• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *
3  * Copyright 2018 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #include <grpc/support/port_platform.h>
20 
21 #include "src/core/lib/security/credentials/alts/alts_credentials.h"
22 
23 #include <cstring>
24 
25 #include <grpc/grpc.h>
26 #include <grpc/support/alloc.h>
27 #include <grpc/support/log.h>
28 #include <grpc/support/string_util.h>
29 
30 #include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
31 #include "src/core/lib/security/security_connector/alts_security_connector.h"
32 
33 #define GRPC_CREDENTIALS_TYPE_ALTS "Alts"
34 #define GRPC_ALTS_HANDSHAKER_SERVICE_URL "metadata.google.internal:8080"
35 
alts_credentials_destruct(grpc_channel_credentials * creds)36 static void alts_credentials_destruct(grpc_channel_credentials* creds) {
37   grpc_alts_credentials* alts_creds =
38       reinterpret_cast<grpc_alts_credentials*>(creds);
39   grpc_alts_credentials_options_destroy(alts_creds->options);
40   gpr_free(alts_creds->handshaker_service_url);
41 }
42 
alts_server_credentials_destruct(grpc_server_credentials * creds)43 static void alts_server_credentials_destruct(grpc_server_credentials* creds) {
44   grpc_alts_server_credentials* alts_creds =
45       reinterpret_cast<grpc_alts_server_credentials*>(creds);
46   grpc_alts_credentials_options_destroy(alts_creds->options);
47   gpr_free(alts_creds->handshaker_service_url);
48 }
49 
alts_create_security_connector(grpc_channel_credentials * creds,grpc_call_credentials * request_metadata_creds,const char * target_name,const grpc_channel_args * args,grpc_channel_security_connector ** sc,grpc_channel_args ** new_args)50 static grpc_security_status alts_create_security_connector(
51     grpc_channel_credentials* creds,
52     grpc_call_credentials* request_metadata_creds, const char* target_name,
53     const grpc_channel_args* args, grpc_channel_security_connector** sc,
54     grpc_channel_args** new_args) {
55   return grpc_alts_channel_security_connector_create(
56       creds, request_metadata_creds, target_name, sc);
57 }
58 
alts_server_create_security_connector(grpc_server_credentials * creds,grpc_server_security_connector ** sc)59 static grpc_security_status alts_server_create_security_connector(
60     grpc_server_credentials* creds, grpc_server_security_connector** sc) {
61   return grpc_alts_server_security_connector_create(creds, sc);
62 }
63 
64 static const grpc_channel_credentials_vtable alts_credentials_vtable = {
65     alts_credentials_destruct, alts_create_security_connector,
66     /*duplicate_without_call_credentials=*/nullptr};
67 
68 static const grpc_server_credentials_vtable alts_server_credentials_vtable = {
69     alts_server_credentials_destruct, alts_server_create_security_connector};
70 
grpc_alts_credentials_create_customized(const grpc_alts_credentials_options * options,const char * handshaker_service_url,bool enable_untrusted_alts)71 grpc_channel_credentials* grpc_alts_credentials_create_customized(
72     const grpc_alts_credentials_options* options,
73     const char* handshaker_service_url, bool enable_untrusted_alts) {
74   if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
75     return nullptr;
76   }
77   auto creds = static_cast<grpc_alts_credentials*>(
78       gpr_zalloc(sizeof(grpc_alts_credentials)));
79   creds->options = grpc_alts_credentials_options_copy(options);
80   creds->handshaker_service_url =
81       handshaker_service_url == nullptr
82           ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL)
83           : gpr_strdup(handshaker_service_url);
84   creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS;
85   creds->base.vtable = &alts_credentials_vtable;
86   gpr_ref_init(&creds->base.refcount, 1);
87   return &creds->base;
88 }
89 
grpc_alts_server_credentials_create_customized(const grpc_alts_credentials_options * options,const char * handshaker_service_url,bool enable_untrusted_alts)90 grpc_server_credentials* grpc_alts_server_credentials_create_customized(
91     const grpc_alts_credentials_options* options,
92     const char* handshaker_service_url, bool enable_untrusted_alts) {
93   if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
94     return nullptr;
95   }
96   auto creds = static_cast<grpc_alts_server_credentials*>(
97       gpr_zalloc(sizeof(grpc_alts_server_credentials)));
98   creds->options = grpc_alts_credentials_options_copy(options);
99   creds->handshaker_service_url =
100       handshaker_service_url == nullptr
101           ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL)
102           : gpr_strdup(handshaker_service_url);
103   creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS;
104   creds->base.vtable = &alts_server_credentials_vtable;
105   gpr_ref_init(&creds->base.refcount, 1);
106   return &creds->base;
107 }
108 
grpc_alts_credentials_create(const grpc_alts_credentials_options * options)109 grpc_channel_credentials* grpc_alts_credentials_create(
110     const grpc_alts_credentials_options* options) {
111   return grpc_alts_credentials_create_customized(
112       options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false);
113 }
114 
grpc_alts_server_credentials_create(const grpc_alts_credentials_options * options)115 grpc_server_credentials* grpc_alts_server_credentials_create(
116     const grpc_alts_credentials_options* options) {
117   return grpc_alts_server_credentials_create_customized(
118       options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false);
119 }
120