| /* |
| * |
| * Copyright 2015, Google Inc. |
| * All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions are |
| * met: |
| * |
| * * Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * * Redistributions in binary form must reproduce the above |
| * copyright notice, this list of conditions and the following disclaimer |
| * in the documentation and/or other materials provided with the |
| * distribution. |
| * * Neither the name of Google Inc. nor the names of its |
| * contributors may be used to endorse or promote products derived from |
| * this software without specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| * |
| */ |
| |
| #include "src/core/security/credentials.h" |
| |
| #include <string.h> |
| #include <stdio.h> |
| |
| #include "src/core/channel/channel_args.h" |
| #include "src/core/channel/http_client_filter.h" |
| #include "src/core/json/json.h" |
| #include "src/core/httpcli/httpcli.h" |
| #include "src/core/iomgr/iomgr.h" |
| #include "src/core/support/string.h" |
| |
| #include <grpc/support/alloc.h> |
| #include <grpc/support/log.h> |
| #include <grpc/support/string_util.h> |
| #include <grpc/support/sync.h> |
| #include <grpc/support/thd.h> |
| #include <grpc/support/time.h> |
| |
| /* -- Common. -- */ |
| |
| struct grpc_credentials_metadata_request |
| { |
| grpc_credentials *creds; |
| grpc_credentials_metadata_cb cb; |
| void *user_data; |
| }; |
| |
| static grpc_credentials_metadata_request * |
| grpc_credentials_metadata_request_create (grpc_credentials * creds, grpc_credentials_metadata_cb cb, void *user_data) |
| { |
| grpc_credentials_metadata_request *r = gpr_malloc (sizeof (grpc_credentials_metadata_request)); |
| r->creds = grpc_credentials_ref (creds); |
| r->cb = cb; |
| r->user_data = user_data; |
| return r; |
| } |
| |
| static void |
| grpc_credentials_metadata_request_destroy (grpc_credentials_metadata_request * r) |
| { |
| grpc_credentials_unref (r->creds); |
| gpr_free (r); |
| } |
| |
| grpc_credentials * |
| grpc_credentials_ref (grpc_credentials * creds) |
| { |
| if (creds == NULL) |
| return NULL; |
| gpr_ref (&creds->refcount); |
| return creds; |
| } |
| |
| void |
| grpc_credentials_unref (grpc_credentials * creds) |
| { |
| if (creds == NULL) |
| return; |
| if (gpr_unref (&creds->refcount)) |
| { |
| creds->vtable->destruct (creds); |
| gpr_free (creds); |
| } |
| } |
| |
| void |
| grpc_credentials_release (grpc_credentials * creds) |
| { |
| grpc_credentials_unref (creds); |
| } |
| |
| int |
| grpc_credentials_has_request_metadata (grpc_credentials * creds) |
| { |
| if (creds == NULL) |
| return 0; |
| return creds->vtable->has_request_metadata (creds); |
| } |
| |
| int |
| grpc_credentials_has_request_metadata_only (grpc_credentials * creds) |
| { |
| if (creds == NULL) |
| return 0; |
| return creds->vtable->has_request_metadata_only (creds); |
| } |
| |
| void |
| grpc_credentials_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) |
| { |
| if (creds == NULL || !grpc_credentials_has_request_metadata (creds) || creds->vtable->get_request_metadata == NULL) |
| { |
| if (cb != NULL) |
| { |
| cb (exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); |
| } |
| return; |
| } |
| creds->vtable->get_request_metadata (exec_ctx, creds, pollset, service_url, cb, user_data); |
| } |
| |
| grpc_security_status |
