// // Copyright 2020 gRPC authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // #ifndef GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CERTIFICATE_PROVIDER_H #define GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CERTIFICATE_PROVIDER_H #include <grpc/support/port_platform.h> #include <stdint.h> #include <map> #include <string> #include "absl/base/thread_annotations.h" #include "absl/status/statusor.h" #include "absl/strings/string_view.h" #include "absl/types/optional.h" #include <grpc/grpc_security.h> #include <grpc/support/log.h> #include <grpc/support/sync.h> #include "src/core/lib/gpr/useful.h" #include "src/core/lib/gprpp/ref_counted.h" #include "src/core/lib/gprpp/ref_counted_ptr.h" #include "src/core/lib/gprpp/sync.h" #include "src/core/lib/gprpp/thd.h" #include "src/core/lib/gprpp/unique_type_name.h" #include "src/core/lib/iomgr/iomgr_fwd.h" #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h" #include "src/core/lib/security/security_connector/ssl_utils.h" // Interface for a grpc_tls_certificate_provider that handles the process to // fetch credentials and validation contexts. Implementations are free to rely // on local or remote sources to fetch the latest secrets, and free to share any // state among different instances as they deem fit. // // On creation, grpc_tls_certificate_provider creates a // grpc_tls_certificate_distributor object. When the credentials and validation // contexts become valid or changed, a grpc_tls_certificate_provider should // notify its distributor so as to propagate the update to the watchers. struct grpc_tls_certificate_provider : public grpc_core::RefCounted<grpc_tls_certificate_provider> { … }; namespace grpc_core { // A basic provider class that will get credentials from string during // initialization. class StaticDataCertificateProvider final : public grpc_tls_certificate_provider { … }; // A provider class that will watch the credential changes on the file system. class FileWatcherCertificateProvider final : public grpc_tls_certificate_provider { … }; // Checks if the private key matches the certificate's public key. // Returns a not-OK status on failure, or a bool indicating // whether the key/cert pair matches. absl::StatusOr<bool> PrivateKeyAndCertificateMatch( absl::string_view private_key, absl::string_view cert_chain); } // namespace grpc_core #endif // GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CERTIFICATE_PROVIDER_H
Codebase Browser
chromium