| Deepak Lukose | dba4c5f | 2016-03-25 12:54:25 -0700 | [diff] [blame] | 1 | /* |
| 2 | * |
| 3 | * Copyright 2016, Google Inc. |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions are |
| 8 | * met: |
| 9 | * |
| 10 | * * Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * * Redistributions in binary form must reproduce the above |
| 13 | * copyright notice, this list of conditions and the following disclaimer |
| 14 | * in the documentation and/or other materials provided with the |
| 15 | * distribution. |
| 16 | * * Neither the name of Google Inc. nor the names of its |
| 17 | * contributors may be used to endorse or promote products derived from |
| 18 | * this software without specific prior written permission. |
| 19 | * |
| 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 23 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 24 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 25 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 26 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 27 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 28 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 31 | * |
| 32 | */ |
| 33 | |
| 34 | #ifndef GRPC_GRPC_SECURITY_CONSTANTS_H |
| 35 | #define GRPC_GRPC_SECURITY_CONSTANTS_H |
| 36 | |
| 37 | #ifdef __cplusplus |
| 38 | extern "C" { |
| 39 | #endif |
| 40 | |
| 41 | #define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME "transport_security_type" |
| 42 | #define GRPC_SSL_TRANSPORT_SECURITY_TYPE "ssl" |
| 43 | |
| 44 | #define GRPC_X509_CN_PROPERTY_NAME "x509_common_name" |
| 45 | #define GRPC_X509_SAN_PROPERTY_NAME "x509_subject_alternative_name" |
| 46 | #define GRPC_X509_PEM_CERT_PROPERTY_NAME "x509_pem_cert" |
| 47 | |
| 48 | /* Environment variable that points to the default SSL roots file. This file |
| 49 | must be a PEM encoded file with all the roots such as the one that can be |
| 50 | downloaded from https://pki.google.com/roots.pem. */ |
| 51 | #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \ |
| 52 | "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH" |
| 53 | |
| 54 | /* Environment variable that points to the google default application |
| 55 | credentials json key or refresh token. Used in the |
| 56 | grpc_google_default_credentials_create function. */ |
| 57 | #define GRPC_GOOGLE_CREDENTIALS_ENV_VAR "GOOGLE_APPLICATION_CREDENTIALS" |
| 58 | |
| 59 | /* Results for the SSL roots override callback. */ |
| 60 | typedef enum { |
| 61 | GRPC_SSL_ROOTS_OVERRIDE_OK, |
| 62 | GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY, /* Do not try fallback options. */ |
| 63 | GRPC_SSL_ROOTS_OVERRIDE_FAIL |
| 64 | } grpc_ssl_roots_override_result; |
| 65 | |
| 66 | typedef enum { |
| 67 | /* Server does not request client certificate. A client can present a self |
| 68 | signed or signed certificates if it wishes to do so and they would be |
| 69 | accepted. */ |
| 70 | GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, |
| 71 | /* Server requests client certificate but does not enforce that the client |
| 72 | presents a certificate. |
| 73 | |
| 74 | If the client presents a certificate, the client authentication is left to |
| 75 | the application based on the metadata like certificate etc. |
| 76 | |
| 77 | The key cert pair should still be valid for the SSL connection to be |
| 78 | established. */ |
| 79 | GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, |
| 80 | /* Server requests client certificate but does not enforce that the client |
| 81 | presents a certificate. |
| 82 | |
| 83 | If the client presents a certificate, the client authentication is done by |
| 84 | grpc framework (The client needs to either present a signed cert or skip no |
| 85 | certificate for a successful connection). |
| 86 | |
| 87 | The key cert pair should still be valid for the SSL connection to be |
| 88 | established. */ |
| 89 | GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, |
| 90 | /* Server requests client certificate but enforces that the client presents a |
| 91 | certificate. |
| 92 | |
| 93 | If the client presents a certificate, the client authentication is left to |
| 94 | the application based on the metadata like certificate etc. |
| 95 | |
| 96 | The key cert pair should still be valid for the SSL connection to be |
| 97 | established. */ |
| 98 | GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, |
| 99 | /* Server requests client certificate but enforces that the client presents a |
| 100 | certificate. |
| 101 | |
| 102 | The cerificate presented by the client is verified by grpc framework (The |
| 103 | client needs to present signed certs for a successful connection). |
| 104 | |
| 105 | The key cert pair should still be valid for the SSL connection to be |
| 106 | established. */ |
| 107 | GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY |
| 108 | } grpc_ssl_client_certificate_request_type; |
| 109 | |
| 110 | #ifdef __cplusplus |
| 111 | } |
| 112 | #endif |
| 113 | |
| 114 | #endif /* GRPC_GRPC_SECURITY_CONSTANTS_H */ |