| grpc_credentials_create_security_connector (grpc_credentials * creds, const char *target, const grpc_channel_args * args, grpc_credentials * request_metadata_creds, grpc_channel_security_connector ** sc, grpc_channel_args ** new_args) |
| { |
| *new_args = NULL; |
| if (creds == NULL || creds->vtable->create_security_connector == NULL || grpc_credentials_has_request_metadata_only (creds)) |
| { |
| gpr_log (GPR_ERROR, "Invalid credentials for creating a security connector."); |
| return GRPC_SECURITY_ERROR; |
| } |
| return creds->vtable->create_security_connector (creds, target, args, request_metadata_creds, sc, new_args); |
| } |
| |
| grpc_server_credentials * |
| grpc_server_credentials_ref (grpc_server_credentials * creds) |
| { |
| if (creds == NULL) |
| return NULL; |
| gpr_ref (&creds->refcount); |
| return creds; |
| } |
| |
| void |
| grpc_server_credentials_unref (grpc_server_credentials * creds) |
| { |
| if (creds == NULL) |
| return; |
| if (gpr_unref (&creds->refcount)) |
| { |
| creds->vtable->destruct (creds); |
| if (creds->processor.destroy != NULL && creds->processor.state != NULL) |
| { |
| creds->processor.destroy (creds->processor.state); |
| } |
| gpr_free (creds); |
| } |
| } |
| |
| void |
| grpc_server_credentials_release (grpc_server_credentials * creds) |
| { |
| grpc_server_credentials_unref (creds); |
| } |
| |
| grpc_security_status |
| grpc_server_credentials_create_security_connector (grpc_server_credentials * creds, grpc_security_connector ** sc) |
| { |
| if (creds == NULL || creds->vtable->create_security_connector == NULL) |
| { |
| gpr_log (GPR_ERROR, "Server credentials cannot create security context."); |
| return GRPC_SECURITY_ERROR; |
| } |
| return creds->vtable->create_security_connector (creds, sc); |
| } |
| |
| void |
| grpc_server_credentials_set_auth_metadata_processor (grpc_server_credentials * creds, grpc_auth_metadata_processor processor) |
| { |
| if (creds == NULL) |
| return; |
| if (creds->processor.destroy != NULL && creds->processor.state != NULL) |
| { |
| creds->processor.destroy (creds->processor.state); |
| } |
| creds->processor = processor; |
| } |
| |
| /* -- Ssl credentials. -- */ |
| |
| static void |
| ssl_destruct (grpc_credentials * creds) |
| { |
| grpc_ssl_credentials *c = (grpc_ssl_credentials *) creds; |
| if (c->config.pem_root_certs != NULL) |
| gpr_free (c->config.pem_root_certs); |
| if (c->config.pem_private_key != NULL) |
| gpr_free (c->config.pem_private_key); |
| if (c->config.pem_cert_chain != NULL) |
| gpr_free (c->config.pem_cert_chain); |
| } |
| |
| static void |
| ssl_server_destruct (grpc_server_credentials * creds) |
| { |
| grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *) creds; |
| size_t i; |
| for (i = 0; i < c->config.num_key_cert_pairs; i++) |
| { |
| if (c->config.pem_private_keys[i] != NULL) |
| { |
| gpr_free (c->config.pem_private_keys[i]); |
| } |
| if (c->config.pem_cert_chains[i] != NULL) |
| { |
| gpr_free (c->config.pem_cert_chains[i]); |
| } |
| } |
| if (c->config.pem_private_keys != NULL) |
| gpr_free (c->config.pem_private_keys); |
| if (c->config.pem_private_keys_sizes != NULL) |
| { |
| gpr_free (c->config.pem_private_keys_sizes); |
| } |
| if (c->config.pem_cert_chains != NULL) |
| gpr_free (c->config.pem_cert_chains); |
| if (c->config.pem_cert_chains_sizes != NULL) |
