diff options
Diffstat (limited to 'include/grpc/grpc_security.h')
| -rw-r--r-- | include/grpc/grpc_security.h | 196 |
1 files changed, 98 insertions, 98 deletions
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 758aaf5b6c..7e87217de7 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -32,51 +32,51 @@ extern "C" { typedef struct grpc_auth_context grpc_auth_context; typedef struct grpc_auth_property_iterator { - const grpc_auth_context *ctx; + const grpc_auth_context* ctx; size_t index; - const char *name; + const char* name; } grpc_auth_property_iterator; /** value, if not NULL, is guaranteed to be NULL terminated. */ typedef struct grpc_auth_property { - char *name; - char *value; + char* name; + char* value; size_t value_length; } grpc_auth_property; /** Returns NULL when the iterator is at the end. */ -GRPCAPI const grpc_auth_property *grpc_auth_property_iterator_next( - grpc_auth_property_iterator *it); +GRPCAPI const grpc_auth_property* grpc_auth_property_iterator_next( + grpc_auth_property_iterator* it); /** Iterates over the auth context. */ GRPCAPI grpc_auth_property_iterator -grpc_auth_context_property_iterator(const grpc_auth_context *ctx); +grpc_auth_context_property_iterator(const grpc_auth_context* ctx); /** Gets the peer identity. Returns an empty iterator (first _next will return NULL) if the peer is not authenticated. */ GRPCAPI grpc_auth_property_iterator -grpc_auth_context_peer_identity(const grpc_auth_context *ctx); +grpc_auth_context_peer_identity(const grpc_auth_context* ctx); /** Finds a property in the context. May return an empty iterator (first _next will return NULL) if no property with this name was found in the context. */ GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name( - const grpc_auth_context *ctx, const char *name); + const grpc_auth_context* ctx, const char* name); /** Gets the name of the property that indicates the peer identity. Will return NULL if the peer is not authenticated. */ -GRPCAPI const char *grpc_auth_context_peer_identity_property_name( - const grpc_auth_context *ctx); +GRPCAPI const char* grpc_auth_context_peer_identity_property_name( + const grpc_auth_context* ctx); /** Returns 1 if the peer is authenticated, 0 otherwise. */ GRPCAPI int grpc_auth_context_peer_is_authenticated( - const grpc_auth_context *ctx); + const grpc_auth_context* ctx); /** Gets the auth context from the call. Caller needs to call grpc_auth_context_release on the returned context. */ -GRPCAPI grpc_auth_context *grpc_call_auth_context(grpc_call *call); +GRPCAPI grpc_auth_context* grpc_call_auth_context(grpc_call* call); /** Releases the auth context returned from grpc_call_auth_context. */ -GRPCAPI void grpc_auth_context_release(grpc_auth_context *context); +GRPCAPI void grpc_auth_context_release(grpc_auth_context* context); /** -- The following auth context methods should only be called by a server metadata @@ -84,19 +84,19 @@ GRPCAPI void grpc_auth_context_release(grpc_auth_context *context); -- */ /** Add a property. */ -GRPCAPI void grpc_auth_context_add_property(grpc_auth_context *ctx, - const char *name, const char *value, +GRPCAPI void grpc_auth_context_add_property(grpc_auth_context* ctx, + const char* name, const char* value, size_t value_length); /** Add a C string property. */ -GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, - const char *name, - const char *value); +GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context* ctx, + const char* name, + const char* value); /** Sets the property name. Returns 1 if successful or 0 in case of failure (which means that no property with this name exists). */ GRPCAPI int grpc_auth_context_set_peer_identity_property_name( - grpc_auth_context *ctx, const char *name); + grpc_auth_context* ctx, const char* name); /** --- grpc_channel_credentials object. --- @@ -107,12 +107,12 @@ typedef struct grpc_channel_credentials grpc_channel_credentials; /** Releases a channel credentials object. The creator of the credentials object is responsible for its release. */ -GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds); +GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials* creds); /** Creates default credentials to connect to a google gRPC service. WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. */ -GRPCAPI grpc_channel_credentials *grpc_google_default_credentials_create(void); +GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create(void); /** Callback for getting the SSL roots override from the application. In case of success, *pem_roots_certs must be set to a NULL terminated string @@ -121,7 +121,7 @@ GRPCAPI grpc_channel_credentials *grpc_google_default_credentials_create(void); If this function fails and GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set to a valid path, it will override the roots specified this func */ typedef grpc_ssl_roots_override_result (*grpc_ssl_roots_override_callback)( - char **pem_root_certs); + char** pem_root_certs); /** Setup a callback to override the