src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h - platform/external/grpc-grpc - Git at Google

 /*
  *
  * Copyright 2018 gRPC authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  */

 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H

 #include <grpc/support/port_platform.h>

 #include <grpc/grpc_security.h>

 #include "absl/container/inlined_vector.h"

 #include "src/core/lib/gprpp/ref_counted.h"
 #include "src/core/lib/security/security_connector/ssl_utils.h"

 struct grpc_tls_error_details
     : public grpc_core::RefCounted<grpc_tls_error_details> {
  public:
   grpc_tls_error_details() : error_details_("") {}
   void set_error_details(const char* err_details) {
     error_details_ = err_details;
   }
   const std::string& error_details() { return error_details_; }

  private:
   std::string error_details_;
 };

 /** TLS key materials config. **/
 struct grpc_tls_key_materials_config
     : public grpc_core::RefCounted<grpc_tls_key_materials_config> {
  public:
   typedef absl::InlinedVector<grpc_core::PemKeyCertPair, 1> PemKeyCertPairList;

   /** Getters for member fields. **/
   const char* pem_root_certs() const { return pem_root_certs_.get(); }
   const PemKeyCertPairList& pem_key_cert_pair_list() const {
     return pem_key_cert_pair_list_;
   }
   int version() const { return version_; }

   /** Setters for member fields. **/
   // TODO(ZhenLian): Remove this function
   void set_pem_root_certs(grpc_core::UniquePtr<char> pem_root_certs) {
     pem_root_certs_ = std::move(pem_root_certs);
   }
   // The ownerships of |pem_root_certs| remain with the caller.
   void set_pem_root_certs(const char* pem_root_certs) {
     // make a copy of pem_root_certs.
     grpc_core::UniquePtr<char> pem_root_ptr(gpr_strdup(pem_root_certs));
     pem_root_certs_ = std::move(pem_root_ptr);
   }
   void add_pem_key_cert_pair(grpc_core::PemKeyCertPair pem_key_cert_pair) {
     pem_key_cert_pair_list_.push_back(pem_key_cert_pair);
   }
   // The ownerships of |pem_root_certs| and |pem_key_cert_pairs| remain with the
   // caller.
   void set_key_materials(const char* pem_root_certs,
                          const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
                          size_t num_key_cert_pairs);
   // The ownerships of |pem_root_certs| and |pem_key_cert_pair_list| remain with
   // the caller.
   void set_key_materials(const char* pem_root_certs,
                          const PemKeyCertPairList& pem_key_cert_pair_list);
   void set_version(int version) { version_ = version; }

  private:
   int version_ = 0;
   PemKeyCertPairList pem_key_cert_pair_list_;
   grpc_core::UniquePtr<char> pem_root_certs_;
 };

 /** TLS credential reload config. **/
 struct grpc_tls_credential_reload_config
     : public grpc_core::RefCounted<grpc_tls_credential_reload_config> {
  public:
   grpc_tls_credential_reload_config(
       const void* config_user_data,
       int (*schedule)(void* config_user_data,
                       grpc_tls_credential_reload_arg* arg),
       void (*cancel)(void* config_user_data,
                      grpc_tls_credential_reload_arg* arg),
       void (*destruct)(void* config_user_data));
   ~grpc_tls_credential_reload_config();

   void* context() const { return context_; }
   void set_context(void* context) { context_ = context; }

   int Schedule(grpc_tls_credential_reload_arg* arg) const {
     if (schedule_ == nullptr) {
       gpr_log(GPR_ERROR, "schedule API is nullptr");
       if (arg != nullptr) {
         arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
         arg->error_details->set_error_details(
             "schedule API in credential reload config is nullptr");
       }
       return 1;
     }
     if (arg != nullptr) {
       arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
     }
     return schedule_(config_user_data_, arg);
   }
   void Cancel(grpc_tls_credential_reload_arg* arg) const {
     if (cancel_ == nullptr) {
       gpr_log(GPR_ERROR, "cancel API is nullptr.");
       if (arg != nullptr) {
         arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
         arg->error_details->set_error_details(
             "cancel API in credential reload config is nullptr");
       }
       return;
     }
     if (arg != nullptr) {
       arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
     }
     cancel_(config_user_data_, arg);
   }