| { |
| gpr_free (c->config.pem_cert_chains_sizes); |
| } |
| if (c->config.pem_root_certs != NULL) |
| gpr_free (c->config.pem_root_certs); |
| } |
| |
| static int |
| ssl_has_request_metadata (const grpc_credentials * creds) |
| { |
| return 0; |
| } |
| |
| static int |
| ssl_has_request_metadata_only (const grpc_credentials * creds) |
| { |
| return 0; |
| } |
| |
| static grpc_security_status |
| ssl_create_security_connector (grpc_credentials * creds, const char *target, const grpc_channel_args * args, grpc_credentials * request_metadata_creds, grpc_channel_security_connector ** sc, grpc_channel_args ** new_args) |
| { |
| grpc_ssl_credentials *c = (grpc_ssl_credentials *) creds; |
| grpc_security_status status = GRPC_SECURITY_OK; |
| size_t i = 0; |
| const char *overridden_target_name = NULL; |
| grpc_arg arg; |
| |
| for (i = 0; args && i < args->num_args; i++) |
| { |
| grpc_arg *arg = &args->args[i]; |
| if (strcmp (arg->key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG) == 0 && arg->type == GRPC_ARG_STRING) |
| { |
| overridden_target_name = arg->value.string; |
| break; |
| } |
| } |
| status = grpc_ssl_channel_security_connector_create (request_metadata_creds, &c->config, target, overridden_target_name, sc); |
| if (status != GRPC_SECURITY_OK) |
| { |
| return status; |
| } |
| arg.type = GRPC_ARG_STRING; |
| arg.key = GRPC_ARG_HTTP2_SCHEME; |
| arg.value.string = "https"; |
| *new_args = grpc_channel_args_copy_and_add (args, &arg, 1); |
| return status; |
| } |
| |
| static grpc_security_status |
| ssl_server_create_security_connector (grpc_server_credentials * creds, grpc_security_connector ** sc) |
| { |
| grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *) creds; |
| return grpc_ssl_server_security_connector_create (&c->config, sc); |
| } |
| |
| static grpc_credentials_vtable ssl_vtable = { |
| ssl_destruct, ssl_has_request_metadata, ssl_has_request_metadata_only, NULL, |
| ssl_create_security_connector |
| }; |
| |
| static grpc_server_credentials_vtable ssl_server_vtable = { |
| ssl_server_destruct, ssl_server_create_security_connector |
| }; |
| |
| static void |
| ssl_copy_key_material (const char *input, unsigned char **output, size_t * output_size) |
| { |
| *output_size = strlen (input); |
| *output = gpr_malloc (*output_size); |
| memcpy (*output, input, *output_size); |
| } |
| |
| static void |
| ssl_build_config (const char *pem_root_certs, grpc_ssl_pem_key_cert_pair * pem_key_cert_pair, grpc_ssl_config * config) |
| { |
| if (pem_root_certs != NULL) |
| { |
| ssl_copy_key_material (pem_root_certs, &config->pem_root_certs, &config->pem_root_certs_size); |
| } |
| if (pem_key_cert_pair != NULL) |
| { |
| GPR_ASSERT (pem_key_cert_pair->private_key != NULL); |
| GPR_ASSERT (pem_key_cert_pair->cert_chain != NULL); |
| ssl_copy_key_material (pem_key_cert_pair->private_key, &config->pem_private_key, &config->pem_private_key_size); |
| ssl_copy_key_material (pem_key_cert_pair->cert_chain, &config->pem_cert_chain, &config->pem_cert_chain_size); |
| } |
| } |
| |
| static void |
| ssl_build_server_config (const char *pem_root_certs, grpc_ssl_pem_key_cert_pair * pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, grpc_ssl_server_config * config) |
| { |
| size_t i; |
| config->force_client_auth = force_client_auth; |
