include/grpcpp/security/tls_credentials_options.h - platform/external/grpc-grpc - Git at Google

 //
 //
 // Copyright 2019 gRPC authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 //

 #ifndef GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
 #define GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H

 #include <memory>
 #include <vector>

 #include <grpc/grpc_security.h>
 #include <grpc/grpc_security_constants.h>
 #include <grpc/status.h>
 #include <grpc/support/log.h>
 #include <grpcpp/security/tls_certificate_provider.h>
 #include <grpcpp/security/tls_certificate_verifier.h>
 #include <grpcpp/security/tls_crl_provider.h>
 #include <grpcpp/support/config.h>

 namespace grpc {
 namespace experimental {

 // Base class of configurable options specified by users to configure their
 // certain security features supported in TLS. It is used for experimental
 // purposes for now and it is subject to change.
 class TlsCredentialsOptions {
  public:
   // Constructor for base class TlsCredentialsOptions.
   //
   // @param certificate_provider the provider which fetches TLS credentials that
   // will be used in the TLS handshake
   TlsCredentialsOptions();
   ~TlsCredentialsOptions();

   // Copy constructor does a deep copy of the underlying pointer. No assignment
   // permitted
   TlsCredentialsOptions(const TlsCredentialsOptions& other);
   TlsCredentialsOptions& operator=(const TlsCredentialsOptions& other) = delete;

   // ---- Setters for member fields ----
   // Sets the certificate provider used to store root certs and identity certs.
   void set_certificate_provider(
       std::shared_ptr<CertificateProviderInterface> certificate_provider);
   // Watches the updates of root certificates with name |root_cert_name|.
   // If used in TLS credentials, setting this field is optional for both the
   // client side and the server side.
   // If this is not set on the client side, we will use the root certificates
   // stored in the default system location, since client side must provide root
   // certificates in TLS(no matter single-side TLS or mutual TLS).
   // If this is not set on the server side, we will not watch any root
   // certificate updates, and assume no root certificates needed for the server
   // (in the one-side TLS scenario, the server is not required to provide root
   // certs). We don't support default root certs on server side.
   void watch_root_certs();
   // Sets the name of root certificates being watched, if |watch_root_certs| is
   // called. If not set, an empty string will be used as the name.
   //
   // @param root_cert_name the name of root certs being set.
   void set_root_cert_name(const std::string& root_cert_name);
   // Watches the updates of identity key-cert pairs with name
   // |identity_cert_name|. If used in TLS credentials, it is required to be set
   // on the server side, and optional for the client side(in the one-side
   // TLS scenario, the client is not required to provide identity certs).
   void watch_identity_key_cert_pairs();
   // Sets the name of identity key-cert pairs being watched, if
   // |watch_identity_key_cert_pairs| is called. If not set, an empty string will
   // be used as the name.
   //
   // @param identity_cert_name the name of identity key-cert pairs being set.
   void set_identity_cert_name(const std::string& identity_cert_name);
   // Sets the Tls session key logging configuration. If not set, tls
   // session key logging is disabled. Note that this should be used only for
   // debugging purposes. It should never be used in a production environment
   // due to security concerns.
   //
   // @param tls_session_key_log_file_path: Path where tls session keys would
   // be logged.
   void set_tls_session_key_log_file_path(
       const std::string& tls_session_key_log_file_path);
   // Sets the certificate verifier used to perform post-handshake peer identity
   // checks.
   void set_certificate_verifier(
       std::shared_ptr<CertificateVerifier> certificate_verifier);
   // Sets the options of whether to check the hostname of the peer on a per-call
   // basis. This is usually used in a combination with virtual hosting at the
   // client side, where each individual call on a channel can have a different
   // host associated with it.
   // This check is intended to verify that the host specified for the individual
   // call is covered by the cert that the peer presented.
   // We will perform such checks by default. This should be disabled if
   // verifiers other than the host name verifier is used.
   void set_check_call_host(bool check_call_host);

   // Deprecated in favor of set_crl_provider. The
   // crl provider interface provides a significantly more flexible approach to
   // using CRLs. See gRFC A69 for details.
   // If set, gRPC will read all hashed x.509 CRL files in the directory and
   // enforce the CRL files on all TLS handshakes. Only supported for OpenSSL
   // version > 1.1.
   void set_crl_directory(const std::string& path);

   void set_crl_provider(std::shared_ptr<CrlProvider> crl_provider);

   // Sets the minimum TLS version that will be negotiated during the TLS
   // handshake. If not set, the underlying SSL library will use TLS v1.2.
   // @param tls_version: The minimum TLS version.
   void set_min_tls_version(grpc_tls_version tls_version);
   // Sets the maximum TLS version that will be negotiated during the TLS
   // handshake. If not set, the underlying SSL library will use TLS v1.3.
   // @param tls_version: The maximum TLS version.
   void set_max_tls_version(grpc_tls_version tls_version);

