diff options
Diffstat (limited to 'src/core/security/credentials.h')
-rw-r--r-- | src/core/security/credentials.h | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h new file mode 100644 index 0000000000..1432611ec6 --- /dev/null +++ b/src/core/security/credentials.h @@ -0,0 +1,125 @@ +/* + * + * Copyright 2014, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef __GRPC_INTERNAL_SECURITY_CREDENTIALS_H__ +#define __GRPC_INTERNAL_SECURITY_CREDENTIALS_H__ + +#include "src/core/transport/stream_op.h" +#include <grpc/grpc.h> +#include <grpc/grpc_security.h> +#include <grpc/support/sync.h> + +struct grpc_httpcli_response; + +/* --- Constants. --- */ + +typedef enum { + GRPC_CREDENTIALS_OK = 0, + GRPC_CREDENTIALS_ERROR +} grpc_credentials_status; + +#define GRPC_CREDENTIALS_TYPE_SSL "Ssl" +#define GRPC_CREDENTIALS_TYPE_OAUTH2 "Oauth2" +#define GRPC_CREDENTIALS_TYPE_COMPOSITE "Composite" +#define GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY "FakeTransportSecurity" + +/* --- grpc_credentials. --- */ + +typedef void (*grpc_credentials_metadata_cb)(void *user_data, + grpc_mdelem **md_elems, + size_t num_md, + grpc_credentials_status status); + +typedef struct { + void (*destroy)(grpc_credentials *c); + int (*has_request_metadata)(const grpc_credentials *c); + int (*has_request_metadata_only)(const grpc_credentials *c); + void (*get_request_metadata)(grpc_credentials *c, + grpc_credentials_metadata_cb cb, + void *user_data); +} grpc_credentials_vtable; + +struct grpc_credentials { + const grpc_credentials_vtable *vtable; + const char *type; + gpr_refcount refcount; +}; + +grpc_credentials *grpc_credentials_ref(grpc_credentials *creds); +void grpc_credentials_unref(grpc_credentials *creds); +int grpc_credentials_has_request_metadata(grpc_credentials *creds); +int grpc_credentials_has_request_metadata_only(grpc_credentials *creds); +void grpc_credentials_get_request_metadata(grpc_credentials *creds, + grpc_credentials_metadata_cb cb, + void *user_data); +typedef struct { + unsigned char *pem_private_key; + size_t pem_private_key_size; + unsigned char *pem_cert_chain; + size_t pem_cert_chain_size; + unsigned char *pem_root_certs; + size_t pem_root_certs_size; +} grpc_ssl_config; + +const grpc_ssl_config *grpc_ssl_credentials_get_config( + const grpc_credentials *ssl_creds); + +/* Exposed for testing only. */ +grpc_credentials_status grpc_compute_engine_credentials_parse_server_response( + const struct grpc_httpcli_response *response, grpc_mdctx *ctx, + grpc_mdelem **token_elem, gpr_timespec *token_lifetime); + +/* Simulates an oauth2 token fetch with the specified value for testing. */ +grpc_credentials *grpc_fake_oauth2_credentials_create( + const char *token_md_value, int is_async); + + +/* --- grpc_server_credentials. --- */ + +typedef struct { + void (*destroy)(grpc_server_credentials *c); +} grpc_server_credentials_vtable; + +struct grpc_server_credentials { + const grpc_server_credentials_vtable *vtable; + const char *type; +}; + +/* TODO(jboeuf): Have an ssl_server_config that can contain multiple key/cert + pairs. */ + +const grpc_ssl_config *grpc_ssl_server_credentials_get_config( + const grpc_server_credentials *ssl_creds); + + +#endif /* __GRPC_INTERNAL_SECURITY_CREDENTIALS_H__ */ |