// // Copyright 2021 gRPC authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // #ifndef GRPCPP_SECURITY_TLS_CERTIFICATE_VERIFIER_H #define GRPCPP_SECURITY_TLS_CERTIFICATE_VERIFIER_H #include <functional> #include <map> #include <memory> #include <utility> #include <vector> #include <grpc/grpc_security_constants.h> #include <grpc/status.h> #include <grpc/support/log.h> #include <grpcpp/impl/grpc_library.h> #include <grpcpp/impl/sync.h> #include <grpcpp/support/config.h> #include <grpcpp/support/status.h> #include <grpcpp/support/string_ref.h> // TODO(yihuazhang): remove the forward declaration here and include // <grpc/grpc_security.h> directly once the insecure builds are cleaned up. grpc_tls_custom_verification_check_request; grpc_tls_certificate_verifier; grpc_tls_certificate_verifier_external; grpc_tls_on_custom_verification_check_done_cb; extern "C" grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_external_create( grpc_tls_certificate_verifier_external* external_verifier); namespace grpc { namespace experimental { // Contains the verification-related information associated with a connection // request. Users should not directly create or destroy this request object, but // shall interact with it through CertificateVerifier's Verify() and Cancel(). class TlsCustomVerificationCheckRequest { … }; // The base class of all internal verifier implementations, and the ultimate // class that all external verifiers will eventually be transformed into. // To implement a custom verifier, do not extend this class; instead, // implement a subclass of ExternalCertificateVerifier. Note that custom // verifier implementations can compose their functionality with existing // implementations of this interface, such as HostnameVerifier, by delegating // to an instance of that class. class CertificateVerifier { … }; // The base class of all external, user-specified verifiers. Users should // inherit this class to implement a custom verifier. // Note that while implementing the custom verifier that extends this class, it // is possible to compose an existing ExternalCertificateVerifier or // CertificateVerifier, inside the Verify() and Cancel() function of the new // custom verifier. class ExternalCertificateVerifier { … }; // A CertificateVerifier that doesn't perform any additional checks other than // certificate verification, if specified. // Note: using this solely without any other authentication mechanisms on the // peer identity will leave your applications to the MITM(Man-In-The-Middle) // attacks. Users should avoid doing so in production environments. class NoOpCertificateVerifier : public CertificateVerifier { … }; // A CertificateVerifier that will perform hostname verification, to see if the // target name set from the client side matches the identity information // specified on the server's certificate. class HostNameCertificateVerifier : public CertificateVerifier { … }; } // namespace experimental } // namespace grpc #endif // GRPCPP_SECURITY_TLS_CERTIFICATE_VERIFIER_H
Codebase Browser
chromium