs* grpc_tls_identity_pairs_create(); 738 739 /** 740 * EXPERIMENTAL API - Subject to change 741 * 742 * Adds a identity private key and a identity certificate chain to 743 * grpc_tls_identity_pairs. This function will make an internal copy of 744 * |private_key| and |cert_chain|. 745 */ 746 GRPCAPI void grpc_tls_identity_pairs_add_pair(grpc_tls_identity_pairs* pairs, 747 const char* private_key, 748 const char* cert_chain); 749 750 /** 751 * EXPERIMENTAL API - Subject to change 752 * 753 * Destroys a grpc_tls_identity_pairs object. If this object is passed to a 754 * provider initiation function, the ownership is transferred so this function 755 * doesn't need to be called. Otherwise the creator of the 756 * grpc_tls_identity_pairs object is responsible for its destruction. 757 */ 758 GRPCAPI void grpc_tls_identity_pairs_destroy(grpc_tls_identity_pairs* pairs); 759 760 /** 761 * EXPERIMENTAL API - Subject to change 762 * 763 * Creates a grpc_tls_certificate_provider that will load credential data from 764 * static string during initialization. This provider will always return the 765 * same cert data for all cert names. 766 * root_certificate and pem_key_cert_pairs can be nullptr, indicating the 767 * corresponding credential data is not needed. 768 * This function will make a copy of |root_certificate|. 769 * The ownership of |pem_key_cert_pairs| is transferred. 770 */ 771 GRPCAPI grpc_tls_certificate_provider* 772 grpc_tls_certificate_provider_static_data_create( 773 const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs); 774 775 /** 776 * EXPERIMENTAL API - Subject to change 777 * 778 * Creates a grpc_tls_certificate_provider that will watch the credential 779 * changes on the file system. This provider will always return the up-to-date 780 * cert data for all the cert names callers set through 781 * |grpc_tls_credentials_options|. Note that this API only supports one key-cert 782 * file and hence one set of identity key-cert pair, so SNI(Server Name 783 * Indication) is not supported. 784 * - private_key_path is the file path of the private key. This must be set if 785 * |identity_certificate_path| is set. Otherwise, it could be null if no 786 * identity credentials are needed. 787 * - identity_certificate_path is the file path of the identity certificate 788 * chain. This must be set if |private_key_path| is set. Otherwise, it could 789 * be null if no identity credentials are needed. 790 * - root_cert_path is the file path to the root certificate bundle. This 791 * may be null if no root certs are needed. 792 * - refresh_interval_sec is the refreshing interval that we will check the 793 * files for updates. 794 * It does not take ownership of parameters. 795 */ 796 GRPCAPI grpc_tls_certificate_provider* 797 grpc_tls_certificate_provider_file_watcher_create( 798 const char* private_key_path, const char* identity_certificate_path, 799 const char* root_cert_path, unsigned int refresh_interval_sec); 800 801 /** 802 * EXPERIMENTAL API - Subject to change 803 * 804 * Releases a grpc_tls_certificate_provider object. The creator of the 805 * grpc_tls_certificate_provider object is responsible for its release. 806 */ 807 GRPCAPI void grpc_tls_certificate_provider_release( 808 grpc_tls_certificate_provider* provider); 809 810 /** 811 * EXPERIMENTAL API - Subject to change 812 * 813 * Creates an grpc_tls_credentials_options. 814 */ 815 GRPCAPI grpc_tls_credentials_options* grpc_tls_credentials_options_create(void); 816 817 /** 818 * EXPERIMENTAL API - Subject to change 819 * 820 * Sets the minimum TLS version that will be negotiated during the TLS 821 * handshake. If not set, the underlying SSL library will set it to TLS v1.2. 822 */ 823 GRPCAPI void grpc_tls_credentials_options_set_min_tls_version( 824 grpc_tls_credentials_options* options, grpc_tls_version min_tls_version); 825 826 /** 827 * EXPERIMENTAL API - Subject to change 828 * 829 * Sets the maximum TLS version that will be negotiated during the TLS 830 * handshake. If not set, the underlying SSL library will set it to TLS v1.3. 831 */ 832 GRPCAPI void grpc_tls_credentials_options_set_max_tls_version( 833 grpc_tls_credentials_options* options, grpc_tls_version max_tls_version); 834 835 /** 836 * EXPERIMENTAL API - Subject to change 837 * 838 * Copies a grpc_tls_credentials_options. 