#include <grpc/support/port_platform.h>#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"#include <stdint.h>#include <time.h>#include <algorithm>#include <utility>#include <vector>#include <openssl/bio.h>#include <openssl/crypto.h>#include <openssl/evp.h>#include <openssl/pem.h>#include <openssl/x509.h>#include "absl/status/status.h"#include <grpc/impl/codegen/gpr_types.h>#include <grpc/slice.h>#include <grpc/support/log.h>#include <grpc/support/time.h>#include "src/core/lib/debug/trace.h"#include "src/core/lib/gprpp/stat.h"#include "src/core/lib/iomgr/error.h"#include "src/core/lib/iomgr/exec_ctx.h"#include "src/core/lib/iomgr/load_file.h"#include "src/core/lib/slice/slice_internal.h"#include "src/core/lib/slice/slice_refcount.h"#include "src/core/lib/surface/api_trace.h"
Go to the source code of this file.
Namespaces | |
| grpc_core | |
Functions | |
| grpc_tls_certificate_provider * | grpc_tls_certificate_provider_file_watcher_create (const char *private_key_path, const char *identity_certificate_path, const char *root_cert_path, unsigned int refresh_interval_sec) |
| void | grpc_tls_certificate_provider_release (grpc_tls_certificate_provider *provider) |
| grpc_tls_certificate_provider * | grpc_tls_certificate_provider_static_data_create (const char *root_certificate, grpc_tls_identity_pairs *pem_key_cert_pairs) |
| absl::StatusOr< bool > | grpc_core::PrivateKeyAndCertificateMatch (absl::string_view private_key, absl::string_view cert_chain) |
Function Documentation
◆ grpc_tls_certificate_provider_file_watcher_create()
| grpc_tls_certificate_provider* grpc_tls_certificate_provider_file_watcher_create | ( | const char * | private_key_path, |
| const char * | identity_certificate_path, | ||
| const char * | root_cert_path, | ||
| unsigned int | refresh_interval_sec | ||
| ) |
EXPERIMENTAL API - Subject to change
Creates a grpc_tls_certificate_provider that will watch the credential changes on the file system. This provider will always return the up-to-date cert data for all the cert names callers set through |grpc_tls_credentials_options|. Note that this API only supports one key-cert file and hence one set of identity key-cert pair, so SNI(Server Name Indication) is not supported.
- private_key_path is the file path of the private key. This must be set if |identity_certificate_path| is set. Otherwise, it could be null if no identity credentials are needed.
- identity_certificate_path is the file path of the identity certificate chain. This must be set if |private_key_path| is set. Otherwise, it could be null if no identity credentials are needed.
- root_cert_path is the file path to the root certificate bundle. This may be null if no root certs are needed.
- refresh_interval_sec is the refreshing interval that we will check the files for updates. It does not take ownership of parameters.
Definition at line 467 of file grpc_tls_certificate_provider.cc.
◆ grpc_tls_certificate_provider_release()
| void grpc_tls_certificate_provider_release | ( | grpc_tls_certificate_provider * | provider | ) |
EXPERIMENTAL API - Subject to change
Releases a grpc_tls_certificate_provider object. The creator of the grpc_tls_certificate_provider object is responsible for its release.
Definition at line 477 of file grpc_tls_certificate_provider.cc.
◆ grpc_tls_certificate_provider_static_data_create()
| grpc_tls_certificate_provider* grpc_tls_certificate_provider_static_data_create | ( | const char * | root_certificate, |
| grpc_tls_identity_pairs * | pem_key_cert_pairs | ||
| ) |
– Wrapper APIs declared in grpc_security.h –
Definition at line 449 of file grpc_tls_certificate_provider.cc.