diff options
author | Muxi Yan <mxyan@google.com> | 2018-01-26 15:39:32 -0800 |
---|---|---|
committer | Muxi Yan <mxyan@google.com> | 2018-02-15 14:49:34 -0800 |
commit | 0e00c430827e81d61e1e7164ef04ca21ccbfaa77 (patch) | |
tree | 9246301d4f3583a4befd834f7ea426663b8eb622 /include/grpc++/security | |
parent | 8224c45866c6a2cfa29ede0c91a6ae9f40572658 (diff) |
Move headers from grpc++ to grpcpp
Diffstat (limited to 'include/grpc++/security')
-rw-r--r-- | include/grpc++/security/auth_context.h | 8 | ||||
-rw-r--r-- | include/grpc++/security/auth_metadata_processor.h | 45 | ||||
-rw-r--r-- | include/grpc++/security/credentials.h | 208 | ||||
-rw-r--r-- | include/grpc++/security/server_credentials.h | 75 |
4 files changed, 24 insertions, 312 deletions
diff --git a/include/grpc++/security/auth_context.h b/include/grpc++/security/auth_context.h index 71f5d6e5b3..9fe59d448e 100644 --- a/include/grpc++/security/auth_context.h +++ b/include/grpc++/security/auth_context.h @@ -1,6 +1,6 @@ /* * - * Copyright 2015 gRPC authors. + * Copyright 2018 gRPC authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,9 +16,13 @@ * */ +// DEPRECATED: The headers in include/grpc++ are deprecated. Please include the +// headers in include/grpcpp instead. This header exists only for backwards +// compatibility. + #ifndef GRPCXX_SECURITY_AUTH_CONTEXT_H #define GRPCXX_SECURITY_AUTH_CONTEXT_H -#include <grpc++/impl/codegen/security/auth_context.h> +#include <grpcpp/security/auth_context.h> #endif // GRPCXX_SECURITY_AUTH_CONTEXT_H diff --git a/include/grpc++/security/auth_metadata_processor.h b/include/grpc++/security/auth_metadata_processor.h index a49e30f891..d045313965 100644 --- a/include/grpc++/security/auth_metadata_processor.h +++ b/include/grpc++/security/auth_metadata_processor.h @@ -1,6 +1,6 @@ /* * - * Copyright 2015 gRPC authors. + * Copyright 2018 gRPC authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,46 +16,13 @@ * */ +// DEPRECATED: The headers in include/grpc++ are deprecated. Please include the +// headers in include/grpcpp instead. This header exists only for backwards +// compatibility. + #ifndef GRPCXX_SECURITY_AUTH_METADATA_PROCESSOR_H #define GRPCXX_SECURITY_AUTH_METADATA_PROCESSOR_H -#include <map> - -#include <grpc++/security/auth_context.h> -#include <grpc++/support/status.h> -#include <grpc++/support/string_ref.h> - -namespace grpc { - -/// Interface allowing custom server-side authorization based on credentials -/// encoded in metadata. Objects of this type can be passed to -/// \a ServerCredentials::SetAuthMetadataProcessor(). -class AuthMetadataProcessor { - public: - typedef std::multimap<grpc::string_ref, grpc::string_ref> InputMetadata; - typedef std::multimap<grpc::string, grpc::string> OutputMetadata; - - virtual ~AuthMetadataProcessor() {} - - /// If this method returns true, the \a Process function will be scheduled in - /// a different thread from the one processing the call. - virtual bool IsBlocking() const { return true; } - - /// context is read/write: it contains the properties of the channel peer and - /// it is the job of the Process method to augment it with properties derived - /// from the passed-in auth_metadata. - /// consumed_auth_metadata needs to be filled with metadata that has been - /// consumed by the processor and will be removed from the call. - /// response_metadata is the metadata that will be sent as part of the - /// response. - /// If the return value is not Status::OK, the rpc call will be aborted with - /// the error code and error message sent back to the client. - virtual Status Process(const InputMetadata& auth_metadata, - AuthContext* context, - OutputMetadata* consumed_auth_metadata, - OutputMetadata* response_metadata) = 0; -}; - -} // namespace grpc +#include <grpcpp/security/auth_metadata_processor.h> #endif // GRPCXX_SECURITY_AUTH_METADATA_PROCESSOR_H diff --git a/include/grpc++/security/credentials.h b/include/grpc++/security/credentials.h index 92330d42c6..940441827d 100644 --- a/include/grpc++/security/credentials.h +++ b/include/grpc++/security/credentials.h @@ -1,6 +1,6 @@ /* * - * Copyright 2015 gRPC authors. + * Copyright 2018 gRPC authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,209 +16,13 @@ * */ +// DEPRECATED: The headers in include/grpc++ are deprecated. Please include the +// headers in include/grpcpp instead. This header exists only for backwards +// compatibility. + #ifndef GRPCXX_SECURITY_CREDENTIALS_H #define GRPCXX_SECURITY_CREDENTIALS_H -#include <map> -#include <memory> - -#include <grpc++/impl/codegen/grpc_library.h> -#include <grpc++/security/auth_context.h> -#include <grpc++/support/status.h> -#include <grpc++/support/string_ref.h> - -struct grpc_call; - -namespace grpc { -class ChannelArguments; -class Channel; -class SecureChannelCredentials; -class CallCredentials; -class SecureCallCredentials; - -/// A channel credentials object encapsulates all the state needed by a client -/// to authenticate with a server for a given channel. -/// It can make various assertions, e.g., about the client’s identity, role -/// for all the calls on that channel. -/// -/// \see https://grpc.io/docs/guides/auth.html -class ChannelCredentials : private GrpcLibraryCodegen { - public: - ChannelCredentials(); - ~ChannelCredentials(); - - protected: - friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( - const std::shared_ptr<ChannelCredentials>& channel_creds, - const std::shared_ptr<CallCredentials>& call_creds); - - virtual SecureChannelCredentials* AsSecureCredentials() = 0; - - private: - friend std::shared_ptr<Channel> CreateCustomChannel( - const grpc::string& target, - const std::shared_ptr<ChannelCredentials>& creds, - const ChannelArguments& args); - - virtual std::shared_ptr<Channel> CreateChannel( - const grpc::string& target, const ChannelArguments& args) = 0; -}; - -/// A call credentials object encapsulates the state needed by a client to -/// authenticate with a server for a given call on a channel. -/// -/// \see https://grpc.io/docs/guides/auth.html -class CallCredentials : private GrpcLibraryCodegen { - public: - CallCredentials(); - ~CallCredentials(); - - /// Apply this instance's credentials to \a call. - virtual bool ApplyToCall(grpc_call* call) = 0; - - protected: - friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( - const std::shared_ptr<ChannelCredentials>& channel_creds, - const std::shared_ptr<CallCredentials>& call_creds); - - friend std::shared_ptr<CallCredentials> CompositeCallCredentials( - const std::shared_ptr<CallCredentials>& creds1, - const std::shared_ptr<CallCredentials>& creds2); - - virtual SecureCallCredentials* AsSecureCredentials() = 0; -}; - -/// Options used to build SslCredentials. -struct SslCredentialsOptions { - /// The buffer containing the PEM encoding of the server root certificates. If - /// this parameter is empty, the default roots will be used. The default - /// roots can be overridden using the \a GRPC_DEFAULT_SSL_ROOTS_FILE_PATH - /// environment variable pointing to a file on the file system containing the - /// roots. - grpc::string pem_root_certs; - - /// The buffer containing the PEM encoding of the client's private key. This - /// parameter can be empty if the client does not have a private key. - grpc::string pem_private_key; - - /// The buffer containing the PEM encoding of the client's certificate chain. - /// This parameter can be empty if the client does not have a certificate - /// chain. - grpc::string pem_cert_chain; -}; - -// Factories for building different types of Credentials The functions may -// return empty shared_ptr when credentials cannot be created. If a -// Credentials pointer is returned, it can still be invalid when used to create -// a channel. A lame channel will be created then and all rpcs will fail on it. - -/// Builds credentials with reasonable defaults. -/// -/// \warning Only use these credentials when connecting to a Google endpoint. -/// Using these credentials to connect to any other service may result in this -/// service being able to impersonate your client for requests to Google -/// services. -std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials(); - -/// Builds SSL Credentials given SSL specific options -std::shared_ptr<ChannelCredentials> SslCredentials( - const SslCredentialsOptions& options); - -/// Builds credentials for use when running in GCE -/// -/// \warning Only use these credentials when connecting to a Google endpoint. -/// Using these credentials to connect to any other service may result in this -/// service being able to impersonate your client for requests to Google -/// services. -std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials(); - -/// Constant for maximum auth token lifetime. -constexpr long kMaxAuthTokenLifetimeSecs = 3600; - -/// Builds Service Account JWT Access credentials. -/// json_key is the JSON key string containing the client's private key. -/// token_lifetime_seconds is the lifetime in seconds of each Json Web Token -/// (JWT) created with this credentials. It should not exceed -/// \a kMaxAuthTokenLifetimeSecs or will be cropped to this value. -std::shared_ptr<CallCredentials> ServiceAccountJWTAccessCredentials( - const grpc::string& json_key, - long token_lifetime_seconds = kMaxAuthTokenLifetimeSecs); - -/// Builds refresh token credentials. -/// json_refresh_token is the JSON string containing the refresh token along -/// with a client_id and client_secret. -/// -/// \warning Only use these credentials when connecting to a Google endpoint. -/// Using these credentials to connect to any other service may result in this -/// service being able to impersonate your client for requests to Google -/// services. -std::shared_ptr<CallCredentials> GoogleRefreshTokenCredentials( - const grpc::string& json_refresh_token); - -/// Builds access token credentials. -/// access_token is an oauth2 access token that was fetched using an out of band -/// mechanism. -/// -/// \warning Only use these credentials when connecting to a Google endpoint. -/// Using these credentials to connect to any other service may result in this -/// service being able to impersonate your client for requests to Google -/// services. -std::shared_ptr<CallCredentials> AccessTokenCredentials( - const grpc::string& access_token); - -/// Builds IAM credentials. -/// -/// \warning Only use these credentials when