1 /* 2 * 3 * Copyright 2019 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 #ifndef GRPCPP_SECURITY_ALTS_UTIL_H 20 #define GRPCPP_SECURITY_ALTS_UTIL_H 21 22 #include <grpc/grpc_security_constants.h> 23 #include <grpcpp/impl/codegen/status.h> 24 #include <grpcpp/security/alts_context.h> 25 #include <grpcpp/security/auth_context.h> 26 27 #include <memory> 28 29 struct grpc_gcp_AltsContext; 30 31 namespace grpc { 32 namespace experimental { 33 34 // GetAltsContextFromAuthContext helps to get the AltsContext from AuthContext. 35 // If ALTS is not the transport security protocol used to establish the 36 // connection, this function will return nullptr. 37 std::unique_ptr<AltsContext> GetAltsContextFromAuthContext( 38 const std::shared_ptr<const AuthContext>& auth_context); 39 40 // This utility function performs ALTS client authorization check on server 41 // side, i.e., checks if the client identity matches one of the expected service 42 // accounts. It returns OK if client is authorized and an error otherwise. 43 grpc::Status AltsClientAuthzCheck( 44 const std::shared_ptr<const AuthContext>& auth_context, 45 const std::vector<std::string>& expected_service_accounts); 46 47 } // namespace experimental 48 } // namespace grpc 49 50 #endif // GRPCPP_SECURITY_ALTS_UTIL_H 51