default TLS/SSL roots. This function is not thread-safe and must be called at initialization time @@ -135,11 +135,11 @@ GRPCAPI void grpc_set_ssl_roots_override_callback( typedef struct { /** private_key is the NULL-terminated string containing the PEM encoding of the client's private key. */ - const char *private_key; + const char* private_key; /** cert_chain is the NULL-terminated string containing the PEM encoding of the client's certificate chain. */ - const char *cert_chain; + const char* cert_chain; } grpc_ssl_pem_key_cert_pair; /** Creates an SSL credentials object. @@ -153,9 +153,9 @@ typedef struct { - pem_key_cert_pair is a pointer on the object containing client's private key and certificate chain. This parameter can be NULL if the client does not have such a key/cert pair. */ -GRPCAPI grpc_channel_credentials *grpc_ssl_credentials_create( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, - void *reserved); +GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create( + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, + void* reserved); /** --- grpc_call_credentials object. @@ -167,23 +167,23 @@ typedef struct grpc_call_credentials grpc_call_credentials; /** Releases a call credentials object. The creator of the credentials object is responsible for its release. */ -GRPCAPI void grpc_call_credentials_release(grpc_call_credentials *creds); +GRPCAPI void grpc_call_credentials_release(grpc_call_credentials* creds); /** Creates a composite channel credentials object. */ -GRPCAPI grpc_channel_credentials *grpc_composite_channel_credentials_create( - grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, - void *reserved); +GRPCAPI grpc_channel_credentials* grpc_composite_channel_credentials_create( + grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds, + void* reserved); /** Creates a composite call credentials object. */ -GRPCAPI grpc_call_credentials *grpc_composite_call_credentials_create( - grpc_call_credentials *creds1, grpc_call_credentials *creds2, - void *reserved); +GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create( + grpc_call_credentials* creds1, grpc_call_credentials* creds2, + void* reserved); /** Creates a compute engine credentials object for connecting to Google. WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. */ -GRPCAPI grpc_call_credentials *grpc_google_compute_engine_credentials_create( - void *reserved); +GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( + void* reserved); GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(); @@ -192,10 +192,10 @@ GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(); - token_lifetime is the lifetime of each Json Web Token (JWT) created with this credentials. It should not exceed grpc_max_auth_token_lifetime or will be cropped to this value. */ -GRPCAPI grpc_call_credentials * -grpc_service_account_jwt_access_credentials_create(const char *json_key, +GRPCAPI grpc_call_credentials* +grpc_service_account_jwt_access_credentials_create(const char* json_key, gpr_timespec token_lifetime, - void *reserved); + void* reserved); /** Creates an Oauth2 Refresh Token credentials object for connecting to Google. May return NULL if the input is invalid. @@ -203,18 +203,18 @@ grpc_service_account_jwt_access_credentials_create(const char *json_key, this could result in an oauth2 token leak. - json_refresh_token is the JSON string containing the refresh token itself along with a client_id and client_secret. */ -GRPCAPI grpc_call_credentials *grpc_google_refresh_token_credentials_create( - const char *json_refresh_token, void *reserved); +GRPCAPI grpc_call_credentials* grpc_google_refresh_token_credentials_create( + const char* json_refresh_token, void* reserved); /** Creates an Oauth2 Access Token credentials with an access token that was aquired by an out of band mechanism. */ -GRPCAPI grpc_call_credentials *grpc_access_token_credentials_create( - const char *access_token, void *reserved); +GRPCAPI grpc_call_credentials* grpc_access_token_credentials_create( + const char* access_token, void* reserved); /** Creates an IAM credentials object for connecting to Google. */ -GRPCAPI grpc_call_credentials *grpc_google_iam_credentials_create( - const char *authorization_token, const char *authority_selector, - void *reserved); +GRPCAPI grpc_call_credentials* grpc_google_iam_credentials_create( + const char* authorization_token, const char* authority_selector, + void* reserved); /** Callback function to be called by the metadata credentials plugin implementation when the metadata is ready. @@ -228,25 +228,25 @@ GRPCAPI grpc_call_credentials *grpc_google_iam_credentials_create( - error_details contains details about the error if any. In case of success it should be NULL and will be otherwise ignored. */ typedef void (*grpc_credentials_plugin_metadata_cb)( - void *user_data, const grpc_metadata *creds_md, size_t num_creds_md, - grpc_status_code status, const char *error_details); + void* user_data, const grpc_metadata* creds_md, size_t