Files

 master

/

SslCredentials.cs

Copy path

Blame

Blame

Latest commit

 

History

History

122 lines (108 loc) · 4.79 KB

 master

/

SslCredentials.cs

Top

File metadata and controls

• Code
• Blame

122 lines (108 loc) · 4.79 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

#region Copyright notice and license

// Copyright 2019 The gRPC Authors

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

// http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.

#endregion

namespace Grpc.Core

{

/// <summary>

/// Callback invoked with the expected targetHost and the peer's certificate.

/// If false is returned by this callback then it is treated as a

/// verification failure and the attempted connection will fail.

/// Invocation of the callback is blocking, so any

/// implementation should be light-weight.

/// Note that the callback can potentially be invoked multiple times,

/// concurrently from different threads (e.g. when multiple connections

/// are being created for the same credentials).

/// </summary>

/// <param name="context">The <see cref="T:Grpc.Core.VerifyPeerContext"/> associated with the callback</param>

/// <returns>true if verification succeeded, false otherwise.</returns>

/// Note: experimental API that can change or be removed without any prior notice.

public delegate bool VerifyPeerCallback(VerifyPeerContext context);

/// <summary>

/// Client-side SSL credentials.

/// </summary>

public sealed class SslCredentials : ChannelCredentials

{

readonly string rootCertificates;

readonly KeyCertificatePair keyCertificatePair;

readonly VerifyPeerCallback verifyPeerCallback;

/// <summary>

/// Creates client-side SSL credentials loaded from

/// disk file pointed to by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable.

/// If that fails, gets the roots certificates from a well known place on disk.

/// </summary>

public SslCredentials() : this(null, null, null)

{

}

/// <summary>

/// Creates client-side SSL credentials from

/// a string containing PEM encoded root certificates.

/// </summary>

public SslCredentials(string rootCertificates) : this(rootCertificates, null, null)

{

}

/// <summary>

/// Creates client-side SSL credentials.

/// </summary>

/// <param name="rootCertificates">string containing PEM encoded server root certificates.</param>

/// <param name="keyCertificatePair">a key certificate pair.</param>

public SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair) :

this(rootCertificates, keyCertificatePair, null)

{

}

/// <summary>

/// Creates client-side SSL credentials.

/// </summary>

/// <param name="rootCertificates">string containing PEM encoded server root certificates.</param>

/// <param name="keyCertificatePair">a key certificate pair.</param>

/// <param name="verifyPeerCallback">a callback to verify peer's target name and certificate.</param>

/// Note: experimental API that can change or be removed without any prior notice.

public SslCredentials(string rootCertificates, KeyCertificatePair keyCertificatePair, VerifyPeerCallback verifyPeerCallback)

{

this.rootCertificates = rootCertificates;

this.keyCertificatePair = keyCertificatePair;

this.verifyPeerCallback = verifyPeerCallback;

}

/// <summary>

/// PEM encoding of the server root certificates.

/// </summary>

public string RootCertificates

{

get

{

return this.rootCertificates;

}

}

/// <summary>

/// Client side key and certificate pair.

/// If null, client will not use key and certificate pair.

/// </summary>

public KeyCertificatePair KeyCertificatePair

{

get

{

return this.keyCertificatePair;

}

}

/// <summary>

/// Populates channel credentials configurator with this instance's configuration.

/// End users never need to invoke this method as it is part of internal implementation.

/// </summary>

public override void InternalPopulateConfiguration(ChannelCredentialsConfiguratorBase configurator, object state)

{

configurator.SetSslCredentials(state, rootCertificates, keyCertificatePair, verifyPeerCallback);

}

internal override bool IsComposable => true;

}

}