src/cpp/common/tls_credentials_options.cc - platform/external/grpc-grpc - Git at Google

 /*
  *
  * Copyright 2019 gRPC authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  */

 #include <grpc/support/alloc.h>
 #include <grpcpp/security/tls_credentials_options.h>

 #include "absl/container/inlined_vector.h"

 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
 #include "src/cpp/common/tls_credentials_options_util.h"

 namespace grpc_impl {
 namespace experimental {

 /** TLS key materials config API implementation **/
 void TlsKeyMaterialsConfig::set_pem_root_certs(
     const grpc::string& pem_root_certs) {
   pem_root_certs_ = pem_root_certs;
 }

 void TlsKeyMaterialsConfig::add_pem_key_cert_pair(
     const PemKeyCertPair& pem_key_cert_pair) {
   pem_key_cert_pair_list_.push_back(pem_key_cert_pair);
 }

 void TlsKeyMaterialsConfig::set_key_materials(
     const grpc::string& pem_root_certs,
     const std::vector<PemKeyCertPair>& pem_key_cert_pair_list) {
   pem_key_cert_pair_list_ = pem_key_cert_pair_list;
   pem_root_certs_ = pem_root_certs;
 }

 /** TLS credential reload arg API implementation **/
 TlsCredentialReloadArg::TlsCredentialReloadArg(
     grpc_tls_credential_reload_arg* arg)
     : c_arg_(arg) {
   if (c_arg_ != nullptr && c_arg_->context != nullptr) {
     gpr_log(GPR_ERROR, "c_arg context has already been set");
   }
   c_arg_->context = static_cast<void*>(this);
   c_arg_->destroy_context = &TlsCredentialReloadArgDestroyContext;
 }

 TlsCredentialReloadArg::~TlsCredentialReloadArg() {}

 void* TlsCredentialReloadArg::cb_user_data() const {
   return c_arg_->cb_user_data;
 }
 bool TlsCredentialReloadArg::is_pem_key_cert_pair_list_empty() const {
   return c_arg_->key_materials_config->pem_key_cert_pair_list().empty();
 }

 grpc_ssl_certificate_config_reload_status TlsCredentialReloadArg::status()
     const {
   return c_arg_->status;
 }

 grpc::string TlsCredentialReloadArg::error_details() const {
   return c_arg_->error_details->error_details();
 }

 void TlsCredentialReloadArg::set_cb_user_data(void* cb_user_data) {
   c_arg_->cb_user_data = cb_user_data;
 }

 void TlsCredentialReloadArg::set_pem_root_certs(
     const grpc::string& pem_root_certs) {
   ::grpc_core::UniquePtr<char> c_pem_root_certs(
       gpr_strdup(pem_root_certs.c_str()));
   c_arg_->key_materials_config->set_pem_root_certs(std::move(c_pem_root_certs));
 }

 namespace {

 ::grpc_core::PemKeyCertPair ConvertToCorePemKeyCertPair(
     const TlsKeyMaterialsConfig::PemKeyCertPair& pem_key_cert_pair) {
   grpc_ssl_pem_key_cert_pair* ssl_pair =
       (grpc_ssl_pem_key_cert_pair*)gpr_malloc(
           sizeof(grpc_ssl_pem_key_cert_pair));
   ssl_pair->private_key = gpr_strdup(pem_key_cert_pair.private_key.c_str());
   ssl_pair->cert_chain = gpr_strdup(pem_key_cert_pair.cert_chain.c_str());
   return ::grpc_core::PemKeyCertPair(ssl_pair);
 }

