diff options
author | Julien Boeuf <jboeuf@google.com> | 2015-10-12 13:26:21 -0700 |
---|---|---|
committer | Julien Boeuf <jboeuf@google.com> | 2015-10-12 14:09:03 -0700 |
commit | 54a902ed17a69c671e5212b115fe5f219654240a (patch) | |
tree | 875e994f7662efb8b77e82ad5d1efea36647d091 /include/grpc++/security | |
parent | 26bf71ce37d39bb3dd2c1ae01fa837db8a082799 (diff) |
Successfully compile C++ libary (not tests yet).
Diffstat (limited to 'include/grpc++/security')
-rw-r--r-- | include/grpc++/security/credentials.h | 88 |
1 files changed, 59 insertions, 29 deletions
diff --git a/include/grpc++/security/credentials.h b/include/grpc++/security/credentials.h index ff41bc597e..56827c0f21 100644 --- a/include/grpc++/security/credentials.h +++ b/include/grpc++/security/credentials.h @@ -45,37 +45,60 @@ namespace grpc { class ChannelArguments; class Channel; -class SecureCredentials; - -/// A credentials object encapsulates all the state needed by a client to -/// authenticate with a server and make various assertions, e.g., about the -/// client’s identity, role, or whether it is authorized to make a particular -/// call. +class SecureChannelCredentials; +class CallCredentials; +class SecureCallCredentials; + +/// A channel credentials object encapsulates all the state needed by a client +/// to authenticate with a server for a given channel. +/// It can make various assertions, e.g., about the client’s identity, role +/// for all the calls on that channel. /// /// \see https://github.com/grpc/grpc/blob/master/doc/grpc-auth-support.md -class Credentials : public GrpcLibrary { +class ChannelCredentials : public GrpcLibrary { public: - ~Credentials() GRPC_OVERRIDE; - - /// Apply this instance's credentials to \a call. - virtual bool ApplyToCall(grpc_call* call) = 0; + ~ChannelCredentials() GRPC_OVERRIDE; protected: - friend std::shared_ptr<Credentials> CompositeCredentials( - const std::shared_ptr<Credentials>& creds1, - const std::shared_ptr<Credentials>& creds2); + friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( + const std::shared_ptr<ChannelCredentials>& channel_creds, + const std::shared_ptr<CallCredentials>& call_creds); - virtual SecureCredentials* AsSecureCredentials() = 0; + virtual SecureChannelCredentials* AsSecureCredentials() = 0; private: friend std::shared_ptr<Channel> CreateCustomChannel( - const grpc::string& target, const std::shared_ptr<Credentials>& creds, + const grpc::string& target, + const std::shared_ptr<ChannelCredentials>& creds, const ChannelArguments& args); virtual std::shared_ptr<Channel> CreateChannel( const grpc::string& target, const ChannelArguments& args) = 0; }; +/// A call credentials object encapsulates the state needed by a client to +/// authenticate with a server for a given call on a channel. +/// +/// \see https://github.com/grpc/grpc/blob/master/doc/grpc-auth-support.md +class CallCredentials : public GrpcLibrary { + public: + ~CallCredentials() GRPC_OVERRIDE; + + /// Apply this instance's credentials to \a call. + virtual bool ApplyToCall(grpc_call* call) = 0; + + protected: + friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( + const std::shared_ptr<ChannelCredentials>& channel_creds, + const std::shared_ptr<CallCredentials>& call_creds); + + friend std::shared_ptr<CallCredentials> CompositeCallCredentials( + const std::shared_ptr<CallCredentials>& creds1, + const std::shared_ptr<CallCredentials>& creds2); + + virtual SecureCallCredentials* AsSecureCredentials() = 0; +}; + /// Options used to build SslCredentials. struct SslCredentialsOptions { /// The buffer containing the PEM encoding of the server root certificates. If @@ -106,10 +129,10 @@ struct SslCredentialsOptions { /// Using these credentials to connect to any other service may result in this /// service being able to impersonate your client for requests to Google /// services. -std::shared_ptr<Credentials> GoogleDefaultCredentials(); +std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials(); /// Builds SSL Credentials given SSL specific options -std::shared_ptr<Credentials> SslCredentials( +std::shared_ptr<ChannelCredentials> SslCredentials( const SslCredentialsOptions& options); /// Builds credentials for use when running in GCE @@ -118,14 +141,14 @@ std::shared_ptr<Credentials> SslCredentials( /// Using these credentials to connect to any other service may result in this /// service being able to impersonate your client for requests to Google /// services. -std::shared_ptr<Credentials> GoogleComputeEngineCredentials(); +std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials(); /// Builds Service Account JWT Access credentials. /// json_key is the JSON key string containing the client's private key. /// token_lifetime_seconds is the lifetime in seconds of each Json Web Token /// (JWT) created with this credentials. It should not exceed /// grpc_max_auth_token_lifetime or will be cropped to this value. -std::shared_ptr<Credentials> ServiceAccountJWTAccessCredentials( +std::shared_ptr<CallCredentials> ServiceAccountJWTAccessCredentials( const grpc::string& json_key, long token_lifetime_seconds); /// Builds refresh token credentials. @@ -136,7 +159,7 @@ std::shared_ptr<Credentials> ServiceAccountJWTAccessCredentials( /// Using these credentials to connect to any other service may result in this /// service being able to impersonate your client for requests to Google /// services. -std::shared_ptr<Credentials> GoogleRefreshTokenCredentials( +std::shared_ptr<CallCredentials> GoogleRefreshTokenCredentials( const grpc::string& json_refresh_token); /// Builds access token credentials. @@ -147,7 +170,7 @@ std::shared_ptr<Credentials> GoogleRefreshTokenCredentials( /// Using these credentials to connect to any other service may result in this /// service being able to impersonate your client for requests to Google /// services. -std::shared_ptr<Credentials> AccessTokenCredentials( +std::shared_ptr<CallCredentials> AccessTokenCredentials( const grpc::string& access_token); /// Builds IAM credentials. @@ -156,17 +179,24 @@ std::shared_ptr<Credentials> AccessTokenCredentials( /// Using these credentials to connect to any other service may result in this /// service being able to impersonate your client for requests to Google /// services. -std::shared_ptr<Credentials> GoogleIAMCredentials( +std::shared_ptr<CallCredentials> GoogleIAMCredentials( const grpc::string& authorization_token, const grpc::string& authority_selector); -/// Combines two credentials objects into a composite credentials -std::shared_ptr<Credentials> CompositeCredentials( - const std::shared_ptr<Credentials>& creds1, - const std::shared_ptr<Credentials>& creds2); +/// Combines a channel credentials and a call credentials into a composite +/// channel credentials. +std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( + const std::shared_ptr<ChannelCredentials>& channel_creds, + const std::shared_ptr<CallCredentials>& call_creds); + + +/// Combines two call credentials objects into a composite call credentials. +std::shared_ptr<CallCredentials> CompositeCallCredentials( + const std::shared_ptr<CallCredentials>& creds1, + const std::shared_ptr<CallCredentials>& creds2); /// Credentials for an unencrypted, unauthenticated channel -std::shared_ptr<Credentials> InsecureCredentials(); +std::shared_ptr<ChannelCredentials> InsecureChannelCredentials(); // User defined metadata credentials. class MetadataCredentialsPlugin { @@ -183,7 +213,7 @@ class MetadataCredentialsPlugin { std::multimap<grpc::string, grpc::string>* metadata) = 0; }; -std::shared_ptr<Credentials> MetadataCredentialsFromPlugin( +std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin( std::unique_ptr<MetadataCredentialsPlugin> plugin); } // namespace grpc |