1 /*
2 *
3 * Copyright 2018 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include <grpc/support/port_platform.h>
20
21 #include "src/core/lib/security/credentials/alts/alts_credentials.h"
22
23 #include <cstring>
24
25 #include <grpc/grpc.h>
26 #include <grpc/support/alloc.h>
27 #include <grpc/support/log.h>
28 #include <grpc/support/string_util.h>
29
30 #include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
31 #include "src/core/lib/security/security_connector/alts_security_connector.h"
32
33 #define GRPC_CREDENTIALS_TYPE_ALTS "Alts"
34 #define GRPC_ALTS_HANDSHAKER_SERVICE_URL "metadata.google.internal:8080"
35
alts_credentials_destruct(grpc_channel_credentials * creds)36 static void alts_credentials_destruct(grpc_channel_credentials* creds) {
37 grpc_alts_credentials* alts_creds =
38 reinterpret_cast<grpc_alts_credentials*>(creds);
39 grpc_alts_credentials_options_destroy(alts_creds->options);
40 gpr_free(alts_creds->handshaker_service_url);
41 }
42
alts_server_credentials_destruct(grpc_server_credentials * creds)43 static void alts_server_credentials_destruct(grpc_server_credentials* creds) {
44 grpc_alts_server_credentials* alts_creds =
45 reinterpret_cast<grpc_alts_server_credentials*>(creds);
46 grpc_alts_credentials_options_destroy(alts_creds->options);
47 gpr_free(alts_creds->handshaker_service_url);
48 }
49
alts_create_security_connector(grpc_channel_credentials * creds,grpc_call_credentials * request_metadata_creds,const char * target_name,const grpc_channel_args * args,grpc_channel_security_connector ** sc,grpc_channel_args ** new_args)50 static grpc_security_status alts_create_security_connector(
51 grpc_channel_credentials* creds,
52 grpc_call_credentials* request_metadata_creds, const char* target_name,
53 const grpc_channel_args* args, grpc_channel_security_connector** sc,
54 grpc_channel_args** new_args) {
55 return grpc_alts_channel_security_connector_create(
56 creds, request_metadata_creds, target_name, sc);
57 }
58
alts_server_create_security_connector(grpc_server_credentials * creds,grpc_server_security_connector ** sc)59 static grpc_security_status alts_server_create_security_connector(
60 grpc_server_credentials* creds, grpc_server_security_connector** sc) {
61 return grpc_alts_server_security_connector_create(creds, sc);
62 }
63
64 static const grpc_channel_credentials_vtable alts_credentials_vtable = {
65 alts_credentials_destruct, alts_create_security_connector,
66 /*duplicate_without_call_credentials=*/nullptr};
67
68 static const grpc_server_credentials_vtable alts_server_credentials_vtable = {
69 alts_server_credentials_destruct, alts_server_create_security_connector};
70
grpc_alts_credentials_create_customized(const grpc_alts_credentials_options * options,const char * handshaker_service_url,bool enable_untrusted_alts)71 grpc_channel_credentials* grpc_alts_credentials_create_customized(
72 const grpc_alts_credentials_options* options,
73 const char* handshaker_service_url, bool enable_untrusted_alts) {
74 if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
75 return nullptr;
76 }
77 auto creds = static_cast<grpc_alts_credentials*>(
78 gpr_zalloc(sizeof(grpc_alts_credentials)));
79 creds->options = grpc_alts_credentials_options_copy(options);
80 creds->handshaker_service_url =
81 handshaker_service_url == nullptr
82 ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL)
83 : gpr_strdup(handshaker_service_url);
84 creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS;
85 creds->base.vtable = &alts_credentials_vtable;
86 gpr_ref_init(&creds->base.refcount, 1);
87 return &creds->base;
88 }
89
grpc_alts_server_credentials_create_customized(const grpc_alts_credentials_options * options,const char * handshaker_service_url,bool enable_untrusted_alts)90 grpc_server_credentials* grpc_alts_server_credentials_create_customized(
91 const grpc_alts_credentials_options* options,
92 const char* handshaker_service_url, bool enable_untrusted_alts) {
93 if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
94 return nullptr;
95 }
96 auto creds = static_cast<grpc_alts_server_credentials*>(
97 gpr_zalloc(sizeof(grpc_alts_server_credentials)));
98 creds->options = grpc_alts_credentials_options_copy(options);
99 creds->handshaker_service_url =
100 handshaker_service_url == nullptr
101 ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL)
102 : gpr_strdup(handshaker_service_url);
103 creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS;
104 creds->base.vtable = &alts_server_credentials_vtable;
105 gpr_ref_init(&creds->base.refcount, 1);
106 return &creds->base;
107 }
108
grpc_alts_credentials_create(const grpc_alts_credentials_options * options)109 grpc_channel_credentials* grpc_alts_credentials_create(
110 const grpc_alts_credentials_options* options) {
111 return grpc_alts_credentials_create_customized(
112 options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false);
113 }
114
grpc_alts_server_credentials_create(const grpc_alts_credentials_options * options)115 grpc_server_credentials* grpc_alts_server_credentials_create(
116 const grpc_alts_credentials_options* options) {
117 return grpc_alts_server_credentials_create_customized(
118 options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false);
119 }
120