839 */ 840 GRPCAPI grpc_tls_credentials_options* grpc_tls_credentials_options_copy( 841 grpc_tls_credentials_options* options); 842 843 /** 844 * EXPERIMENTAL API - Subject to change 845 * 846 * Destroys a grpc_tls_credentials_options. 847 */ 848 GRPCAPI void grpc_tls_credentials_options_destroy( 849 grpc_tls_credentials_options* options); 850 851 /** 852 * EXPERIMENTAL API - Subject to change 853 * 854 * Sets the credential provider in the options. 855 * The |options| will implicitly take a new ref to the |provider|. 856 */ 857 GRPCAPI void grpc_tls_credentials_options_set_certificate_provider( 858 grpc_tls_credentials_options* options, 859 grpc_tls_certificate_provider* provider); 860 861 /** 862 * EXPERIMENTAL API - Subject to change 863 * 864 * If set, gRPC stack will keep watching the root certificates with 865 * name |root_cert_name|. 866 * If this is not set on the client side, we will use the root certificates 867 * stored in the default system location, since client side must provide root 868 * certificates in TLS. 869 * If this is not set on the server side, we will not watch any root certificate 870 * updates, and assume no root certificates needed for the server(single-side 871 * TLS). Default root certs on the server side is not supported. 872 */ 873 GRPCAPI void grpc_tls_credentials_options_watch_root_certs( 874 grpc_tls_credentials_options* options); 875 876 /** 877 * EXPERIMENTAL API - Subject to change 878 * 879 * Sets the name of the root certificates being watched. 880 * If not set, We will use a default empty string as the root certificate name. 881 */ 882 GRPCAPI void grpc_tls_credentials_options_set_root_cert_name( 883 grpc_tls_credentials_options* options, const char* root_cert_name); 884 885 /** 886 * EXPERIMENTAL API - Subject to change 887 * 888 * If set, gRPC stack will keep watching the identity key-cert pairs 889 * with name |identity_cert_name|. 890 * This is required on the server side, and optional on the client side. 891 */ 892 GRPCAPI void grpc_tls_credentials_options_watch_identity_key_cert_pairs( 893 grpc_tls_credentials_options* options); 894 895 /** 896 * EXPERIMENTAL API - Subject to change 897 * 898 * Sets the name of the identity certificates being watched. 899 * If not set, We will use a default empty string as the identity certificate 900 * name. 901 */ 902 GRPCAPI void grpc_tls_credentials_options_set_identity_cert_name( 903 grpc_tls_credentials_options* options, const char* identity_cert_name); 904 905 /** 906 * EXPERIMENTAL API - Subject to change 907 * 908 * Sets the options of whether to request and/or verify client certs. This shall 909 * only be called on the server side. 910 */ 911 GRPCAPI void grpc_tls_credentials_options_set_cert_request_type( 912 grpc_tls_credentials_options* options, 913 grpc_ssl_client_certificate_request_type type); 914 915 /** Deprecated in favor of grpc_tls_credentials_options_set_crl_provider. The 916 * crl provider interface provides a significantly more flexible approach to 917 * using CRLs. See gRFC A69 for details. 918 * EXPERIMENTAL API - Subject to change 919 * 920 * If set, gRPC will read all hashed x.509 CRL files in the directory and 921 * enforce the CRL files on all TLS handshakes. Only supported for OpenSSL 922 * version > 1.1. 923 * It is used for experimental purpose for now and subject to change. 924 */ 925 GRPCAPI void grpc_tls_credentials_options_set_crl_directory( 926 grpc_tls_credentials_options* options, const char* crl_directory); 927 928 /** 929 * EXPERIMENTAL API - Subject to change 930 * 931 * Sets the options of whether to verify server certs on the client side. 932 * Passing in a non-zero value indicates verifying the certs. 933 */ 934 GRPCAPI void grpc_tls_credentials_options_set_verify_server_cert( 935 grpc_tls_credentials_options* options, int verify_server_cert); 936 937 /** 938 * EXPERIMENTAL API - Subject to change 939 * 940 * Sets whether or not a TLS server should send a list of CA names in the 941 * ServerHello. This list of CA names is read from the server's trust bundle, so 942 * that the client can use this list as a hint to know which certificate it 943 * should send to the server. 