Home | History | Annotate | Download | only in grpc 
      1 /*
      2  *
      3  * Copyright 2016 gRPC authors.
      4  *
      5  * Licensed under the Apache License, Version 2.0 (the "License");
      6  * you may not use this file except in compliance with the License.
      7  * You may obtain a copy of the License at
      8  *
      9  *     http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  * Unless required by applicable law or agreed to in writing, software
     12  * distributed under the License is distributed on an "AS IS" BASIS,
     13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  * See the License for the specific language governing permissions and
     15  * limitations under the License.
     16  *
     17  */
     18 
     19 #ifndef GRPC_GRPC_SECURITY_CONSTANTS_H
     20 #define GRPC_GRPC_SECURITY_CONSTANTS_H
     21 
     22 #ifdef __cplusplus
     23 extern "C" {
     24 #endif
     25 
     26 #define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME "transport_security_type"
     27 #define GRPC_SSL_TRANSPORT_SECURITY_TYPE "ssl"
     28 
     29 #define GRPC_X509_CN_PROPERTY_NAME "x509_common_name"
     30 #define GRPC_X509_SAN_PROPERTY_NAME "x509_subject_alternative_name"
     31 #define GRPC_X509_PEM_CERT_PROPERTY_NAME "x509_pem_cert"
     32 #define GRPC_SSL_SESSION_REUSED_PROPERTY "ssl_session_reused"
     33 
     34 /** Environment variable that points to the default SSL roots file. This file
     35    must be a PEM encoded file with all the roots such as the one that can be
     36    downloaded from https://pki.google.com/roots.pem.  */
     37 #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \
     38   "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"
     39 
     40 /** Environment variable that points to the google default application
     41    credentials json key or refresh token. Used in the
     42    grpc_google_default_credentials_create function. */
     43 #define GRPC_GOOGLE_CREDENTIALS_ENV_VAR "GOOGLE_APPLICATION_CREDENTIALS"
     44 
     45 /** Results for the SSL roots override callback. */
     46 typedef enum {
     47   GRPC_SSL_ROOTS_OVERRIDE_OK,
     48   GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY, /** Do not try fallback options. */
     49   GRPC_SSL_ROOTS_OVERRIDE_FAIL
     50 } grpc_ssl_roots_override_result;
     51 
     52 /** Callback results for dynamically loading a SSL certificate config. */
     53 typedef enum {
     54   GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED,
     55   GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW,
     56   GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL
     57 } grpc_ssl_certificate_config_reload_status;
     58 
     59 typedef enum {
     60   /** Server does not request client certificate.
     61      The certificate presented by the client is not checked by the server at
     62      all. (A client may present a self signed or signed certificate or not
     63      present a certificate at all and any of those option would be accepted) */
     64   GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
     65   /** Server requests client certificate but does not enforce that the client
     66      presents a certificate.
     67 
     68      If the client presents a certificate, the client authentication is left to
     69      the application (the necessary metadata will be available to the
     70      application via authentication context properties, see grpc_auth_context).
     71 
     72      The client's key certificate pair must be valid for the SSL connection to
     73      be established. */
     74   GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
     75   /** Server requests client certificate but does not enforce that the client
     76      presents a certificate.
     77 
     78      If the client presents a certificate, the client authentication is done by
     79      the gRPC framework. (For a successful connection the client needs to either
     80      present a certificate that can be verified against the root certificate
     81      configured by the server or not present a certificate at all)
     82 
     83      The client's key certificate pair must be valid for the SSL connection to
     84      be established. */
     85   GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY,
     86   /** Server requests client certificate and enforces that the client presents a
     87      certificate.
     88 
     89      If the client presents a certificate, the client authentication is left to
     90      the application (the necessary metadata will be available to the
     91      application via authentication context properties, see grpc_auth_context).
     92 
     93      The client's key certificate pair must be valid for the SSL connection to
     94      be established. */
     95   GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
     96   /** Server requests client certificate and enforces that the client presents a
     97      certificate.
     98 
     99      The cerificate presented by the client is verified by the gRPC framework.
    100      (For a successful connection the client needs to present a certificate that
    101      can be verified against the root certificate configured by the server)
    102 
    103      The client's key certificate pair must be valid for the SSL connection to
    104      be established. */
    105   GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
    106 } grpc_ssl_client_certificate_request_type;
    107 
    108 /**
    109  * Type of local connection for which local channel/server credentials will be
    110  * applied. It only supports UDS for now.
    111  */
    112 typedef enum { UDS = 0 } grpc_local_connect_type;
    113 
    114 #ifdef __cplusplus
    115 }
    116 #endif
    117 
    118 #endif /* GRPC_GRPC_SECURITY_CONSTANTS_H */
    119