Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 1 | /* |
| 2 | * |
Craig Tiller | 0605995 | 2015-02-18 08:34:56 -0800 | [diff] [blame] | 3 | * Copyright 2015, Google Inc. |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions are |
| 8 | * met: |
| 9 | * |
| 10 | * * Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * * Redistributions in binary form must reproduce the above |
| 13 | * copyright notice, this list of conditions and the following disclaimer |
| 14 | * in the documentation and/or other materials provided with the |
| 15 | * distribution. |
| 16 | * * Neither the name of Google Inc. nor the names of its |
| 17 | * contributors may be used to endorse or promote products derived from |
| 18 | * this software without specific prior written permission. |
| 19 | * |
| 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 23 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 24 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 25 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 26 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 27 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 28 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 31 | * |
| 32 | */ |
| 33 | |
Nicolas "Pixel" Noble | 1ff52d5 | 2015-03-01 05:24:36 +0100 | [diff] [blame] | 34 | #ifndef GRPCXX_CREDENTIALS_H |
| 35 | #define GRPCXX_CREDENTIALS_H |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 36 | |
yangg | 4105e2b | 2015-01-09 14:19:44 -0800 | [diff] [blame] | 37 | #include <chrono> |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 38 | #include <memory> |
| 39 | |
| 40 | #include <grpc++/config.h> |
| 41 | |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 42 | namespace grpc { |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 43 | class ChannelArguments; |
| 44 | class ChannelInterface; |
Craig Tiller | ad9d0c4 | 2015-02-23 10:53:01 -0800 | [diff] [blame] | 45 | class SecureCredentials; |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 46 | |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 47 | class Credentials { |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 48 | public: |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 49 | virtual ~Credentials(); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 50 | |
Craig Tiller | ad9d0c4 | 2015-02-23 10:53:01 -0800 | [diff] [blame] | 51 | protected: |
Craig Tiller | e8eb8a4 | 2015-02-23 14:56:42 -0800 | [diff] [blame] | 52 | friend std::unique_ptr<Credentials> CompositeCredentials( |
Yang Gao | 5ebd6c7 | 2015-03-17 16:22:32 -0700 | [diff] [blame] | 53 | const std::unique_ptr<Credentials>& creds1, |
| 54 | const std::unique_ptr<Credentials>& creds2); |
Craig Tiller | ad9d0c4 | 2015-02-23 10:53:01 -0800 | [diff] [blame] | 55 | |
| 56 | virtual SecureCredentials* AsSecureCredentials() = 0; |
| 57 | |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 58 | private: |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 59 | friend std::shared_ptr<ChannelInterface> CreateChannel( |
| 60 | const grpc::string& target, const std::unique_ptr<Credentials>& creds, |
| 61 | const ChannelArguments& args); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 62 | |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 63 | virtual std::shared_ptr<ChannelInterface> CreateChannel( |
| 64 | const grpc::string& target, const ChannelArguments& args) = 0; |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 65 | }; |
| 66 | |
| 67 | // Options used to build SslCredentials |
yangg | 4105e2b | 2015-01-09 14:19:44 -0800 | [diff] [blame] | 68 | // pem_roots_cert is the buffer containing the PEM encoding of the server root |
Julien Boeuf | 026a417 | 2015-02-02 18:36:37 -0800 | [diff] [blame] | 69 | // certificates. If this parameter is empty, the default roots will be used. |
yangg | 4105e2b | 2015-01-09 14:19:44 -0800 | [diff] [blame] | 70 | // pem_private_key is the buffer containing the PEM encoding of the client's |
| 71 | // private key. This parameter can be empty if the client does not have a |
| 72 | // private key. |
| 73 | // pem_cert_chain is the buffer containing the PEM encoding of the client's |
| 74 | // certificate chain. This parameter can be empty if the client does not have |