944 * 945 * WARNING: This API is extremely dangerous and should not be used. If the 946 * server's trust bundle is too large, then the TLS server will be unable to 947 * form a ServerHello, and hence will be unusable. The definition of "too large" 948 * depends on the underlying SSL library being used and on the size of the CN 949 * fields of the certificates in the trust bundle. 950 */ 951 GRPCAPI void grpc_tls_credentials_options_set_send_client_ca_list( 952 grpc_tls_credentials_options* options, bool send_client_ca_list); 953 954 /** 955 * EXPERIMENTAL API - Subject to change 956 * 957 * The read-only request information exposed in a verification call. 958 * Callers should not directly manage the ownership of it. We will make sure it 959 * is always available inside verify() or cancel() call, and will destroy the 960 * object at the end of custom verification. 961 */ 962 typedef struct grpc_tls_custom_verification_check_request { 963 /* The target name of the server when the client initiates the connection. */ 964 /* This field will be nullptr if on the server side. */ 965 const char* target_name; 966 /* The information contained in the certificate chain sent from the peer. */ 967 struct peer_info { 968 /* The Common Name field on the peer leaf certificate. */ 969 const char* common_name; 970 /* The list of Subject Alternative Names on the peer leaf certificate. */ 971 struct san_names { 972 char** uri_names; 973 size_t uri_names_size; 974 char** dns_names; 975 size_t dns_names_size; 976 char** email_names; 977 size_t email_names_size; 978 char** ip_names; 979 size_t ip_names_size; 980 } san_names; 981 /* The raw peer leaf certificate. */ 982 const char* peer_cert; 983 /* The raw peer certificate chain. Note that it is not always guaranteed to 984 * get the peer full chain. For more, please refer to 985 * GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME defined in file 986 * grpc_security_constants.h. 987 * TODO(ZhenLian): Consider fixing this in the future. */ 988 const char* peer_cert_full_chain; 989 /* The verified root cert subject. 990 * This value will only be filled if the cryptographic peer certificate 991 * verification was successful */ 992 const char* verified_root_cert_subject; 993 } peer_info; 994 } grpc_tls_custom_verification_check_request; 995 996 /** 997 * EXPERIMENTAL API - Subject to change 998 * 999 * A callback function provided by gRPC as a parameter of the |verify| function 1000 * in grpc_tls_certificate_verifier_external. If |verify| is expected to be run 1001 * asynchronously, the implementer of |verify| will need to invoke this callback 1002 * with |callback_arg| and proper verification status at the end to bring the 1003 * control back to gRPC C core. 1004 */ 1005 typedef void (*grpc_tls_on_custom_verification_check_done_cb)( 1006 grpc_tls_custom_verification_check_request* request, void* callback_arg, 1007 grpc_status_code status, const char* error_details); 1008 1009 /** 1010 * EXPERIMENTAL API - Subject to change 1011 * 1012 * The internal verifier type that will be used inside core. 1013 */ 1014 typedef struct grpc_tls_certificate_verifier grpc_tls_certificate_verifier; 1015 1016 /** 1017 * EXPERIMENTAL API - Subject to change 1018 * 1019 * A struct containing all the necessary functions a custom external verifier 1020 * needs to implement to be able to be converted to an internal verifier. 1021 */ 1022 typedef struct grpc_tls_certificate_verifier_external { 1023 void* user_data; 1024 /** 1025 * A function pointer containing the verification logic that will be 1026 * performed after the TLS handshake is done. It could be processed 1027 * synchronously or asynchronously. 1028 * - If expected to be processed synchronously, the implementer should 1029 * populate the verification result through |sync_status| and 1030 * |sync_error_details|, and then return true. 1031 * - If expected to be processed asynchronously, the implementer should return 1032 * false immediately, and then in the asynchronous thread invoke |callback| 1033 * with the verification result. The implementer MUST NOT invoke the async 1034 * |callback| in the same thread before |verify| returns, otherwise it can 1035 * lead to deadlocks. 1036 * 1037 * user_data: any argument that is passed in the user_data of 1038 * grpc_tls_certificate_verifier_external during construction time 1039 * can be retrieved later here. 1040 * request: request information exposed to the function implementer. 