ssl_credentials.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2016 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H
19 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H
20 
21 #include <grpc/support/port_platform.h>
22 
23 #include <stddef.h>
24 
25 #include <grpc/grpc.h>
26 #include <grpc/grpc_security.h>
27 #include <grpc/grpc_security_constants.h>
28 #include <grpc/impl/codegen/grpc_types.h>
29 #include <grpc/support/log.h>
30 
31 #include "src/core/lib/gpr/useful.h"
32 #include "src/core/lib/gprpp/ref_counted_ptr.h"
33 #include "src/core/lib/gprpp/unique_type_name.h"
34 #include "src/core/lib/security/credentials/credentials.h"
35 #include "src/core/lib/security/security_connector/security_connector.h"
36 #include "src/core/lib/security/security_connector/ssl/ssl_security_connector.h"
37 #include "src/core/tsi/ssl_transport_security.h"
38 
39 class grpc_ssl_credentials : public grpc_channel_credentials {
40  public:
41  grpc_ssl_credentials(const char* pem_root_certs,
42  grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
43  const grpc_ssl_verify_peer_options* verify_options);
44 
45  ~grpc_ssl_credentials() override;
46 
47  grpc_core::RefCountedPtr<grpc_channel_security_connector>
48  create_security_connector(
49  grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
50  const char* target, const grpc_channel_args* args,
51  grpc_channel_args** new_args) override;
52 
53  static grpc_core::UniqueTypeName Type();
54 
55  grpc_core::UniqueTypeName type() const override { return Type(); }
56 
57  // TODO(mattstev): Plumb to wrapped languages. Until then, setting the TLS
58  // version should be done for testing purposes only.
59  void set_min_tls_version(grpc_tls_version min_tls_version);
60  void set_max_tls_version(grpc_tls_version max_tls_version);
61 
62  private:
63  int cmp_impl(const grpc_channel_credentials* other) const override {
64  // TODO(yashykt): Check if we can do something better here
65  return grpc_core::QsortCompare(
66  static_cast<const grpc_channel_credentials*>(this), other);
67  }
68 
69  void build_config(const char* pem_root_certs,
70  grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
71  const grpc_ssl_verify_peer_options* verify_options);
72 
73  grpc_ssl_config config_;
74 };
75 
76 struct grpc_ssl_server_certificate_config {
77  grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs = nullptr;
78  size_t num_key_cert_pairs = 0;
79  char* pem_root_certs = nullptr;
80 };
81 
82 struct grpc_ssl_server_certificate_config_fetcher {
83  grpc_ssl_server_certificate_config_callback cb = nullptr;
84  void* user_data;
85 };
86 
87 class grpc_ssl_server_credentials final : public grpc_server_credentials {
88  public:
89  explicit grpc_ssl_server_credentials(
90  const grpc_ssl_server_credentials_options& options);
91  ~grpc_ssl_server_credentials() override;
92 
93  grpc_core::RefCountedPtr<grpc_server_security_connector>
94  create_security_connector(const grpc_channel_args* /* args */) override;
95 
96  static grpc_core::UniqueTypeName Type();
97 
98  grpc_core::UniqueTypeName type() const override { return Type(); }
99 
100  bool has_cert_config_fetcher() const {
101  return certificate_config_fetcher_.cb != nullptr;
102  }
103 
104  grpc_ssl_certificate_config_reload_status FetchCertConfig(
105  grpc_ssl_server_certificate_config** config) {
106  GPR_DEBUG_ASSERT(has_cert_config_fetcher());
107  return certificate_config_fetcher_.cb(certificate_config_fetcher_.user_data,
108  config);
109  }
110 
111  // TODO(mattstev): Plumb to wrapped languages. Until then, setting the TLS
112  // version should be done for testing purposes only.
