GRPC Core  7.0.0
grpc_security.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_GRPC_SECURITY_H
20 #define GRPC_GRPC_SECURITY_H
21 
22 #include <grpc/support/port_platform.h>
23 
24 #include <grpc/grpc.h>
25 #include <grpc/grpc_security_constants.h>
26 #include <grpc/status.h>
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31 
34 typedef struct grpc_auth_context grpc_auth_context;
35 
36 typedef struct grpc_auth_property_iterator {
37  const grpc_auth_context* ctx;
38  size_t index;
39  const char* name;
40 } grpc_auth_property_iterator;
41 
43 typedef struct grpc_auth_property {
44  char* name;
45  char* value;
46  size_t value_length;
47 } grpc_auth_property;
48 
50 GRPCAPI const grpc_auth_property* grpc_auth_property_iterator_next(
51  grpc_auth_property_iterator* it);
52 
54 GRPCAPI grpc_auth_property_iterator
55 grpc_auth_context_property_iterator(const grpc_auth_context* ctx);
56 
59 GRPCAPI grpc_auth_property_iterator
60 grpc_auth_context_peer_identity(const grpc_auth_context* ctx);
61 
64 GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(
65  const grpc_auth_context* ctx, const char* name);
66 
69 GRPCAPI const char* grpc_auth_context_peer_identity_property_name(
70  const grpc_auth_context* ctx);
71 
73 GRPCAPI int grpc_auth_context_peer_is_authenticated(
74  const grpc_auth_context* ctx);
75 
78 GRPCAPI grpc_auth_context* grpc_call_auth_context(grpc_call* call);
79 
81 GRPCAPI void grpc_auth_context_release(grpc_auth_context* context);
82 
89 GRPCAPI void grpc_auth_context_add_property(grpc_auth_context* ctx,
90  const char* name, const char* value,
91  size_t value_length);
92 
94 GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context* ctx,
95  const char* name,
96  const char* value);
97 
100 GRPCAPI int grpc_auth_context_set_peer_identity_property_name(
101  grpc_auth_context* ctx, const char* name);
102 
108 typedef struct grpc_ssl_session_cache grpc_ssl_session_cache;
109 
112 GRPCAPI grpc_ssl_session_cache* grpc_ssl_session_cache_create_lru(
113  size_t capacity);
114 
116 GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache* cache);
117 
119 GRPCAPI grpc_arg
120 grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache* cache);
121 
127 typedef struct grpc_channel_credentials grpc_channel_credentials;
128 
131 GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials* creds);
132 
136 GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create(void);
137 
144 typedef grpc_ssl_roots_override_result (*grpc_ssl_roots_override_callback)(
145  char** pem_root_certs);
146 
152 GRPCAPI void grpc_set_ssl_roots_override_callback(
153  grpc_ssl_roots_override_callback cb);
154 
156 typedef struct {
159  const char* private_key;
160 
163  const char* cert_chain;
164 } grpc_ssl_pem_key_cert_pair;
165 
168 typedef struct {
175  int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
176  void* userdata);
179  void* verify_peer_callback_userdata;
183  void (*verify_peer_destruct)(void* userdata);
184 } verify_peer_options;
185 
213 GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create(
214  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
215  const verify_peer_options* verify_options, void* reserved);
216 
223 typedef struct grpc_call_credentials grpc_call_credentials;
224 
227 GRPCAPI void grpc_call_credentials_release(grpc_call_credentials* creds);
228 
230 GRPCAPI grpc_channel_credentials* grpc_composite_channel_credentials_create(
231  grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
232  void* reserved);
233 
235 GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create(
236  grpc_call_credentials* creds1, grpc_call_credentials* creds2,
237  void* reserved);
238 
242 GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create(
243  void* reserved);
244 
245 GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void);
246 
252 GRPCAPI grpc_call_credentials*
253 grpc_service_account_jwt_access_credentials_create(const char* json_key,
254  gpr_timespec token_lifetime,
255  void* reserved);
256 
263 GRPCAPI grpc_call_credentials* grpc_google_refresh_token_credentials_create(
264  const char* json_refresh_token, void* reserved);
265 
268 GRPCAPI grpc_call_credentials* grpc_access_token_credentials_create(