1041 * callback: the callback that the function implementer needs to invoke, if 1042 * return a non-zero value. It is usually invoked when the 1043 * asynchronous verification is done, and serves to bring the 1044 * control back to gRPC. 1045 * callback_arg: A pointer to the internal ExternalVerifier instance. This is 1046 * mainly used as an argument in |callback|, if want to invoke 1047 * |callback| in async mode. 1048 * sync_status: indicates if a connection should be allowed. This should only 1049 * be used if the verification check is done synchronously. 1050 * sync_error_details: the error generated while verifying a connection. This 1051 * should only be used if the verification check is done 1052 * synchronously. the implementation must allocate the 1053 * error string via gpr_malloc() or gpr_strdup(). 1054 * return: return 0 if |verify| is expected to be executed asynchronously, 1055 * otherwise return a non-zero value. 1056 */ 1057 int (*verify)(void* user_data, 1058 grpc_tls_custom_verification_check_request* request, 1059 grpc_tls_on_custom_verification_check_done_cb callback, 1060 void* callback_arg, grpc_status_code* sync_status, 1061 char** sync_error_details); 1062 /** 1063 * A function pointer that cleans up the caller-specified resources when the 1064 * verifier is still running but the whole connection got cancelled. This 1065 * could happen when the verifier is doing some async operations, and the 1066 * whole handshaker object got destroyed because of connection time limit is 1067 * reached, or any other reasons. In such cases, function implementers might 1068 * want to be notified, and properly clean up some resources. 1069 * 1070 * user_data: any argument that is passed in the user_data of 1071 * grpc_tls_certificate_verifier_external during construction time 1072 * can be retrieved later here. 1073 * request: request information exposed to the function implementer. It will 1074 * be the same request object that was passed to verify(), and it 1075 * tells the cancel() which request to cancel. 1076 */ 1077 void (*cancel)(void* user_data, 1078 grpc_tls_custom_verification_check_request* request); 1079 /** 1080 * A function pointer that does some additional destruction work when the 1081 * verifier is destroyed. This is used when the caller wants to associate some 1082 * objects to the lifetime of external_verifier, and destroy them when 1083 * external_verifier got destructed. For example, in C++, the class containing 1084 * user-specified callback functions should not be destroyed before 1085 * external_verifier, since external_verifier will invoke them while being 1086 * used. 1087 * Note that the caller MUST delete the grpc_tls_certificate_verifier_external 1088 * object itself in this function, otherwise it will cause memory leaks. That 1089 * also means the user_data has to carries at least a self pointer, for the 1090 * callers to later delete it in destruct(). 1091 * 1092 * user_data: any argument that is passed in the user_data of 1093 * grpc_tls_certificate_verifier_external during construction time 1094 * can be retrieved later here. 1095 */ 1096 void (*destruct)(void* user_data); 1097 } grpc_tls_certificate_verifier_external; 1098 1099 /** 1100 * EXPERIMENTAL API - Subject to change 1101 * 1102 * Converts an external verifier to an internal verifier. 1103 * Note that we will not take the ownership of the external_verifier. Callers 1104 * will need to delete external_verifier in its own destruct function. 1105 */ 1106 grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_external_create( 1107 grpc_tls_certificate_verifier_external* external_verifier); 1108 1109 /** 1110 * EXPERIMENTAL API - Subject to change 1111 * 1112 * Factory function for an internal verifier that won't perform any 1113 * post-handshake verification. Note: using this solely without any other 1114 * authentication mechanisms on the peer identity will leave your applications 1115 * to the MITM(Man-In-The-Middle) attacks. Users should avoid doing so in 1116 * production environments. 1117 */ 1118 grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_no_op_create(); 1119 1120 /** 1121 * EXPERIMENTAL API - Subject to change 1122 * 1123 * Factory function for an internal verifier that will do the default hostname 1124 * check. 