diff options
Diffstat (limited to 'include/grpc/grpc_security.h')
| -rw-r--r-- | include/grpc/grpc_security.h | 92 |
1 files changed, 49 insertions, 43 deletions
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 655f45a29b..b50c58ce1e 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -1,6 +1,6 @@ /* * - * Copyright 2015, Google Inc. + * Copyright 2015-2016, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -65,37 +65,39 @@ typedef struct grpc_auth_property { } grpc_auth_property; /* Returns NULL when the iterator is at the end. */ -const grpc_auth_property *grpc_auth_property_iterator_next( +GRPC_API const grpc_auth_property *grpc_auth_property_iterator_next( grpc_auth_property_iterator *it); /* Iterates over the auth context. */ -grpc_auth_property_iterator grpc_auth_context_property_iterator( - const grpc_auth_context *ctx); +GRPC_API grpc_auth_property_iterator +grpc_auth_context_property_iterator(const grpc_auth_context *ctx); /* Gets the peer identity. Returns an empty iterator (first _next will return NULL) if the peer is not authenticated. */ -grpc_auth_property_iterator grpc_auth_context_peer_identity( - const grpc_auth_context *ctx); +GRPC_API grpc_auth_property_iterator +grpc_auth_context_peer_identity(const grpc_auth_context *ctx); /* Finds a property in the context. May return an empty iterator (first _next will return NULL) if no property with this name was found in the context. */ -grpc_auth_property_iterator grpc_auth_context_find_properties_by_name( - const grpc_auth_context *ctx, const char *name); +GRPC_API grpc_auth_property_iterator +grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, + const char *name); /* Gets the name of the property that indicates the peer identity. Will return NULL if the peer is not authenticated. */ -const char *grpc_auth_context_peer_identity_property_name( +GRPC_API const char *grpc_auth_context_peer_identity_property_name( const grpc_auth_context *ctx); /* Returns 1 if the peer is authenticated, 0 otherwise. */ -int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx); +GRPC_API int grpc_auth_context_peer_is_authenticated( + const grpc_auth_context *ctx); /* Gets the auth context from the call. Caller needs to call grpc_auth_context_release on the returned context. */ -grpc_auth_context *grpc_call_auth_context(grpc_call *call); +GRPC_API grpc_auth_context *grpc_call_auth_context(grpc_call *call); /* Releases the auth context returned from grpc_call_auth_context. */ -void grpc_auth_context_release(grpc_auth_context *context); +GRPC_API void grpc_auth_context_release(grpc_auth_context *context); /* -- The following auth context methods should only be called by a server metadata @@ -103,18 +105,20 @@ void grpc_auth_context_release(grpc_auth_context *context); -- */ /* Add a property. */ -void grpc_auth_context_add_property(grpc_auth_context *ctx, const char *name, - const char *value, size_t value_length); +GRPC_API void grpc_auth_context_add_property(grpc_auth_context *ctx, + const char *name, + const char *value, + size_t value_length); /* Add a C string property. */ -void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, - const char *name, - const char *value); +GRPC_API void grpc_auth_context_add_cstring_property(grpc_auth_context *ctx, + const char *name, + const char *value); /* Sets the property name. Returns 1 if successful or 0 in case of failure (which means that no property with this name exists). */ -int grpc_auth_context_set_peer_identity_property_name(grpc_auth_context *ctx, - const char *name); +GRPC_API int grpc_auth_context_set_peer_identity_property_name( + grpc_auth_context *ctx, const char *name); /* --- grpc_channel_credentials object. --- @@ -125,7 +129,7 @@ typedef struct grpc_channel_credentials grpc_channel_credentials; /* Releases a channel credentials object. The creator of the credentials object is responsible for its release. */ -void grpc_channel_credentials_release(grpc_channel_credentials *creds); +GRPC_API void grpc_channel_credentials_release(grpc_channel_credentials *creds); /* Environment variable that points to the google default application credentials json key or refresh token. Used in the @@ -135,7 +139,7 @@ void grpc_channel_credentials_release(grpc_channel_credentials *creds); /* Creates default credentials to connect to a google gRPC service. WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. */ -grpc_channel_credentials *grpc_google_default_credentials_create(void); +GRPC_API grpc_channel_credentials *grpc_google_default_credentials_create(void); /* Environment variable that points to the default SSL roots file. This file must be a PEM encoded file with all the roots such as the one that can be @@ -164,7 +168,7 @@ typedef struct { - pem_key_cert_pair is a pointer on the object containing client's private key and certificate chain. This parameter can be NULL if the client does not have such a key/cert pair. */ -grpc_channel_credentials *grpc_ssl_credentials_create( +GRPC_API grpc_channel_credentials *grpc_ssl_credentials_create( const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, void *reserved); @@ -178,22 +182,22 @@ typedef struct grpc_call_credentials grpc_call_credentials; /* Releases a call credentials object. The creator of the credentials object is responsible for its release. */ -void grpc_call_credentials_release(grpc_call_credentials *creds); +GRPC_API void grpc_call_credentials_release(grpc_call_credentials *creds); /* Creates a composite channel credentials object. */ -grpc_channel_credentials *grpc_composite_channel_credentials_create( +GRPC_API grpc_channel_credentials *grpc_composite_channel_credentials_create( grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, void *reserved); /* Creates a composite call credentials object. */ -grpc_call_credentials *grpc_composite_call_credentials_create( +GRPC_API grpc_call_credentials *grpc_composite_call_credentials_create( grpc_call_credentials *creds1, grpc_call_credentials *creds2, void *reserved); /* Creates a compute engine credentials object for connecting to Google. WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. */ -grpc_call_credentials *grpc_google_compute_engine_credentials_create( +GRPC_API grpc_call_credentials *grpc_google_compute_engine_credentials_create( void *reserved); extern const gpr_timespec grpc_max_auth_token_lifetime; @@ -203,8 +207,10 @@ extern const gpr_timespec grpc_max_auth_token_lifetime; - token_lifetime is the lifetime of each Json Web Token (JWT) created with this credentials. It should not exceed grpc_max_auth_token_lifetime or will be cropped to this value. */ -grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( - const char *json_key, gpr_timespec token_lifetime, void *reserved); +GRPC_API grpc_call_credentials * +grpc_service_account_jwt_access_credentials_create(const char *json_key, + gpr_timespec token_lifetime, + void *reserved); /* Creates an Oauth2 Refresh Token credentials object for connecting to Google. May return NULL if the input is invalid. @@ -212,16 +218,16 @@ grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( this could result in an oauth2 token leak. - json_refresh_token is the JSON string containing the refresh token itself along with a client_id and client_secret. */ -grpc_call_credentials *grpc_google_refresh_token_credentials_create( +GRPC_API grpc_call_credentials *grpc_google_refresh_token_credentials_create( const char *json_refresh_token, void *reserved); /* Creates an Oauth2 Access Token credentials with an access token that was aquired by an out of band mechanism. */ -grpc_call_credentials *grpc_access_token_credentials_create( +GRPC_API grpc_call_credentials *grpc_access_token_credentials_create( const char *access_token, void *reserved); /* Creates an IAM credentials object for connecting to Google. */ -grpc_call_credentials *grpc_google_iam_credentials_create( +GRPC_API grpc_call_credentials *grpc_google_iam_credentials_create( const char *authorization_token, const char *authority_selector, void *reserved); @@ -283,16 +289,15 @@ typedef struct { } grpc_metadata_credentials_plugin; /* Creates a credentials object from a plugin. */ -grpc_call_credentials *grpc_metadata_credentials_create_from_plugin( +GRPC_API grpc_call_credentials *grpc_metadata_credentials_create_from_plugin( grpc_metadata_credentials_plugin plugin, void *reserved); /* --- Secure channel creation. --- */ /* Creates a secure channel using the passed-in credentials. */ -grpc_channel *grpc_secure_channel_create(grpc_channel_credentials *creds, - const char *target, - const grpc_channel_args *args, - void *reserved); +GRPC_API grpc_channel *grpc_secure_channel_create( + grpc_channel_credentials *creds, const char *target, + const grpc_channel_args *args, void *reserved); /* --- grpc_server_credentials object. --- @@ -303,7 +308,7 @@ typedef struct grpc_server_credentials grpc_server_credentials; /* Releases a server_credentials object. The creator of the server_credentials object is responsible for its release. */ -void grpc_server_credentials_release(grpc_server_credentials *creds); +GRPC_API void grpc_server_credentials_release(grpc_server_credentials *creds); /* Creates an SSL server_credentials object. - pem_roots_cert is the NULL-terminated string containing the PEM encoding of @@ -316,7 +321,7 @@ void grpc_server_credentials_release(grpc_server_credentials *creds); - force_client_auth, if set to non-zero will force the client to authenticate with an SSL cert. Note that this option is ignored if pem_root_certs is NULL. */ -grpc_server_credentials *grpc_ssl_server_credentials_create( +GRPC_API grpc_server_credentials *grpc_ssl_server_credentials_create( const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved); @@ -325,15 +330,16 @@ grpc_server_credentials *grpc_ssl_server_credentials_create( /* Add a HTTP2 over an encrypted link over tcp listener. Returns bound port number on success, 0 on failure. REQUIRES: server not started */ -int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr, - grpc_server_credentials *creds); +GRPC_API int grpc_server_add_secure_http2_port(grpc_server *server, + const char *addr, + grpc_server_credentials *creds); /* --- Call specific credentials. --- */ /* Sets a credentials to a call. Can only be called on the client side before grpc_call_start_batch. */ -grpc_call_error grpc_call_set_credentials(grpc_call *call, - grpc_call_credentials *creds); +GRPC_API grpc_call_error +grpc_call_set_credentials(grpc_call *call, grpc_call_credentials *creds); /* --- Auth Metadata Processing --- */ @@ -364,7 +370,7 @@ typedef struct { void *state; } grpc_auth_metadata_processor; -void grpc_server_credentials_set_auth_metadata_processor( +GRPC_API void grpc_server_credentials_set_auth_metadata_processor( grpc_server_credentials *creds, grpc_auth_metadata_processor processor); #ifdef __cplusplus |