269  const char* access_token, void* reserved);
270 
272 GRPCAPI grpc_call_credentials* grpc_google_iam_credentials_create(
273  const char* authorization_token, const char* authority_selector,
274  void* reserved);
275 
287 typedef void (*grpc_credentials_plugin_metadata_cb)(
288  void* user_data, const grpc_metadata* creds_md, size_t num_creds_md,
289  grpc_status_code status, const char* error_details);
290 
293 typedef struct {
295  const char* service_url;
296 
300  const char* method_name;
301 
303  const grpc_auth_context* channel_auth_context;
304 
306  void* reserved;
307 } grpc_auth_metadata_context;
308 
311 #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
312 
318 typedef struct {
337  int (*get_metadata)(
338  void* state, grpc_auth_metadata_context context,
339  grpc_credentials_plugin_metadata_cb cb, void* user_data,
340  grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
341  size_t* num_creds_md, grpc_status_code* status,
342  const char** error_details);
343 
345  void (*destroy)(void* state);
346 
348  void* state;
349 
351  const char* type;
352 } grpc_metadata_credentials_plugin;
353 
355 GRPCAPI grpc_call_credentials* grpc_metadata_credentials_create_from_plugin(
356  grpc_metadata_credentials_plugin plugin, void* reserved);
357 
367 GRPCAPI grpc_channel* grpc_secure_channel_create(
368  grpc_channel_credentials* creds, const char* target,
369  const grpc_channel_args* args, void* reserved);
370 
375 typedef struct grpc_server_credentials grpc_server_credentials;
376 
380 GRPCAPI void grpc_server_credentials_release(grpc_server_credentials* creds);
381 
386 typedef struct grpc_ssl_server_certificate_config
387  grpc_ssl_server_certificate_config;
388 
399 GRPCAPI grpc_ssl_server_certificate_config*
400 grpc_ssl_server_certificate_config_create(
401  const char* pem_root_certs,
402  const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
403  size_t num_key_cert_pairs);
404 
406 GRPCAPI void grpc_ssl_server_certificate_config_destroy(
407  grpc_ssl_server_certificate_config* config);
408 
415 typedef grpc_ssl_certificate_config_reload_status (
416  *grpc_ssl_server_certificate_config_callback)(
417  void* user_data, grpc_ssl_server_certificate_config** config);
418 
431 GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create(
432  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
433  size_t num_key_cert_pairs, int force_client_auth, void* reserved);
434 
439 GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create_ex(
440  const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
441  size_t num_key_cert_pairs,
442  grpc_ssl_client_certificate_request_type client_certificate_request,
443  void* reserved);
444 
445 typedef struct grpc_ssl_server_credentials_options
446  grpc_ssl_server_credentials_options;
447 
452 GRPCAPI grpc_ssl_server_credentials_options*
453 grpc_ssl_server_credentials_create_options_using_config(
454  grpc_ssl_client_certificate_request_type client_certificate_request,
455  grpc_ssl_server_certificate_config* certificate_config);
456 
464 GRPCAPI grpc_ssl_server_credentials_options*
465 grpc_ssl_server_credentials_create_options_using_config_fetcher(
466  grpc_ssl_client_certificate_request_type client_certificate_request,
467  grpc_ssl_server_certificate_config_callback cb, void* user_data);
468 
470 GRPCAPI void grpc_ssl_server_credentials_options_destroy(
471  grpc_ssl_server_credentials_options* options);
472 
475 GRPCAPI grpc_server_credentials*
476 grpc_ssl_server_credentials_create_with_options(
477  grpc_ssl_server_credentials_options* options);
478 
484 GRPCAPI int grpc_server_add_secure_http2_port(grpc_server* server,
485  const char* addr,
486  grpc_server_credentials* creds);
487 
492 GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call* call,
493  grpc_call_credentials* creds);
494 
506 typedef void (*grpc_process_auth_metadata_done_cb)(
507  void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
508  const grpc_metadata* response_md, size_t num_response_md,
509  grpc_status_code status, const char* error_details);
510 
512 typedef struct {
517  void (*process)(void* state, grpc_auth_context* context,
518  const grpc_metadata* md, size_t num_md,
519  grpc_process_auth_metadata_done_cb cb, void* user_data);