113  void set_min_tls_version(grpc_tls_version min_tls_version);
114  void set_max_tls_version(grpc_tls_version max_tls_version);
115 
116  const grpc_ssl_server_config& config() const { return config_; }
117 
118  private:
119  void build_config(
120  const char* pem_root_certs,
121  grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs,
122  grpc_ssl_client_certificate_request_type client_certificate_request);
123 
124  grpc_ssl_server_config config_;
125  grpc_ssl_server_certificate_config_fetcher certificate_config_fetcher_;
126 };
127 
128 tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs(
129  const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
130  size_t num_key_cert_pairs);
131 
132 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_SSL_SSL_CREDENTIALS_H */
grpc_ssl_server_certificate_config::pem_root_certs
char * pem_root_certs
Definition: ssl_credentials.h:79
grpc_ssl_credentials::Type
static grpc_core::UniqueTypeName Type()
Definition: ssl_credentials.cc:90
grpc_ssl_credentials::config_
grpc_ssl_config config_
Definition: ssl_credentials.h:73
log.h
grpc_ssl_credentials::create_security_connector
grpc_core::RefCountedPtr< grpc_channel_security_connector > create_security_connector(grpc_core::RefCountedPtr< grpc_call_credentials > call_creds, const char *target, const grpc_channel_args *args, grpc_channel_args **new_args) override
Definition: ssl_credentials.cc:59
grpc_ssl_credentials
Definition: ssl_credentials.h:39
grpc_ssl_server_credentials::config_
grpc_ssl_server_config config_
Definition: ssl_credentials.h:124
grpc_ssl_server_certificate_config_fetcher
Definition: ssl_credentials.h:82
grpc_ssl_server_credentials::grpc_ssl_server_credentials
grpc_ssl_server_credentials(const grpc_ssl_server_credentials_options &options)
Definition: ssl_credentials.cc:173
grpc_ssl_verify_peer_options
Definition: grpc_security.h:207
GPR_DEBUG_ASSERT
#define GPR_DEBUG_ASSERT(x)
Definition: include/grpc/impl/codegen/log.h:103
pem_root_certs
static char * pem_root_certs
Definition: rb_channel_credentials.c:38
grpc_ssl_server_credentials::Type
static grpc_core::UniqueTypeName Type()
Definition: ssl_credentials.cc:197
tsi_ssl_pem_key_cert_pair
Definition: ssl_transport_security.h:101
grpc_ssl_server_credentials::has_cert_config_fetcher
bool has_cert_config_fetcher() const
Definition: ssl_credentials.h:100
grpc_ssl_server_credentials::config
const grpc_ssl_server_config & config() const
Definition: ssl_credentials.h:116
grpc_ssl_certificate_config_reload_status
grpc_ssl_certificate_config_reload_status
Definition: grpc_security_constants.h:73
options
double_dict options[]
Definition: capstone_test.c:55
useful.h
grpc_ssl_server_credentials::set_min_tls_version
void set_min_tls_version(grpc_tls_version min_tls_version)
Definition: ssl_credentials.cc:231
grpc_ssl_credentials::cmp_impl
int cmp_impl(const grpc_channel_credentials *other) const override
Definition: ssl_credentials.h:63
grpc_ssl_server_credentials::certificate_config_fetcher_
grpc_ssl_server_certificate_config_fetcher certificate_config_fetcher_
Definition: ssl_credentials.h:125
grpc_security.h
ssl_transport_security.h
grpc_ssl_server_credentials_options
Definition: ssl_credentials.cc:167
credentials.h
grpc_channel_args
Definition: grpc_types.h:132
grpc_ssl_server_credentials::create_security_connector
grpc_core::RefCountedPtr< grpc_server_security_connector > create_security_connector(const grpc_channel_args *) override
Definition: ssl_credentials.cc:192
ssl_security_connector.h
grpc_ssl_server_certificate_config::num_key_cert_pairs
size_t num_key_cert_pairs
Definition: ssl_credentials.h:78
grpc_types.h
grpc_ssl_credentials::build_config
