10a2c3f4fbbae9e36a57c1e3a3e78b253b3004e3/core/grpc__security_8h_source.html

 /*

  *

  * Copyright 2015, Google Inc.

  * All rights reserved.

  *

  * Redistribution and use in source and binary forms, with or without

  * modification, are permitted provided that the following conditions are

  * met:

  *

  *     * Redistributions of source code must retain the above copyright

  * notice, this list of conditions and the following disclaimer.

  *     * Redistributions in binary form must reproduce the above

  * copyright notice, this list of conditions and the following disclaimer

  * in the documentation and/or other materials provided with the

  * distribution.

  *     * Neither the name of Google Inc. nor the names of its

  * contributors may be used to endorse or promote products derived from

  * this software without specific prior written permission.

  *

  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  *

  */


 #ifndef GRPC_GRPC_SECURITY_H

 #define GRPC_GRPC_SECURITY_H


 #include <grpc/grpc.h>

 #include <grpc/grpc_security_constants.h>

 #include <grpc/status.h>


 #ifdef __cplusplus

 extern "C" {

 #endif


 typedef struct grpc_auth_context grpc_auth_context;


 typedef struct grpc_auth_property_iterator {

   const grpc_auth_context *ctx;

   size_t index;

   const char *name;

 } grpc_auth_property_iterator;


 typedef struct grpc_auth_property {

   char *name;

   char *value;

   size_t value_length;

 } grpc_auth_property;


 GRPCAPI const grpc_auth_property *grpc_auth_property_iterator_next(

     grpc_auth_property_iterator *it);


 GRPCAPI grpc_auth_property_iterator

 grpc_auth_context_property_iterator(const grpc_auth_context *ctx);


 GRPCAPI grpc_auth_property_iterator

 grpc_auth_context_peer_identity(const grpc_auth_context *ctx);


 GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(

     const grpc_auth_context *ctx, const char *name);


 GRPCAPI const char *grpc_auth_context_peer_identity_property_name(

     const grpc_auth_context *ctx);


 GRPCAPI int grpc_auth_context_peer_is_authenticated(

     const grpc_auth_context *ctx);


 GRPCAPI grpc_auth_context *grpc_call_auth_context(grpc_call *call);


 GRPCAPI void grpc_auth_context_release(grpc_auth_context *context);


 GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx,

                                             const char *name, const char *value,

                                             size_t value_length);


 GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx,

                                                     const char *name,

                                                     const char *value);


 GRPCAPI int grpc_auth_context_set_peer_identity_property_name(

     grpc_auth_context *ctx, const char *name);


 typedef struct grpc_channel_credentials grpc_channel_credentials;


 GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds);


 GRPCAPI grpc_channel_credentials *grpc_google_default_credentials_create(void);


 typedef grpc_ssl_roots_override_result (*grpc_ssl_roots_override_callback)(

     char **pem_root_certs);


 GRPCAPI void grpc_set_ssl_roots_override_callback(

     grpc_ssl_roots_override_callback cb);


 typedef struct {

   const char *private_key;


   const char *cert_chain;

 } grpc_ssl_pem_key_cert_pair;


 GRPCAPI grpc_channel_credentials *grpc_ssl_credentials_create(

     const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,

     void *reserved);


 typedef struct grpc_call_credentials grpc_call_credentials;


 GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds);


 GRPCAPI grpc_channel_credentials *grpc_composite_channel_credentials_create(

     grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds,

     void *reserved);


 GRPCAPI grpc_call_credentials *grpc_composite_call_credentials_create(

     grpc_call_credentials *creds1, grpc_call_credentials *creds2,

     void *reserved);


 GRPCAPI grpc_call_credentials *grpc_google_compute_engine_credentials_create(

     void *reserved);


 GRPCAPI gpr_timespec grpc_max_auth_token_lifetime();


 GRPCAPI grpc_call_credentials *

 grpc_service_account_jwt_access_credentials_create(const char *json_key,

                                                    gpr_timespec token_lifetime,

                                                    void *reserved);


 GRPCAPI grpc_call_credentials *grpc_google_refresh_token_credentials_create(

     const char *json_refresh_token, void *reserved);


 GRPCAPI grpc_call_credentials *grpc_access_token_credentials_create(

     const char *access_token, void *reserved);


 GRPCAPI grpc_call_credentials *grpc_google_iam_credentials_create(

     const char *authorization_token, const char *authority_selector,

     void *reserved);


 typedef void (*grpc_credentials_plugin_metadata_cb)(

     void *user_data, const grpc_metadata *creds_md, size_t num_creds_md,

     grpc_status_code status, const char *error_details);


 typedef struct {

   const char *service_url;


   const char *method_name;


   const grpc_auth_context *channel_auth_context;


   void *reserved;