connecting to a Google endpoint. -/// Using these credentials to connect to any other service may result in this -/// service being able to impersonate your client for requests to Google -/// services. -std::shared_ptr<CallCredentials> GoogleIAMCredentials( - const grpc::string& authorization_token, - const grpc::string& authority_selector); - -/// Combines a channel credentials and a call credentials into a composite -/// channel credentials. -std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( - const std::shared_ptr<ChannelCredentials>& channel_creds, - const std::shared_ptr<CallCredentials>& call_creds); - -/// Combines two call credentials objects into a composite call credentials. -std::shared_ptr<CallCredentials> CompositeCallCredentials( - const std::shared_ptr<CallCredentials>& creds1, - const std::shared_ptr<CallCredentials>& creds2); - -/// Credentials for an unencrypted, unauthenticated channel -std::shared_ptr<ChannelCredentials> InsecureChannelCredentials(); - -/// Credentials for a channel using Cronet. -std::shared_ptr<ChannelCredentials> CronetChannelCredentials(void* engine); - -/// User defined metadata credentials. -class MetadataCredentialsPlugin { - public: - virtual ~MetadataCredentialsPlugin() {} - - /// If this method returns true, the Process function will be scheduled in - /// a different thread from the one processing the call. - virtual bool IsBlocking() const { return true; } - - /// Type of credentials this plugin is implementing. - virtual const char* GetType() const { return ""; } - - /// Gets the auth metatada produced by this plugin. - /// The fully qualified method name is: - /// service_url + "/" + method_name. - /// The channel_auth_context contains (among other things), the identity of - /// the server. - virtual Status GetMetadata( - grpc::string_ref service_url, grpc::string_ref method_name, - const AuthContext& channel_auth_context, - std::multimap<grpc::string, grpc::string>* metadata) = 0; -}; - -std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin( - std::unique_ptr<MetadataCredentialsPlugin> plugin); - -} // namespace grpc +#include <grpcpp/security/credentials.h> #endif // GRPCXX_SECURITY_CREDENTIALS_H diff --git a/include/grpc++/security/server_credentials.h b/include/grpc++/security/server_credentials.h index 74a61b51e3..c6d1c4f0e4 100644 --- a/include/grpc++/security/server_credentials.h +++ b/include/grpc++/security/server_credentials.h @@ -1,6 +1,6 @@ /* * - * Copyright 2015 gRPC authors. + * Copyright 2018 gRPC authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,76 +16,13 @@ * */ +// DEPRECATED: The headers in include/grpc++ are deprecated. Please include the +// headers in include/grpcpp instead. This header exists only for backwards +// compatibility. + #ifndef GRPCXX_SECURITY_SERVER_CREDENTIALS_H #define GRPCXX_SECURITY_SERVER_CREDENTIALS_H -#include <memory> -#include <vector> - -#include <grpc++/security/auth_metadata_processor.h> -#include <grpc++/support/config.h> -#include <grpc/grpc_security_constants.h> - -struct grpc_server; - -namespace grpc { -class Server; - -/// Wrapper around \a grpc_server_credentials, a way to authenticate a server. -class ServerCredentials { - public: - virtual ~ServerCredentials(); - - /// This method is not thread-safe and has to be called before the server is - /// started. The last call to this function wins. - virtual void SetAuthMetadataProcessor( - const std::shared_ptr<AuthMetadataProcessor>& processor) = 0; - - private: - friend class ::grpc::Server; - - /// Tries to bind \a server to the given \a addr (eg, localhost:1234, - /// 192.168.1.1:31416, [::1]:27182, etc.) - /// - /// \return bound port number on sucess, 0 on failure. - // TODO(dgq): the "port" part seems to be a misnomer. - virtual int AddPortToServer(const grpc::string& addr, - grpc_server* server) = 0; -}; - -/// Options to create ServerCredentials with SSL -struct SslServerCredentialsOptions { - /// \warning Deprecated - SslServerCredentialsOptions() - : force_client_auth(false), - client_certificate_request(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE) {} - SslServerCredentialsOptions( - grpc_ssl_client_certificate_request_type request_type) - : force_client_auth(false), client_certificate_request(request_type) {} - - struct PemKeyCertPair { - grpc::string private_key; - grpc::string cert_chain; - }; - grpc::string pem_root_certs; - std::vector<PemKeyCertPair> pem_key_cert_pairs; - /// \warning Deprecated - bool force_client_auth; - - /// If both \a force_client_auth and \a client_certificate_request - /// fields are set, \a force_client_auth takes effect, i.e. - /// \a REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY - /// will be enforced. - grpc_ssl_client_certificate_request_type client_certificate_request; -}; - -/// Builds SSL ServerCredentials given SSL specific options -std::shared_ptr<ServerCredentials> SslServerCredentials( - const SslServerCredentialsOptions& options); - -/// Builds insecure server credentials. -std::shared_ptr<ServerCredentials> InsecureServerCredentials(); - -} // namespace grpc +#include <grpcpp/security/server_credentials.h> #endif // GRPCXX_SECURITY_SERVER_CREDENTIALS_H |