  private:
   /** This is a pointer to the wrapped language implementation of
    * grpc_tls_credential_reload_config. It is necessary to implement the C
    * schedule and cancel functions, given the schedule or cancel function in a
    * wrapped language. **/
   void* context_ = nullptr;
   /** config-specific, read-only user data that works for all channels created
      with a credential using the config. */
   void* config_user_data_;
   /** callback function for invoking credential reload API. The implementation
      of this method has to be non-blocking, but can be performed synchronously
      or asynchronously.
      If processing occurs synchronously, it populates \a arg->key_materials, \a
      arg->status, and \a arg->error_details and returns zero.
      If processing occurs asynchronously, it returns a non-zero value.
      Application then invokes \a arg->cb when processing is completed. Note that
      \a arg->cb cannot be invoked before \a schedule returns.
   */
   int (*schedule_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
   /** callback function for cancelling a credential reload request scheduled via
      an asynchronous \a schedule. \a arg is used to pinpoint an exact reloading
      request to be cancelled, and the operation may not have any effect if the
      request has already been processed. */
   void (*cancel_)(void* config_user_data, grpc_tls_credential_reload_arg* arg);
   /** callback function for cleaning up any data associated with credential
      reload config. */
   void (*destruct_)(void* config_user_data);
 };

 /** TLS server authorization check config. **/
 struct grpc_tls_server_authorization_check_config
     : public grpc_core::RefCounted<grpc_tls_server_authorization_check_config> {
  public:
   grpc_tls_server_authorization_check_config(
       const void* config_user_data,
       int (*schedule)(void* config_user_data,
                       grpc_tls_server_authorization_check_arg* arg),
       void (*cancel)(void* config_user_data,
                      grpc_tls_server_authorization_check_arg* arg),
       void (*destruct)(void* config_user_data));
   ~grpc_tls_server_authorization_check_config();

   void* context() const { return context_; }
   void set_context(void* context) { context_ = context; }

   int Schedule(grpc_tls_server_authorization_check_arg* arg) const {
     if (schedule_ == nullptr) {
       gpr_log(GPR_ERROR, "schedule API is nullptr");
       if (arg != nullptr) {
         arg->status = GRPC_STATUS_NOT_FOUND;
         arg->error_details->set_error_details(
             "schedule API in server authorization check config is nullptr");
       }
       return 1;
     }
     if (arg != nullptr && context_ != nullptr) {
       arg->config =
           const_cast<grpc_tls_server_authorization_check_config*>(this);
     }
     return schedule_(config_user_data_, arg);
   }
   void Cancel(grpc_tls_server_authorization_check_arg* arg) const {
     if (cancel_ == nullptr) {
       gpr_log(GPR_ERROR, "cancel API is nullptr.");
       if (arg != nullptr) {
         arg->status = GRPC_STATUS_NOT_FOUND;
         arg->error_details->set_error_details(
             "schedule API in server authorization check config is nullptr");
       }
       return;
     }
     if (arg != nullptr) {
       arg->config =
           const_cast<grpc_tls_server_authorization_check_config*>(this);
     }
     cancel_(config_user_data_, arg);
   }

  private:
   /** This is a pointer to the wrapped language implementation of
    * grpc_tls_server_authorization_check_config. It is necessary to implement
    * the C schedule and cancel functions, given the schedule or cancel function
    * in a wrapped language. **/
   void* context_ = nullptr;
   /** config-specific, read-only user data that works for all channels created
      with a Credential using the config. */
   void* config_user_data_;

   /** callback function for invoking server authorization check. The
      implementation of this method has to be non-blocking, but can be performed
      synchronously or asynchronously.
      If processing occurs synchronously, it populates \a arg->result, \a
      arg->status, and \a arg->error_details, and returns zero.
      If processing occurs asynchronously, it returns a non-zero value.
      Application then invokes \a arg->cb when processing is completed. Note that
      \a arg->cb cannot be invoked before \a schedule() returns.
   */
   int (*schedule_)(void* config_user_data,
                    grpc_tls_server_authorization_check_arg* arg);

   /** callback function for canceling a server authorization check request. */
   void (*cancel_)(void* config_user_data,
                   grpc_tls_server_authorization_check_arg* arg);

   /** callback function for cleaning up any data associated with server
      authorization check config. */
   void (*destruct_)(void* config_user_data);
 };