520  void (*destroy)(void* state);
521  void* state;
522 } grpc_auth_metadata_processor;
523 
524 GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(
525  grpc_server_credentials* creds, grpc_auth_metadata_processor processor);
526 
537 typedef struct grpc_alts_credentials_options grpc_alts_credentials_options;
538 
543 GRPCAPI grpc_alts_credentials_options*
544 grpc_alts_credentials_client_options_create(void);
545 
550 GRPCAPI grpc_alts_credentials_options*
551 grpc_alts_credentials_server_options_create(void);
552 
561 GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(
562  grpc_alts_credentials_options* options, const char* service_account);
563 
572 GRPCAPI void grpc_alts_credentials_options_destroy(
573  grpc_alts_credentials_options* options);
574 
583 GRPCAPI grpc_channel_credentials* grpc_alts_credentials_create(
584  const grpc_alts_credentials_options* options);
585 
594 GRPCAPI grpc_server_credentials* grpc_alts_server_credentials_create(
595  const grpc_alts_credentials_options* options);
596 
607 GRPCAPI grpc_channel_credentials* grpc_local_credentials_create(
608  grpc_local_connect_type type);
609 
618 GRPCAPI grpc_server_credentials* grpc_local_server_credentials_create(
619  grpc_local_connect_type type);
620 
626 typedef struct grpc_tls_key_materials_config grpc_tls_key_materials_config;
627 
630 typedef struct grpc_tls_credential_reload_config
631  grpc_tls_credential_reload_config;
632 
635 typedef struct grpc_tls_server_authorization_check_config
636  grpc_tls_server_authorization_check_config;
637 
640 typedef struct grpc_tls_credentials_options grpc_tls_credentials_options;
641 
644 GRPCAPI grpc_tls_credentials_options* grpc_tls_credentials_options_create();
645 
650 GRPCAPI int grpc_tls_credentials_options_set_cert_request_type(
651  grpc_tls_credentials_options* options,
652  grpc_ssl_client_certificate_request_type type);
653 
659 GRPCAPI int grpc_tls_credentials_options_set_key_materials_config(
660  grpc_tls_credentials_options* options,
661  grpc_tls_key_materials_config* config);
662 
668 GRPCAPI int grpc_tls_credentials_options_set_credential_reload_config(
669  grpc_tls_credentials_options* options,
670  grpc_tls_credential_reload_config* config);
671 
677 GRPCAPI int grpc_tls_credentials_options_set_server_authorization_check_config(
678  grpc_tls_credentials_options* options,
679  grpc_tls_server_authorization_check_config* config);
680 
686 GRPCAPI grpc_tls_key_materials_config* grpc_tls_key_materials_config_create();
687 
695 GRPCAPI int grpc_tls_key_materials_config_set_key_materials(
696  grpc_tls_key_materials_config* config, const char* pem_root_certs,
697  const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
698  size_t num_key_cert_pairs);
699 
703 typedef struct grpc_tls_credential_reload_arg grpc_tls_credential_reload_arg;
704 
709 typedef void (*grpc_tls_on_credential_reload_done_cb)(
710  grpc_tls_credential_reload_arg* arg);
711 
719 struct grpc_tls_credential_reload_arg {
720  grpc_tls_on_credential_reload_done_cb cb;
721  void* cb_user_data;
722  grpc_tls_key_materials_config* key_materials_config;
723  grpc_ssl_certificate_config_reload_status status;
724  const char* error_details;
725 };
726 
747 GRPCAPI grpc_tls_credential_reload_config*
748 grpc_tls_credential_reload_config_create(
749  const void* config_user_data,
750  int (*schedule)(void* config_user_data,
751  grpc_tls_credential_reload_arg* arg),
752  void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
753  void (*destruct)(void* config_user_data));
754 
758 typedef struct grpc_tls_server_authorization_check_arg
759  grpc_tls_server_authorization_check_arg;
760 
765 typedef void (*grpc_tls_on_server_authorization_check_done_cb)(
766  grpc_tls_server_authorization_check_arg* arg);
767 
779 struct grpc_tls_server_authorization_check_arg {
780  grpc_tls_on_server_authorization_check_done_cb cb;
781  void* cb_user_data;
782  int success;
783  const char* target_name;
784  const char* peer_cert;
785  grpc_status_code status;
786  const char* error_details;
787 };
788 
809 GRPCAPI grpc_tls_server_authorization_check_config*
810 grpc_tls_server_authorization_check_config_create(
811  const void* config_user_data,
812  int (*schedule)(void* config_user_data,