 }  //  namespace

 void TlsCredentialReloadArg::add_pem_key_cert_pair(
     const TlsKeyMaterialsConfig::PemKeyCertPair& pem_key_cert_pair) {
   c_arg_->key_materials_config->add_pem_key_cert_pair(
       ConvertToCorePemKeyCertPair(pem_key_cert_pair));
 }

 void TlsCredentialReloadArg::set_key_materials(
     const grpc::string& pem_root_certs,
     std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pem_key_cert_pair_list) {
   /** Initialize the |key_materials_config| field of |c_arg_|, if it has not
    *  already been done. **/
   if (c_arg_->key_materials_config == nullptr) {
     c_arg_->key_materials_config = grpc_tls_key_materials_config_create();
   }
   /** Convert |pem_key_cert_pair_list| to an inlined vector of ssl pairs. **/
   ::absl::InlinedVector<::grpc_core::PemKeyCertPair, 1>
       c_pem_key_cert_pair_list;
   for (const auto& key_cert_pair : pem_key_cert_pair_list) {
     c_pem_key_cert_pair_list.emplace_back(
         ConvertToCorePemKeyCertPair(key_cert_pair));
   }
   /** Populate the key materials config field of |c_arg_|. **/
   c_arg_->key_materials_config->set_key_materials(pem_root_certs.c_str(),
                                                   c_pem_key_cert_pair_list);
 }

 void TlsCredentialReloadArg::set_key_materials_config(
     const std::shared_ptr<TlsKeyMaterialsConfig>& key_materials_config) {
   if (key_materials_config == nullptr) {
     c_arg_->key_materials_config = nullptr;
     return;
   }
   ::absl::InlinedVector<::grpc_core::PemKeyCertPair, 1>
       c_pem_key_cert_pair_list;
   for (const auto& key_cert_pair :
        key_materials_config->pem_key_cert_pair_list()) {
     grpc_ssl_pem_key_cert_pair* ssl_pair =
         (grpc_ssl_pem_key_cert_pair*)gpr_malloc(
             sizeof(grpc_ssl_pem_key_cert_pair));
     ssl_pair->private_key = gpr_strdup(key_cert_pair.private_key.c_str());
     ssl_pair->cert_chain = gpr_strdup(key_cert_pair.cert_chain.c_str());
     ::grpc_core::PemKeyCertPair c_pem_key_cert_pair =
         ::grpc_core::PemKeyCertPair(ssl_pair);
     c_pem_key_cert_pair_list.emplace_back(std::move(c_pem_key_cert_pair));
   }
   ::grpc_core::UniquePtr<char> c_pem_root_certs(
       gpr_strdup(key_materials_config->pem_root_certs().c_str()));
   if (c_arg_->key_materials_config == nullptr) {
     c_arg_->key_materials_config = grpc_tls_key_materials_config_create();
   }
   c_arg_->key_materials_config->set_key_materials(
       key_materials_config->pem_root_certs().c_str(), c_pem_key_cert_pair_list);
   c_arg_->key_materials_config->set_version(key_materials_config->version());
 }

 void TlsCredentialReloadArg::set_status(
     grpc_ssl_certificate_config_reload_status status) {
   c_arg_->status = status;
 }

 void TlsCredentialReloadArg::set_error_details(
     const grpc::string& error_details) {
   c_arg_->error_details->set_error_details(error_details.c_str());
 }

 void TlsCredentialReloadArg::OnCredentialReloadDoneCallback() {
   if (c_arg_->cb == nullptr) {
     gpr_log(GPR_ERROR, "credential reload arg callback API is nullptr");
     return;
   }
   c_arg_->cb(c_arg_);
 }

 /** gRPC TLS credential reload config API implementation **/
 TlsCredentialReloadConfig::TlsCredentialReloadConfig(
     std::shared_ptr<TlsCredentialReloadInterface> credential_reload_interface)
     : credential_reload_interface_(std::move(credential_reload_interface)) {
   c_config_ = grpc_tls_credential_reload_config_create(
       nullptr, &TlsCredentialReloadConfigCSchedule,
       &TlsCredentialReloadConfigCCancel, nullptr);
   c_config_->set_context(static_cast<void*>(this));
 }

