• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *
3  * Copyright 2016 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H
20 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H
21 
22 #include <grpc/support/port_platform.h>
23 
24 #include <string>
25 
26 #include <grpc/support/time.h>
27 
28 #include "absl/strings/str_format.h"
29 #include "absl/time/time.h"
30 #include "src/core/lib/security/credentials/credentials.h"
31 #include "src/core/lib/security/credentials/jwt/json_token.h"
32 
33 class grpc_service_account_jwt_access_credentials
34     : public grpc_call_credentials {
35  public:
36   grpc_service_account_jwt_access_credentials(grpc_auth_json_key key,
37                                               gpr_timespec token_lifetime);
38   ~grpc_service_account_jwt_access_credentials() override;
39 
40   bool get_request_metadata(grpc_polling_entity* pollent,
41                             grpc_auth_metadata_context context,
42                             grpc_credentials_mdelem_array* md_array,
43                             grpc_closure* on_request_metadata,
44                             grpc_error** error) override;
45 
46   void cancel_get_request_metadata(grpc_credentials_mdelem_array* md_array,
47                                    grpc_error* error) override;
48 
jwt_lifetime()49   const gpr_timespec& jwt_lifetime() const { return jwt_lifetime_; }
key()50   const grpc_auth_json_key& key() const { return key_; }
51 
debug_string()52   std::string debug_string() override {
53     return absl::StrFormat(
54         "JWTAccessCredentials{ExpirationTime:%s}",
55         absl::FormatTime(absl::FromUnixMicros(
56             static_cast<int64_t>(gpr_timespec_to_micros(jwt_lifetime_)))));
57   };
58 
59  private:
60   void reset_cache();
61 
62   // Have a simple cache for now with just 1 entry. We could have a map based on
63   // the service_url for a more sophisticated one.
64   gpr_mu cache_mu_;
65   struct {
66     grpc_mdelem jwt_md = GRPC_MDNULL;
67     char* service_url = nullptr;
68     gpr_timespec jwt_expiration;
69   } cached_;
70 
71   grpc_auth_json_key key_;
72   gpr_timespec jwt_lifetime_;
73 };
74 
75 // Private constructor for jwt credentials from an already parsed json key.
76 // Takes ownership of the key.
77 grpc_core::RefCountedPtr<grpc_call_credentials>
78 grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
79     grpc_auth_json_key key, gpr_timespec token_lifetime);
80 
81 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H */
82