num_creds_md, + grpc_status_code status, const char* error_details); /** Context that can be used by metadata credentials plugin in order to create auth related metadata. */ typedef struct { /** The fully qualifed service url. */ - const char *service_url; + const char* service_url; /** The method name of the RPC being called (not fully qualified). The fully qualified method name can be built from the service_url: full_qualified_method_name = ctx->service_url + '/' + ctx->method_name. */ - const char *method_name; + const char* method_name; /** The auth_context of the channel which gives the server's identity. */ - const grpc_auth_context *channel_auth_context; + const grpc_auth_context* channel_auth_context; /** Reserved for future use. */ - void *reserved; + void* reserved; } grpc_auth_metadata_context; /** Maximum number of metadata entries returnable by a credentials plugin via @@ -278,32 +278,32 @@ typedef struct { \a context is the information that can be used by the plugin to create auth metadata. */ int (*get_metadata)( - void *state, grpc_auth_metadata_context context, - grpc_credentials_plugin_metadata_cb cb, void *user_data, + void* state, grpc_auth_metadata_context context, + grpc_credentials_plugin_metadata_cb cb, void* user_data, grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX], - size_t *num_creds_md, grpc_status_code *status, - const char **error_details); + size_t* num_creds_md, grpc_status_code* status, + const char** error_details); /** Destroys the plugin state. */ - void (*destroy)(void *state); + void (*destroy)(void* state); /** State that will be set as the first parameter of the methods above. */ - void *state; + void* state; /** Type of credentials that this plugin is implementing. */ - const char *type; + const char* type; } grpc_metadata_credentials_plugin; /** Creates a credentials object from a plugin. */ -GRPCAPI grpc_call_credentials *grpc_metadata_credentials_create_from_plugin( - grpc_metadata_credentials_plugin plugin, void *reserved); +GRPCAPI grpc_call_credentials* grpc_metadata_credentials_create_from_plugin( + grpc_metadata_credentials_plugin plugin, void* reserved); /** --- Secure channel creation. --- */ /** Creates a secure channel using the passed-in credentials. */ -GRPCAPI grpc_channel *grpc_secure_channel_create( - grpc_channel_credentials *creds, const char *target, - const grpc_channel_args *args, void *reserved); +GRPCAPI grpc_channel* grpc_secure_channel_create( + grpc_channel_credentials* creds, const char* target, + const grpc_channel_args* args, void* reserved); /** --- grpc_server_credentials object. --- @@ -314,7 +314,7 @@ typedef struct grpc_server_credentials grpc_server_credentials; /** Releases a server_credentials object. The creator of the server_credentials object is responsible for its release. */ -GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds); +GRPCAPI void grpc_server_credentials_release(grpc_server_credentials* creds); /** Server certificate config object holds the server's public certificates and associated private keys, as well as any CA certificates needed for client @@ -333,15 +333,15 @@ typedef struct grpc_ssl_server_certificate_config and cert_chain_files parameters. It must be at least 1. - It is the caller's responsibility to free this object via grpc_ssl_server_certificate_config_destroy(). */ -GRPCAPI grpc_ssl_server_certificate_config * +GRPCAPI grpc_ssl_server_certificate_config* grpc_ssl_server_certificate_config_create( - const char *pem_root_certs, - const grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, + const char* pem_root_certs, + const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs); /** Destroys a grpc_ssl_server_certificate_config object. */ GRPCAPI void grpc_ssl_server_certificate_config_destroy( - grpc_ssl_server_certificate_config *config); + grpc_ssl_server_certificate_config* config); /** Callback to retrieve updated SSL server certificates, private keys, and trusted CAs (for client authentication). @@ -351,7 +351,7 @@ GRPCAPI void grpc_ssl_server_certificate_config_destroy( - The caller assumes ownership of the config. */ typedef grpc_ssl_certificate_config_reload_status ( *grpc_ssl_server_certificate_config_callback)( - void *user_data, grpc_ssl_server_certificate_config **config); + void* user_data, grpc_ssl_server_certificate_config** config); /** Deprecated in favor of grpc_ssl_server_credentials_create_ex. Creates an SSL server_credentials object. @@ -365,19 +365,19 @@ typedef grpc_ssl_certificate_config_reload_status ( - force_client_auth, if set to non-zero will force the client to authenticate with an SSL cert. Note that this option is ignored if pem_root_certs is NULL. */ -GRPCAPI grpc_server_credentials *grpc_ssl_server_credentials_create( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, - size_t num_key_cert_pairs, int force_client_auth, void *reserved); +GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create( + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, + size_t num_key_cert_pairs, int force_client_auth, void* reserved); /** Deprecated in favor of grpc_ssl_server_credentials_create_with_options. Same as grpc_ssl_server_credentials_create method except uses grpc_ssl_client_certificate_request_type enum to support more ways to authenticate client cerificates.