 TlsCredentialReloadConfig::~TlsCredentialReloadConfig() {}

 /** gRPC TLS server authorization check arg API implementation **/
 TlsServerAuthorizationCheckArg::TlsServerAuthorizationCheckArg(
     grpc_tls_server_authorization_check_arg* arg)
     : c_arg_(arg) {
   if (c_arg_ != nullptr && c_arg_->context != nullptr) {
     gpr_log(GPR_ERROR, "c_arg context has already been set");
   }
   c_arg_->context = static_cast<void*>(this);
   c_arg_->destroy_context = &TlsServerAuthorizationCheckArgDestroyContext;
 }

 TlsServerAuthorizationCheckArg::~TlsServerAuthorizationCheckArg() {}

 void* TlsServerAuthorizationCheckArg::cb_user_data() const {
   return c_arg_->cb_user_data;
 }

 int TlsServerAuthorizationCheckArg::success() const { return c_arg_->success; }

 grpc::string TlsServerAuthorizationCheckArg::target_name() const {
   grpc::string cpp_target_name(c_arg_->target_name);
   return cpp_target_name;
 }

 grpc::string TlsServerAuthorizationCheckArg::peer_cert() const {
   grpc::string cpp_peer_cert(c_arg_->peer_cert);
   return cpp_peer_cert;
 }

 grpc::string TlsServerAuthorizationCheckArg::peer_cert_full_chain() const {
   grpc::string cpp_peer_cert_full_chain(c_arg_->peer_cert_full_chain);
   return cpp_peer_cert_full_chain;
 }

 grpc_status_code TlsServerAuthorizationCheckArg::status() const {
   return c_arg_->status;
 }

 grpc::string TlsServerAuthorizationCheckArg::error_details() const {
   return c_arg_->error_details->error_details();
 }

 void TlsServerAuthorizationCheckArg::set_cb_user_data(void* cb_user_data) {
   c_arg_->cb_user_data = cb_user_data;
 }

 void TlsServerAuthorizationCheckArg::set_success(int success) {
   c_arg_->success = success;
 }

 void TlsServerAuthorizationCheckArg::set_target_name(
     const grpc::string& target_name) {
   c_arg_->target_name = gpr_strdup(target_name.c_str());
 }

 void TlsServerAuthorizationCheckArg::set_peer_cert(
     const grpc::string& peer_cert) {
   c_arg_->peer_cert = gpr_strdup(peer_cert.c_str());
 }

 void TlsServerAuthorizationCheckArg::set_peer_cert_full_chain(
     const grpc::string& peer_cert_full_chain) {
   c_arg_->peer_cert_full_chain = gpr_strdup(peer_cert_full_chain.c_str());
 }

 void TlsServerAuthorizationCheckArg::set_status(grpc_status_code status) {
   c_arg_->status = status;
 }

 void TlsServerAuthorizationCheckArg::set_error_details(
     const grpc::string& error_details) {
   c_arg_->error_details->set_error_details(error_details.c_str());
 }

 void TlsServerAuthorizationCheckArg::OnServerAuthorizationCheckDoneCallback() {
   if (c_arg_->cb == nullptr) {
     gpr_log(GPR_ERROR, "server authorizaton check arg callback API is nullptr");
     return;
   }
   c_arg_->cb(c_arg_);
 }

 /** gRPC TLS server authorization check config API implementation. **/
 TlsServerAuthorizationCheckConfig::TlsServerAuthorizationCheckConfig(
     std::shared_ptr<TlsServerAuthorizationCheckInterface>
         server_authorization_check_interface)
     : server_authorization_check_interface_(
           std::move(server_authorization_check_interface)) {
   c_config_ = grpc_tls_server_authorization_check_config_create(
       nullptr, &TlsServerAuthorizationCheckConfigCSchedule,
       &TlsServerAuthorizationCheckConfigCCancel, nullptr);
   c_config_->set_context(static_cast<void*>(this));
 }