   // ----- Getters for member fields ----
   // Returns a deep copy of the internal c options. The caller takes ownership
   // of the returned pointer. This function shall be used only internally.
   grpc_tls_credentials_options* c_credentials_options() const;

  protected:
   // Returns the internal c options. The caller does not take ownership of the
   // returned pointer.
   grpc_tls_credentials_options* mutable_c_credentials_options() {
     return c_credentials_options_;
   }

  private:
   std::shared_ptr<CertificateProviderInterface> certificate_provider_;
   std::shared_ptr<CertificateVerifier> certificate_verifier_;
   grpc_tls_credentials_options* c_credentials_options_ = nullptr;
 };

 // Contains configurable options on the client side.
 // Client side doesn't need to always use certificate provider. When the
 // certificate provider is not set, we will use the root certificates stored
 // in the system default locations, and assume client won't provide any
 // identity certificates(single side TLS).
 // It is used for experimental purposes for now and it is subject to change.
 class TlsChannelCredentialsOptions final : public TlsCredentialsOptions {
  public:
   // Sets the decision of whether to do a crypto check on the server certs.
   // The default is true.
   void set_verify_server_certs(bool verify_server_certs);

  private:
 };

 // Contains configurable options on the server side.
 // It is used for experimental purposes for now and it is subject to change.
 class TlsServerCredentialsOptions final : public TlsCredentialsOptions {
  public:
   // Server side is required to use a provider, because server always needs to
   // use identity certs.
   explicit TlsServerCredentialsOptions(
       std::shared_ptr<CertificateProviderInterface> certificate_provider)
       : TlsCredentialsOptions() {
     set_certificate_provider(certificate_provider);
   }

   // Sets option to request the certificates from the client.
   // The default is GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE.
   void set_cert_request_type(
       grpc_ssl_client_certificate_request_type cert_request_type);

   // Sets whether or not a TLS server should send a list of CA names in the
   // ServerHello. This list of CA names is read from the server's trust bundle,
   // so that the client can use this list as a hint to know which certificate it
   // should send to the server.
   //
   // By default, this option is turned off.
   //
   // WARNING: This API is extremely dangerous and should not be used. If the
   // server's trust bundle is too large, then the TLS server will be unable to
   // form a ServerHello, and hence will be unusable.
   void set_send_client_ca_list(bool send_client_ca_list);

  private:
 };

 }  // namespace experimental
 }  // namespace grpc

 #endif  // GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
	//
	//
	// Copyright 2019 gRPC authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	//

	#ifndef GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H
	#define GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H

	#include <memory>
	#include <vector>

	#include <grpc/grpc_security.h>
	#include <grpc/grpc_security_constants.h>
	#include <grpc/status.h>
	#include <grpc/support/log.h>
	#include <grpcpp/security/tls_certificate_provider.h>
	#include <grpcpp/security/tls_certificate_verifier.h>
	#include <grpcpp/security/tls_crl_provider.h>
	#include <grpcpp/support/config.h>

	namespace grpc {
	namespace experimental {

	// Base class of configurable options specified by users to configure their
	// certain security features supported in TLS. It is used for experimental
	// purposes for now and it is subject to change.
	class TlsCredentialsOptions {
	public:
	// Constructor for base class TlsCredentialsOptions.
	//
	// @param certificate_provider the provider which fetches TLS credentials that
	// will be used in the TLS handshake
	TlsCredentialsOptions();
	~TlsCredentialsOptions();

	// Copy constructor does a deep copy of the underlying pointer. No assignment
	// permitted
	TlsCredentialsOptions(const TlsCredentialsOptions& other);
	TlsCredentialsOptions& operator=(const TlsCredentialsOptions& other) = delete;