813  grpc_tls_server_authorization_check_arg* arg),
814  void (*cancel)(void* config_user_data,
815  grpc_tls_server_authorization_check_arg* arg),
816  void (*destruct)(void* config_user_data));
817 
832 grpc_channel_credentials* grpc_tls_spiffe_credentials_create(
833  grpc_tls_credentials_options* options);
834 
846 grpc_server_credentials* grpc_tls_spiffe_server_credentials_create(
847  grpc_tls_credentials_options* options);
848 
849 #ifdef __cplusplus
850 }
851 #endif
852 
853 #endif /* GRPC_GRPC_SECURITY_H */
grpc_ssl_certificate_config_reload_status
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:53
grpc_call
struct grpc_call grpc_call
A Call represents an RPC.
Definition: grpc_types.h:70
grpc_auth_context_find_properties_by_name
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Finds a property in the context.
grpc_auth_context_add_cstring_property
GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, const char *name, const char *value)
Add a C string property.
grpc_tls_server_authorization_check_arg::peer_cert
const char * peer_cert
Definition: grpc_security.h:784
grpc_auth_context_property_iterator
GRPCAPI grpc_auth_property_iterator grpc_auth_context_property_iterator(const grpc_auth_context *ctx)
Iterates over the auth context.
grpc_auth_property::value_length
size_t value_length
Definition: grpc_security.h:46
grpc_server_credentials
struct grpc_server_credentials grpc_server_credentials
— grpc_server_credentials object.
Definition: grpc_security.h:375
grpc_call_set_credentials
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds)
— Call specific credentials.
grpc_ssl_session_cache_create_lru
GRPCAPI grpc_ssl_session_cache * grpc_ssl_session_cache_create_lru(size_t capacity)
Create LRU cache for client-side SSL sessions with the given capacity.
grpc_tls_credentials_options_set_key_materials_config
GRPCAPI int grpc_tls_credentials_options_set_key_materials_config(grpc_tls_credentials_options *options, grpc_tls_key_materials_config *config)
Set grpc_tls_key_materials_config field in credentials options with the provided config struct whose ...
grpc_tls_credentials_options_set_cert_request_type
GRPCAPI int grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
Set grpc_ssl_client_certificate_request_type field in credentials options with the provided type...
grpc_tls_credential_reload_config
struct grpc_tls_credential_reload_config grpc_tls_credential_reload_config
Config for TLS credential reload.
Definition: grpc_security.h:630
grpc_tls_server_authorization_check_arg
A struct containing all information necessary to schedule/cancel a server authorization check request...
Definition: grpc_security.h:779
grpc_ssl_session_cache
struct grpc_ssl_session_cache grpc_ssl_session_cache
— SSL Session Cache.
Definition: grpc_security.h:108
grpc_channel_args
An array of arguments that can be passed around.
Definition: grpc_types.h:132
grpc_auth_property::value
char * value
Definition: grpc_security.h:45
grpc_composite_channel_credentials_create
GRPCAPI grpc_channel_credentials * grpc_composite_channel_credentials_create(grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved)
Creates a composite channel credentials object.
grpc_channel
struct grpc_channel grpc_channel
The Channel interface allows creation of Call objects.
Definition: grpc_types.h:62
grpc_local_credentials_create
GRPCAPI grpc_channel_credentials * grpc_local_credentials_create(grpc_local_connect_type type)
— Local channel/server credentials —
grpc_service_account_jwt_access_credentials_create
GRPCAPI grpc_call_credentials * grpc_service_account_jwt_access_credentials_create(const char *json_key, gpr_timespec token_lifetime, void *reserved)
Creates a JWT credentials object.
grpc_server_credentials_set_auth_metadata_processor
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(grpc_server_credentials *creds, grpc_auth_metadata_processor processor)
grpc_ssl_credentials_create
GRPCAPI grpc_channel_credentials * grpc_ssl_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const verify_peer_options *verify_options, void *reserved)
Creates an SSL credentials object.
grpc_metadata_credentials_plugin
grpc_metadata_credentials plugin is an API user provided structure used to create grpc_credentials ob...