 TlsServerAuthorizationCheckConfig::~TlsServerAuthorizationCheckConfig() {}

 /** gRPC TLS credential options API implementation **/
 TlsCredentialsOptions::TlsCredentialsOptions(
     grpc_ssl_client_certificate_request_type cert_request_type,
     grpc_tls_server_verification_option server_verification_option,
     std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config,
     std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config,
     std::shared_ptr<TlsServerAuthorizationCheckConfig>
         server_authorization_check_config)
     : cert_request_type_(cert_request_type),
       server_verification_option_(server_verification_option),
       key_materials_config_(std::move(key_materials_config)),
       credential_reload_config_(std::move(credential_reload_config)),
       server_authorization_check_config_(
           std::move(server_authorization_check_config)) {
   c_credentials_options_ = grpc_tls_credentials_options_create();
   grpc_tls_credentials_options_set_cert_request_type(c_credentials_options_,
                                                      cert_request_type_);
   if (key_materials_config_ != nullptr) {
     grpc_tls_credentials_options_set_key_materials_config(
         c_credentials_options_,
         ConvertToCKeyMaterialsConfig(key_materials_config_));
   }
   if (credential_reload_config_ != nullptr) {
     grpc_tls_credentials_options_set_credential_reload_config(
         c_credentials_options_, credential_reload_config_->c_config());
   }
   if (server_authorization_check_config_ != nullptr) {
     grpc_tls_credentials_options_set_server_authorization_check_config(
         c_credentials_options_, server_authorization_check_config_->c_config());
   }
   grpc_tls_credentials_options_set_server_verification_option(
       c_credentials_options_, server_verification_option);
 }

 /** Whenever a TlsCredentialsOptions instance is created, the caller takes
  *  ownership of the c_credentials_options_ pointer (see e.g. the implementation
  *  of the TlsCredentials API in secure_credentials.cc). For this reason, the
  *  TlsCredentialsOptions destructor is not responsible for freeing
  *  c_credentials_options_. **/
 TlsCredentialsOptions::~TlsCredentialsOptions() {}

 }  // namespace experimental
 }  // namespace grpc_impl
	/*
	*
	* Copyright 2019 gRPC authors.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/

	#include <grpc/support/alloc.h>
	#include <grpcpp/security/tls_credentials_options.h>

	#include "absl/container/inlined_vector.h"

	#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
	#include "src/cpp/common/tls_credentials_options_util.h"

	namespace grpc_impl {
	namespace experimental {

	/ TLS key materials config API implementation /
	void TlsKeyMaterialsConfig::set_pem_root_certs(
	const grpc::string& pem_root_certs) {
	pem_root_certs_ = pem_root_certs;
	}

	void TlsKeyMaterialsConfig::add_pem_key_cert_pair(
	const PemKeyCertPair& pem_key_cert_pair) {
	pem_key_cert_pair_list_.push_back(pem_key_cert_pair);
	}

	void TlsKeyMaterialsConfig::set_key_materials(
	const grpc::string& pem_root_certs,
	const std::vector<PemKeyCertPair>& pem_key_cert_pair_list) {
	pem_key_cert_pair_list_ = pem_key_cert_pair_list;
	pem_root_certs_ = pem_root_certs;
	}

	/ TLS credential reload arg API implementation /
	TlsCredentialReloadArg::TlsCredentialReloadArg(
	grpc_tls_credential_reload_arg* arg)
	: c_arg_(arg) {
	if (c_arg_ != nullptr && c_arg_->context != nullptr) {
	gpr_log(GPR_ERROR, "c_arg context has already been set");
	}
	c_arg_->context = static_cast<void*>(this);
	c_arg_->destroy_context = &TlsCredentialReloadArgDestroyContext;
	}