1125 */ 1126 grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_host_name_create(); 1127 1128 /** 1129 * EXPERIMENTAL API - Subject to change 1130 * 1131 * Releases a grpc_tls_certificate_verifier object. The creator of the 1132 * grpc_tls_certificate_verifier object is responsible for its release. 1133 */ 1134 void grpc_tls_certificate_verifier_release( 1135 grpc_tls_certificate_verifier* verifier); 1136 1137 /** 1138 * EXPERIMENTAL API - Subject to change 1139 * 1140 * Sets the verifier in options. The |options| will implicitly take a new ref to 1141 * the |verifier|. If not set on the client side, we will verify server's 1142 * certificates, and check the default hostname. If not set on the server side, 1143 * we will verify client's certificates. 1144 */ 1145 void grpc_tls_credentials_options_set_certificate_verifier( 1146 grpc_tls_credentials_options* options, 1147 grpc_tls_certificate_verifier* verifier); 1148 1149 /** 1150 * EXPERIMENTAL API - Subject to change 1151 * 1152 * Sets the options of whether to check the hostname of the peer on a per-call 1153 * basis. This is usually used in a combination with virtual hosting at the 1154 * client side, where each individual call on a channel can have a different 1155 * host associated with it. 1156 * This check is intended to verify that the host specified for the individual 1157 * call is covered by the cert that the peer presented. 1158 * The default is a non-zero value, which indicates performing such checks. 1159 */ 1160 GRPCAPI void grpc_tls_credentials_options_set_check_call_host( 1161 grpc_tls_credentials_options* options, int check_call_host); 1162 1163 /** 1164 * EXPERIMENTAL API - Subject to change 1165 * 1166 * Performs the verification logic of an internal verifier. 1167 * This is typically used when composing the internal verifiers as part of the 1168 * custom verification. 1169 * If |grpc_tls_certificate_verifier_verify| returns true, inspect the 1170 * verification result through request->status and request->error_details. 1171 * Otherwise, inspect through the parameter of |callback|. 1172 */ 1173 int grpc_tls_certificate_verifier_verify( 1174 grpc_tls_certificate_verifier* verifier, 1175 grpc_tls_custom_verification_check_request* request, 1176 grpc_tls_on_custom_verification_check_done_cb callback, void* callback_arg, 1177 grpc_status_code* sync_status, char** sync_error_details); 1178 1179 /** 1180 * EXPERIMENTAL API - Subject to change 1181 * 1182 * Performs the cancellation logic of an internal verifier. 1183 * This is typically used when composing the internal verifiers as part of the 1184 * custom verification. 1185 */ 1186 void grpc_tls_certificate_verifier_cancel( 1187 grpc_tls_certificate_verifier* verifier, 1188 grpc_tls_custom_verification_check_request* request); 1189 1190 /** 1191 * EXPERIMENTAL API - Subject to change 1192 * 1193 * Creates a TLS channel credential object based on the 1194 * grpc_tls_credentials_options specified by callers. The 1195 * grpc_channel_credentials will take the ownership of the |options|. The 1196 * security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY. 1197 */ 1198 grpc_channel_credentials* grpc_tls_credentials_create( 1199 grpc_tls_credentials_options* options); 1200 1201 /** 1202 * EXPERIMENTAL API - Subject to change 1203 * 1204 * Creates a TLS server credential object based on the 1205 * grpc_tls_credentials_options specified by callers. The 1206 * grpc_server_credentials will take the ownership of the |options|. 1207 */ 1208 grpc_server_credentials* grpc_tls_server_credentials_create( 1209 grpc_tls_credentials_options* options); 1210 1211 /** 1212 * EXPERIMENTAL API - Subject to change 1213 * 1214 * This method creates an insecure channel credentials object. 1215 */ 1216 GRPCAPI grpc_channel_credentials* grpc_insecure_credentials_create(); 1217 1218 /** 1219 * EXPERIMENTAL API - Subject to change 1220 * 1221 * This method creates an insecure server credentials object. 1222 */ 1223 GRPCAPI grpc_server_credentials* grpc_insecure_server_credentials_create(); 1224 1225 /** 1226 * EXPERIMENTAL API - Subject to change 1227 * 1228 * This method creates an xDS channel credentials object. 1229 * 1230 * Creating a channel with credentials of this type indicates that the channel 1231 * should get credentials configuration from the xDS control plane. 