1 files changed, 67 insertions, 8 deletions
diff --git a/src/csharp/Grpc.Core/Credentials.cs b/src/csharp/Grpc.Core/Credentials.cs
index e64c1e3dc1..4fcac0c4c0 100644
--- a/src/csharp/Grpc.Core/Credentials.cs
+++ b/src/csharp/Grpc.Core/Credentials.cs
@@ -41,39 +41,98 @@ namespace Grpc.Core
     /// </summary>
     public abstract class Credentials
     {
+        static readonly Credentials InsecureInstance = new InsecureCredentialsImpl();
+
+        /// <summary>
+        /// Returns instance of credential that provides no security and 
+        /// will result in creating an unsecure channel with no encryption whatsoever.
+        /// </summary>
+        public static Credentials Insecure
+        {
+            get
+            {
+                return InsecureInstance;
+            }
+        }
+
         /// <summary>
-        /// Creates native object for the credentials.
+        /// Creates native object for the credentials. May return null if insecure channel
+        /// should be created.
         /// </summary>
         /// <returns>The native credentials.</returns>
         internal abstract CredentialsSafeHandle ToNativeCredentials();
+
+        private sealed class InsecureCredentialsImpl : Credentials
+        {
+            internal override CredentialsSafeHandle ToNativeCredentials()
+            {
+                return null;
+            }
+        }
     }
 
     /// <summary>
     /// Client-side SSL credentials.
     /// </summary>
-    public class SslCredentials : Credentials
+    public sealed class SslCredentials : Credentials
     {
-        string pemRootCerts;
+        readonly string rootCertificates;
+        readonly KeyCertificatePair keyCertificatePair;
 
-        public SslCredentials(string pemRootCerts)
+        /// <summary>
+        /// Creates client-side SSL credentials loaded from
+        /// disk file pointed to by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable.
+        /// If that fails, gets the roots certificates from a well known place on disk.
+        /// </summary>
+        public SslCredentials() : this(null, null)
         {
-            this.pemRootCerts = pemRootCerts;
+        }
+
+        /// <summary>
+        /// Creates client-side SSL credentials from
+        /// a string containing PEM encoded root certificates.
+        /// </summary>
+        public SslCredentials(string rootCertificates) : this(rootCertificates, null)
+        {
+        }
+            
+        /// <summary>
+        /// Creates client-side SSL credentials.
+        /// </summary>
+        /// <param name="rootCertificates">string containing PEM encoded server root certificates.</param>
+        /// <param name="keyCertificatePair">a key certificate pair.</param>
+        public SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair)
+        {
+            this.rootCertificates = rootCertificates;
+            this.keyCertificatePair = keyCertificatePair;
         }
 
         /// <summary>
         /// PEM encoding of the server root certificates.
         /// </summary>
-        public string RootCerts
+        public string RootCertificates
+        {
+            get
+            {
+                return this.rootCertificates;
+            }
+        }
+
+        /// <summary>
+        /// Client side key and certificate pair.
+        /// If null, client will not use key and certificate pair.
+        /// </summary>
+        public KeyCertificatePair KeyCertificatePair
         {
             get
             {
-                return this.pemRootCerts;
+                return this.keyCertificatePair;
             }
         }
 
         internal override CredentialsSafeHandle ToNativeCredentials()
         {
-            return CredentialsSafeHandle.CreateSslCredentials(pemRootCerts);
+            return CredentialsSafeHandle.CreateSslCredentials(rootCertificates, keyCertificatePair);
         }
     }
 }