	TlsCredentialReloadArg::~TlsCredentialReloadArg() {}

	void* TlsCredentialReloadArg::cb_user_data() const {
	return c_arg_->cb_user_data;
	}
	bool TlsCredentialReloadArg::is_pem_key_cert_pair_list_empty() const {
	return c_arg_->key_materials_config->pem_key_cert_pair_list().empty();
	}

	grpc_ssl_certificate_config_reload_status TlsCredentialReloadArg::status()
	const {
	return c_arg_->status;
	}

	grpc::string TlsCredentialReloadArg::error_details() const {
	return c_arg_->error_details->error_details();
	}

	void TlsCredentialReloadArg::set_cb_user_data(void* cb_user_data) {
	c_arg_->cb_user_data = cb_user_data;
	}

	void TlsCredentialReloadArg::set_pem_root_certs(
	const grpc::string& pem_root_certs) {
	::grpc_core::UniquePtr<char> c_pem_root_certs(
	gpr_strdup(pem_root_certs.c_str()));
	c_arg_->key_materials_config->set_pem_root_certs(std::move(c_pem_root_certs));
	}

	namespace {

	::grpc_core::PemKeyCertPair ConvertToCorePemKeyCertPair(
	const TlsKeyMaterialsConfig::PemKeyCertPair& pem_key_cert_pair) {
	grpc_ssl_pem_key_cert_pair* ssl_pair =
	(grpc_ssl_pem_key_cert_pair*)gpr_malloc(
	sizeof(grpc_ssl_pem_key_cert_pair));
	ssl_pair->private_key = gpr_strdup(pem_key_cert_pair.private_key.c_str());
	ssl_pair->cert_chain = gpr_strdup(pem_key_cert_pair.cert_chain.c_str());
	return ::grpc_core::PemKeyCertPair(ssl_pair);
	}

	} // namespace

	void TlsCredentialReloadArg::add_pem_key_cert_pair(
	const TlsKeyMaterialsConfig::PemKeyCertPair& pem_key_cert_pair) {
	c_arg_->key_materials_config->add_pem_key_cert_pair(
	ConvertToCorePemKeyCertPair(pem_key_cert_pair));
	}

	void TlsCredentialReloadArg::set_key_materials(
	const grpc::string& pem_root_certs,
	std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pem_key_cert_pair_list) {
	/** Initialize the \|key_materials_config\| field of \|c_arg_\|, if it has not
	* already been done. **/
	if (c_arg_->key_materials_config == nullptr) {
	c_arg_->key_materials_config = grpc_tls_key_materials_config_create();
	}
	/ Convert \|pem_key_cert_pair_list\| to an inlined vector of ssl pairs. /
	::absl::InlinedVector<::grpc_core::PemKeyCertPair, 1>
	c_pem_key_cert_pair_list;
	for (const auto& key_cert_pair : pem_key_cert_pair_list) {
	c_pem_key_cert_pair_list.emplace_back(
	ConvertToCorePemKeyCertPair(key_cert_pair));
	}
	/ Populate the key materials config field of \|c_arg_\|. /
	c_arg_->key_materials_config->set_key_materials(pem_root_certs.c_str(),
	c_pem_key_cert_pair_list);
	}

	void TlsCredentialReloadArg::set_key_materials_config(
	const std::shared_ptr<TlsKeyMaterialsConfig>& key_materials_config) {
	if (key_materials_config == nullptr) {
	c_arg_->key_materials_config = nullptr;
	return;
	}
	::absl::InlinedVector<::grpc_core::PemKeyCertPair, 1>
	c_pem_key_cert_pair_list;
	for (const auto& key_cert_pair :
	key_materials_config->pem_key_cert_pair_list()) {
	grpc_ssl_pem_key_cert_pair* ssl_pair =
	(grpc_ssl_pem_key_cert_pair*)gpr_malloc(
	sizeof(grpc_ssl_pem_key_cert_pair));
	ssl_pair->private_key = gpr_strdup(key_cert_pair.private_key.c_str());
	ssl_pair->cert_chain = gpr_strdup(key_cert_pair.cert_chain.c_str());
	::grpc_core::PemKeyCertPair c_pem_key_cert_pair =
	::grpc_core::PemKeyCertPair(ssl_pair);
	c_pem_key_cert_pair_list.emplace_back(std::move(c_pem_key_cert_pair));
	}
	::grpc_core::UniquePtr<char> c_pem_root_certs(
	gpr_strdup(key_materials_config->pem_root_certs().c_str()));
	if (c_arg_->key_materials_config == nullptr) {
	c_arg_->key_materials_config = grpc_tls_key_materials_config_create();
	}
	c_arg_->key_materials_config->set_key_materials(
	key_materials_config->pem_root_certs().c_str(), c_pem_key_cert_pair_list);
	c_arg_->key_materials_config->set_version(key_materials_config->version());
	}

