grpc/include/grpcpp/security/tls_credentials_options.h - platform/external/rust/crates/grpcio-sys - Git at Google

 /*
  *
  * Copyright 2019 gRPC authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  */

 #ifndef GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
 #define GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H

 #include <grpc/grpc_security_constants.h>
 #include <grpc/status.h>
 #include <grpc/support/log.h>
 #include <grpcpp/support/config.h>

 #include <memory>
 #include <vector>

 typedef struct grpc_tls_credential_reload_arg grpc_tls_credential_reload_arg;
 typedef struct grpc_tls_credential_reload_config
     grpc_tls_credential_reload_config;
 typedef struct grpc_tls_server_authorization_check_arg
     grpc_tls_server_authorization_check_arg;
 typedef struct grpc_tls_server_authorization_check_config
     grpc_tls_server_authorization_check_config;
 typedef struct grpc_tls_credentials_options grpc_tls_credentials_options;

 namespace grpc {
 namespace experimental {

 /** TLS key materials config, wrapper for grpc_tls_key_materials_config. It is
  * used for experimental purposes for now and subject to change. **/
 class TlsKeyMaterialsConfig {
  public:
   struct PemKeyCertPair {
     std::string private_key;
     std::string cert_chain;
   };

   /** Getters for member fields. **/
   const std::string pem_root_certs() const { return pem_root_certs_; }
   const std::vector<PemKeyCertPair>& pem_key_cert_pair_list() const {
     return pem_key_cert_pair_list_;
   }
   int version() const { return version_; }

   /** Setter for key materials that will be called by the user. Ownership of the
    * arguments will not be transferred. **/
   void set_pem_root_certs(const std::string& pem_root_certs);
   void add_pem_key_cert_pair(const PemKeyCertPair& pem_key_cert_pair);
   void set_key_materials(
       const std::string& pem_root_certs,
       const std::vector<PemKeyCertPair>& pem_key_cert_pair_list);
   void set_version(int version) { version_ = version; };

  private:
   int version_ = 0;
   std::vector<PemKeyCertPair> pem_key_cert_pair_list_;
   std::string pem_root_certs_;
 };

 /** TLS credential reload arguments, wraps grpc_tls_credential_reload_arg. It is
  *  used for experimental purposes for now and it is subject to change.
  *
  *  The credential reload arg contains all the info necessary to schedule/cancel
  *  a credential reload request. The callback function must be called after
  *  finishing the schedule operation. See the description of the
  *  grpc_tls_credential_reload_arg struct in grpc_security.h for more details.
  * **/
 class TlsCredentialReloadArg {
  public:
   /** TlsCredentialReloadArg does not take ownership of the C arg that is passed
    *  to the constructor. One must remember to free any memory allocated to the
    * C arg after using the setter functions below. **/
   TlsCredentialReloadArg(grpc_tls_credential_reload_arg* arg);
   ~TlsCredentialReloadArg();

   /** Getters for member fields. **/
   void* cb_user_data() const;
   bool is_pem_key_cert_pair_list_empty() const;
   grpc_ssl_certificate_config_reload_status status() const;
   std::string error_details() const;

   /** Setters for member fields. Ownership of the arguments will not be
    *  transferred. **/
   void set_cb_user_data(void* cb_user_data);
   void set_pem_root_certs(const std::string& pem_root_certs);
   void add_pem_key_cert_pair(
       const TlsKeyMaterialsConfig::PemKeyCertPair& pem_key_cert_pair);
   void set_key_materials(const std::string& pem_root_certs,
                          std::vector<TlsKeyMaterialsConfig::PemKeyCertPair>
                              pem_key_cert_pair_list);
   void set_key_materials_config(
       const std::shared_ptr<TlsKeyMaterialsConfig>& key_materials_config);
   void set_status(grpc_ssl_certificate_config_reload_status status);
   void set_error_details(const std::string& error_details);

   /** Calls the C arg's callback function. **/
   void OnCredentialReloadDoneCallback();

  private:
   grpc_tls_credential_reload_arg* c_arg_;
 };

