| 1 | /* |
|---|---|
| 2 | * |
| 3 | * Copyright 2016 gRPC authors. |
| 4 | * |
| 5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | * you may not use this file except in compliance with the License. |
| 7 | * You may obtain a copy of the License at |
| 8 | * |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | * |
| 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
| 16 | * |
| 17 | */ |
| 18 | |
| 19 | #ifndef GRPC_GRPC_SECURITY_CONSTANTS_H |
| 20 | #define GRPC_GRPC_SECURITY_CONSTANTS_H |
| 21 | |
| 22 | #ifdef __cplusplus |
| 23 | extern "C"{ |
| 24 | #endif |
| 25 | |
| 26 | #define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME "transport_security_type" |
| 27 | #define GRPC_SSL_TRANSPORT_SECURITY_TYPE "ssl" |
| 28 | |
| 29 | #define GRPC_X509_CN_PROPERTY_NAME "x509_common_name" |
| 30 | #define GRPC_X509_SAN_PROPERTY_NAME "x509_subject_alternative_name" |
| 31 | #define GRPC_X509_PEM_CERT_PROPERTY_NAME "x509_pem_cert" |
| 32 | #define GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME "x509_pem_cert_chain" |
| 33 | #define GRPC_SSL_SESSION_REUSED_PROPERTY "ssl_session_reused" |
| 34 | #define GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME "security_level" |
| 35 | |
| 36 | /** Environment variable that points to the default SSL roots file. This file |
| 37 | must be a PEM encoded file with all the roots such as the one that can be |
| 38 | downloaded from https://pki.google.com/roots.pem. */ |
| 39 | #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \ |
| 40 | "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH" |
| 41 | |
| 42 | /** Environment variable that points to the google default application |
| 43 | credentials json key or refresh token. Used in the |
| 44 | grpc_google_default_credentials_create function. */ |
| 45 | #define GRPC_GOOGLE_CREDENTIALS_ENV_VAR "GOOGLE_APPLICATION_CREDENTIALS" |
| 46 | |
| 47 | /** Results for the SSL roots override callback. */ |
| 48 | typedef enum { |
| 49 | GRPC_SSL_ROOTS_OVERRIDE_OK, |
| 50 | GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY, /** Do not try fallback options. */ |
| 51 | GRPC_SSL_ROOTS_OVERRIDE_FAIL |
| 52 | } grpc_ssl_roots_override_result; |
| 53 | |
| 54 | /** Callback results for dynamically loading a SSL certificate config. */ |
| 55 | typedef enum { |
| 56 | GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED, |
| 57 | GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW, |
| 58 | GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL |
| 59 | } grpc_ssl_certificate_config_reload_status; |
| 60 | |
| 61 | typedef enum { |
| 62 | /** Server does not request client certificate. |
| 63 | The certificate presented by the client is not checked by the server at |
| 64 | all. (A client may present a self signed or signed certificate or not |
| 65 | present a certificate at all and any of those option would be accepted) */ |
| 66 | GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, |
| 67 | /** Server requests client certificate but does not enforce that the client |
| 68 | presents a certificate. |
| 69 | |
| 70 | If the client presents a certificate, the client authentication is left to |
| 71 | the application (the necessary metadata will be available to the |
| 72 | application via authentication context properties, see grpc_auth_context). |
| 73 | |
| 74 | The client's key certificate pair must be valid for the SSL connection to |
| 75 | be established. */ |
| 76 | GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, |
| 77 | /** Server requests client certificate but does not enforce that the client |
| 78 | presents a certificate. |
| 79 | |
| 80 | If the client presents a certificate, the client authentication is done by |
| 81 | the gRPC framework. (For a successful connection the client needs to either |
| 82 | present a certificate that can be verified against the root certificate |
| 83 | configured by the server or not present a certificate at all) |
| 84 | |
| 85 | The client's key certificate pair must be valid for the SSL connection to |
| 86 | be established. */ |
| 87 | GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, |
| 88 | /** Server requests client certificate and enforces that the client presents a |
| 89 | certificate. |
| 90 | |
| 91 | If the client presents a certificate, the client authentication is left to |
| 92 | the application (the necessary metadata will be available to the |
| 93 | application via authentication context properties, see grpc_auth_context). |
| 94 | |
| 95 | The client's key certificate pair must be valid for the SSL connection to |
| 96 | be established. */ |
| 97 | GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, |
| 98 | /** Server requests client certificate and enforces that the client presents a |
| 99 | certificate. |
| 100 | |
| 101 | The certificate presented by the client is verified by the gRPC framework. |
| 102 | (For a successful connection the client needs to present a certificate that |
| 103 | can be verified against the root certificate configured by the server) |
| 104 | |
| 105 | The client's key certificate pair must be valid for the SSL connection to |
| 106 | be established. */ |
| 107 | GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY |
| 108 | } grpc_ssl_client_certificate_request_type; |
| 109 | |
| 110 | /* Security levels of grpc transport security. It represents an inherent |
| 111 | * property of a backend connection and is determined by a channel credential |
| 112 | * used to create the connection. */ |
| 113 | typedef enum { |
| 114 | GRPC_SECURITY_MIN, |
| 115 | GRPC_SECURITY_NONE = GRPC_SECURITY_MIN, |
| 116 | GRPC_INTEGRITY_ONLY, |
| 117 | GRPC_PRIVACY_AND_INTEGRITY, |
| 118 | GRPC_SECURITY_MAX = GRPC_PRIVACY_AND_INTEGRITY, |
| 119 | } grpc_security_level; |
| 120 | |
| 121 | typedef enum { |
| 122 | /** Default option: performs server certificate verification and hostname |
| 123 | verification. */ |
| 124 | GRPC_TLS_SERVER_VERIFICATION, |
| 125 | /** Performs server certificate verification, but skips hostname verification |
| 126 | Client is responsible for verifying server's identity via |
| 127 | server authorization check callback. */ |
| 128 | GRPC_TLS_SKIP_HOSTNAME_VERIFICATION, |
| 129 | /** Skips both server certificate and hostname verification. |
| 130 | Client is responsible for verifying server's identity and |
| 131 | server's certificate via server authorization check callback. */ |
| 132 | GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION |
| 133 | } grpc_tls_server_verification_option; |
| 134 | |
| 135 | /** |
| 136 | * Type of local connections for which local channel/server credentials will be |
| 137 | * applied. It supports UDS and local TCP connections. |
| 138 | */ |
| 139 | typedef enum { UDS = 0, LOCAL_TCP } grpc_local_connect_type; |
| 140 | |
| 141 | #ifdef __cplusplus |
| 142 | } |
| 143 | #endif |
| 144 | |
| 145 | #endif /* GRPC_GRPC_SECURITY_CONSTANTS_H */ |
| 146 |
Generated while processing tensorflow/external/com_github_grpc_grpc/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc
Generated on 2022-Sep-26 from project tensorflow revision f2e850b6cce
Powered by 
Code Browser 2.1
Generator usage only permitted with license.