*/ -GRPCAPI grpc_server_credentials *grpc_ssl_server_credentials_create_ex( - const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, +GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create_ex( + const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, - void *reserved); + void* reserved); typedef struct grpc_ssl_server_credentials_options grpc_ssl_server_credentials_options; @@ -386,10 +386,10 @@ typedef struct grpc_ssl_server_credentials_options the certificates and keys of the SSL server will not change during the server's lifetime. - Takes ownership of the certificate_config parameter. */ -GRPCAPI grpc_ssl_server_credentials_options * +GRPCAPI grpc_ssl_server_credentials_options* grpc_ssl_server_credentials_create_options_using_config( grpc_ssl_client_certificate_request_type client_certificate_request, - grpc_ssl_server_certificate_config *certificate_config); + grpc_ssl_server_certificate_config* certificate_config); /** Creates an options object using a certificate config fetcher. Use this method to reload the certificates and keys of the SSL server without @@ -398,36 +398,36 @@ grpc_ssl_server_credentials_create_options_using_config( - user_data parameter, if not NULL, contains opaque data which will be passed to the fetcher (see definition of grpc_ssl_server_certificate_config_callback). */ -GRPCAPI grpc_ssl_server_credentials_options * +GRPCAPI grpc_ssl_server_credentials_options* grpc_ssl_server_credentials_create_options_using_config_fetcher( grpc_ssl_client_certificate_request_type client_certificate_request, - grpc_ssl_server_certificate_config_callback cb, void *user_data); + grpc_ssl_server_certificate_config_callback cb, void* user_data); /** Destroys a grpc_ssl_server_credentials_options object. */ GRPCAPI void grpc_ssl_server_credentials_options_destroy( - grpc_ssl_server_credentials_options *options); + grpc_ssl_server_credentials_options* options); /** Creates an SSL server_credentials object using the provided options struct. - Takes ownership of the options parameter. */ -GRPCAPI grpc_server_credentials * +GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create_with_options( - grpc_ssl_server_credentials_options *options); + grpc_ssl_server_credentials_options* options); /** --- Server-side secure ports. --- */ /** Add a HTTP2 over an encrypted link over tcp listener. Returns bound port number on success, 0 on failure. REQUIRES: server not started */ -GRPCAPI int grpc_server_add_secure_http2_port(grpc_server *server, - const char *addr, - grpc_server_credentials *creds); +GRPCAPI int grpc_server_add_secure_http2_port(grpc_server* server, + const char* addr, + grpc_server_credentials* creds); /** --- Call specific credentials. --- */ /** Sets a credentials to a call. Can only be called on the client side before grpc_call_start_batch. */ -GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, - grpc_call_credentials *creds); +GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call* call, + grpc_call_credentials* creds); /** --- Auth Metadata Processing --- */ @@ -441,9 +441,9 @@ GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call *call, GRPC_STATUS PERMISSION_DENIED in case of an authorization failure. - error_details gives details about the error. May be NULL. */ typedef void (*grpc_process_auth_metadata_done_cb)( - void *user_data, const grpc_metadata *consumed_md, size_t num_consumed_md, - const grpc_metadata *response_md, size_t num_response_md, - grpc_status_code status, const char *error_details); + void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md, + const grpc_metadata* response_md, size_t num_response_md, + grpc_status_code status, const char* error_details); /** Pluggable server-side metadata processor object. */ typedef struct { @@ -451,15 +451,15 @@ typedef struct { channel peer and it is the job of the process function to augment it with properties derived from the passed-in metadata. The lifetime of these objects is guaranteed until cb is invoked. */ - void (*process)(void *state, grpc_auth_context *context, - const grpc_metadata *md, size_t num_md, - grpc_process_auth_metadata_done_cb cb, void *user_data); - void (*destroy)(void *state); - void *state; + void (*process)(void* state, grpc_auth_context* context, + const grpc_metadata* md, size_t num_md, + grpc_process_auth_metadata_done_cb cb, void* user_data); + void (*destroy)(void* state); + void* state; } grpc_auth_metadata_processor; GRPCAPI void grpc_server_credentials_set_auth_metadata_processor( - grpc_server_credentials *creds, grpc_auth_metadata_processor processor); + grpc_server_credentials* creds, grpc_auth_metadata_processor processor); #ifdef __cplusplus } |