3 * Copyright 2018 gRPC authors.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
19 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
20 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
22 #include <grpc/support/port_platform.h>
24 #include <grpc/grpc_security.h>
26 #include "absl/container/inlined_vector.h"
28 #include "src/core/lib/gprpp/ref_counted.h"
29 #include "src/core/lib/security/security_connector/ssl_utils.h"
31 struct grpc_tls_error_details
32 : public grpc_core::RefCounted<grpc_tls_error_details> {
34 grpc_tls_error_details() : error_details_("") {}
35 void set_error_details(const char* err_details) {
36 error_details_ = err_details;
38 const std::string& error_details() { return error_details_; }
41 std::string error_details_;
44 /** TLS key materials config. **/
45 struct grpc_tls_key_materials_config
46 : public grpc_core::RefCounted<grpc_tls_key_materials_config> {
48 typedef absl::InlinedVector<grpc_core::PemKeyCertPair, 1> PemKeyCertPairList;
50 /** Getters for member fields. **/
51 const char* pem_root_certs() const { return pem_root_certs_.get(); }
52 const PemKeyCertPairList& pem_key_cert_pair_list() const {
53 return pem_key_cert_pair_list_;
55 int version() const { return version_; }
57 /** Setters for member fields. **/
58 // TODO(ZhenLian): Remove this function
59 void set_pem_root_certs(grpc_core::UniquePtr<char> pem_root_certs) {
60 pem_root_certs_ = std::move(pem_root_certs);
62 // The ownerships of |pem_root_certs| remain with the caller.
63 void set_pem_root_certs(const char* pem_root_certs) {
64 // make a copy of pem_root_certs.
65 grpc_core::UniquePtr<char> pem_root_ptr(gpr_strdup(pem_root_certs));
66 pem_root_certs_ = std::move(pem_root_ptr);
68 void add_pem_key_cert_pair(grpc_core::PemKeyCertPair pem_key_cert_pair) {
69 pem_key_cert_pair_list_.push_back(pem_key_cert_pair);
71 // The ownerships of |pem_root_certs| and |pem_key_cert_pairs| remain with the
73 void set_key_materials(const char* pem_root_certs,
74 const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
75 size_t num_key_cert_pairs);
76 // The ownerships of |pem_root_certs| and |pem_key_cert_pair_list| remain with
78 void set_key_materials(const char* pem_root_certs,
79 const PemKeyCertPairList& pem_key_cert_pair_list);
80 void set_version(int version) { version_ = version; }
84 PemKeyCertPairList pem_key_cert_pair_list_;
85 grpc_core::UniquePtr<char> pem_root_certs_;
88 /** TLS credential reload config. **/
89 struct grpc_tls_credential_reload_config
90 : public grpc_core::RefCounted<grpc_tls_credential_reload_config> {
92 grpc_tls_credential_reload_config(
93 const void* config_user_data,
94 int (*schedule)(void* config_user_data,
95 grpc_tls_credential_reload_arg* arg),
96 void (*cancel)(void* config_user_data,
97 grpc_tls_credential_reload_arg* arg),
98 void (*destruct)(void* config_user_data));
99 ~grpc_tls_credential_reload_config();
101 void* context() const { return context_; }
102 void set_context(void* context) { context_ = context; }
104 int Schedule(grpc_tls_credential_reload_arg* arg) const {
105 if (schedule_ == nullptr) {
106 gpr_log(GPR_ERROR, "schedule API is nullptr");
107 if (arg != nullptr) {
108 arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
109 arg->error_details->set_error_details(
110 "schedule API in credential reload config is nullptr");
114 if (arg != nullptr) {
115 arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
117 return schedule_(config_user_data_, arg);
119 void Cancel(grpc_tls_credential_reload_arg* arg) const {
120 if (cancel_ == nullptr) {
121 gpr_log(GPR_ERROR, "cancel API is nullptr.");
122 if (arg != nullptr) {
123 arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
124 arg->error_details->set_error_details(
125 "cancel API in credential reload config is nullptr");
129 if (arg != nullptr) {
130 arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
132 cancel_(config_user_data_, arg);
136 /** This is a pointer to the wrapped language implementation of
137 * grpc_tls_credential_reload_config. It is necessary to implement the C
138 * schedule and cancel functions, given the schedule or cancel function in a
139 * wrapped language. **/
140 void* context_ = nullptr;
141 /** config-specific, read-only user data that works for all channels created
142 with a credential using the config. */
143 void* config_user_data_;
144 /** callback function for invoking credential reload API. The implementation
145 of this method has to be non-blocking, but can be performed synchronously
147 If processing occurs synchronously, it populates \a arg->key_materials, \a
148 arg->status, and \a arg->error_details and returns zero.
149 If processing occurs asynchronously, it returns a non-zero value.
150 Application then invokes \a arg->cb when processing is completed. Note that
151 \a arg->cb cannot be invoked before \a schedule returns.