 /** An interface that the application derives and uses to instantiate a
  * TlsCredentialReloadConfig instance. Refer to the definition of the
  * grpc_tls_credential_reload_config in grpc_tls_credentials_options.h for more
  * details on the expectations of the member functions of the interface. **/
 struct TlsCredentialReloadInterface {
   virtual ~TlsCredentialReloadInterface() = default;
   /** A callback that invokes the credential reload. **/
   virtual int Schedule(TlsCredentialReloadArg* arg) = 0;
   /** A callback that cancels a credential reload request. **/
   virtual void Cancel(TlsCredentialReloadArg* /* arg */) {}
 };

 /** TLS credential reloag config, wraps grpc_tls_credential_reload_config. It is
  * used for experimental purposes for now and it is subject to change. **/
 class TlsCredentialReloadConfig {
  public:
   TlsCredentialReloadConfig(std::shared_ptr<TlsCredentialReloadInterface>
                                 credential_reload_interface);
   ~TlsCredentialReloadConfig();

   int Schedule(TlsCredentialReloadArg* arg) const {
     if (credential_reload_interface_ == nullptr) {
       gpr_log(GPR_ERROR, "credential reload interface is nullptr");
       if (arg != nullptr) {
         arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL);
         arg->set_error_details(
             "the interface of the credential reload config is nullptr");
       }
       return 1;
     }
     return credential_reload_interface_->Schedule(arg);
   }

   void Cancel(TlsCredentialReloadArg* arg) const {
     if (credential_reload_interface_ == nullptr) {
       gpr_log(GPR_ERROR, "credential reload interface is nullptr");
       if (arg != nullptr) {
         arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL);
         arg->set_error_details(
             "the interface of the credential reload config is nullptr");
       }
       return;
     }
     credential_reload_interface_->Cancel(arg);
   }

   /** Returns a C struct for the credential reload config. **/
   grpc_tls_credential_reload_config* c_config() const { return c_config_; }

  private:
   grpc_tls_credential_reload_config* c_config_;
   std::shared_ptr<TlsCredentialReloadInterface> credential_reload_interface_;
 };

 /** TLS server authorization check arguments, wraps
  *  grpc_tls_server_authorization_check_arg. It is used for experimental
  *  purposes for now and it is subject to change.
  *
  *  The server authorization check arg contains all the info necessary to
  *  schedule/cancel a server authorization check request. The callback function
  *  must be called after finishing the schedule operation. See the description
  *  of the grpc_tls_server_authorization_check_arg struct in grpc_security.h for
  *  more details. **/
 class TlsServerAuthorizationCheckArg {
  public:
   /** TlsServerAuthorizationCheckArg does not take ownership of the C arg passed
    * to the constructor. One must remember to free any memory allocated to the
    * C arg after using the setter functions below. **/
   TlsServerAuthorizationCheckArg(grpc_tls_server_authorization_check_arg* arg);
   ~TlsServerAuthorizationCheckArg();

   /** Getters for member fields. **/
   void* cb_user_data() const;
   int success() const;
   std::string target_name() const;
   std::string peer_cert() const;
   std::string peer_cert_full_chain() const;
   grpc_status_code status() const;
   std::string error_details() const;

   /** Setters for member fields. **/
   void set_cb_user_data(void* cb_user_data);
   void set_success(int success);
   void set_target_name(const std::string& target_name);
   void set_peer_cert(const std::string& peer_cert);
   void set_peer_cert_full_chain(const std::string& peer_cert_full_chain);
   void set_status(grpc_status_code status);
   void set_error_details(const std::string& error_details);

   /** Calls the C arg's callback function. **/
   void OnServerAuthorizationCheckDoneCallback();

  private:
   grpc_tls_server_authorization_check_arg* c_arg_;
 };

 /** An interface that the application derives and uses to instantiate a
  * TlsServerAuthorizationCheckConfig instance. Refer to the definition of the
  * grpc_tls_server_authorization_check_config in grpc_tls_credentials_options.h
  * for more details on the expectations of the member functions of the
  * interface.
  * **/
 struct TlsServerAuthorizationCheckInterface {
   virtual ~TlsServerAuthorizationCheckInterface() = default;
   /** A callback that invokes the server authorization check. **/
   virtual int Schedule(TlsServerAuthorizationCheckArg* arg) = 0;
   /** A callback that cancels a server authorization check request. **/
   virtual void Cancel(TlsServerAuthorizationCheckArg* /* arg */) {}
 };