| 75 | // a certificate chain. |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 76 | struct SslCredentialsOptions { |
| 77 | grpc::string pem_root_certs; |
| 78 | grpc::string pem_private_key; |
| 79 | grpc::string pem_cert_chain; |
| 80 | }; |
| 81 | |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 82 | // Factories for building different types of Credentials |
| 83 | // The functions may return empty unique_ptr when credentials cannot be created. |
yangg | 4105e2b | 2015-01-09 14:19:44 -0800 | [diff] [blame] | 84 | // If a Credentials pointer is returned, it can still be invalid when used to |
| 85 | // create a channel. A lame channel will be created then and all rpcs will |
| 86 | // fail on it. |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 87 | |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 88 | // Builds credentials with reasonable defaults. |
Craig Tiller | e8eb8a4 | 2015-02-23 14:56:42 -0800 | [diff] [blame] | 89 | std::unique_ptr<Credentials> GoogleDefaultCredentials(); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 90 | |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 91 | // Builds SSL Credentials given SSL specific options |
| 92 | std::unique_ptr<Credentials> SslCredentials( |
| 93 | const SslCredentialsOptions& options); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 94 | |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 95 | // Builds credentials for use when running in GCE |
| 96 | std::unique_ptr<Credentials> ComputeEngineCredentials(); |
yangg | 4105e2b | 2015-01-09 14:19:44 -0800 | [diff] [blame] | 97 | |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 98 | // Builds service account credentials. |
| 99 | // json_key is the JSON key string containing the client's private key. |
| 100 | // scope is a space-delimited list of the requested permissions. |
| 101 | // token_lifetime is the lifetime of each token acquired through this service |
| 102 | // account credentials. It should be positive and should not exceed |
| 103 | // grpc_max_auth_token_lifetime or will be cropped to this value. |
| 104 | std::unique_ptr<Credentials> ServiceAccountCredentials( |
| 105 | const grpc::string& json_key, const grpc::string& scope, |
| 106 | std::chrono::seconds token_lifetime); |
yangg | 4105e2b | 2015-01-09 14:19:44 -0800 | [diff] [blame] | 107 | |
Yang Gao | d778651 | 2015-03-11 14:55:02 -0700 | [diff] [blame] | 108 | // Builds JWT credentials. |
| 109 | // json_key is the JSON key string containing the client's private key. |
| 110 | // token_lifetime is the lifetime of each Json Web Token (JWT) created with |
| 111 | // this credentials. It should not exceed grpc_max_auth_token_lifetime or |
| 112 | // will be cropped to this value. |
Yang Gao | 0535da3 | 2015-03-11 14:51:03 -0700 | [diff] [blame] | 113 | std::unique_ptr<Credentials> JWTCredentials( |
| 114 | const grpc::string& json_key, std::chrono::seconds token_lifetime); |
| 115 | |
Yang Gao | 5ebd6c7 | 2015-03-17 16:22:32 -0700 | [diff] [blame] | 116 | // Builds refresh token credentials. |
| 117 | // json_refresh_token is the JSON string containing the refresh token along |
| 118 | // with a client_id and client_secret. |
| 119 | std::unique_ptr<Credentials> RefreshTokenCredentials( |
| 120 | const grpc::string& json_refresh_token); |
| 121 | |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 122 | // Builds IAM credentials. |
| 123 | std::unique_ptr<Credentials> IAMCredentials( |
| 124 | const grpc::string& authorization_token, |
| 125 | const grpc::string& authority_selector); |
| 126 | |
| 127 | // Combines two credentials objects into a composite credentials |
Craig Tiller | e8eb8a4 | 2015-02-23 14:56:42 -0800 | [diff] [blame] | 128 | std::unique_ptr<Credentials> CompositeCredentials( |
Craig Tiller | 47c83fd | 2015-02-21 22:45:35 -0800 | [diff] [blame] | 129 | const std::unique_ptr<Credentials>& creds1, |
| 130 | const std::unique_ptr<Credentials>& creds2); |
| 131 | |
| 132 | // Credentials for an unencrypted, unauthenticated channel |
| 133 | std::unique_ptr<Credentials> InsecureCredentials(); |
Nicolas Noble | b7ebd3b | 2014-11-26 16:33:03 -0800 | [diff] [blame] | 134 | |
| 135 | } // namespace grpc |
| 136 | |
Nicolas "Pixel" Noble | 1ff52d5 | 2015-03-01 05:24:36 +0100 | [diff] [blame] | 137 | #endif // GRPCXX_CREDENTIALS_H |