Definition: grpc_security.h:318
grpc_ssl_server_certificate_config_destroy
GRPCAPI void grpc_ssl_server_certificate_config_destroy(grpc_ssl_server_certificate_config *config)
Destroys a grpc_ssl_server_certificate_config object.
grpc_auth_metadata_context::method_name
const char * method_name
The method name of the RPC being called (not fully qualified).
Definition: grpc_security.h:300
grpc_tls_credential_reload_arg
A struct containing all information necessary to schedule/cancel a credential reload request...
Definition: grpc_security.h:719
grpc_alts_credentials_create
GRPCAPI grpc_channel_credentials * grpc_alts_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS channel credential object.
grpc_ssl_roots_override_callback
grpc_ssl_roots_override_result(* grpc_ssl_roots_override_callback)(char **pem_root_certs)
Callback for getting the SSL roots override from the application.
Definition: grpc_security.h:144
grpc_metadata_credentials_plugin::type
const char * type
Type of credentials that this plugin is implementing.
Definition: grpc_security.h:351
grpc_tls_credential_reload_arg::status
grpc_ssl_certificate_config_reload_status status
Definition: grpc_security.h:723
grpc_ssl_pem_key_cert_pair::private_key
const char * private_key
private_key is the NULL-terminated string containing the PEM encoding of the client&#39;s private key...
Definition: grpc_security.h:159
grpc_tls_server_authorization_check_arg::cb
grpc_tls_on_server_authorization_check_done_cb cb
Definition: grpc_security.h:780
grpc_alts_credentials_client_options_add_target_service_account
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
This method adds a target service account to grpc client&#39;s ALTS credentials options instance...
grpc_alts_credentials_server_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_server_options_create(void)
This method creates a grpc ALTS credentials server options instance.
grpc_google_refresh_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_refresh_token_credentials_create(const char *json_refresh_token, void *reserved)
Creates an Oauth2 Refresh Token credentials object for connecting to Google.
verify_peer_options::verify_peer_callback_userdata
void * verify_peer_callback_userdata
Arbitrary userdata that will be passed as the last argument to verify_peer_callback.
Definition: grpc_security.h:179
grpc_server
struct grpc_server grpc_server
A server listens to some port and responds to request calls.
Definition: grpc_types.h:65
grpc_credentials_plugin_metadata_cb
void(* grpc_credentials_plugin_metadata_cb)(void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, grpc_status_code status, const char *error_details)
Callback function to be called by the metadata credentials plugin implementation when the metadata is...
Definition: grpc_security.h:287
grpc_tls_server_authorization_check_arg::error_details
const char * error_details
Definition: grpc_security.h:786
grpc_arg
A single argument...
Definition: grpc_types.h:103
grpc_auth_metadata_processor::state
void * state
Definition: grpc_security.h:521
grpc_security_constants.h
grpc_tls_credentials_options_set_server_authorization_check_config
GRPCAPI int grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options *options, grpc_tls_server_authorization_check_config *config)
Set grpc_tls_server_authorization_check_config field in credentials options with the provided config ...
grpc_auth_property::name
char * name
Definition: grpc_security.h:44
grpc_auth_metadata_context::reserved
void * reserved
Reserved for future use.
