1*cc02d7e2SAndroid Build Coastguard Worker // 2*cc02d7e2SAndroid Build Coastguard Worker // 3*cc02d7e2SAndroid Build Coastguard Worker // Copyright 2015 gRPC authors. 4*cc02d7e2SAndroid Build Coastguard Worker // 5*cc02d7e2SAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License"); 6*cc02d7e2SAndroid Build Coastguard Worker // you may not use this file except in compliance with the License. 7*cc02d7e2SAndroid Build Coastguard Worker // You may obtain a copy of the License at 8*cc02d7e2SAndroid Build Coastguard Worker // 9*cc02d7e2SAndroid Build Coastguard Worker // http://www.apache.org/licenses/LICENSE-2.0 10*cc02d7e2SAndroid Build Coastguard Worker // 11*cc02d7e2SAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software 12*cc02d7e2SAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS, 13*cc02d7e2SAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*cc02d7e2SAndroid Build Coastguard Worker // See the License for the specific language governing permissions and 15*cc02d7e2SAndroid Build Coastguard Worker // limitations under the License. 16*cc02d7e2SAndroid Build Coastguard Worker // 17*cc02d7e2SAndroid Build Coastguard Worker // 18*cc02d7e2SAndroid Build Coastguard Worker 19*cc02d7e2SAndroid Build Coastguard Worker #ifndef GRPCPP_SECURITY_SERVER_CREDENTIALS_H 20*cc02d7e2SAndroid Build Coastguard Worker #define GRPCPP_SECURITY_SERVER_CREDENTIALS_H 21*cc02d7e2SAndroid Build Coastguard Worker 22*cc02d7e2SAndroid Build Coastguard Worker #include <memory> 23*cc02d7e2SAndroid Build Coastguard Worker #include <vector> 24*cc02d7e2SAndroid Build Coastguard Worker 25*cc02d7e2SAndroid Build Coastguard Worker #include <grpc/grpc_security_constants.h> 26*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/impl/grpc_library.h> 27*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/security/auth_metadata_processor.h> 28*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/security/tls_credentials_options.h> 29*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/support/config.h> 30*cc02d7e2SAndroid Build Coastguard Worker 31*cc02d7e2SAndroid Build Coastguard Worker struct grpc_server; 32*cc02d7e2SAndroid Build Coastguard Worker 33*cc02d7e2SAndroid Build Coastguard Worker namespace grpc { 34*cc02d7e2SAndroid Build Coastguard Worker 35*cc02d7e2SAndroid Build Coastguard Worker class Server; 36*cc02d7e2SAndroid Build Coastguard Worker class ServerCredentials; 37*cc02d7e2SAndroid Build Coastguard Worker 38*cc02d7e2SAndroid Build Coastguard Worker /// Options to create ServerCredentials with SSL 39*cc02d7e2SAndroid Build Coastguard Worker struct SslServerCredentialsOptions { 40*cc02d7e2SAndroid Build Coastguard Worker /// \warning Deprecated SslServerCredentialsOptionsSslServerCredentialsOptions41*cc02d7e2SAndroid Build Coastguard Worker SslServerCredentialsOptions() 42*cc02d7e2SAndroid Build Coastguard Worker : force_client_auth(false), 43*cc02d7e2SAndroid Build Coastguard Worker client_certificate_request(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE) {} SslServerCredentialsOptionsSslServerCredentialsOptions44*cc02d7e2SAndroid Build Coastguard Worker explicit SslServerCredentialsOptions( 45*cc02d7e2SAndroid Build Coastguard Worker grpc_ssl_client_certificate_request_type request_type) 46*cc02d7e2SAndroid Build Coastguard Worker : force_client_auth(false), client_certificate_request(request_type) {} 47*cc02d7e2SAndroid Build Coastguard Worker 48*cc02d7e2SAndroid Build Coastguard Worker struct PemKeyCertPair { 49*cc02d7e2SAndroid Build Coastguard Worker std::string private_key; 50*cc02d7e2SAndroid Build Coastguard Worker std::string cert_chain; 51*cc02d7e2SAndroid Build Coastguard Worker }; 52*cc02d7e2SAndroid Build Coastguard Worker std::string pem_root_certs; 53*cc02d7e2SAndroid Build Coastguard Worker std::vector<PemKeyCertPair> pem_key_cert_pairs; 54*cc02d7e2SAndroid Build Coastguard Worker /// \warning Deprecated 55*cc02d7e2SAndroid Build Coastguard Worker bool force_client_auth; 56*cc02d7e2SAndroid Build Coastguard Worker 57*cc02d7e2SAndroid Build Coastguard Worker /// If both \a force_client_auth and \a client_certificate_request 58*cc02d7e2SAndroid Build Coastguard Worker /// fields are set, \a force_client_auth takes effect, i.e. 59*cc02d7e2SAndroid Build Coastguard Worker /// \a REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY 60*cc02d7e2SAndroid Build Coastguard Worker /// will be enforced. 61*cc02d7e2SAndroid Build Coastguard Worker grpc_ssl_client_certificate_request_type client_certificate_request; 62*cc02d7e2SAndroid Build Coastguard Worker }; 63*cc02d7e2SAndroid Build Coastguard Worker 64*cc02d7e2SAndroid Build Coastguard Worker /// Builds Xds ServerCredentials given fallback credentials 65*cc02d7e2SAndroid Build Coastguard Worker std::shared_ptr<ServerCredentials> XdsServerCredentials( 66*cc02d7e2SAndroid Build Coastguard Worker const std::shared_ptr<ServerCredentials>& fallback_credentials); 67*cc02d7e2SAndroid Build Coastguard Worker 68*cc02d7e2SAndroid Build Coastguard Worker /// Wrapper around \a grpc_server_credentials, a way to authenticate a server. 69*cc02d7e2SAndroid Build Coastguard Worker class ServerCredentials : private grpc::internal::GrpcLibrary { 70*cc02d7e2SAndroid Build Coastguard Worker public: 71*cc02d7e2SAndroid Build Coastguard Worker ~ServerCredentials() override; 72*cc02d7e2SAndroid Build Coastguard Worker 73*cc02d7e2SAndroid Build Coastguard Worker /// This method is not thread-safe and has to be called before the server is 74*cc02d7e2SAndroid Build Coastguard Worker /// started. The last call to this function wins. 75*cc02d7e2SAndroid Build Coastguard Worker virtual void SetAuthMetadataProcessor( 76*cc02d7e2SAndroid Build Coastguard Worker const std::shared_ptr<grpc::AuthMetadataProcessor>& processor); 77*cc02d7e2SAndroid Build Coastguard Worker 78*cc02d7e2SAndroid Build Coastguard Worker protected: 79*cc02d7e2SAndroid Build Coastguard Worker explicit ServerCredentials(grpc_server_credentials* creds); 80*cc02d7e2SAndroid Build Coastguard Worker c_creds()81*cc02d7e2SAndroid Build Coastguard Worker grpc_server_credentials* c_creds() const { return c_creds_; } 82*cc02d7e2SAndroid Build Coastguard Worker 83*cc02d7e2SAndroid Build Coastguard Worker private: 84*cc02d7e2SAndroid Build Coastguard Worker // Needed for access to AddPortToServer. 85*cc02d7e2SAndroid Build Coastguard Worker friend class Server; 86*cc02d7e2SAndroid Build Coastguard Worker // Needed for access to c_creds_. 