 /** TLS server authorization check config, wraps
  *  grps_tls_server_authorization_check_config. It is used for experimental
  *  purposes for now and it is subject to change. **/
 class TlsServerAuthorizationCheckConfig {
  public:
   TlsServerAuthorizationCheckConfig(
       std::shared_ptr<TlsServerAuthorizationCheckInterface>
           server_authorization_check_interface);
   ~TlsServerAuthorizationCheckConfig();

   int Schedule(TlsServerAuthorizationCheckArg* arg) const {
     if (server_authorization_check_interface_ == nullptr) {
       gpr_log(GPR_ERROR, "server authorization check interface is nullptr");
       if (arg != nullptr) {
         arg->set_status(GRPC_STATUS_NOT_FOUND);
         arg->set_error_details(
             "the interface of the server authorization check config is "
             "nullptr");
       }
       return 1;
     }
     return server_authorization_check_interface_->Schedule(arg);
   }

   void Cancel(TlsServerAuthorizationCheckArg* arg) const {
     if (server_authorization_check_interface_ == nullptr) {
       gpr_log(GPR_ERROR, "server authorization check interface is nullptr");
       if (arg != nullptr) {
         arg->set_status(GRPC_STATUS_NOT_FOUND);
         arg->set_error_details(
             "the interface of the server authorization check config is "
             "nullptr");
       }
       return;
     }
     server_authorization_check_interface_->Cancel(arg);
   }

   /** Returns C struct for the server authorization check config. **/
   grpc_tls_server_authorization_check_config* c_config() const {
     return c_config_;
   }

  private:
   grpc_tls_server_authorization_check_config* c_config_;
   std::shared_ptr<TlsServerAuthorizationCheckInterface>
       server_authorization_check_interface_;
 };

 /** TLS credentials options, wrapper for grpc_tls_credentials_options. It is
  * used for experimental purposes for now and it is subject to change. See the
  * description of the grpc_tls_credentials_options struct in grpc_security.h for
  * more details. **/
 class TlsCredentialsOptions {
  public:
   // Constructor for client.
   explicit TlsCredentialsOptions(
       grpc_tls_server_verification_option server_verification_option,
       std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config,
       std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config,
       std::shared_ptr<TlsServerAuthorizationCheckConfig>
           server_authorization_check_config);

   // Constructor for server.
   explicit TlsCredentialsOptions(
       grpc_ssl_client_certificate_request_type cert_request_type,
       std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config,
       std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config);

   // This constructor will be deprecated.
   TlsCredentialsOptions(
       grpc_ssl_client_certificate_request_type cert_request_type,
       grpc_tls_server_verification_option server_verification_option,
       std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config,
       std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config,
       std::shared_ptr<TlsServerAuthorizationCheckConfig>
           server_authorization_check_config);
   ~TlsCredentialsOptions();

   /** Getters for member fields. **/
   grpc_ssl_client_certificate_request_type cert_request_type() const {
     return cert_request_type_;
   }
   grpc_tls_server_verification_option server_verification_option() const {
     return server_verification_option_;
   }
   std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config() const {
     return key_materials_config_;
   }
   std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config() const {
     return credential_reload_config_;
   }
   std::shared_ptr<TlsServerAuthorizationCheckConfig>
   server_authorization_check_config() const {
     return server_authorization_check_config_;
   }
   grpc_tls_credentials_options* c_credentials_options() const {
     return c_credentials_options_;
   }

  private:
   /** The cert_request_type_ flag is only relevant when the
    * TlsCredentialsOptions are used to instantiate server credentials; the flag
    * goes unused when creating channel credentials, and the user can set it to
    * GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE. **/
   grpc_ssl_client_certificate_request_type cert_request_type_;
   /** The server_verification_option_ flag is only relevant when the
    * TlsCredentialsOptions are used to instantiate client credentials; **/
   grpc_tls_server_verification_option server_verification_option_;
   std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config_;
   std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config_;
   std::shared_ptr<TlsServerAuthorizationCheckConfig>
       server_authorization_check_config_;
   grpc_tls_credentials_options* c_credentials_options_;
 };