Definition: grpc_security.h:306
grpc_secure_channel_create
GRPCAPI grpc_channel * grpc_secure_channel_create(grpc_channel_credentials *creds, const char *target, const grpc_channel_args *args, void *reserved)
— Secure channel creation.
grpc_auth_context_add_property
GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, const char *value, size_t value_length)
– The following auth context methods should only be called by a server metadata processor to set pro...
grpc_ssl_server_credentials_create_with_options
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_with_options(grpc_ssl_server_credentials_options *options)
Creates an SSL server_credentials object using the provided options struct.
grpc_google_default_credentials_create
GRPCAPI grpc_channel_credentials * grpc_google_default_credentials_create(void)
Creates default credentials to connect to a google gRPC service.
grpc_process_auth_metadata_done_cb
void(* grpc_process_auth_metadata_done_cb)(void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, const grpc_metadata *response_md, size_t num_response_md, grpc_status_code status, const char *error_details)
— Auth Metadata Processing —
Definition: grpc_security.h:506
grpc_set_ssl_roots_override_callback
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Setup a callback to override the default TLS/SSL roots.
grpc_call_error
grpc_call_error
Result of a grpc call.
Definition: grpc_types.h:380
grpc_ssl_server_credentials_options
struct grpc_ssl_server_credentials_options grpc_ssl_server_credentials_options
Definition: grpc_security.h:445
grpc_call_auth_context
GRPCAPI grpc_auth_context * grpc_call_auth_context(grpc_call *call)
Gets the auth context from the call.
grpc_tls_credentials_options_set_credential_reload_config
GRPCAPI int grpc_tls_credentials_options_set_credential_reload_config(grpc_tls_credentials_options *options, grpc_tls_credential_reload_config *config)
Set grpc_tls_credential_reload_config field in credentials options with the provided config struct wh...
grpc_server_add_secure_http2_port
GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, grpc_server_credentials *creds)
— Server-side secure ports.
grpc_auth_property_iterator::ctx
const grpc_auth_context * ctx
Definition: grpc_security.h:37
grpc_ssl_server_credentials_options_destroy
GRPCAPI void grpc_ssl_server_credentials_options_destroy(grpc_ssl_server_credentials_options *options)
Destroys a grpc_ssl_server_credentials_options object.
grpc_ssl_session_cache_destroy
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache *cache)
Destroy SSL session cache.
grpc_auth_property_iterator_next
GRPCAPI const grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Returns NULL when the iterator is at the end.
grpc_auth_metadata_context::service_url
const char * service_url
The fully qualifed service url.
Definition: grpc_security.h:295
grpc_auth_property_iterator::name
const char * name
Definition: grpc_security.h:39
grpc_call_credentials_release
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds)
Releases a call credentials object.
grpc_auth_property_iterator::index
size_t index
Definition: grpc_security.h:38
grpc_tls_on_server_authorization_check_done_cb
void(* grpc_tls_on_server_authorization_check_done_cb)(grpc_tls_server_authorization_check_arg *arg)
callback function provided by gRPC used to handle the result of server authorization check...
Definition: grpc_security.h:765
GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX
Maximum number of metadata entries returnable by a credentials plugin via a synchronous return...
Definition: grpc_security.h:311
grpc_auth_property_iterator
Definition: grpc_security.h:36
grpc_tls_server_authorization_check_arg::status
grpc_status_code status
Definition: grpc_security.h:785
grpc_tls_server_authorization_check_config
struct grpc_tls_server_authorization_check_config grpc_tls_server_authorization_check_config
Config for TLS server authorization check.
Definition: grpc_security.h:635
grpc_call_credentials
struct grpc_call_credentials grpc_call_credentials
— grpc_call_credentials object.
Definition: grpc_security.h:223
grpc_tls_credentials_options
struct grpc_tls_credentials_options grpc_tls_credentials_options
TLS credentials options.
Definition: grpc_security.h:640
grpc_ssl_pem_key_cert_pair
Object that holds a private key / certificate chain pair in PEM format.
Definition: grpc_security.h:156
grpc_auth_metadata_context::channel_auth_context
const grpc_auth_context * channel_auth_context
The auth_context of the channel which gives the server&#39;s identity.
Definition: grpc_security.h:303
grpc_metadata
A single metadata element.
Definition: grpc_types.h:458
grpc_auth_context
struct grpc_auth_context grpc_auth_context
— Authentication Context.