void build_config(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options)
Definition: ssl_credentials.cc:95
asyncio_get_stats.args
args
Definition: asyncio_get_stats.py:40
grpc_core::RefCountedPtr< grpc_channel_security_connector >
grpc_ssl_credentials::set_min_tls_version
void set_min_tls_version(grpc_tls_version min_tls_version)
Definition: ssl_credentials.cc:120
grpc.h
security_connector.h
call_creds
void call_creds(grpc_end2end_test_config config)
Definition: call_creds.cc:523
grpc_ssl_server_credentials::~grpc_ssl_server_credentials
~grpc_ssl_server_credentials() override
Definition: ssl_credentials.cc:186
grpc_convert_grpc_to_tsi_cert_pairs
tsi_ssl_pem_key_cert_pair * grpc_convert_grpc_to_tsi_cert_pairs(const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs)
Definition: ssl_credentials.cc:202
grpc_ssl_client_certificate_request_type
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:79
grpc_tls_version
grpc_tls_version
Definition: grpc_security_constants.h:146
grpc_ssl_credentials::set_max_tls_version
void set_max_tls_version(grpc_tls_version max_tls_version)
Definition: ssl_credentials.cc:125
grpc_ssl_server_certificate_config_fetcher::user_data
void * user_data
Definition: ssl_credentials.h:84
grpc_ssl_server_credentials::build_config
void build_config(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request)
Definition: ssl_credentials.cc:220
grpc_ssl_server_certificate_config
Definition: ssl_credentials.h:76
grpc_ssl_server_credentials::type
grpc_core::UniqueTypeName type() const override
Definition: ssl_credentials.h:98
grpc_ssl_server_credentials
Definition: ssl_credentials.h:87
grpc_ssl_server_certificate_config::pem_key_cert_pairs
grpc_ssl_pem_key_cert_pair * pem_key_cert_pairs
Definition: ssl_credentials.h:77
grpc_server_credentials
Definition: src/core/lib/security/credentials/credentials.h:259
grpc_ssl_server_credentials::FetchCertConfig
grpc_ssl_certificate_config_reload_status FetchCertConfig(grpc_ssl_server_certificate_config **config)
Definition: ssl_credentials.h:104
grpc_core::UniqueTypeName
Definition: unique_type_name.h:56
grpc_core::QsortCompare
int QsortCompare(const T &a, const T &b)
Definition: useful.h:95
grpc_ssl_server_certificate_config_callback
grpc_ssl_certificate_config_reload_status(* grpc_ssl_server_certificate_config_callback)(void *user_data, grpc_ssl_server_certificate_config **config)
Definition: grpc_security.h:504
grpc_security_constants.h
unique_type_name.h
grpc_ssl_config
Definition: ssl_security_connector.h:33
ref_counted_ptr.h
config_s
Definition: bloaty/third_party/zlib/deflate.c:120
grpc_ssl_credentials::~grpc_ssl_credentials
~grpc_ssl_credentials() override
Definition: ssl_credentials.cc:49
grpc_ssl_server_credentials::set_max_tls_version
void set_max_tls_version(grpc_tls_version max_tls_version)
Definition: ssl_credentials.cc:236
grpc_ssl_server_config
Definition: ssl_security_connector.h:63
grpc_ssl_credentials::grpc_ssl_credentials
grpc_ssl_credentials(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, const grpc_ssl_verify_peer_options *verify_options)
Definition: ssl_credentials.cc:43
setup.target
target
Definition: third_party/bloaty/third_party/protobuf/python/setup.py:179
grpc_ssl_pem_key_cert_pair
Definition: grpc_security.h:173
grpc_channel_credentials
Definition: src/core/lib/security/credentials/credentials.h:96
grpc_ssl_credentials::type
grpc_core::UniqueTypeName type() const override
Definition: ssl_credentials.h:55
grpc_ssl_server_certificate_config_fetcher::cb
grpc_ssl_server_certificate_config_callback cb
Definition: ssl_credentials.h:83
port_platform.h

grpc
Author(s):
autogenerated on Thu Mar 13 2025 03:01:20