mtls_grpc/
grpc.rs

1//! gRPC (tonic) interceptors and credentials for mTLS authentication.
2//!
3//! This module is a work in progress. The actual implementation will be added
4//! once the underlying tonic version and its API are stabilized for mTLS.
5
6use mtls_core::validator::ConnectionValidator;
7use std::sync::Arc;
8
9/// gRPC server credentials builder for mTLS.
10pub struct ServerCredentials {
11    /// Connection validator for the server.
12    validator: Arc<ConnectionValidator>,
13}
14
15impl ServerCredentials {
16    /// Creates a new ServerCredentials with the given connection validator.
17    pub fn new(validator: ConnectionValidator) -> Self {
18        Self {
19            validator: Arc::new(validator),
20        }
21    }
22
23    /// Returns a reference to the connection validator.
24    pub fn validator(&self) -> &Arc<ConnectionValidator> {
25        &self.validator
26    }
27}
28
29/// gRPC client credentials builder for mTLS.
30pub struct ClientCredentials {
31    /// Connection validator for the client.
32    validator: Arc<ConnectionValidator>,
33}
34
35impl ClientCredentials {
36    /// Creates a new ClientCredentials with the given connection validator.
37    pub fn new(validator: ConnectionValidator) -> Self {
38        Self {
39            validator: Arc::new(validator),
40        }
41    }
42
43    /// Returns a reference to the connection validator.
44    pub fn validator(&self) -> &Arc<ConnectionValidator> {
45        &self.validator
46    }
47}
48
49/// Interceptor for gRPC that validates mTLS and IP whitelisting.
50#[derive(Clone)]
51#[allow(dead_code)]
52pub struct MtlsInterceptor {
53    /// Connection validator for mTLS.
54    validator: Arc<ConnectionValidator>,
55}
56
57impl MtlsInterceptor {
58    /// Creates a new MtlsInterceptor with the given connection validator.
59    pub fn new(validator: ConnectionValidator) -> Self {
60        Self {
61            validator: Arc::new(validator),
62        }
63    }
64}