 }  // namespace experimental
 }  // namespace grpc

 #endif  // GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
	/*
	*
	* Copyright 2019 gRPC authors.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/

	#ifndef GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
	#define GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H

	#include <grpc/grpc_security_constants.h>
	#include <grpc/status.h>
	#include <grpc/support/log.h>
	#include <grpcpp/support/config.h>

	#include <memory>
	#include <vector>

	typedef struct grpc_tls_credential_reload_arg grpc_tls_credential_reload_arg;
	typedef struct grpc_tls_credential_reload_config
	grpc_tls_credential_reload_config;
	typedef struct grpc_tls_server_authorization_check_arg
	grpc_tls_server_authorization_check_arg;
	typedef struct grpc_tls_server_authorization_check_config
	grpc_tls_server_authorization_check_config;
	typedef struct grpc_tls_credentials_options grpc_tls_credentials_options;

	namespace grpc {
	namespace experimental {

	/** TLS key materials config, wrapper for grpc_tls_key_materials_config. It is
	* used for experimental purposes for now and subject to change. **/
	class TlsKeyMaterialsConfig {
	public:
	struct PemKeyCertPair {
	std::string private_key;
	std::string cert_chain;
	};

	/ Getters for member fields. /
	const std::string pem_root_certs() const { return pem_root_certs_; }
	const std::vector<PemKeyCertPair>& pem_key_cert_pair_list() const {
	return pem_key_cert_pair_list_;
	}
	int version() const { return version_; }

	/** Setter for key materials that will be called by the user. Ownership of the
	* arguments will not be transferred. **/
	void set_pem_root_certs(const std::string& pem_root_certs);
	void add_pem_key_cert_pair(const PemKeyCertPair& pem_key_cert_pair);
	void set_key_materials(
	const std::string& pem_root_certs,
	const std::vector<PemKeyCertPair>& pem_key_cert_pair_list);
	void set_version(int version) { version_ = version; };

	private:
	int version_ = 0;
	std::vector<PemKeyCertPair> pem_key_cert_pair_list_;
	std::string pem_root_certs_;
	};

	/** TLS credential reload arguments, wraps grpc_tls_credential_reload_arg. It is
	* used for experimental purposes for now and it is subject to change.
	*
	* The credential reload arg contains all the info necessary to schedule/cancel
	* a credential reload request. The callback function must be called after
	* finishing the schedule operation. See the description of the
	* grpc_tls_credential_reload_arg struct in grpc_security.h for more details.
	* **/
	class TlsCredentialReloadArg {
	public:
	/** TlsCredentialReloadArg does not take ownership of the C arg that is passed
	* to the constructor. One must remember to free any memory allocated to the
	* C arg after using the setter functions below. **/
	TlsCredentialReloadArg(grpc_tls_credential_reload_arg* arg);
	~TlsCredentialReloadArg();

	/ Getters for member fields. /
	void* cb_user_data() const;
	bool is_pem_key_cert_pair_list_empty() const;
	grpc_ssl_certificate_config_reload_status status() const;
	std::string error_details() const;

	/** Setters for member fields. Ownership of the arguments will not be
	* transferred. **/
	void set_cb_user_data(void* cb_user_data);
	void set_pem_root_certs(const std::string& pem_root_certs);
	void add_pem_key_cert_pair(
	const TlsKeyMaterialsConfig::PemKeyCertPair& pem_key_cert_pair);
	void set_key_materials(const std::string& pem_root_certs,
	std::vector<TlsKeyMaterialsConfig::PemKeyCertPair>
	pem_key_cert_pair_list);
	void set_key_materials_config(
	const std::shared_ptr<TlsKeyMaterialsConfig>& key_materials_config);
	void set_status(grpc_ssl_certificate_config_reload_status status);
	void set_error_details(const std::string& error_details);

	/ Calls the C arg's callback function. /
	void OnCredentialReloadDoneCallback();

	private:
	grpc_tls_credential_reload_arg* c_arg_;
	};