 /* TLS credentials options. */
 struct grpc_tls_credentials_options
     : public grpc_core::RefCounted<grpc_tls_credentials_options> {
  public:
   ~grpc_tls_credentials_options() {
     if (key_materials_config_.get() != nullptr) {
       key_materials_config_.get()->Unref();
     }
     if (credential_reload_config_.get() != nullptr) {
       credential_reload_config_.get()->Unref();
     }
     if (server_authorization_check_config_.get() != nullptr) {
       server_authorization_check_config_.get()->Unref();
     }
   }

   /* Getters for member fields. */
   grpc_ssl_client_certificate_request_type cert_request_type() const {
     return cert_request_type_;
   }
   grpc_tls_server_verification_option server_verification_option() const {
     return server_verification_option_;
   }
   grpc_tls_key_materials_config* key_materials_config() const {
     return key_materials_config_.get();
   }
   grpc_tls_credential_reload_config* credential_reload_config() const {
     return credential_reload_config_.get();
   }
   grpc_tls_server_authorization_check_config*
   server_authorization_check_config() const {
     return server_authorization_check_config_.get();
   }

   /* Setters for member fields. */
   void set_cert_request_type(
       const grpc_ssl_client_certificate_request_type type) {
     cert_request_type_ = type;
   }
   void set_server_verification_option(
       const grpc_tls_server_verification_option server_verification_option) {
     server_verification_option_ = server_verification_option;
   }
   void set_key_materials_config(
       grpc_core::RefCountedPtr<grpc_tls_key_materials_config> config) {
     key_materials_config_ = std::move(config);
   }
   void set_credential_reload_config(
       grpc_core::RefCountedPtr<grpc_tls_credential_reload_config> config) {
     credential_reload_config_ = std::move(config);
   }
   void set_server_authorization_check_config(
       grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
           config) {
     server_authorization_check_config_ = std::move(config);
   }

  private:
   grpc_ssl_client_certificate_request_type cert_request_type_;
   grpc_tls_server_verification_option server_verification_option_ =
       GRPC_TLS_SERVER_VERIFICATION;
   grpc_core::RefCountedPtr<grpc_tls_key_materials_config> key_materials_config_;
   grpc_core::RefCountedPtr<grpc_tls_credential_reload_config>
       credential_reload_config_;
   grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
       server_authorization_check_config_;
 };

 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H \
         */
	/*
	*
	* Copyright 2018 gRPC authors.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/

	#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H
	#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H

	#include <grpc/support/port_platform.h>

	#include <grpc/grpc_security.h>

	#include "absl/container/inlined_vector.h"

	#include "src/core/lib/gprpp/ref_counted.h"
	#include "src/core/lib/security/security_connector/ssl_utils.h"

	struct grpc_tls_error_details
	: public grpc_core::RefCounted<grpc_tls_error_details> {
	public:
	grpc_tls_error_details() : error_details_("") {}
	void set_error_details(const char* err_details) {
	error_details_ = err_details;
	}
	const std::string& error_details() { return error_details_; }

	private:
	std::string error_details_;
	};

	/ TLS key materials config. /
	struct grpc_tls_key_materials_config
	: public grpc_core::RefCounted<grpc_tls_key_materials_config> {
	public:
	typedef absl::InlinedVector<grpc_core::PemKeyCertPair, 1> PemKeyCertPairList;

	/ Getters for member fields. /
	const char* pem_root_certs() const { return pem_root_certs_.get(); }
	const PemKeyCertPairList& pem_key_cert_pair_list() const {
	return pem_key_cert_pair_list_;
	}
	int version() const { return version_; }

	/ Setters for member fields. /
	// TODO(ZhenLian): Remove this function
	void set_pem_root_certs(grpc_core::UniquePtr<char> pem_root_certs) {
	pem_root_certs_ = std::move(pem_root_certs);
	}
	// The ownerships of \|pem_root_certs\| remain with the caller.
	void set_pem_root_certs(const char* pem_root_certs) {
	// make a copy of pem_root_certs.
	grpc_core::UniquePtr<char> pem_root_ptr(gpr_strdup(pem_root_certs));
	pem_root_certs_ = std::move(pem_root_ptr);
	}
	void add_pem_key_cert_pair(grpc_core::PemKeyCertPair pem_key_cert_pair) {
	pem_key_cert_pair_list_.push_back(pem_key_cert_pair);
	}
	// The ownerships of \|pem_root_certs\| and \|pem_key_cert_pairs\| remain with the
	// caller.
	void set_key_materials(const char* pem_root_certs,
	const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
	size_t num_key_cert_pairs);
	// The ownerships of \|pem_root_certs\| and \|pem_key_cert_pair_list\| remain with
	// the caller.
	void set_key_materials(const char* pem_root_certs,
	const PemKeyCertPairList& pem_key_cert_pair_list);
	void set_version(int version) { version_ = version; }

	private:
	int version_ = 0;
	PemKeyCertPairList pem_key_cert_pair_list_;
	grpc_core::UniquePtr<char> pem_root_certs_;
	};

