1 /* 2 * 3 * Copyright 2018 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 #include <grpc/support/port_platform.h> 20 21 #include "src/core/lib/security/credentials/alts/alts_credentials.h" 22 23 #include <cstring> 24 25 #include <grpc/grpc.h> 26 #include <grpc/support/alloc.h> 27 #include <grpc/support/log.h> 28 #include <grpc/support/string_util.h> 29 30 #include "src/core/lib/security/credentials/alts/check_gcp_environment.h" 31 #include "src/core/lib/security/security_connector/alts_security_connector.h" 32 33 #define GRPC_CREDENTIALS_TYPE_ALTS "Alts" 34 #define GRPC_ALTS_HANDSHAKER_SERVICE_URL "metadata.google.internal:8080" 35 36 static void alts_credentials_destruct(grpc_channel_credentials* creds) { 37 grpc_alts_credentials* alts_creds = 38 reinterpret_cast<grpc_alts_credentials*>(creds); 39 grpc_alts_credentials_options_destroy(alts_creds->options); 40 gpr_free(alts_creds->handshaker_service_url); 41 } 42 43 static void alts_server_credentials_destruct(grpc_server_credentials* creds) { 44 grpc_alts_server_credentials* alts_creds = 45 reinterpret_cast<grpc_alts_server_credentials*>(creds); 46 grpc_alts_credentials_options_destroy(alts_creds->options); 47 gpr_free(alts_creds->handshaker_service_url); 48 } 49 50 static grpc_security_status alts_create_security_connector( 51 grpc_channel_credentials* creds, 52 grpc_call_credentials* request_metadata_creds, const char* target_name, 53 const grpc_channel_args* args, grpc_channel_security_connector** sc, 54 grpc_channel_args** new_args) { 55 return grpc_alts_channel_security_connector_create( 56 creds, request_metadata_creds, target_name, sc); 57 } 58 59 static grpc_security_status alts_server_create_security_connector( 60 grpc_server_credentials* creds, grpc_server_security_connector** sc) { 61 return grpc_alts_server_security_connector_create(creds, sc); 62 } 63 64 static const grpc_channel_credentials_vtable alts_credentials_vtable = { 65 alts_credentials_destruct, alts_create_security_connector, 66 /*duplicate_without_call_credentials=*/nullptr}; 67 68 static const grpc_server_credentials_vtable alts_server_credentials_vtable = { 69 alts_server_credentials_destruct, alts_server_create_security_connector}; 70 71 grpc_channel_credentials* grpc_alts_credentials_create_customized( 72 const grpc_alts_credentials_options* options, 73 const char* handshaker_service_url, bool enable_untrusted_alts) { 74 if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) { 75 return nullptr; 76 } 77 auto creds = static_cast<grpc_alts_credentials*>( 78 gpr_zalloc(sizeof(grpc_alts_credentials))); 79 creds->options = grpc_alts_credentials_options_copy(options); 80 creds->handshaker_service_url = 81 handshaker_service_url == nullptr 82 ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL) 83 : gpr_strdup(handshaker_service_url); 84 creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS; 85 creds->base.vtable = &alts_credentials_vtable; 86 gpr_ref_init(&creds->base.refcount, 1); 87 return &creds->base; 88 } 89 90 grpc_server_credentials* grpc_alts_server_credentials_create_customized( 91 const grpc_alts_credentials_options* options, 92 const char* handshaker_service_url, bool enable_untrusted_alts) { 93 if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) { 94 return nullptr; 95 } 96 auto creds = static_cast<grpc_alts_server_credentials*>( 97 gpr_zalloc(sizeof(grpc_alts_server_credentials))); 98 creds->options = grpc_alts_credentials_options_copy(options); 99 creds->handshaker_service_url = 100 handshaker_service_url == nullptr 101 ? gpr_strdup(GRPC_ALTS_HANDSHAKER_SERVICE_URL) 102 : gpr_strdup(handshaker_service_url); 103 creds->base.type = GRPC_CREDENTIALS_TYPE_ALTS; 104 creds->base.vtable = &alts_server_credentials_vtable; 105 gpr_ref_init(&creds->base.refcount, 1); 106 return &creds->base; 107 } 108 109 grpc_channel_credentials* grpc_alts_credentials_create( 110 const grpc_alts_credentials_options* options) { 111 return grpc_alts_credentials_create_customized( 112 options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false); 113 } 114 115 grpc_server_credentials* grpc_alts_server_credentials_create( 116 const grpc_alts_credentials_options* options) { 117 return grpc_alts_server_credentials_create_customized( 118 options, GRPC_ALTS_HANDSHAKER_SERVICE_URL, false); 119 } 120