	void TlsCredentialReloadArg::set_status(
	grpc_ssl_certificate_config_reload_status status) {
	c_arg_->status = status;
	}

	void TlsCredentialReloadArg::set_error_details(
	const grpc::string& error_details) {
	c_arg_->error_details->set_error_details(error_details.c_str());
	}

	void TlsCredentialReloadArg::OnCredentialReloadDoneCallback() {
	if (c_arg_->cb == nullptr) {
	gpr_log(GPR_ERROR, "credential reload arg callback API is nullptr");
	return;
	}
	c_arg_->cb(c_arg_);
	}

	/ gRPC TLS credential reload config API implementation /
	TlsCredentialReloadConfig::TlsCredentialReloadConfig(
	std::shared_ptr<TlsCredentialReloadInterface> credential_reload_interface)
	: credential_reload_interface_(std::move(credential_reload_interface)) {
	c_config_ = grpc_tls_credential_reload_config_create(
	nullptr, &TlsCredentialReloadConfigCSchedule,
	&TlsCredentialReloadConfigCCancel, nullptr);
	c_config_->set_context(static_cast<void*>(this));
	}

	TlsCredentialReloadConfig::~TlsCredentialReloadConfig() {}

	/ gRPC TLS server authorization check arg API implementation /
	TlsServerAuthorizationCheckArg::TlsServerAuthorizationCheckArg(
	grpc_tls_server_authorization_check_arg* arg)
	: c_arg_(arg) {
	if (c_arg_ != nullptr && c_arg_->context != nullptr) {
	gpr_log(GPR_ERROR, "c_arg context has already been set");
	}
	c_arg_->context = static_cast<void*>(this);
	c_arg_->destroy_context = &TlsServerAuthorizationCheckArgDestroyContext;
	}

	TlsServerAuthorizationCheckArg::~TlsServerAuthorizationCheckArg() {}

	void* TlsServerAuthorizationCheckArg::cb_user_data() const {
	return c_arg_->cb_user_data;
	}

	int TlsServerAuthorizationCheckArg::success() const { return c_arg_->success; }

	grpc::string TlsServerAuthorizationCheckArg::target_name() const {
	grpc::string cpp_target_name(c_arg_->target_name);
	return cpp_target_name;
	}

	grpc::string TlsServerAuthorizationCheckArg::peer_cert() const {
	grpc::string cpp_peer_cert(c_arg_->peer_cert);
	return cpp_peer_cert;
	}

	grpc::string TlsServerAuthorizationCheckArg::peer_cert_full_chain() const {
	grpc::string cpp_peer_cert_full_chain(c_arg_->peer_cert_full_chain);
	return cpp_peer_cert_full_chain;
	}

	grpc_status_code TlsServerAuthorizationCheckArg::status() const {
	return c_arg_->status;
	}

	grpc::string TlsServerAuthorizationCheckArg::error_details() const {
	return c_arg_->error_details->error_details();
	}

	void TlsServerAuthorizationCheckArg::set_cb_user_data(void* cb_user_data) {
	c_arg_->cb_user_data = cb_user_data;
	}

	void TlsServerAuthorizationCheckArg::set_success(int success) {
	c_arg_->success = success;
	}