	/** An interface that the application derives and uses to instantiate a
	* TlsCredentialReloadConfig instance. Refer to the definition of the
	* grpc_tls_credential_reload_config in grpc_tls_credentials_options.h for more
	* details on the expectations of the member functions of the interface. **/
	struct TlsCredentialReloadInterface {
	virtual ~TlsCredentialReloadInterface() = default;
	/ A callback that invokes the credential reload. /
	virtual int Schedule(TlsCredentialReloadArg* arg) = 0;
	/ A callback that cancels a credential reload request. /
	virtual void Cancel(TlsCredentialReloadArg* /* arg */) {}
	};

	/** TLS credential reloag config, wraps grpc_tls_credential_reload_config. It is
	* used for experimental purposes for now and it is subject to change. **/
	class TlsCredentialReloadConfig {
	public:
	TlsCredentialReloadConfig(std::shared_ptr<TlsCredentialReloadInterface>
	credential_reload_interface);
	~TlsCredentialReloadConfig();

	int Schedule(TlsCredentialReloadArg* arg) const {
	if (credential_reload_interface_ == nullptr) {
	gpr_log(GPR_ERROR, "credential reload interface is nullptr");
	if (arg != nullptr) {
	arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL);
	arg->set_error_details(
	"the interface of the credential reload config is nullptr");
	}
	return 1;
	}
	return credential_reload_interface_->Schedule(arg);
	}

	void Cancel(TlsCredentialReloadArg* arg) const {
	if (credential_reload_interface_ == nullptr) {
	gpr_log(GPR_ERROR, "credential reload interface is nullptr");
	if (arg != nullptr) {
	arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL);
	arg->set_error_details(
	"the interface of the credential reload config is nullptr");
	}
	return;
	}
	credential_reload_interface_->Cancel(arg);
	}

	/ Returns a C struct for the credential reload config. /
	grpc_tls_credential_reload_config* c_config() const { return c_config_; }

	private:
	grpc_tls_credential_reload_config* c_config_;
	std::shared_ptr<TlsCredentialReloadInterface> credential_reload_interface_;
	};

	/** TLS server authorization check arguments, wraps
	* grpc_tls_server_authorization_check_arg. It is used for experimental
	* purposes for now and it is subject to change.
	*
	* The server authorization check arg contains all the info necessary to
	* schedule/cancel a server authorization check request. The callback function
	* must be called after finishing the schedule operation. See the description
	* of the grpc_tls_server_authorization_check_arg struct in grpc_security.h for
	* more details. **/
	class TlsServerAuthorizationCheckArg {
	public:
	/** TlsServerAuthorizationCheckArg does not take ownership of the C arg passed
	* to the constructor. One must remember to free any memory allocated to the
	* C arg after using the setter functions below. **/
	TlsServerAuthorizationCheckArg(grpc_tls_server_authorization_check_arg* arg);
	~TlsServerAuthorizationCheckArg();

	/ Getters for member fields. /
	void* cb_user_data() const;
	int success() const;
	std::string target_name() const;
	std::string peer_cert() const;
	std::string peer_cert_full_chain() const;
	grpc_status_code status() const;
	std::string error_details() const;

	/ Setters for member fields. /
	void set_cb_user_data(void* cb_user_data);
	void set_success(int success);
	void set_target_name(const std::string& target_name);
	void set_peer_cert(const std::string& peer_cert);
	void set_peer_cert_full_chain(const std::string& peer_cert_full_chain);
	void set_status(grpc_status_code status);
	void set_error_details(const std::string& error_details);

	/ Calls the C arg's callback function. /
	void OnServerAuthorizationCheckDoneCallback();

	private:
	grpc_tls_server_authorization_check_arg* c_arg_;
	};

	/** An interface that the application derives and uses to instantiate a
	* TlsServerAuthorizationCheckConfig instance. Refer to the definition of the
	* grpc_tls_server_authorization_check_config in grpc_tls_credentials_options.h
	* for more details on the expectations of the member functions of the
	* interface.
	* **/
	struct TlsServerAuthorizationCheckInterface {
	virtual ~TlsServerAuthorizationCheckInterface() = default;
	/ A callback that invokes the server authorization check. /
	virtual int Schedule(TlsServerAuthorizationCheckArg* arg) = 0;
	/ A callback that cancels a server authorization check request. /
	virtual void Cancel(TlsServerAuthorizationCheckArg* /* arg */) {}
	};

