1 // 2 // 3 // Copyright 2016 gRPC authors. 4 // 5 // Licensed under the Apache License, Version 2.0 (the "License"); 6 // you may not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, software 12 // distributed under the License is distributed on an "AS IS" BASIS, 13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 // See the License for the specific language governing permissions and 15 // limitations under the License. 16 // 17 // 18 19 #ifndef GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H 20 #define GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H 21 22 #include <grpc/credentials.h> 23 #include <grpc/grpc_security.h> 24 #include <grpc/support/port_platform.h> 25 #include <grpc/support/sync.h> 26 #include <grpc/support/time.h> 27 #include <stdint.h> 28 29 #include <string> 30 31 #include "absl/status/statusor.h" 32 #include "absl/strings/str_format.h" 33 #include "absl/strings/string_view.h" 34 #include "absl/time/time.h" 35 #include "absl/types/optional.h" 36 #include "src/core/lib/promise/arena_promise.h" 37 #include "src/core/lib/security/credentials/credentials.h" 38 #include "src/core/lib/security/credentials/jwt/json_token.h" 39 #include "src/core/lib/slice/slice.h" 40 #include "src/core/lib/transport/transport.h" 41 #include "src/core/util/ref_counted_ptr.h" 42 #include "src/core/util/unique_type_name.h" 43 #include "src/core/util/useful.h" 44 45 class grpc_service_account_jwt_access_credentials 46 : public grpc_call_credentials { 47 public: 48 grpc_service_account_jwt_access_credentials(grpc_auth_json_key key, 49 gpr_timespec token_lifetime); 50 ~grpc_service_account_jwt_access_credentials() override; 51 Orphaned()52 void Orphaned() override {} 53 54 grpc_core::ArenaPromise<absl::StatusOr<grpc_core::ClientMetadataHandle>> 55 GetRequestMetadata(grpc_core::ClientMetadataHandle initial_metadata, 56 const GetRequestMetadataArgs* args) override; 57 jwt_lifetime()58 const gpr_timespec& jwt_lifetime() const { return jwt_lifetime_; } key()59 const grpc_auth_json_key& key() const { return key_; } 60 debug_string()61 std::string debug_string() override { 62 return absl::StrFormat( 63 "JWTAccessCredentials{ExpirationTime:%s}", 64 absl::FormatTime(absl::FromUnixMicros( 65 static_cast<int64_t>(gpr_timespec_to_micros(jwt_lifetime_))))); 66 }; 67 68 static grpc_core::UniqueTypeName Type(); 69 type()70 grpc_core::UniqueTypeName type() const override { return Type(); } 71 72 private: cmp_impl(const grpc_call_credentials * other)73 int cmp_impl(const grpc_call_credentials* other) const override { 74 // TODO(yashykt): Check if we can do something better here 75 return grpc_core::QsortCompare( 76 static_cast<const grpc_call_credentials*>(this), other); 77 } 78 79 // Have a simple cache for now with just 1 entry. We could have a map based on 80 // the service_url for a more sophisticated one. 81 gpr_mu cache_mu_; 82 struct Cache { 83 grpc_core::Slice jwt_value; 84 std::string service_url; 85 gpr_timespec jwt_expiration; 86 }; 87 absl::optional<Cache> cached_; 88 89 grpc_auth_json_key key_; 90 gpr_timespec jwt_lifetime_; 91 }; 92 93 // Private constructor for jwt credentials from an already parsed json key. 94 // Takes ownership of the key. 95 grpc_core::RefCountedPtr<grpc_call_credentials> 96 grpc_service_account_jwt_access_credentials_create_from_auth_json_key( 97 grpc_auth_json_key key, gpr_timespec token_lifetime); 98 99 namespace grpc_core { 100 101 // Exposed for testing purposes only. 102 absl::StatusOr<std::string> RemoveServiceNameFromJwtUri(absl::string_view uri); 103 104 } // namespace grpc_core 105 106 #endif // GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H 107