| if (pem_root_certs != NULL) |
| { |
| ssl_copy_key_material (pem_root_certs, &config->pem_root_certs, &config->pem_root_certs_size); |
| } |
| if (num_key_cert_pairs > 0) |
| { |
| GPR_ASSERT (pem_key_cert_pairs != NULL); |
| config->pem_private_keys = gpr_malloc (num_key_cert_pairs * sizeof (unsigned char *)); |
| config->pem_cert_chains = gpr_malloc (num_key_cert_pairs * sizeof (unsigned char *)); |
| config->pem_private_keys_sizes = gpr_malloc (num_key_cert_pairs * sizeof (size_t)); |
| config->pem_cert_chains_sizes = gpr_malloc (num_key_cert_pairs * sizeof (size_t)); |
| } |
| config->num_key_cert_pairs = num_key_cert_pairs; |
| for (i = 0; i < num_key_cert_pairs; i++) |
| { |
| GPR_ASSERT (pem_key_cert_pairs[i].private_key != NULL); |
| GPR_ASSERT (pem_key_cert_pairs[i].cert_chain != NULL); |
| ssl_copy_key_material (pem_key_cert_pairs[i].private_key, &config->pem_private_keys[i], &config->pem_private_keys_sizes[i]); |
| ssl_copy_key_material (pem_key_cert_pairs[i].cert_chain, &config->pem_cert_chains[i], &config->pem_cert_chains_sizes[i]); |
| } |
| } |
| |
| grpc_credentials * |
| grpc_ssl_credentials_create (const char *pem_root_certs, grpc_ssl_pem_key_cert_pair * pem_key_cert_pair, void *reserved) |
| { |
| grpc_ssl_credentials *c = gpr_malloc (sizeof (grpc_ssl_credentials)); |
| GPR_ASSERT (reserved == NULL); |
| memset (c, 0, sizeof (grpc_ssl_credentials)); |
| c->base.type = GRPC_CREDENTIALS_TYPE_SSL; |
| c->base.vtable = &ssl_vtable; |
| gpr_ref_init (&c->base.refcount, 1); |
| ssl_build_config (pem_root_certs, pem_key_cert_pair, &c->config); |
| return &c->base; |
| } |
| |
| grpc_server_credentials * |
| grpc_ssl_server_credentials_create (const char *pem_root_certs, grpc_ssl_pem_key_cert_pair * pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved) |
| { |
| grpc_ssl_server_credentials *c = gpr_malloc (sizeof (grpc_ssl_server_credentials)); |
| GPR_ASSERT (reserved == NULL); |
| memset (c, 0, sizeof (grpc_ssl_server_credentials)); |
| c->base.type = GRPC_CREDENTIALS_TYPE_SSL; |
| gpr_ref_init (&c->base.refcount, 1); |
| c->base.vtable = &ssl_server_vtable; |
| ssl_build_server_config (pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs, force_client_auth, &c->config); |
| return &c->base; |
| } |
| |
| /* -- Jwt credentials -- */ |
| |
| static void |
| jwt_reset_cache (grpc_service_account_jwt_access_credentials * c) |
| { |
| if (c->cached.jwt_md != NULL) |
| { |
| grpc_credentials_md_store_unref (c->cached.jwt_md); |
| c->cached.jwt_md = NULL; |
| } |
| if (c->cached.service_url != NULL) |
| { |
| gpr_free (c->cached.service_url); |
| c->cached.service_url = NULL; |
| } |
| c->cached.jwt_expiration = gpr_inf_past (GPR_CLOCK_REALTIME); |
| } |
| |
| static void |
| jwt_destruct (grpc_credentials * creds) |
| { |
| grpc_service_account_jwt_access_credentials *c = (grpc_service_account_jwt_access_credentials *) creds; |
| grpc_auth_json_key_destruct (&c->key); |
| jwt_reset_cache (c); |
| gpr_mu_destroy (&c->cache_mu); |
| } |
| |
| static int |
| jwt_has_request_metadata (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static int |
| jwt_has_request_metadata_only (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static void |
| jwt_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) |
| { |
| grpc_service_account_jwt_access_credentials *c = (grpc_service_account_jwt_access_credentials *) creds; |