	/ TLS credential reload config. /
	struct grpc_tls_credential_reload_config
	: public grpc_core::RefCounted<grpc_tls_credential_reload_config> {
	public:
	grpc_tls_credential_reload_config(
	const void* config_user_data,
	int (schedule)(void config_user_data,
	grpc_tls_credential_reload_arg* arg),
	void (cancel)(void config_user_data,
	grpc_tls_credential_reload_arg* arg),
	void (destruct)(void config_user_data));
	~grpc_tls_credential_reload_config();

	void* context() const { return context_; }
	void set_context(void* context) { context_ = context; }

	int Schedule(grpc_tls_credential_reload_arg* arg) const {
	if (schedule_ == nullptr) {
	gpr_log(GPR_ERROR, "schedule API is nullptr");
	if (arg != nullptr) {
	arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
	arg->error_details->set_error_details(
	"schedule API in credential reload config is nullptr");
	}
	return 1;
	}
	if (arg != nullptr) {
	arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
	}
	return schedule_(config_user_data_, arg);
	}
	void Cancel(grpc_tls_credential_reload_arg* arg) const {
	if (cancel_ == nullptr) {
	gpr_log(GPR_ERROR, "cancel API is nullptr.");
	if (arg != nullptr) {
	arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
	arg->error_details->set_error_details(
	"cancel API in credential reload config is nullptr");
	}
	return;
	}
	if (arg != nullptr) {
	arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
	}
	cancel_(config_user_data_, arg);
	}

	private:
	/** This is a pointer to the wrapped language implementation of
	* grpc_tls_credential_reload_config. It is necessary to implement the C
	* schedule and cancel functions, given the schedule or cancel function in a
	* wrapped language. **/
	void* context_ = nullptr;
	/** config-specific, read-only user data that works for all channels created
	with a credential using the config. */
	void* config_user_data_;
	/** callback function for invoking credential reload API. The implementation
	of this method has to be non-blocking, but can be performed synchronously
	or asynchronously.
	If processing occurs synchronously, it populates \a arg->key_materials, \a
	arg->status, and \a arg->error_details and returns zero.
	If processing occurs asynchronously, it returns a non-zero value.
	Application then invokes \a arg->cb when processing is completed. Note that
	\a arg->cb cannot be invoked before \a schedule returns.
	*/
	int (schedule_)(void config_user_data, grpc_tls_credential_reload_arg* arg);
	/** callback function for cancelling a credential reload request scheduled via
	an asynchronous \a schedule. \a arg is used to pinpoint an exact reloading
	request to be cancelled, and the operation may not have any effect if the
	request has already been processed. */
	void (cancel_)(void config_user_data, grpc_tls_credential_reload_arg* arg);
	/** callback function for cleaning up any data associated with credential
	reload config. */
	void (destruct_)(void config_user_data);
	};

	/ TLS server authorization check config. /
	struct grpc_tls_server_authorization_check_config
	: public grpc_core::RefCounted<grpc_tls_server_authorization_check_config> {
	public:
	grpc_tls_server_authorization_check_config(
	const void* config_user_data,
	int (schedule)(void config_user_data,
	grpc_tls_server_authorization_check_arg* arg),
	void (cancel)(void config_user_data,
	grpc_tls_server_authorization_check_arg* arg),
	void (destruct)(void config_user_data));
	~grpc_tls_server_authorization_check_config();

	void* context() const { return context_; }
	void set_context(void* context) { context_ = context; }

