• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #region Copyright notice and license
2 
3 // Copyright 2019 The gRPC Authors
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #endregion
18 
19 namespace Grpc.Core
20 {
21     /// <summary>
22     /// Callback invoked with the expected targetHost and the peer's certificate.
23     /// If false is returned by this callback then it is treated as a
24     /// verification failure and the attempted connection will fail.
25     /// Invocation of the callback is blocking, so any
26     /// implementation should be light-weight.
27     /// Note that the callback can potentially be invoked multiple times,
28     /// concurrently from different threads (e.g. when multiple connections
29     /// are being created for the same credentials).
30     /// </summary>
31     /// <param name="context">The <see cref="T:Grpc.Core.VerifyPeerContext"/> associated with the callback</param>
32     /// <returns>true if verification succeeded, false otherwise.</returns>
33     /// Note: experimental API that can change or be removed without any prior notice.
VerifyPeerCallback(VerifyPeerContext context)34     public delegate bool VerifyPeerCallback(VerifyPeerContext context);
35 
36     /// <summary>
37     /// Client-side SSL credentials.
38     /// </summary>
39     public sealed class SslCredentials : ChannelCredentials
40     {
41         readonly string rootCertificates;
42         readonly KeyCertificatePair keyCertificatePair;
43         readonly VerifyPeerCallback verifyPeerCallback;
44 
45         /// <summary>
46         /// Creates client-side SSL credentials loaded from
47         /// disk file pointed to by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable.
48         /// If that fails, gets the roots certificates from a well known place on disk.
49         /// </summary>
SslCredentials()50         public SslCredentials() : this(null, null, null)
51         {
52         }
53 
54         /// <summary>
55         /// Creates client-side SSL credentials from
56         /// a string containing PEM encoded root certificates.
57         /// </summary>
SslCredentials(string rootCertificates)58         public SslCredentials(string rootCertificates) : this(rootCertificates, null, null)
59         {
60         }
61 
62         /// <summary>
63         /// Creates client-side SSL credentials.
64         /// </summary>
65         /// <param name="rootCertificates">string containing PEM encoded server root certificates.</param>
66         /// <param name="keyCertificatePair">a key certificate pair.</param>
SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair)67         public SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair) :
68             this(rootCertificates, keyCertificatePair, null)
69         {
70         }
71 
72         /// <summary>
73         /// Creates client-side SSL credentials.
74         /// </summary>
75         /// <param name="rootCertificates">string containing PEM encoded server root certificates.</param>
76         /// <param name="keyCertificatePair">a key certificate pair.</param>
77         /// <param name="verifyPeerCallback">a callback to verify peer's target name and certificate.</param>
78         /// Note: experimental API that can change or be removed without any prior notice.
SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair, VerifyPeerCallback verifyPeerCallback)79         public SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair, VerifyPeerCallback verifyPeerCallback)
80         {
81             this.rootCertificates = rootCertificates;
82             this.keyCertificatePair = keyCertificatePair;
83             this.verifyPeerCallback = verifyPeerCallback;
84         }
85 
86         /// <summary>
87         /// PEM encoding of the server root certificates.
88         /// </summary>
89         public string RootCertificates
90         {
91             get
92             {
93                 return this.rootCertificates;
94             }
95         }
96 
97         /// <summary>
98         /// Client side key and certificate pair.
99         /// If null, client will not use key and certificate pair.
100         /// </summary>
101         public KeyCertificatePair KeyCertificatePair
102         {
103             get
104             {
105                 return this.keyCertificatePair;
106             }
107         }
108 
109         /// <summary>
110         /// Populates channel credentials configurator with this instance's configuration.
111         /// End users never need to invoke this method as it is part of internal implementation.
112         /// </summary>
InternalPopulateConfiguration(ChannelCredentialsConfiguratorBase configurator, object state)113         public override void InternalPopulateConfiguration(ChannelCredentialsConfiguratorBase configurator, object state)
114         {
115             configurator.SetSslCredentials(state, rootCertificates, keyCertificatePair, verifyPeerCallback);
116         }
117 
118         internal override bool IsComposable => true;
119     }
120 
121 
122 }
123