diff options
author | Nicolas Noble <nnoble@google.com> | 2014-11-26 16:33:03 -0800 |
---|---|---|
committer | Nicolas Noble <nnoble@google.com> | 2014-11-26 16:33:03 -0800 |
commit | b7ebd3b8c6fe39f99c40b10c1b563e4adb607b6c (patch) | |
tree | c1decf819492d455ec81cd471942c5516138f825 /include/grpc/grpc_security.h | |
parent | 0e905e63db21bcdd85d3d1af051fcdc5bb5caa38 (diff) |
Initial import.
Diffstat (limited to 'include/grpc/grpc_security.h')
-rw-r--r-- | include/grpc/grpc_security.h | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h new file mode 100644 index 0000000000..cc1d74c81e --- /dev/null +++ b/include/grpc/grpc_security.h @@ -0,0 +1,143 @@ +/* + * + * Copyright 2014, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef GRPC_SECURITY_H_ +#define GRPC_SECURITY_H_ + +#include "grpc.h" +#include "status.h" + +/* --- grpc_credentials object. --- + + A credentials object represents a way to authenticate a client. */ + +typedef struct grpc_credentials grpc_credentials; + +/* Releases a credentials object. + The creator of the credentials object is responsible for its release. */ +void grpc_credentials_release(grpc_credentials *creds); + +/* Creates default credentials. */ +grpc_credentials *grpc_default_credentials_create(void); + +/* Creates an SSL credentials object. + - pem_roots_cert is the buffer containing the PEM encoding of the server + root certificates. This parameter cannot be NULL. + - pem_roots_cert_size is the size of the associated buffer. + - pem_private_key is the buffer containing the PEM encoding of the client's + private key. This parameter can be NULL if the client does not have a + private key. + - pem_private_key_size is the size of the associated buffer. + - pem_cert_chain is the buffer containing the PEM encoding of the client's + certificate chain. This parameter can be NULL if the client does not have + a certificate chain. + - pem_cert_chain_size is the size of the associated buffer. */ +grpc_credentials *grpc_ssl_credentials_create( + const unsigned char *pem_root_certs, size_t pem_root_certs_size, + const unsigned char *pem_private_key, size_t pem_private_key_size, + const unsigned char *pem_cert_chain, size_t pem_cert_chain_size); + +/* Creates a composite credentials object. */ +grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1, + grpc_credentials *creds2); + +/* Creates a compute engine credentials object. */ +grpc_credentials *grpc_compute_engine_credentials_create(void); + +/* Creates a fake transport security credentials object for testing. */ +grpc_credentials *grpc_fake_transport_security_credentials_create(void); + + +/* --- Secure channel creation. --- */ + +/* The caller of the secure_channel_create functions may override the target + name used for SSL host name checking using this channel argument which is of + type GRPC_ARG_STRING. This *should* be used for testing only. + If this argument is not specified, the name used for SSL host name checking + will be the target parameter (assuming that the secure channel is an SSL + channel). If this parameter is specified and the underlying is not an SSL + channel, it will just be ignored. */ +#define GRPC_SSL_TARGET_NAME_OVERRIDE_ARG "grpc.ssl_target_name_override" + +/* Creates a default secure channel using the default credentials object using + the environment. */ +grpc_channel *grpc_default_secure_channel_create(const char *target, + const grpc_channel_args *args); + +/* Creates a secure channel using the passed-in credentials. */ +grpc_channel *grpc_secure_channel_create(grpc_credentials *creds, + const char *target, + const grpc_channel_args *args); + +/* --- grpc_server_credentials object. --- + + A server credentials object represents a way to authenticate a server. */ + +typedef struct grpc_server_credentials grpc_server_credentials; + +/* Releases a server_credentials object. + The creator of the server_credentials object is responsible for its release. + */ +void grpc_server_credentials_release(grpc_server_credentials *creds); + +/* Creates an SSL server_credentials object. + TODO(jboeuf): Change the constructor so that it can support multiple + key/cert pairs. + - pem_roots_cert is the buffer containing the PEM encoding of the server + root certificates. This parameter may be NULL if the server does not want + the client to be authenticated with SSL. + - pem_roots_cert_size is the size of the associated buffer. + - pem_private_key is the buffer containing the PEM encoding of the client's + private key. This parameter cannot be NULL. + - pem_private_key_size is the size of the associated buffer. + - pem_cert_chain is the buffer containing the PEM encoding of the client's + certificate chain. This parameter cannot be NULL. + - pem_cert_chain_size is the size of the associated buffer. */ +grpc_server_credentials *grpc_ssl_server_credentials_create( + const unsigned char *pem_root_certs, size_t pem_root_certs_size, + const unsigned char *pem_private_key, size_t pem_private_key_size, + const unsigned char *pem_cert_chain, size_t pem_cert_chain_size); + +/* Creates a fake server transport security credentials object for testing. */ +grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( + void); + + +/* --- Secure server creation. --- */ + +/* Creates a secure server using the passed-in server credentials. */ +grpc_server *grpc_secure_server_create(grpc_server_credentials *creds, + grpc_completion_queue *cq, + const grpc_channel_args *args); + +#endif /* GRPC_SECURITY_H_ */ |