3 * Copyright 2015 gRPC authors.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
19 #ifndef GRPCPP_SECURITY_SERVER_CREDENTIALS_H
20 #define GRPCPP_SECURITY_SERVER_CREDENTIALS_H
25 #include <grpc/grpc_security_constants.h>
26 #include <grpcpp/security/auth_metadata_processor.h>
27 #include <grpcpp/support/config.h>
34 /// Wrapper around \a grpc_server_credentials, a way to authenticate a server.
35 class ServerCredentials {
37 virtual ~ServerCredentials();
39 /// This method is not thread-safe and has to be called before the server is
40 /// started. The last call to this function wins.
41 virtual void SetAuthMetadataProcessor(
42 const std::shared_ptr<AuthMetadataProcessor>& processor) = 0;
45 friend class ::grpc::Server;
47 /// Tries to bind \a server to the given \a addr (eg, localhost:1234,
48 /// 192.168.1.1:31416, [::1]:27182, etc.)
50 /// \return bound port number on sucess, 0 on failure.
51 // TODO(dgq): the "port" part seems to be a misnomer.
52 virtual int AddPortToServer(const grpc::string& addr,
53 grpc_server* server) = 0;
56 /// Options to create ServerCredentials with SSL
57 struct SslServerCredentialsOptions {
58 /// \warning Deprecated
59 SslServerCredentialsOptions()
60 : force_client_auth(false),
61 client_certificate_request(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE) {}
62 SslServerCredentialsOptions(
63 grpc_ssl_client_certificate_request_type request_type)
64 : force_client_auth(false), client_certificate_request(request_type) {}
66 struct PemKeyCertPair {
67 grpc::string private_key;
68 grpc::string cert_chain;
70 grpc::string pem_root_certs;
71 std::vector<PemKeyCertPair> pem_key_cert_pairs;
72 /// \warning Deprecated
73 bool force_client_auth;
75 /// If both \a force_client_auth and \a client_certificate_request
76 /// fields are set, \a force_client_auth takes effect, i.e.
77 /// \a REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
79 grpc_ssl_client_certificate_request_type client_certificate_request;
82 /// Builds SSL ServerCredentials given SSL specific options
83 std::shared_ptr<ServerCredentials> SslServerCredentials(
84 const SslServerCredentialsOptions& options);
86 /// Builds insecure server credentials.
87 std::shared_ptr<ServerCredentials> InsecureServerCredentials();
89 namespace experimental {
91 /// Options to create ServerCredentials with ALTS
92 struct AltsServerCredentialsOptions {
93 /// Add fields if needed.
96 /// Builds ALTS ServerCredentials given ALTS specific options
97 std::shared_ptr<ServerCredentials> AltsServerCredentials(
98 const AltsServerCredentialsOptions& options);
100 /// Builds Local ServerCredentials.
101 std::shared_ptr<ServerCredentials> LocalServerCredentials(
102 grpc_local_connect_type type);
104 } // namespace experimental
107 #endif // GRPCPP_SECURITY_SERVER_CREDENTIALS_H