|
|
|
//
|
|
|
|
//
|
|
|
|
// Copyright 2019 gRPC authors.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
//
|
|
|
|
//
|
|
|
|
|
|
|
|
#ifndef GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
|
|
|
|
#define GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
|
|
|
|
|
|
|
|
#include <memory>
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
#include <grpc/grpc_security.h>
|
|
|
|
#include <grpc/grpc_security_constants.h>
|
|
|
|
#include <grpc/status.h>
|
|
|
|
#include <grpc/support/log.h>
|
|
|
|
#include <grpcpp/security/tls_certificate_provider.h>
|
|
|
|
#include <grpcpp/security/tls_certificate_verifier.h>
|
|
|
|
#include <grpcpp/security/tls_crl_provider.h>
|
|
|
|
#include <grpcpp/support/config.h>
|
|
|
|
|
|
|
|
namespace grpc {
|
|
|
|
namespace experimental {
|
|
|
|
|
|
|
|
// Base class of configurable options specified by users to configure their
|
|
|
|
// certain security features supported in TLS. It is used for experimental
|
|
|
|
// purposes for now and it is subject to change.
|
|
|
|
class TlsCredentialsOptions {
|
|
|
|
public:
|
|
|
|
// Constructor for base class TlsCredentialsOptions.
|
|
|
|
//
|
|
|
|
// @param certificate_provider the provider which fetches TLS credentials that
|
|
|
|
// will be used in the TLS handshake
|
|
|
|
TlsCredentialsOptions();
|
|
|
|
~TlsCredentialsOptions();
|
|
|
|
// ---- Setters for member fields ----
|
|
|
|
// Sets the certificate provider used to store root certs and identity certs.
|
|
|
|
void set_certificate_provider(
|
|
|
|
std::shared_ptr<CertificateProviderInterface> certificate_provider);
|
|
|
|
// Watches the updates of root certificates with name |root_cert_name|.
|
|
|
|
// If used in TLS credentials, setting this field is optional for both the
|
|
|
|
// client side and the server side.
|
|
|
|
// If this is not set on the client side, we will use the root certificates
|
|
|
|
// stored in the default system location, since client side must provide root
|
|
|
|
// certificates in TLS(no matter single-side TLS or mutual TLS).
|
|
|
|
// If this is not set on the server side, we will not watch any root
|
|
|
|
// certificate updates, and assume no root certificates needed for the server
|
|
|
|
// (in the one-side TLS scenario, the server is not required to provide root
|
|
|
|
// certs). We don't support default root certs on server side.
|
|
|
|
void watch_root_certs();
|
|
|
|
// Sets the name of root certificates being watched, if |watch_root_certs| is
|
|
|
|
// called. If not set, an empty string will be used as the name.
|
|
|
|
//
|
|
|
|
// @param root_cert_name the name of root certs being set.
|
|
|
|
void set_root_cert_name(const std::string& root_cert_name);
|
|
|
|
// Watches the updates of identity key-cert pairs with name
|
|
|
|
// |identity_cert_name|. If used in TLS credentials, it is required to be set
|
|
|
|
// on the server side, and optional for the client side(in the one-side
|
|
|
|
// TLS scenario, the client is not required to provide identity certs).
|
|
|
|
void watch_identity_key_cert_pairs();
|
|
|
|
// Sets the name of identity key-cert pairs being watched, if
|
|
|
|
// |watch_identity_key_cert_pairs| is called. If not set, an empty string will
|
|
|
|
// be used as the name.
|
|
|
|
//
|
|
|
|
// @param identity_cert_name the name of identity key-cert pairs being set.
|
|
|
|
void set_identity_cert_name(const std::string& identity_cert_name);
|
|
|
|
// Sets the Tls session key logging configuration. If not set, tls
|
|
|
|
// session key logging is disabled. Note that this should be used only for
|
|
|
|
// debugging purposes. It should never be used in a production environment
|
|
|
|
// due to security concerns.
|
|
|
|
//
|
|
|
|
// @param tls_session_key_log_file_path: Path where tls session keys would
|
|
|
|
// be logged.
|
|
|
|
void set_tls_session_key_log_file_path(
|
|
|
|
const std::string& tls_session_key_log_file_path);
|
|
|
|
// Sets the certificate verifier used to perform post-handshake peer identity
|
|
|
|
// checks.
|
|
|
|
void set_certificate_verifier(
|
|
|
|
std::shared_ptr<CertificateVerifier> certificate_verifier);
|
|
|
|
// Sets the options of whether to check the hostname of the peer on a per-call
|
|
|
|
// basis. This is usually used in a combination with virtual hosting at the
|
|
|
|
// client side, where each individual call on a channel can have a different
|
|
|
|
// host associated with it.