 } grpc_auth_metadata_context;


 typedef struct {

   void (*get_metadata)(void *state, grpc_auth_metadata_context context,

                        grpc_credentials_plugin_metadata_cb cb, void *user_data);


   void (*destroy)(void *state);


   void *state;


   const char *type;

 } grpc_metadata_credentials_plugin;


 GRPCAPI grpc_call_credentials *grpc_metadata_credentials_create_from_plugin(

     grpc_metadata_credentials_plugin plugin, void *reserved);


 GRPCAPI grpc_channel *grpc_secure_channel_create(

     grpc_channel_credentials *creds, const char *target,

     const grpc_channel_args *args, void *reserved);


 typedef struct grpc_server_credentials grpc_server_credentials;


 GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds);


 GRPCAPI grpc_server_credentials *grpc_ssl_server_credentials_create(

     const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,

     size_t num_key_cert_pairs, int force_client_auth, void *reserved);


 GRPCAPI grpc_server_credentials *grpc_ssl_server_credentials_create_ex(

     const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,

     size_t num_key_cert_pairs,

     grpc_ssl_client_certificate_request_type client_certificate_request,

     void *reserved);


 GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server,

                                               const char *addr,

                                               grpc_server_credentials *creds);


 GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call,

                                                   grpc_call_credentials *creds);


 typedef void (*grpc_process_auth_metadata_done_cb)(

     void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md,

     const grpc_metadata *response_md, size_t num_response_md,

     grpc_status_code status, const char *error_details);


 typedef struct {

   void (*process)(void *state, grpc_auth_context *context,

                   const grpc_metadata *md, size_t num_md,

                   grpc_process_auth_metadata_done_cb cb, void *user_data);

   void (*destroy)(void *state);

   void *state;

 } grpc_auth_metadata_processor;


 GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(

     grpc_server_credentials *creds, grpc_auth_metadata_processor processor);


 #ifdef __cplusplus

 }

 #endif


 #endif /* GRPC_GRPC_SECURITY_H */

grpc_call
struct grpc_call grpc_call
A Call represents an RPC.
Definition: grpc_types.h:86

grpc_auth_context_find_properties_by_name
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Finds a property in the context.

grpc_auth_context_add_cstring_property
GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, const char *name, const char *value)
Add a C string property.

grpc_process_auth_metadata_done_cb
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: grpc_security.h:365

grpc_auth_context_property_iterator
GRPCAPI grpc_auth_property_iterator grpc_auth_context_property_iterator(const grpc_auth_context *ctx)
Iterates over the auth context.

grpc_auth_property::value_length
size_t value_length
Definition: grpc_security.h:59

grpc_server_credentials
struct grpc_server_credentials grpc_server_credentials
— grpc_server_credentials object.
Definition: grpc_security.h:306

grpc_call_set_credentials
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds)
— Call specific credentials.

grpc_channel_args
An array of arguments that can be passed around.
Definition: grpc_types.h:143

grpc_auth_property::value
char * value
Definition: grpc_security.h:58

grpc_composite_channel_credentials_create
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.

grpc_channel
struct grpc_channel grpc_channel
The Channel interface allows creation of Call objects.
Definition: grpc_types.h:78

grpc_service_account_jwt_access_credentials_create
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.

grpc_server_credentials_set_auth_metadata_processor
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)

grpc_metadata_credentials_plugin
grpc_metadata_credentials plugin is an API user provided structure used to create grpc_credentials ob...
Definition: grpc_security.h:272

grpc_auth_metadata_context::method_name
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: grpc_security.h:258

grpc_metadata_credentials_plugin::type
const char * type
Type of credentials that this plugin is implementing.
Definition: grpc_security.h:288

grpc_ssl_pem_key_cert_pair::private_key
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client's private key...
Definition: grpc_security.h:153

grpc_google_refresh_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.

grpc_server
struct grpc_server grpc_server
A server listens to some port and responds to request calls.
Definition: grpc_types.h:81

grpc_ssl_credentials_create
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, void *reserved)
Creates an SSL credentials object.

grpc_auth_metadata_processor::state
void * state
Definition: grpc_security.h:380

grpc_security_constants.h

grpc_auth_property::name
char * name
Definition: grpc_security.h:57

grpc_auth_metadata_context::reserved
void * reserved
Reserved for future use.
Definition: grpc_security.h:264

grpc_secure_channel_create
GRPCAPI grpc_channel * grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved)
— Secure channel creation.