153 int (*schedule_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
154 /** callback function for cancelling a credential reload request scheduled via
155 an asynchronous \a schedule. \a arg is used to pinpoint an exact reloading
156 request to be cancelled, and the operation may not have any effect if the
157 request has already been processed. */
158 void (*cancel_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
159 /** callback function for cleaning up any data associated with credential
161 void (*destruct_)(void* config_user_data);
164 /** TLS server authorization check config. **/
165 struct grpc_tls_server_authorization_check_config
166 : public grpc_core::RefCounted<grpc_tls_server_authorization_check_config> {
168 grpc_tls_server_authorization_check_config(
169 const void* config_user_data,
170 int (*schedule)(void* config_user_data,
171 grpc_tls_server_authorization_check_arg* arg),
172 void (*cancel)(void* config_user_data,
173 grpc_tls_server_authorization_check_arg* arg),
174 void (*destruct)(void* config_user_data));
175 ~grpc_tls_server_authorization_check_config();
177 void* context() const { return context_; }
178 void set_context(void* context) { context_ = context; }
180 int Schedule(grpc_tls_server_authorization_check_arg* arg) const {
181 if (schedule_ == nullptr) {
182 gpr_log(GPR_ERROR, "schedule API is nullptr");
183 if (arg != nullptr) {
184 arg->status = GRPC_STATUS_NOT_FOUND;
185 arg->error_details->set_error_details(
186 "schedule API in server authorization check config is nullptr");
190 if (arg != nullptr && context_ != nullptr) {
192 const_cast<grpc_tls_server_authorization_check_config*>(this);
194 return schedule_(config_user_data_, arg);
196 void Cancel(grpc_tls_server_authorization_check_arg* arg) const {
197 if (cancel_ == nullptr) {
198 gpr_log(GPR_ERROR, "cancel API is nullptr.");
199 if (arg != nullptr) {
200 arg->status = GRPC_STATUS_NOT_FOUND;
201 arg->error_details->set_error_details(
202 "schedule API in server authorization check config is nullptr");
206 if (arg != nullptr) {
208 const_cast<grpc_tls_server_authorization_check_config*>(this);
210 cancel_(config_user_data_, arg);
214 /** This is a pointer to the wrapped language implementation of
215 * grpc_tls_server_authorization_check_config. It is necessary to implement
216 * the C schedule and cancel functions, given the schedule or cancel function
217 * in a wrapped language. **/
218 void* context_ = nullptr;
219 /** config-specific, read-only user data that works for all channels created
220 with a Credential using the config. */
221 void* config_user_data_;
223 /** callback function for invoking server authorization check. The
224 implementation of this method has to be non-blocking, but can be performed
225 synchronously or asynchronously.
226 If processing occurs synchronously, it populates \a arg->result, \a
227 arg->status, and \a arg->error_details, and returns zero.
228 If processing occurs asynchronously, it returns a non-zero value.
229 Application then invokes \a arg->cb when processing is completed. Note that
230 \a arg->cb cannot be invoked before \a schedule() returns.
232 int (*schedule_)(void* config_user_data,
233 grpc_tls_server_authorization_check_arg* arg);
235 /** callback function for canceling a server authorization check request. */
236 void (*cancel_)(void* config_user_data,
237 grpc_tls_server_authorization_check_arg* arg);
239 /** callback function for cleaning up any data associated with server
240 authorization check config. */
241 void (*destruct_)(void* config_user_data);
244 /* TLS credentials options. */
245 struct grpc_tls_credentials_options
246 : public grpc_core::RefCounted<grpc_tls_credentials_options> {
248 ~grpc_tls_credentials_options() {
249 if (key_materials_config_.get() != nullptr) {
250 key_materials_config_.get()->Unref();
252 if (credential_reload_config_.get() != nullptr) {
253 credential_reload_config_.get()->Unref();
255 if (server_authorization_check_config_.get() != nullptr) {
256 server_authorization_check_config_.get()->Unref();
260 /* Getters for member fields. */
261 grpc_ssl_client_certificate_request_type cert_request_type() const {
262 return cert_request_type_;
264 grpc_tls_server_verification_option server_verification_option() const {
265 return server_verification_option_;
267 grpc_tls_version min_tls_version() const { return min_tls_version_; }
268 grpc_tls_version max_tls_version() const { return max_tls_version_; }
269 grpc_tls_key_materials_config* key_materials_config() const {
270 return key_materials_config_.get();
272 grpc_tls_credential_reload_config* credential_reload_config() const {
273 return credential_reload_config_.get();
275 grpc_tls_server_authorization_check_config*
276 server_authorization_check_config() const {
277 return server_authorization_check_config_.get();
280 /* Setters for member fields. */
281 void set_cert_request_type(
282 const grpc_ssl_client_certificate_request_type type) {
283 cert_request_type_ = type;
285 void set_server_verification_option(
286 const grpc_tls_server_verification_option server_verification_option) {
287 server_verification_option_ = server_verification_option;
289 void set_min_tls_version(grpc_tls_version min_tls_version) {
290 min_tls_version_ = min_tls_version;
292 void set_max_tls_version(grpc_tls_version max_tls_version) {
293 max_tls_version_ = max_tls_version;
295 void set_key_materials_config(
296 grpc_core::RefCountedPtr<grpc_tls_key_materials_config> config) {
297 key_materials_config_ = std::move(config);
299 void set_credential_reload_config(
300 grpc_core::RefCountedPtr<grpc_tls_credential_reload_config> config) {
301 credential_reload_config_ = std::move(config);
303 void set_server_authorization_check_config(
304 grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
306 server_authorization_check_config_ = std::move(config);
310 grpc_ssl_client_certificate_request_type cert_request_type_;
311 grpc_tls_server_verification_option server_verification_option_ =
312 GRPC_TLS_SERVER_VERIFICATION;
313 grpc_tls_version min_tls_version_ = grpc_tls_version::TLS1_2;
314 grpc_tls_version max_tls_version_ = grpc_tls_version::TLS1_3;
315 grpc_core::RefCountedPtr<grpc_tls_key_materials_config> key_materials_config_;
316 grpc_core::RefCountedPtr<grpc_tls_credential_reload_config>
317 credential_reload_config_;
318 grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
319 server_authorization_check_config_;
322 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H \