	/** TLS server authorization check config, wraps
	* grps_tls_server_authorization_check_config. It is used for experimental
	* purposes for now and it is subject to change. **/
	class TlsServerAuthorizationCheckConfig {
	public:
	TlsServerAuthorizationCheckConfig(
	std::shared_ptr<TlsServerAuthorizationCheckInterface>
	server_authorization_check_interface);
	~TlsServerAuthorizationCheckConfig();

	int Schedule(TlsServerAuthorizationCheckArg* arg) const {
	if (server_authorization_check_interface_ == nullptr) {
	gpr_log(GPR_ERROR, "server authorization check interface is nullptr");
	if (arg != nullptr) {
	arg->set_status(GRPC_STATUS_NOT_FOUND);
	arg->set_error_details(
	"the interface of the server authorization check config is "
	"nullptr");
	}
	return 1;
	}
	return server_authorization_check_interface_->Schedule(arg);
	}

	void Cancel(TlsServerAuthorizationCheckArg* arg) const {
	if (server_authorization_check_interface_ == nullptr) {
	gpr_log(GPR_ERROR, "server authorization check interface is nullptr");
	if (arg != nullptr) {
	arg->set_status(GRPC_STATUS_NOT_FOUND);
	arg->set_error_details(
	"the interface of the server authorization check config is "
	"nullptr");
	}
	return;
	}
	server_authorization_check_interface_->Cancel(arg);
	}

	/ Returns C struct for the server authorization check config. /
	grpc_tls_server_authorization_check_config* c_config() const {
	return c_config_;
	}

	private:
	grpc_tls_server_authorization_check_config* c_config_;
	std::shared_ptr<TlsServerAuthorizationCheckInterface>
	server_authorization_check_interface_;
	};

	/** TLS credentials options, wrapper for grpc_tls_credentials_options. It is
	* used for experimental purposes for now and it is subject to change. See the
	* description of the grpc_tls_credentials_options struct in grpc_security.h for
	* more details. **/
	class TlsCredentialsOptions {
	public:
	// Constructor for client.
	explicit TlsCredentialsOptions(
	grpc_tls_server_verification_option server_verification_option,
	std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config,
	std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config,
	std::shared_ptr<TlsServerAuthorizationCheckConfig>
	server_authorization_check_config);

	// Constructor for server.
	explicit TlsCredentialsOptions(
	grpc_ssl_client_certificate_request_type cert_request_type,
	std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config,
	std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config);

	// This constructor will be deprecated.
	TlsCredentialsOptions(
	grpc_ssl_client_certificate_request_type cert_request_type,
	grpc_tls_server_verification_option server_verification_option,
	std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config,
	std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config,
	std::shared_ptr<TlsServerAuthorizationCheckConfig>
	server_authorization_check_config);
	~TlsCredentialsOptions();

	/ Getters for member fields. /
	grpc_ssl_client_certificate_request_type cert_request_type() const {
	return cert_request_type_;
	}
	grpc_tls_server_verification_option server_verification_option() const {
	return server_verification_option_;
	}
	std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config() const {
	return key_materials_config_;
	}
	std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config() const {
	return credential_reload_config_;
	}
	std::shared_ptr<TlsServerAuthorizationCheckConfig>
	server_authorization_check_config() const {
	return server_authorization_check_config_;
	}
	grpc_tls_credentials_options* c_credentials_options() const {
	return c_credentials_options_;
	}

	private:
	/** The cert_request_type_ flag is only relevant when the
	* TlsCredentialsOptions are used to instantiate server credentials; the flag
	* goes unused when creating channel credentials, and the user can set it to
	* GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE. **/
	grpc_ssl_client_certificate_request_type cert_request_type_;
	/** The server_verification_option_ flag is only relevant when the
	* TlsCredentialsOptions are used to instantiate client credentials; **/
	grpc_tls_server_verification_option server_verification_option_;
	std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config_;
	std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config_;
	std::shared_ptr<TlsServerAuthorizationCheckConfig>
	server_authorization_check_config_;
	grpc_tls_credentials_options* c_credentials_options_;
	};

	} // namespace experimental
	} // namespace grpc

	#endif // GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H