mirror of https://github.com/grpc/grpc.git
The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)
https://grpc.io/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
110 lines
3.4 KiB
110 lines
3.4 KiB
/* |
|
* |
|
* Copyright 2015 gRPC authors. |
|
* |
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
* you may not use this file except in compliance with the License. |
|
* You may obtain a copy of the License at |
|
* |
|
* http://www.apache.org/licenses/LICENSE-2.0 |
|
* |
|
* Unless required by applicable law or agreed to in writing, software |
|
* distributed under the License is distributed on an "AS IS" BASIS, |
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
* See the License for the specific language governing permissions and |
|
* limitations under the License. |
|
* |
|
*/ |
|
|
|
#ifndef GRPCPP_SECURITY_SERVER_CREDENTIALS_IMPL_H |
|
#define GRPCPP_SECURITY_SERVER_CREDENTIALS_IMPL_H |
|
|
|
#include <memory> |
|
#include <vector> |
|
|
|
#include <grpc/grpc_security_constants.h> |
|
#include <grpcpp/security/auth_metadata_processor.h> |
|
#include <grpcpp/support/config.h> |
|
|
|
struct grpc_server; |
|
|
|
namespace grpc { |
|
|
|
class Server; |
|
} // namespace grpc |
|
namespace grpc_impl { |
|
|
|
/// Wrapper around \a grpc_server_credentials, a way to authenticate a server. |
|
class ServerCredentials { |
|
public: |
|
virtual ~ServerCredentials(); |
|
|
|
/// This method is not thread-safe and has to be called before the server is |
|
/// started. The last call to this function wins. |
|
virtual void SetAuthMetadataProcessor( |
|
const std::shared_ptr<grpc::AuthMetadataProcessor>& processor) = 0; |
|
|
|
private: |
|
friend class ::grpc::Server; |
|
|
|
/// Tries to bind \a server to the given \a addr (eg, localhost:1234, |
|
/// 192.168.1.1:31416, [::1]:27182, etc.) |
|
/// |
|
/// \return bound port number on sucess, 0 on failure. |
|
// TODO(dgq): the "port" part seems to be a misnomer. |
|
virtual int AddPortToServer(const grpc::string& addr, |
|
grpc_server* server) = 0; |
|
}; |
|
|
|
/// Options to create ServerCredentials with SSL |
|
struct SslServerCredentialsOptions { |
|
/// \warning Deprecated |
|
SslServerCredentialsOptions() |
|
: force_client_auth(false), |
|
client_certificate_request(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE) {} |
|
SslServerCredentialsOptions( |
|
grpc_ssl_client_certificate_request_type request_type) |
|
: force_client_auth(false), client_certificate_request(request_type) {} |
|
|
|
struct PemKeyCertPair { |
|
grpc::string private_key; |
|
grpc::string cert_chain; |
|
}; |
|
grpc::string pem_root_certs; |
|
std::vector<PemKeyCertPair> pem_key_cert_pairs; |
|
/// \warning Deprecated |
|
bool force_client_auth; |
|
|
|
/// If both \a force_client_auth and \a client_certificate_request |
|
/// fields are set, \a force_client_auth takes effect, i.e. |
|
/// \a REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY |
|
/// will be enforced. |
|
grpc_ssl_client_certificate_request_type client_certificate_request; |
|
}; |
|
|
|
/// Builds SSL ServerCredentials given SSL specific options |
|
std::shared_ptr<ServerCredentials> SslServerCredentials( |
|
const SslServerCredentialsOptions& options); |
|
|
|
/// Builds insecure server credentials. |
|
std::shared_ptr<ServerCredentials> InsecureServerCredentials(); |
|
|
|
namespace experimental { |
|
|
|
/// Options to create ServerCredentials with ALTS |
|
struct AltsServerCredentialsOptions { |
|
/// Add fields if needed. |
|
}; |
|
|
|
/// Builds ALTS ServerCredentials given ALTS specific options |
|
std::shared_ptr<ServerCredentials> AltsServerCredentials( |
|
const AltsServerCredentialsOptions& options); |
|
|
|
/// Builds Local ServerCredentials. |
|
std::shared_ptr<ServerCredentials> LocalServerCredentials( |
|
grpc_local_connect_type type); |
|
|
|
} // namespace experimental |
|
} // namespace grpc_impl |
|
|
|
#endif // GRPCPP_SECURITY_SERVER_CREDENTIALS_IMPL_H
|
|
|