|
|
|
|
// This check is intended to verify that the host specified for the individual
|
|
|
|
// call is covered by the cert that the peer presented.
|
|
|
|
// We will perform such checks by default. This should be disabled if
|
|
|
|
// verifiers other than the host name verifier is used.
|
|
|
|
void set_check_call_host(bool check_call_host);
|
|
|
|
|
|
|
|
// Deprecated in favor of set_crl_provider. The
|
|
|
|
// crl provider interface provides a significantly more flexible approach to
|
|
|
|
// using CRLs. See gRFC A69 for details.
|
|
|
|
// If set, gRPC will read all hashed x.509 CRL files in the directory and
|
|
|
|
// enforce the CRL files on all TLS handshakes. Only supported for OpenSSL
|
|
|
|
// version > 1.1.
|
|
|
|
void set_crl_directory(const std::string& path);
|
|
|
|
|
|
|
|
void set_crl_provider(std::shared_ptr<CrlProvider> crl_provider);
|
|
|
|
|
|
|
|
// ----- Getters for member fields ----
|
|
|
|
// Returns a deep copy of the internal c options. The caller takes ownership
|
|
|
|
// of the returned pointer. This function shall be used only internally.
|
|
|
|
grpc_tls_credentials_options* c_credentials_options() const;
|
|
|
|
|
|
|
|
protected:
|
|
|
|
// Returns the internal c options. The caller does not take ownership of the
|
|
|
|
// returned pointer.
|
|
|
|
grpc_tls_credentials_options* mutable_c_credentials_options() {
|
|
|
|
return c_credentials_options_;
|
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
std::shared_ptr<CertificateProviderInterface> certificate_provider_;
|
|
|
|
std::shared_ptr<CertificateVerifier> certificate_verifier_;
|
|
|
|
grpc_tls_credentials_options* c_credentials_options_ = nullptr;
|
|
|
|
};
|
|
|
|
|
|
|
|
// Contains configurable options on the client side.
|
|
|
|
// Client side doesn't need to always use certificate provider. When the
|
|
|
|
// certificate provider is not set, we will use the root certificates stored
|
|
|
|
// in the system default locations, and assume client won't provide any
|
|
|
|
// identity certificates(single side TLS).
|
|
|
|
// It is used for experimental purposes for now and it is subject to change.
|
|
|
|
class TlsChannelCredentialsOptions final : public TlsCredentialsOptions {
|
|
|
|
public:
|
|
|
|
// Sets the decision of whether to do a crypto check on the server certs.
|
|
|
|
// The default is true.
|
|
|
|
void set_verify_server_certs(bool verify_server_certs);
|
|
|
|
|
|
|
|
private:
|
|
|
|
};
|
|
|
|
|
|
|
|
// Contains configurable options on the server side.
|
|
|
|
// It is used for experimental purposes for now and it is subject to change.
|
|
|
|
class TlsServerCredentialsOptions final : public TlsCredentialsOptions {
|
|
|
|
public:
|
|
|
|
// Server side is required to use a provider, because server always needs to
|
|
|
|
// use identity certs.
|
|
|
|
explicit TlsServerCredentialsOptions(
|
|
|
|
std::shared_ptr<CertificateProviderInterface> certificate_provider)
|
|
|
|
: TlsCredentialsOptions() {
|
|
|
|
set_certificate_provider(certificate_provider);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Sets option to request the certificates from the client.
|
|
|
|
// The default is GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE.
|
|
|
|
void set_cert_request_type(
|
|
|
|
grpc_ssl_client_certificate_request_type cert_request_type);
|
|
|
|
|
|
|
|
// Sets whether or not a TLS server should send a list of CA names in the
|
|
|
|
// ServerHello. This list of CA names is read from the server's trust bundle,
|
|
|
|
// so that the client can use this list as a hint to know which certificate it
|
|
|
|
// should send to the server.
|
|
|
|
//
|
|
|
|
// By default, this option is turned off.
|
|
|
|
//
|
|
|
|
// WARNING: This API is extremely dangerous and should not be used. If the
|
|
|
|
// server's trust bundle is too large, then the TLS server will be unable to
|
|
|
|
// form a ServerHello, and hence will be unusable.
|
|
|
|
void set_send_client_ca_list(bool send_client_ca_list);
|
|
|
|
|
|
|
|
private:
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace experimental
|
|
|
|
} // namespace grpc
|
|
|
|
|
|
|
|
#endif // GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
|