/* * * Copyright 2018 gRPC authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H #include #include #include "src/core/lib/gprpp/inlined_vector.h" #include "src/core/lib/gprpp/ref_counted.h" #include "src/core/lib/security/security_connector/ssl_utils.h" /** TLS key materials config. **/ struct grpc_tls_key_materials_config : public grpc_core::RefCounted { public: typedef grpc_core::InlinedVector PemKeyCertPairList; /** Getters for member fields. **/ const char* pem_root_certs() const { return pem_root_certs_.get(); } const PemKeyCertPairList& pem_key_cert_pair_list() const { return pem_key_cert_pair_list_; } int version() const { return version_; } /** Setters for member fields. **/ void set_key_materials(grpc_core::UniquePtr pem_root_certs, PemKeyCertPairList pem_key_cert_pair_list); void set_version(int version) { version_ = version; } private: int version_ = 0; PemKeyCertPairList pem_key_cert_pair_list_; grpc_core::UniquePtr pem_root_certs_; }; /** TLS credential reload config. **/ struct grpc_tls_credential_reload_config : public grpc_core::RefCounted { public: grpc_tls_credential_reload_config( const void* config_user_data, int (*schedule)(void* config_user_data, grpc_tls_credential_reload_arg* arg), void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg), void (*destruct)(void* config_user_data)); ~grpc_tls_credential_reload_config(); int Schedule(grpc_tls_credential_reload_arg* arg) const { return schedule_(config_user_data_, arg); } void Cancel(grpc_tls_credential_reload_arg* arg) const { if (cancel_ == nullptr) { gpr_log(GPR_ERROR, "cancel API is nullptr."); return; } cancel_(config_user_data_, arg); } private: /** config-specific, read-only user data that works for all channels created with a credential using the config. */ void* config_user_data_; /** callback function for invoking credential reload API. The implementation of this method has to be non-blocking, but can be performed synchronously or asynchronously. If processing occurs synchronously, it populates \a arg->key_materials, \a arg->status, and \a arg->error_details and returns zero. If processing occurs asynchronously, it returns a non-zero value. Application then invokes \a arg->cb when processing is completed. Note that \a arg->cb cannot be invoked before \a schedule returns. */ int (*schedule_)(void* config_user_data, grpc_tls_credential_reload_arg* arg); /** callback function for cancelling a credential reload request scheduled via an asynchronous \a schedule. \a arg is used to pinpoint an exact reloading request to be cancelled, and the operation may not have any effect if the request has already been processed. */ void (*cancel_)(void* config_user_data, grpc_tls_credential_reload_arg* arg); /** callback function for cleaning up any data associated with credential reload config. */ void (*destruct_)(void* config_user_data); }; /** TLS server authorization check config. **/ struct grpc_tls_server_authorization_check_config : public grpc_core::RefCounted { public: grpc_tls_server_authorization_check_config( const void* config_user_data, int (*schedule)(void* config_user_data, grpc_tls_server_authorization_check_arg* arg), void (*cancel)(void* config_user_data, grpc_tls_server_authorization_check_arg* arg), void (*destruct)(void* config_user_data)); ~grpc_tls_server_authorization_check_config(); int Schedule(grpc_tls_server_authorization_check_arg* arg) const { return schedule_(config_user_data_, arg); } void Cancel(grpc_tls_server_authorization_check_arg* arg) const { if (cancel_ == nullptr) { gpr_log(GPR_ERROR, "cancel API is nullptr."); return; } cancel_(config_user_data_, arg); } private: /** config-specific, read-only user data that works for all channels created with a Credential using the config. */ void* config_user_data_; /** callback function for invoking server authorization check. The implementation of this method has to be non-blocking, but can be performed synchronously or asynchronously. If processing occurs synchronously, it populates \a arg->result, \a arg->status, and \a arg->error_details, and returns zero. If processing occurs asynchronously, it returns a non-zero value. Application then invokes \a arg->cb when processing is completed. Note that \a arg->cb cannot be invoked before \a schedule() returns. */ int (*schedule_)(void* config_user_data, grpc_tls_server_authorization_check_arg* arg); /** callback function for canceling a server authorization check request. */ void (*cancel_)(void* config_user_data, grpc_tls_server_authorization_check_arg* arg); /** callback function for cleaning up any data associated with server authorization check config. */ void (*destruct_)(void* config_user_data); }; /* TLS credentials options. */ struct grpc_tls_credentials_options : public grpc_core::RefCounted { public: ~grpc_tls_credentials_options() { if (key_materials_config_.get() != nullptr) { key_materials_config_.get()->Unref(); } if (credential_reload_config_.get() != nullptr) { credential_reload_config_.get()->Unref(); } if (server_authorization_check_config_.get() != nullptr) { server_authorization_check_config_.get()->Unref(); } } /* Getters for member fields. */ grpc_ssl_client_certificate_request_type cert_request_type() const { return cert_request_type_; } grpc_tls_key_materials_config* key_materials_config() const { return key_materials_config_.get(); } grpc_tls_credential_reload_config* credential_reload_config() const { return credential_reload_config_.get(); } grpc_tls_server_authorization_check_config* server_authorization_check_config() const { return server_authorization_check_config_.get(); } /* Setters for member fields. */ void set_cert_request_type( const grpc_ssl_client_certificate_request_type type) { cert_request_type_ = type; } void set_key_materials_config( grpc_core::RefCountedPtr config) { key_materials_config_ = std::move(config); } void set_credential_reload_config( grpc_core::RefCountedPtr config) { credential_reload_config_ = std::move(config); } void set_server_authorization_check_config( grpc_core::RefCountedPtr config) { server_authorization_check_config_ = std::move(config); } private: grpc_ssl_client_certificate_request_type cert_request_type_; grpc_core::RefCountedPtr key_materials_config_; grpc_core::RefCountedPtr credential_reload_config_; grpc_core::RefCountedPtr server_authorization_check_config_; }; #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H \ */