Definition: grpc_security.h:34
grpc_auth_property_iterator
struct grpc_auth_property_iterator grpc_auth_property_iterator
grpc_tls_credential_reload_arg::error_details
const char * error_details
Definition: grpc_security.h:724
grpc_auth_context_peer_identity
GRPCAPI grpc_auth_property_iterator grpc_auth_context_peer_identity(const grpc_auth_context *ctx)
Gets the peer identity.
grpc_ssl_server_credentials_create_options_using_config_fetcher
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config_fetcher(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config_callback cb, void *user_data)
Creates an options object using a certificate config fetcher.
grpc_tls_on_credential_reload_done_cb
void(* grpc_tls_on_credential_reload_done_cb)(grpc_tls_credential_reload_arg *arg)
A callback function provided by gRPC to handle the result of credential reload.
Definition: grpc_security.h:709
grpc_ssl_server_certificate_config
struct grpc_ssl_server_certificate_config grpc_ssl_server_certificate_config
Server certificate config object holds the server&#39;s public certificates and associated private keys...
Definition: grpc_security.h:386
grpc_tls_server_authorization_check_config_create
GRPCAPI grpc_tls_server_authorization_check_config * grpc_tls_server_authorization_check_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_server_authorization_check_config instance.
grpc_ssl_client_certificate_request_type
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:59
grpc_ssl_pem_key_cert_pair::cert_chain
const char * cert_chain
cert_chain is the NULL-terminated string containing the PEM encoding of the client&#39;s certificate chai...
Definition: grpc_security.h:163
grpc_alts_credentials_client_options_create
GRPCAPI grpc_alts_credentials_options * grpc_alts_credentials_client_options_create(void)
This method creates a grpc ALTS credentials client options instance.
grpc_local_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_local_server_credentials_create(grpc_local_connect_type type)
This method creates a local server credential object.
grpc_tls_credential_reload_config_create
GRPCAPI grpc_tls_credential_reload_config * grpc_tls_credential_reload_config_create(const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_credential_reload_arg *arg), void(*destruct)(void *config_user_data))
Create a grpc_tls_credential_reload_config instance.
grpc_ssl_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
grpc_ssl_roots_override_result
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:46
grpc_auth_metadata_processor
Pluggable server-side metadata processor object.
Definition: grpc_security.h:512
GRPCAPI
#define GRPCAPI
Definition: port_platform.h:542
grpc_channel_credentials
struct grpc_channel_credentials grpc_channel_credentials
— grpc_channel_credentials object.
Definition: grpc_security.h:127
grpc_metadata_credentials_plugin::state
void * state
State that will be set as the first parameter of the methods above.
Definition: grpc_security.h:348
grpc_tls_server_authorization_check_arg::cb_user_data
void * cb_user_data
Definition: grpc_security.h:781
grpc_server_credentials_release
GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds)
Releases a server_credentials object.
grpc_tls_credential_reload_arg::cb
grpc_tls_on_credential_reload_done_cb cb
Definition: grpc_security.h:720
grpc_tls_credential_reload_arg::cb_user_data
void * cb_user_data
Definition: grpc_security.h:721
grpc_google_compute_engine_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_compute_engine_credentials_create(void *reserved)
Creates a compute engine credentials object for connecting to Google.
grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
Definition: grpc_security.h:43
grpc_composite_call_credentials_create
GRPCAPI grpc_call_credentials * grpc_composite_call_credentials_create(grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved)
Creates a composite call credentials object.
grpc_metadata_credentials_create_from_plugin
GRPCAPI grpc_call_credentials * grpc_metadata_credentials_create_from_plugin(grpc_metadata_credentials_plugin plugin, void *reserved)
Creates a credentials object from a plugin.
grpc_google_iam_credentials_create
GRPCAPI grpc_call_credentials * grpc_google_iam_credentials_create(const char *authorization_token, const char *authority_selector, void *reserved)
Creates an IAM credentials object for connecting to Google.
grpc_auth_property
struct grpc_auth_property grpc_auth_property
value, if not NULL, is guaranteed to be NULL terminated.
grpc_tls_credentials_options_create
GRPCAPI grpc_tls_credentials_options * grpc_tls_credentials_options_create()
Create an empty TLS credentials options.
grpc_tls_server_authorization_check_arg::success
int success
Definition: grpc_security.h:782
grpc_auth_context_release
GRPCAPI void grpc_auth_context_release(grpc_auth_context *context)
Releases the auth context returned from grpc_call_auth_context.
grpc_auth_context_set_peer_identity_property_name
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, const char *name)
Sets the property name.
grpc_access_token_credentials_create
GRPCAPI grpc_call_credentials * grpc_access_token_credentials_create(const char *access_token, void *reserved)
Creates an Oauth2 Access Token credentials with an access token that was aquired by an out of band me...
verify_peer_options
Object that holds additional peer-verification options on a secure channel.