	void TlsServerAuthorizationCheckArg::set_target_name(
	const grpc::string& target_name) {
	c_arg_->target_name = gpr_strdup(target_name.c_str());
	}

	void TlsServerAuthorizationCheckArg::set_peer_cert(
	const grpc::string& peer_cert) {
	c_arg_->peer_cert = gpr_strdup(peer_cert.c_str());
	}

	void TlsServerAuthorizationCheckArg::set_peer_cert_full_chain(
	const grpc::string& peer_cert_full_chain) {
	c_arg_->peer_cert_full_chain = gpr_strdup(peer_cert_full_chain.c_str());
	}

	void TlsServerAuthorizationCheckArg::set_status(grpc_status_code status) {
	c_arg_->status = status;
	}

	void TlsServerAuthorizationCheckArg::set_error_details(
	const grpc::string& error_details) {
	c_arg_->error_details->set_error_details(error_details.c_str());
	}

	void TlsServerAuthorizationCheckArg::OnServerAuthorizationCheckDoneCallback() {
	if (c_arg_->cb == nullptr) {
	gpr_log(GPR_ERROR, "server authorizaton check arg callback API is nullptr");
	return;
	}
	c_arg_->cb(c_arg_);
	}

	/ gRPC TLS server authorization check config API implementation. /
	TlsServerAuthorizationCheckConfig::TlsServerAuthorizationCheckConfig(
	std::shared_ptr<TlsServerAuthorizationCheckInterface>
	server_authorization_check_interface)
	: server_authorization_check_interface_(
	std::move(server_authorization_check_interface)) {
	c_config_ = grpc_tls_server_authorization_check_config_create(
	nullptr, &TlsServerAuthorizationCheckConfigCSchedule,
	&TlsServerAuthorizationCheckConfigCCancel, nullptr);
	c_config_->set_context(static_cast<void*>(this));
	}

	TlsServerAuthorizationCheckConfig::~TlsServerAuthorizationCheckConfig() {}

	/ gRPC TLS credential options API implementation /
	TlsCredentialsOptions::TlsCredentialsOptions(
	grpc_ssl_client_certificate_request_type cert_request_type,
	grpc_tls_server_verification_option server_verification_option,
	std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config,
	std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config,
	std::shared_ptr<TlsServerAuthorizationCheckConfig>
	server_authorization_check_config)
	: cert_request_type_(cert_request_type),
	server_verification_option_(server_verification_option),
	key_materials_config_(std::move(key_materials_config)),
	credential_reload_config_(std::move(credential_reload_config)),
	server_authorization_check_config_(
	std::move(server_authorization_check_config)) {
	c_credentials_options_ = grpc_tls_credentials_options_create();
	grpc_tls_credentials_options_set_cert_request_type(c_credentials_options_,
	cert_request_type_);
	if (key_materials_config_ != nullptr) {
	grpc_tls_credentials_options_set_key_materials_config(
	c_credentials_options_,
	ConvertToCKeyMaterialsConfig(key_materials_config_));
	}
	if (credential_reload_config_ != nullptr) {
	grpc_tls_credentials_options_set_credential_reload_config(
	c_credentials_options_, credential_reload_config_->c_config());
	}
	if (server_authorization_check_config_ != nullptr) {
	grpc_tls_credentials_options_set_server_authorization_check_config(
	c_credentials_options_, server_authorization_check_config_->c_config());
	}
	grpc_tls_credentials_options_set_server_verification_option(
	c_credentials_options_, server_verification_option);
	}

	/** Whenever a TlsCredentialsOptions instance is created, the caller takes
	* ownership of the c_credentials_options_ pointer (see e.g. the implementation
	* of the TlsCredentials API in secure_credentials.cc). For this reason, the
	* TlsCredentialsOptions destructor is not responsible for freeing
	* c_credentials_options_. **/
	TlsCredentialsOptions::~TlsCredentialsOptions() {}

	} // namespace experimental
	} // namespace grpc_impl