| gpr_timespec refresh_threshold = gpr_time_from_seconds (GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN); |
| |
| /* See if we can return a cached jwt. */ |
| grpc_credentials_md_store *jwt_md = NULL; |
| { |
| gpr_mu_lock (&c->cache_mu); |
| if (c->cached.service_url != NULL && strcmp (c->cached.service_url, service_url) == 0 && c->cached.jwt_md != NULL && (gpr_time_cmp (gpr_time_sub (c->cached.jwt_expiration, gpr_now (GPR_CLOCK_REALTIME)), refresh_threshold) > 0)) |
| { |
| jwt_md = grpc_credentials_md_store_ref (c->cached.jwt_md); |
| } |
| gpr_mu_unlock (&c->cache_mu); |
| } |
| |
| if (jwt_md == NULL) |
| { |
| char *jwt = NULL; |
| /* Generate a new jwt. */ |
| gpr_mu_lock (&c->cache_mu); |
| jwt_reset_cache (c); |
| jwt = grpc_jwt_encode_and_sign (&c->key, service_url, c->jwt_lifetime, NULL); |
| if (jwt != NULL) |
| { |
| char *md_value; |
| gpr_asprintf (&md_value, "Bearer %s", jwt); |
| gpr_free (jwt); |
| c->cached.jwt_expiration = gpr_time_add (gpr_now (GPR_CLOCK_REALTIME), c->jwt_lifetime); |
| c->cached.service_url = gpr_strdup (service_url); |
| c->cached.jwt_md = grpc_credentials_md_store_create (1); |
| grpc_credentials_md_store_add_cstrings (c->cached.jwt_md, GRPC_AUTHORIZATION_METADATA_KEY, md_value); |
| gpr_free (md_value); |
| jwt_md = grpc_credentials_md_store_ref (c->cached.jwt_md); |
| } |
| gpr_mu_unlock (&c->cache_mu); |
| } |
| |
| if (jwt_md != NULL) |
| { |
| cb (exec_ctx, user_data, jwt_md->entries, jwt_md->num_entries, GRPC_CREDENTIALS_OK); |
| grpc_credentials_md_store_unref (jwt_md); |
| } |
| else |
| { |
| cb (exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_ERROR); |
| } |
| } |
| |
| static grpc_credentials_vtable jwt_vtable = { |
| jwt_destruct, jwt_has_request_metadata, jwt_has_request_metadata_only, |
| jwt_get_request_metadata, NULL |
| }; |
| |
| grpc_credentials * |
| grpc_service_account_jwt_access_credentials_create_from_auth_json_key (grpc_auth_json_key key, gpr_timespec token_lifetime) |
| { |
| grpc_service_account_jwt_access_credentials *c; |
| if (!grpc_auth_json_key_is_valid (&key)) |
| { |
| gpr_log (GPR_ERROR, "Invalid input for jwt credentials creation"); |
| return NULL; |
| } |
| c = gpr_malloc (sizeof (grpc_service_account_jwt_access_credentials)); |
| memset (c, 0, sizeof (grpc_service_account_jwt_access_credentials)); |
| c->base.type = GRPC_CREDENTIALS_TYPE_JWT; |
| gpr_ref_init (&c->base.refcount, 1); |
| c->base.vtable = &jwt_vtable; |
| c->key = key; |
| c->jwt_lifetime = token_lifetime; |
| gpr_mu_init (&c->cache_mu); |
| jwt_reset_cache (c); |
| return &c->base; |
| } |
| |
| grpc_credentials * |
| grpc_service_account_jwt_access_credentials_create (const char *json_key, gpr_timespec token_lifetime, void *reserved) |
| { |
| GPR_ASSERT (reserved == NULL); |
| return grpc_service_account_jwt_access_credentials_create_from_auth_json_key (grpc_auth_json_key_create_from_string (json_key), token_lifetime); |
| } |
| |
| /* -- Oauth2TokenFetcher credentials -- */ |
| |
| static void |
| oauth2_token_fetcher_destruct (grpc_credentials * creds) |
| { |
| grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *) creds; |
| grpc_credentials_md_store_unref (c->access_token_md); |
| gpr_mu_destroy (&c->mu); |
| grpc_httpcli_context_destroy (&c->httpcli_context); |
