3 * Copyright 2018 gRPC authors.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
19 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
20 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
22 #include <grpc/support/port_platform.h>
24 #include <grpc/grpc_security.h>
26 #include "src/core/lib/gprpp/inlined_vector.h"
27 #include "src/core/lib/gprpp/ref_counted.h"
28 #include "src/core/lib/security/security_connector/ssl_utils.h"
30 /** TLS key materials config. **/
31 struct grpc_tls_key_materials_config
32 : public grpc_core::RefCounted<grpc_tls_key_materials_config> {
34 typedef grpc_core::InlinedVector<grpc_core::PemKeyCertPair, 1>
37 /** Getters for member fields. **/
38 const char* pem_root_certs() const { return pem_root_certs_.get(); }
39 const PemKeyCertPairList& pem_key_cert_pair_list() const {
40 return pem_key_cert_pair_list_;
42 int version() const { return version_; }
44 /** Setters for member fields. **/
45 void set_key_materials(grpc_core::UniquePtr<char> pem_root_certs,
46 PemKeyCertPairList pem_key_cert_pair_list);
47 void set_version(int version) { version_ = version; }
51 PemKeyCertPairList pem_key_cert_pair_list_;
52 grpc_core::UniquePtr<char> pem_root_certs_;
55 /** TLS credential reload config. **/
56 struct grpc_tls_credential_reload_config
57 : public grpc_core::RefCounted<grpc_tls_credential_reload_config> {
59 grpc_tls_credential_reload_config(
60 const void* config_user_data,
61 int (*schedule)(void* config_user_data,
62 grpc_tls_credential_reload_arg* arg),
63 void (*cancel)(void* config_user_data,
64 grpc_tls_credential_reload_arg* arg),
65 void (*destruct)(void* config_user_data));
66 ~grpc_tls_credential_reload_config();
68 int Schedule(grpc_tls_credential_reload_arg* arg) const {
69 return schedule_(config_user_data_, arg);
71 void Cancel(grpc_tls_credential_reload_arg* arg) const {
72 if (cancel_ == nullptr) {
73 gpr_log(GPR_ERROR, "cancel API is nullptr.");
76 cancel_(config_user_data_, arg);
80 /** config-specific, read-only user data that works for all channels created
81 with a credential using the config. */
82 void* config_user_data_;
83 /** callback function for invoking credential reload API. The implementation
84 of this method has to be non-blocking, but can be performed synchronously
86 If processing occurs synchronously, it populates \a arg->key_materials, \a
87 arg->status, and \a arg->error_details and returns zero.
88 If processing occurs asynchronously, it returns a non-zero value.
89 Application then invokes \a arg->cb when processing is completed. Note that
90 \a arg->cb cannot be invoked before \a schedule returns.
92 int (*schedule_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
93 /** callback function for cancelling a credential reload request scheduled via
94 an asynchronous \a schedule. \a arg is used to pinpoint an exact reloading
95 request to be cancelled, and the operation may not have any effect if the
96 request has already been processed. */
97 void (*cancel_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
98 /** callback function for cleaning up any data associated with credential
100 void (*destruct_)(void* config_user_data);
103 /** TLS server authorization check config. **/
104 struct grpc_tls_server_authorization_check_config
105 : public grpc_core::RefCounted<grpc_tls_server_authorization_check_config> {
107 grpc_tls_server_authorization_check_config(
108 const void* config_user_data,
109 int (*schedule)(void* config_user_data,
110 grpc_tls_server_authorization_check_arg* arg),
111 void (*cancel)(void* config_user_data,
112 grpc_tls_server_authorization_check_arg* arg),
113 void (*destruct)(void* config_user_data));
114 ~grpc_tls_server_authorization_check_config();
116 int Schedule(grpc_tls_server_authorization_check_arg* arg) const {
117 return schedule_(config_user_data_, arg);
119 void Cancel(grpc_tls_server_authorization_check_arg* arg) const {
120 if (cancel_ == nullptr) {
121 gpr_log(GPR_ERROR, "cancel API is nullptr.");
124 cancel_(config_user_data_, arg);
128 /** config-specific, read-only user data that works for all channels created
129 with a Credential using the config. */
130 void* config_user_data_;
132 /** callback function for invoking server authorization check. The
133 implementation of this method has to be non-blocking, but can be performed
134 synchronously or asynchronously.
135 If processing occurs synchronously, it populates \a arg->result, \a
136 arg->status, and \a arg->error_details, and returns zero.
137 If processing occurs asynchronously, it returns a non-zero value.
138 Application then invokes \a arg->cb when processing is completed. Note that
139 \a arg->cb cannot be invoked before \a schedule() returns.
141 int (*schedule_)(void* config_user_data,
142 grpc_tls_server_authorization_check_arg* arg);
144 /** callback function for canceling a server authorization check request. */
145 void (*cancel_)(void* config_user_data,
146 grpc_tls_server_authorization_check_arg* arg);
148 /** callback function for cleaning up any data associated with server
149 authorization check config. */
150 void (*destruct_)(void* config_user_data);
153 /* TLS credentials options. */
154 struct grpc_tls_credentials_options
155 : public grpc_core::RefCounted<grpc_tls_credentials_options> {
157 ~grpc_tls_credentials_options() {
158 if (key_materials_config_.get() != nullptr) {
159 key_materials_config_.get()->Unref();
161 if (credential_reload_config_.get() != nullptr) {
162 credential_reload_config_.get()->Unref();
164 if (server_authorization_check_config_.get() != nullptr) {
165 server_authorization_check_config_.get()->Unref();
169 /* Getters for member fields. */
170 grpc_ssl_client_certificate_request_type cert_request_type() const {
171 return cert_request_type_;
173 grpc_tls_key_materials_config* key_materials_config() const {
174 return key_materials_config_.get();
176 grpc_tls_credential_reload_config* credential_reload_config() const {
177 return credential_reload_config_.get();
179 grpc_tls_server_authorization_check_config*
180 server_authorization_check_config() const {
181 return server_authorization_check_config_.get();
184 /* Setters for member fields. */
185 void set_cert_request_type(
186 const grpc_ssl_client_certificate_request_type type) {
187 cert_request_type_ = type;
189 void set_key_materials_config(
190 grpc_core::RefCountedPtr<grpc_tls_key_materials_config> config) {
191 key_materials_config_ = std::move(config);
193 void set_credential_reload_config(
194 grpc_core::RefCountedPtr<grpc_tls_credential_reload_config> config) {
195 credential_reload_config_ = std::move(config);
197 void set_server_authorization_check_config(
198 grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
200 server_authorization_check_config_ = std::move(config);
204 grpc_ssl_client_certificate_request_type cert_request_type_;
205 grpc_core::RefCountedPtr<grpc_tls_key_materials_config> key_materials_config_;
206 grpc_core::RefCountedPtr<grpc_tls_credential_reload_config>
207 credential_reload_config_;
208 grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
209 server_authorization_check_config_;
212 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H \