	// ---- Setters for member fields ----
	// Sets the certificate provider used to store root certs and identity certs.
	void set_certificate_provider(
	std::shared_ptr<CertificateProviderInterface> certificate_provider);
	// Watches the updates of root certificates with name \|root_cert_name\|.
	// If used in TLS credentials, setting this field is optional for both the
	// client side and the server side.
	// If this is not set on the client side, we will use the root certificates
	// stored in the default system location, since client side must provide root
	// certificates in TLS(no matter single-side TLS or mutual TLS).
	// If this is not set on the server side, we will not watch any root
	// certificate updates, and assume no root certificates needed for the server
	// (in the one-side TLS scenario, the server is not required to provide root
	// certs). We don't support default root certs on server side.
	void watch_root_certs();
	// Sets the name of root certificates being watched, if \|watch_root_certs\| is
	// called. If not set, an empty string will be used as the name.
	//
	// @param root_cert_name the name of root certs being set.
	void set_root_cert_name(const std::string& root_cert_name);
	// Watches the updates of identity key-cert pairs with name
	// \|identity_cert_name\|. If used in TLS credentials, it is required to be set
	// on the server side, and optional for the client side(in the one-side
	// TLS scenario, the client is not required to provide identity certs).
	void watch_identity_key_cert_pairs();
	// Sets the name of identity key-cert pairs being watched, if
	// \|watch_identity_key_cert_pairs\| is called. If not set, an empty string will
	// be used as the name.
	//
	// @param identity_cert_name the name of identity key-cert pairs being set.
	void set_identity_cert_name(const std::string& identity_cert_name);
	// Sets the Tls session key logging configuration. If not set, tls
	// session key logging is disabled. Note that this should be used only for
	// debugging purposes. It should never be used in a production environment
	// due to security concerns.
	//
	// @param tls_session_key_log_file_path: Path where tls session keys would
	// be logged.
	void set_tls_session_key_log_file_path(
	const std::string& tls_session_key_log_file_path);
	// Sets the certificate verifier used to perform post-handshake peer identity
	// checks.
	void set_certificate_verifier(
	std::shared_ptr<CertificateVerifier> certificate_verifier);
	// Sets the options of whether to check the hostname of the peer on a per-call
	// basis. This is usually used in a combination with virtual hosting at the
	// client side, where each individual call on a channel can have a different
	// host associated with it.
	// This check is intended to verify that the host specified for the individual
	// call is covered by the cert that the peer presented.
	// We will perform such checks by default. This should be disabled if
	// verifiers other than the host name verifier is used.
	void set_check_call_host(bool check_call_host);

	// Deprecated in favor of set_crl_provider. The
	// crl provider interface provides a significantly more flexible approach to
	// using CRLs. See gRFC A69 for details.
	// If set, gRPC will read all hashed x.509 CRL files in the directory and
	// enforce the CRL files on all TLS handshakes. Only supported for OpenSSL
	// version > 1.1.
	void set_crl_directory(const std::string& path);

	void set_crl_provider(std::shared_ptr<CrlProvider> crl_provider);

	// Sets the minimum TLS version that will be negotiated during the TLS
	// handshake. If not set, the underlying SSL library will use TLS v1.2.
	// @param tls_version: The minimum TLS version.
	void set_min_tls_version(grpc_tls_version tls_version);
	// Sets the maximum TLS version that will be negotiated during the TLS
	// handshake. If not set, the underlying SSL library will use TLS v1.3.
	// @param tls_version: The maximum TLS version.
	void set_max_tls_version(grpc_tls_version tls_version);

	// ----- Getters for member fields ----
	// Returns a deep copy of the internal c options. The caller takes ownership
	// of the returned pointer. This function shall be used only internally.
	grpc_tls_credentials_options* c_credentials_options() const;

	protected:
	// Returns the internal c options. The caller does not take ownership of the
	// returned pointer.
	grpc_tls_credentials_options* mutable_c_credentials_options() {
	return c_credentials_options_;
	}

	private:
	std::shared_ptr<CertificateProviderInterface> certificate_provider_;
	std::shared_ptr<CertificateVerifier> certificate_verifier_;
	grpc_tls_credentials_options* c_credentials_options_ = nullptr;
	};

	// Contains configurable options on the client side.
	// Client side doesn't need to always use certificate provider. When the
	// certificate provider is not set, we will use the root certificates stored
	// in the system default locations, and assume client won't provide any
	// identity certificates(single side TLS).
	// It is used for experimental purposes for now and it is subject to change.
	class TlsChannelCredentialsOptions final : public TlsCredentialsOptions {
	public:
	// Sets the decision of whether to do a crypto check on the server certs.
	// The default is true.
	void set_verify_server_certs(bool verify_server_certs);

	private:
	};

	// Contains configurable options on the server side.
	// It is used for experimental purposes for now and it is subject to change.
	class TlsServerCredentialsOptions final : public TlsCredentialsOptions {
	public:
	// Server side is required to use a provider, because server always needs to
	// use identity certs.
	explicit TlsServerCredentialsOptions(
	std::shared_ptr<CertificateProviderInterface> certificate_provider)
	: TlsCredentialsOptions() {
	set_certificate_provider(certificate_provider);
	}

	// Sets option to request the certificates from the client.
	// The default is GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE.
	void set_cert_request_type(
	grpc_ssl_client_certificate_request_type cert_request_type);

	// Sets whether or not a TLS server should send a list of CA names in the
	// ServerHello. This list of CA names is read from the server's trust bundle,
	// so that the client can use this list as a hint to know which certificate it
	// should send to the server.
	//
	// By default, this option is turned off.
	//
	// WARNING: This API is extremely dangerous and should not be used. If the
	// server's trust bundle is too large, then the TLS server will be unable to
	// form a ServerHello, and hence will be unusable.
	void set_send_client_ca_list(bool send_client_ca_list);

	private:
	};

	} // namespace experimental
	} // namespace grpc

	#endif // GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H