1232 * 1233 * \a fallback_credentials are used if the channel target does not have the 1234 * 'xds:///' scheme or if the xDS control plane does not provide information on 1235 * how to fetch credentials dynamically. Does NOT take ownership of the \a 1236 * fallback_credentials. (Internally takes a ref to the object.) 1237 */ 1238 GRPCAPI grpc_channel_credentials* grpc_xds_credentials_create( 1239 grpc_channel_credentials* fallback_credentials); 1240 1241 /** 1242 * EXPERIMENTAL API - Subject to change 1243 * 1244 * This method creates an xDS server credentials object. 1245 * 1246 * \a fallback_credentials are used if the xDS control plane does not provide 1247 * information on how to fetch credentials dynamically. 1248 * 1249 * Does NOT take ownership of the \a fallback_credentials. (Internally takes 1250 * a ref to the object.) 1251 */ 1252 GRPCAPI grpc_server_credentials* grpc_xds_server_credentials_create( 1253 grpc_server_credentials* fallback_credentials); 1254 1255 /** 1256 * EXPERIMENTAL - Subject to change. 1257 * An opaque type that is responsible for providing authorization policies to 1258 * gRPC. 1259 */ 1260 typedef struct grpc_authorization_policy_provider 1261 grpc_authorization_policy_provider; 1262 1263 /** 1264 * EXPERIMENTAL - Subject to change. 1265 * Creates a grpc_authorization_policy_provider using gRPC authorization policy 1266 * from static string. 1267 * - authz_policy is the input gRPC authorization policy. 1268 * - code is the error status code on failure. On success, it equals 1269 * GRPC_STATUS_OK. 1270 * - error_details contains details about the error if any. If the 1271 * initialization is successful, it will be null. Caller must use gpr_free to 1272 * destroy this string. 1273 */ 1274 GRPCAPI grpc_authorization_policy_provider* 1275 grpc_authorization_policy_provider_static_data_create( 1276 const char* authz_policy, grpc_status_code* code, 1277 const char** error_details); 1278 1279 /** 1280 * EXPERIMENTAL - Subject to change. 1281 * Creates a grpc_authorization_policy_provider by watching for gRPC 1282 * authorization policy changes in filesystem. 1283 * - authz_policy is the file path of gRPC authorization policy. 1284 * - refresh_interval_sec is the amount of time the internal thread would wait 1285 * before checking for file updates. 1286 * - code is the error status code on failure. On success, it equals 1287 * GRPC_STATUS_OK. 1288 * - error_details contains details about the error if any. If the 1289 * initialization is successful, it will be null. Caller must use gpr_free to 1290 * destroy this string. 1291 */ 1292 GRPCAPI grpc_authorization_policy_provider* 1293 grpc_authorization_policy_provider_file_watcher_create( 1294 const char* authz_policy_path, unsigned int refresh_interval_sec, 1295 grpc_status_code* code, const char** error_details); 1296 1297 /** 1298 * EXPERIMENTAL - Subject to change. 1299 * Releases grpc_authorization_policy_provider object. The creator of 1300 * grpc_authorization_policy_provider is responsible for its release. 1301 */ 1302 GRPCAPI void grpc_authorization_policy_provider_release( 1303 grpc_authorization_policy_provider* provider); 1304 1305 /** --- TLS session key logging. --- 1306 * Experimental API to control tls session key logging. Tls session key logging 1307 * is expected to be used only for debugging purposes and never in production. 1308 * Tls session key logging is only enabled when: 1309 * At least one grpc_tls_credentials_options object is assigned a tls session 1310 * key logging file path using the API specified below. 1311 */ 1312 1313 /** 1314 * EXPERIMENTAL API - Subject to change. 1315 * Configures a grpc_tls_credentials_options object with tls session key 1316 * logging capability. TLS channels using these credentials have tls session 1317 * key logging enabled. 1318 * - options is the grpc_tls_credentials_options object 1319 * - path is a string pointing to the location where TLS session keys would be 1320 * stored. 1321 */ 1322 GRPCAPI void grpc_tls_credentials_options_set_tls_session_key_log_file_path( 1323 grpc_tls_credentials_options* options, const char* path); 1324 1325 #ifdef __cplusplus 1326 } 1327 #endif 1328 1329 #endif /* GRPC_GRPC_SECURITY_H */ 1330