1 //
2 //
3 // Copyright 2018 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18
19 #include "src/core/lib/security/credentials/alts/alts_credentials.h"
20
21 #include <grpc/grpc.h>
22 #include <grpc/support/alloc.h>
23 #include <grpc/support/port_platform.h>
24 #include <grpc/support/string_util.h>
25
26 #include <utility>
27
28 #include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
29 #include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h"
30 #include "src/core/lib/security/security_connector/alts/alts_security_connector.h"
31
32 #define GRPC_ALTS_HANDSHAKER_SERVICE_URL "dns:///metadata.google.internal.:8080"
33
grpc_alts_credentials(const grpc_alts_credentials_options * options,const char * handshaker_service_url)34 grpc_alts_credentials::grpc_alts_credentials(
35 const grpc_alts_credentials_options* options,
36 const char* handshaker_service_url)
37 : options_(grpc_alts_credentials_options_copy(options)),
38 handshaker_service_url_(handshaker_service_url == nullptr
39 ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL)
40 : gpr_strdup(handshaker_service_url)) {
41 grpc_alts_set_rpc_protocol_versions(&options_->rpc_versions);
42 }
43
~grpc_alts_credentials()44 grpc_alts_credentials::~grpc_alts_credentials() {
45 grpc_alts_credentials_options_destroy(options_);
46 gpr_free(handshaker_service_url_);
47 }
48
49 grpc_core::RefCountedPtr<grpc_channel_security_connector>
create_security_connector(grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,const char * target_name,grpc_core::ChannelArgs *)50 grpc_alts_credentials::create_security_connector(
51 grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
52 const char* target_name, grpc_core::ChannelArgs* /*args*/) {
53 return grpc_alts_channel_security_connector_create(
54 this->Ref(), std::move(call_creds), target_name);
55 }
56
Type()57 grpc_core::UniqueTypeName grpc_alts_credentials::Type() {
58 static grpc_core::UniqueTypeName::Factory kFactory("Alts");
59 return kFactory.Create();
60 }
61
grpc_alts_server_credentials(const grpc_alts_credentials_options * options,const char * handshaker_service_url)62 grpc_alts_server_credentials::grpc_alts_server_credentials(
63 const grpc_alts_credentials_options* options,
64 const char* handshaker_service_url)
65 : options_(grpc_alts_credentials_options_copy(options)),
66 handshaker_service_url_(handshaker_service_url == nullptr
67 ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL)
68 : gpr_strdup(handshaker_service_url)) {
69 grpc_alts_set_rpc_protocol_versions(&options_->rpc_versions);
70 }
71
72 grpc_core::RefCountedPtr<grpc_server_security_connector>
create_security_connector(const grpc_core::ChannelArgs &)73 grpc_alts_server_credentials::create_security_connector(
74 const grpc_core::ChannelArgs& /* args */) {
75 return grpc_alts_server_security_connector_create(this->Ref());
76 }
77
~grpc_alts_server_credentials()78 grpc_alts_server_credentials::~grpc_alts_server_credentials() {
79 grpc_alts_credentials_options_destroy(options_);
80 gpr_free(handshaker_service_url_);
81 }
82
Type()83 grpc_core::UniqueTypeName grpc_alts_server_credentials::Type() {
84 static grpc_core::UniqueTypeName::Factory kFactory("Alts");
85 return kFactory.Create();
86 }
87
grpc_alts_credentials_create_customized(const grpc_alts_credentials_options * options,const char * handshaker_service_url,bool enable_untrusted_alts)88 grpc_channel_credentials* grpc_alts_credentials_create_customized(
89 const grpc_alts_credentials_options* options,
90 const char* handshaker_service_url, bool enable_untrusted_alts) {
91 if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
92 return nullptr;
93 }
94 return new grpc_alts_credentials(options, handshaker_service_url);
95 }
96
grpc_alts_server_credentials_create_customized(const grpc_alts_credentials_options * options,const char * handshaker_service_url,bool enable_untrusted_alts)97 grpc_server_credentials* grpc_alts_server_credentials_create_customized(
98 const grpc_alts_credentials_options* options,
99 const char* handshaker_service_url, bool enable_untrusted_alts) {
100 if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
101 return nullptr;
102 }
103 return new grpc_alts_server_credentials(options, handshaker_service_url);
104 }
105
grpc_alts_credentials_create(const grpc_alts_credentials_options * options)106 grpc_channel_credentials* grpc_alts_credentials_create(
107 const grpc_alts_credentials_options* options) {
108 return grpc_alts_credentials_create_customized(
109 options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false);
110 }
111
grpc_alts_server_credentials_create(const grpc_alts_credentials_options * options)112 grpc_server_credentials* grpc_alts_server_credentials_create(
113 const grpc_alts_credentials_options* options) {
114 return grpc_alts_server_credentials_create_customized(
115 options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false);
116 }
117