Definition: grpc_security.h:168
grpc_auth_context_peer_identity_property_name
GRPCAPI const char * grpc_auth_context_peer_identity_property_name(const grpc_auth_context *ctx)
Gets the name of the property that indicates the peer identity.
grpc_ssl_session_cache_create_channel_arg
GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache *cache)
Create a channel arg with the given cache object.
gpr_timespec
Analogous to struct timespec.
Definition: gpr_types.h:47
grpc_tls_key_materials_config
struct grpc_tls_key_materials_config grpc_tls_key_materials_config
— SPIFFE and HTTPS-based TLS channel/server credentials — It is used for experimental purpose for n...
Definition: grpc_security.h:626
grpc_tls_spiffe_server_credentials_create
grpc_server_credentials * grpc_tls_spiffe_server_credentials_create(grpc_tls_credentials_options *options)
This method creates a TLS server credential object.
grpc_ssl_server_certificate_config_create
GRPCAPI grpc_ssl_server_certificate_config * grpc_ssl_server_certificate_config_create(const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Creates a grpc_ssl_server_certificate_config object.
grpc_alts_credentials_options
struct grpc_alts_credentials_options grpc_alts_credentials_options
— ALTS channel/server credentials —
Definition: grpc_security.h:537
grpc_alts_credentials_options_destroy
GRPCAPI void grpc_alts_credentials_options_destroy(grpc_alts_credentials_options *options)
This method destroys a grpc_alts_credentials_options instance by de-allocating all of its occupied me...
grpc_ssl_server_certificate_config_callback
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authe...
Definition: grpc_security.h:416
grpc_ssl_server_credentials_create_ex
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create_ex(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved)
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
grpc_status_code
grpc_status_code
Definition: status.h:26
grpc_max_auth_token_lifetime
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void)
grpc_tls_server_authorization_check_arg::target_name
const char * target_name
Definition: grpc_security.h:783
grpc_tls_key_materials_config_create
GRPCAPI grpc_tls_key_materials_config * grpc_tls_key_materials_config_create()
— TLS key materials config.
grpc_ssl_server_credentials_create_options_using_config
GRPCAPI grpc_ssl_server_credentials_options * grpc_ssl_server_credentials_create_options_using_config(grpc_ssl_client_certificate_request_type client_certificate_request, grpc_ssl_server_certificate_config *certificate_config)
Creates an options object using a certificate config.
port_platform.h
grpc_tls_key_materials_config_set_key_materials
GRPCAPI int grpc_tls_key_materials_config_set_key_materials(grpc_tls_key_materials_config *config, const char *pem_root_certs, const grpc_ssl_pem_key_cert_pair **pem_key_cert_pairs, size_t num_key_cert_pairs)
Set grpc_tls_key_materials_config instance with provided a TLS certificate.
grpc_local_connect_type
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:112
grpc_auth_context_peer_is_authenticated
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Returns 1 if the peer is authenticated, 0 otherwise.
grpc_auth_metadata_context
Context that can be used by metadata credentials plugin in order to create auth related metadata...
Definition: grpc_security.h:293
grpc_tls_spiffe_credentials_create
grpc_channel_credentials * grpc_tls_spiffe_credentials_create(grpc_tls_credentials_options *options)
— SPIFFE channel/server credentials —
grpc_tls_credential_reload_arg::key_materials_config
grpc_tls_key_materials_config * key_materials_config
Definition: grpc_security.h:722
grpc_channel_credentials_release
GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds)
Releases a channel credentials object.
grpc_alts_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_alts_server_credentials_create(const grpc_alts_credentials_options *options)
This method creates an ALTS server credential object.
Generated on Wed Apr 17 2019 12:09:07 for GRPC Core by   doxygen 1.8.13