1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPCPP_SECURITY_SERVER_CREDENTIALS_H
20 #define GRPCPP_SECURITY_SERVER_CREDENTIALS_H
21 
22 #include <memory>
23 #include <vector>
24 
25 #include <grpc/grpc_security_constants.h>
26 #include <grpcpp/security/auth_metadata_processor.h>
27 #include <grpcpp/support/config.h>
28 
29 struct grpc_server;
30 
31 namespace grpc {
32 class Server;
33 
34 /// Wrapper around \a grpc_server_credentials, a way to authenticate a server.
35 class ServerCredentials {
36  public:
37   virtual ~ServerCredentials();
38 
39   /// This method is not thread-safe and has to be called before the server is
40   /// started. The last call to this function wins.
41   virtual void SetAuthMetadataProcessor(
42       const std::shared_ptr<AuthMetadataProcessor>& processor) = 0;
43 
44  private:
45   friend class ::grpc::Server;
46 
47   /// Tries to bind \a server to the given \a addr (eg, localhost:1234,
48   /// 192.168.1.1:31416, [::1]:27182, etc.)
49   ///
50   /// \return bound port number on sucess, 0 on failure.
51   // TODO(dgq): the "port" part seems to be a misnomer.
52   virtual int AddPortToServer(const grpc::string& addr,
53                               grpc_server* server) = 0;
54 };
55 
56 /// Options to create ServerCredentials with SSL
57 struct SslServerCredentialsOptions {
58   /// \warning Deprecated
SslServerCredentialsOptionsSslServerCredentialsOptions59   SslServerCredentialsOptions()
60       : force_client_auth(false),
61         client_certificate_request(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE) {}
SslServerCredentialsOptionsSslServerCredentialsOptions62   SslServerCredentialsOptions(
63       grpc_ssl_client_certificate_request_type request_type)
64       : force_client_auth(false), client_certificate_request(request_type) {}
65 
66   struct PemKeyCertPair {
67     grpc::string private_key;
68     grpc::string cert_chain;
69   };
70   grpc::string pem_root_certs;
71   std::vector<PemKeyCertPair> pem_key_cert_pairs;
72   /// \warning Deprecated
73   bool force_client_auth;
74 
75   /// If both \a force_client_auth and \a client_certificate_request
76   /// fields are set, \a force_client_auth takes effect, i.e.
77   /// \a REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
78   /// will be enforced.
79   grpc_ssl_client_certificate_request_type client_certificate_request;
80 };
81 
82 /// Builds SSL ServerCredentials given SSL specific options
83 std::shared_ptr<ServerCredentials> SslServerCredentials(
84     const SslServerCredentialsOptions& options);
85 
86 /// Builds insecure server credentials.
87 std::shared_ptr<ServerCredentials> InsecureServerCredentials();
88 
89 namespace experimental {
90 
91 /// Options to create ServerCredentials with ALTS
92 struct AltsServerCredentialsOptions {
93   /// Add fields if needed.
94 };
95 
96 /// Builds ALTS ServerCredentials given ALTS specific options
97 std::shared_ptr<ServerCredentials> AltsServerCredentials(
98     const AltsServerCredentialsOptions& options);
99 
100 /// Builds Local ServerCredentials.
101 std::shared_ptr<ServerCredentials> LocalServerCredentials(
102     grpc_local_connect_type type);
103 
104 }  // namespace experimental
105 }  // namespace grpc
106 
107 #endif  // GRPCPP_SECURITY_SERVER_CREDENTIALS_H
108