87*cc02d7e2SAndroid Build Coastguard Worker friend std::shared_ptr<ServerCredentials> grpc::XdsServerCredentials( 88*cc02d7e2SAndroid Build Coastguard Worker const std::shared_ptr<ServerCredentials>& fallback_credentials); 89*cc02d7e2SAndroid Build Coastguard Worker 90*cc02d7e2SAndroid Build Coastguard Worker /// Tries to bind \a server to the given \a addr (eg, localhost:1234, 91*cc02d7e2SAndroid Build Coastguard Worker /// 192.168.1.1:31416, [::1]:27182, etc.) 92*cc02d7e2SAndroid Build Coastguard Worker /// 93*cc02d7e2SAndroid Build Coastguard Worker /// \return bound port number on success, 0 on failure. 94*cc02d7e2SAndroid Build Coastguard Worker // TODO(dgq): the "port" part seems to be a misnomer. 95*cc02d7e2SAndroid Build Coastguard Worker virtual int AddPortToServer(const std::string& addr, grpc_server* server); 96*cc02d7e2SAndroid Build Coastguard Worker 97*cc02d7e2SAndroid Build Coastguard Worker grpc_server_credentials* c_creds_; 98*cc02d7e2SAndroid Build Coastguard Worker }; 99*cc02d7e2SAndroid Build Coastguard Worker 100*cc02d7e2SAndroid Build Coastguard Worker /// Builds SSL ServerCredentials given SSL specific options 101*cc02d7e2SAndroid Build Coastguard Worker std::shared_ptr<ServerCredentials> SslServerCredentials( 102*cc02d7e2SAndroid Build Coastguard Worker const grpc::SslServerCredentialsOptions& options); 103*cc02d7e2SAndroid Build Coastguard Worker 104*cc02d7e2SAndroid Build Coastguard Worker std::shared_ptr<ServerCredentials> InsecureServerCredentials(); 105*cc02d7e2SAndroid Build Coastguard Worker 106*cc02d7e2SAndroid Build Coastguard Worker namespace experimental { 107*cc02d7e2SAndroid Build Coastguard Worker 108*cc02d7e2SAndroid Build Coastguard Worker /// Options to create ServerCredentials with ALTS 109*cc02d7e2SAndroid Build Coastguard Worker struct AltsServerCredentialsOptions { 110*cc02d7e2SAndroid Build Coastguard Worker /// Add fields if needed. 111*cc02d7e2SAndroid Build Coastguard Worker }; 112*cc02d7e2SAndroid Build Coastguard Worker 113*cc02d7e2SAndroid Build Coastguard Worker /// Builds ALTS ServerCredentials given ALTS specific options 114*cc02d7e2SAndroid Build Coastguard Worker std::shared_ptr<ServerCredentials> AltsServerCredentials( 115*cc02d7e2SAndroid Build Coastguard Worker const AltsServerCredentialsOptions& options); 116*cc02d7e2SAndroid Build Coastguard Worker 117*cc02d7e2SAndroid Build Coastguard Worker /// Builds Local ServerCredentials. 118*cc02d7e2SAndroid Build Coastguard Worker std::shared_ptr<ServerCredentials> AltsServerCredentials( 119*cc02d7e2SAndroid Build Coastguard Worker const AltsServerCredentialsOptions& options); 120*cc02d7e2SAndroid Build Coastguard Worker 121*cc02d7e2SAndroid Build Coastguard Worker std::shared_ptr<ServerCredentials> LocalServerCredentials( 122*cc02d7e2SAndroid Build Coastguard Worker grpc_local_connect_type type); 123*cc02d7e2SAndroid Build Coastguard Worker 124*cc02d7e2SAndroid Build Coastguard Worker /// Builds TLS ServerCredentials given TLS options. 125*cc02d7e2SAndroid Build Coastguard Worker std::shared_ptr<ServerCredentials> TlsServerCredentials( 126*cc02d7e2SAndroid Build Coastguard Worker const experimental::TlsServerCredentialsOptions& options); 127*cc02d7e2SAndroid Build Coastguard Worker 128*cc02d7e2SAndroid Build Coastguard Worker } // namespace experimental 129*cc02d7e2SAndroid Build Coastguard Worker } // namespace grpc 130*cc02d7e2SAndroid Build Coastguard Worker 131*cc02d7e2SAndroid Build Coastguard Worker #endif // GRPCPP_SECURITY_SERVER_CREDENTIALS_H 132