	int Schedule(grpc_tls_server_authorization_check_arg* arg) const {
	if (schedule_ == nullptr) {
	gpr_log(GPR_ERROR, "schedule API is nullptr");
	if (arg != nullptr) {
	arg->status = GRPC_STATUS_NOT_FOUND;
	arg->error_details->set_error_details(
	"schedule API in server authorization check config is nullptr");
	}
	return 1;
	}
	if (arg != nullptr && context_ != nullptr) {
	arg->config =
	const_cast<grpc_tls_server_authorization_check_config*>(this);
	}
	return schedule_(config_user_data_, arg);
	}
	void Cancel(grpc_tls_server_authorization_check_arg* arg) const {
	if (cancel_ == nullptr) {
	gpr_log(GPR_ERROR, "cancel API is nullptr.");
	if (arg != nullptr) {
	arg->status = GRPC_STATUS_NOT_FOUND;
	arg->error_details->set_error_details(
	"schedule API in server authorization check config is nullptr");
	}
	return;
	}
	if (arg != nullptr) {
	arg->config =
	const_cast<grpc_tls_server_authorization_check_config*>(this);
	}
	cancel_(config_user_data_, arg);
	}

	private:
	/** This is a pointer to the wrapped language implementation of
	* grpc_tls_server_authorization_check_config. It is necessary to implement
	* the C schedule and cancel functions, given the schedule or cancel function
	* in a wrapped language. **/
	void* context_ = nullptr;
	/** config-specific, read-only user data that works for all channels created
	with a Credential using the config. */
	void* config_user_data_;

	/** callback function for invoking server authorization check. The
	implementation of this method has to be non-blocking, but can be performed
	synchronously or asynchronously.
	If processing occurs synchronously, it populates \a arg->result, \a
	arg->status, and \a arg->error_details, and returns zero.
	If processing occurs asynchronously, it returns a non-zero value.
	Application then invokes \a arg->cb when processing is completed. Note that
	\a arg->cb cannot be invoked before \a schedule() returns.
	*/
	int (schedule_)(void config_user_data,
	grpc_tls_server_authorization_check_arg* arg);

	/** callback function for canceling a server authorization check request. */
	void (cancel_)(void config_user_data,
	grpc_tls_server_authorization_check_arg* arg);

	/** callback function for cleaning up any data associated with server
	authorization check config. */
	void (destruct_)(void config_user_data);
	};

	/* TLS credentials options. */
	struct grpc_tls_credentials_options
	: public grpc_core::RefCounted<grpc_tls_credentials_options> {
	public:
	~grpc_tls_credentials_options() {
	if (key_materials_config_.get() != nullptr) {
	key_materials_config_.get()->Unref();
	}
	if (credential_reload_config_.get() != nullptr) {
	credential_reload_config_.get()->Unref();
	}
	if (server_authorization_check_config_.get() != nullptr) {
	server_authorization_check_config_.get()->Unref();
	}
	}

	/* Getters for member fields. */
	grpc_ssl_client_certificate_request_type cert_request_type() const {
	return cert_request_type_;
	}
	grpc_tls_server_verification_option server_verification_option() const {
	return server_verification_option_;
	}
	grpc_tls_key_materials_config* key_materials_config() const {
	return key_materials_config_.get();
	}
	grpc_tls_credential_reload_config* credential_reload_config() const {
	return credential_reload_config_.get();
	}
	grpc_tls_server_authorization_check_config*
	server_authorization_check_config() const {
	return server_authorization_check_config_.get();
	}

	/* Setters for member fields. */
	void set_cert_request_type(
	const grpc_ssl_client_certificate_request_type type) {
	cert_request_type_ = type;
	}
	void set_server_verification_option(
	const grpc_tls_server_verification_option server_verification_option) {
	server_verification_option_ = server_verification_option;
	}
	void set_key_materials_config(
	grpc_core::RefCountedPtr<grpc_tls_key_materials_config> config) {
	key_materials_config_ = std::move(config);
	}
	void set_credential_reload_config(
	grpc_core::RefCountedPtr<grpc_tls_credential_reload_config> config) {
	credential_reload_config_ = std::move(config);
	}
	void set_server_authorization_check_config(
	grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
	config) {
	server_authorization_check_config_ = std::move(config);
	}

	private:
	grpc_ssl_client_certificate_request_type cert_request_type_;
	grpc_tls_server_verification_option server_verification_option_ =
	GRPC_TLS_SERVER_VERIFICATION;
	grpc_core::RefCountedPtr<grpc_tls_key_materials_config> key_materials_config_;
	grpc_core::RefCountedPtr<grpc_tls_credential_reload_config>
	credential_reload_config_;
	grpc_core::RefCountedPtr<grpc_tls_server_authorization_check_config>
	server_authorization_check_config_;
	};

	#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H \
	*/