grpc_max_auth_token_lifetime
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime()

grpc_auth_context_add_property
GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, const char *value, size_t value_length)
– The following auth context methods should only be called by a server metadata processor to set prop...

grpc_google_default_credentials_create
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(void)
Creates default credentials to connect to a google gRPC service.

grpc_set_ssl_roots_override_callback
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.

grpc_call_error
grpc_call_error
Result of a grpc call.
Definition: grpc_types.h:311

grpc_call_auth_context
GRPCAPI grpc_auth_context * grpc_call_auth_context(grpc_call *call)
Gets the auth context from the call.

grpc_server_add_secure_http2_port
GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds)
— Server-side secure ports.

grpc_auth_property_iterator::ctx
const grpc_auth_context * ctx
Definition: grpc_security.h:50

grpc_auth_property_iterator_next
GRPCAPI const grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Returns NULL when the iterator is at the end.

grpc_auth_metadata_context::service_url
const char * service_url
The fully qualifed service url.
Definition: grpc_security.h:253

grpc_auth_property_iterator::name
const char * name
Definition: grpc_security.h:52

grpc_call_credentials_release
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
Releases a call credentials object.

grpc_auth_property_iterator::index
size_t index
Definition: grpc_security.h:51

grpc_auth_property_iterator
Definition: grpc_security.h:49

grpc_call_credentials
struct grpc_call_credentials grpc_call_credentials
— grpc_call_credentials object.
Definition: grpc_security.h:181

grpc_ssl_pem_key_cert_pair
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:150

grpc_auth_metadata_context::channel_auth_context
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server's identity.
Definition: grpc_security.h:261

grpc_metadata
A single metadata element.
Definition: grpc_types.h:384

grpc_auth_context
struct grpc_auth_context grpc_auth_context
— Authentication Context.
Definition: grpc_security.h:47

grpc_auth_property_iterator
struct grpc_auth_property_iterator grpc_auth_property_iterator

grpc_auth_context_peer_identity
GRPCAPI grpc_auth_property_iterator grpc_auth_context_peer_identity(const grpc_auth_context *ctx)
Gets the peer identity.

grpc_ssl_client_certificate_request_type
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:66

grpc_ssl_pem_key_cert_pair::cert_chain
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chai...
Definition: grpc_security.h:157

grpc_ssl_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.

grpc_ssl_roots_override_result
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:60

grpc_auth_metadata_processor
Pluggable server-side metadata processor object.
Definition: grpc_security.h:371

GRPCAPI
#define GRPCAPI
Definition: port_platform.h:420

grpc_channel_credentials
struct grpc_channel_credentials grpc_channel_credentials
— grpc_channel_credentials object.
Definition: grpc_security.h:121

grpc_metadata_credentials_plugin::state
void * state
State that will be set as the first parameter of the methods above.
Definition: grpc_security.h:285

grpc_server_credentials_release
GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds)
Releases a server_credentials object.

grpc_google_compute_engine_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.

grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
Definition: grpc_security.h:56

grpc_composite_call_credentials_create
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
Creates a composite call credentials object.

grpc_metadata_credentials_create_from_plugin
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, void *reserved)
Creates a credentials object from a plugin.

grpc_google_iam_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.

grpc_auth_property
struct grpc_auth_property grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.

status.h

grpc_auth_context_release
GRPCAPI void grpc_auth_context_release(grpc_auth_context *context)
Releases the auth context returned from grpc_call_auth_context.

grpc_auth_context_set_peer_identity_property_name
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name)
Sets the property name.

grpc_access_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was aquired by an out of band me...

grpc_auth_context_peer_identity_property_name
GRPCAPI const char * grpc_auth_context_peer_identity_property_name(const grpc_auth_context *ctx)
Gets the name of the property that indicates the peer identity.

gpr_timespec
Analogous to struct timespec.
Definition: gpr_types.h:62

grpc_credentials_plugin_metadata_cb
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: grpc_security.h:245

grpc_ssl_server_credentials_create_ex
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Same as grpc_ssl_server_credentials_create method except uses grpc_ssl_client_certificate_request_typ...

grpc.h

grpc_status_code
grpc_status_code
Definition: status.h:41

grpc_auth_context_peer_is_authenticated
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Returns 1 if the peer is authenticated, 0 otherwise.

grpc_auth_metadata_context
Context that can be used by metadata credentials plugin in order to create auth related metadata...
Definition: grpc_security.h:251

grpc_ssl_roots_override_callback
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: grpc_security.h:138

grpc_channel_credentials_release
GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds)
Releases a channel credentials object.