| } |
| |
| static int |
| oauth2_token_fetcher_has_request_metadata (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static int |
| oauth2_token_fetcher_has_request_metadata_only (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| grpc_credentials_status |
| grpc_oauth2_token_fetcher_credentials_parse_server_response (const grpc_httpcli_response * response, grpc_credentials_md_store ** token_md, gpr_timespec * token_lifetime) |
| { |
| char *null_terminated_body = NULL; |
| char *new_access_token = NULL; |
| grpc_credentials_status status = GRPC_CREDENTIALS_OK; |
| grpc_json *json = NULL; |
| |
| if (response == NULL) |
| { |
| gpr_log (GPR_ERROR, "Received NULL response."); |
| status = GRPC_CREDENTIALS_ERROR; |
| goto end; |
| } |
| |
| if (response->body_length > 0) |
| { |
| null_terminated_body = gpr_malloc (response->body_length + 1); |
| null_terminated_body[response->body_length] = '\0'; |
| memcpy (null_terminated_body, response->body, response->body_length); |
| } |
| |
| if (response->status != 200) |
| { |
| gpr_log (GPR_ERROR, "Call to http server ended with error %d [%s].", response->status, null_terminated_body != NULL ? null_terminated_body : ""); |
| status = GRPC_CREDENTIALS_ERROR; |
| goto end; |
| } |
| else |
| { |
| grpc_json *access_token = NULL; |
| grpc_json *token_type = NULL; |
| grpc_json *expires_in = NULL; |
| grpc_json *ptr; |
| json = grpc_json_parse_string (null_terminated_body); |
| if (json == NULL) |
| { |
| gpr_log (GPR_ERROR, "Could not parse JSON from %s", null_terminated_body); |
| status = GRPC_CREDENTIALS_ERROR; |
| goto end; |
| } |
| if (json->type != GRPC_JSON_OBJECT) |
| { |
| gpr_log (GPR_ERROR, "Response should be a JSON object"); |
| status = GRPC_CREDENTIALS_ERROR; |
| goto end; |
| } |
| for (ptr = json->child; ptr; ptr = ptr->next) |
| { |
| if (strcmp (ptr->key, "access_token") == 0) |
| { |
| access_token = ptr; |
| } |
| else if (strcmp (ptr->key, "token_type") == 0) |
| { |
| token_type = ptr; |
| } |
| else if (strcmp (ptr->key, "expires_in") == 0) |
| { |
| expires_in = ptr; |
| } |
| } |
| if (access_token == NULL || access_token->type != GRPC_JSON_STRING) |
| { |
| gpr_log (GPR_ERROR, "Missing or invalid access_token in JSON."); |
| status = GRPC_CREDENTIALS_ERROR; |
| goto end; |
| } |
| if (token_type == NULL || token_type->type != GRPC_JSON_STRING) |
| { |
| gpr_log (GPR_ERROR, "Missing or invalid token_type in JSON."); |
| status = GRPC_CREDENTIALS_ERROR; |
| goto end; |
| } |
| if (expires_in == NULL || expires_in->type != GRPC_JSON_NUMBER) |
| { |
| gpr_log (GPR_ERROR, "Missing or invalid expires_in in JSON."); |
| status = GRPC_CREDENTIALS_ERROR; |
| goto end; |
| } |
| gpr_asprintf (&new_access_token, "%s %s", token_type->value, access_token->value); |
| token_lifetime->tv_sec = strtol (expires_in->value, NULL, 10); |
| token_lifetime->tv_nsec = 0; |
| token_lifetime->clock_type = GPR_TIMESPAN; |
| if (*token_md != NULL) |
| grpc_credentials_md_store_unref (*token_md); |
| *token_md = grpc_credentials_md_store_create (1); |
| grpc_credentials_md_store_add_cstrings (*token_md, GRPC_AUTHORIZATION_METADATA_KEY, new_access_token); |
| status = GRPC_CREDENTIALS_OK; |
| } |
| |
| end: |
| if (status != GRPC_CREDENTIALS_OK && (*token_md != NULL)) |
| { |
| grpc_credentials_md_store_unref (*token_md); |
| *token_md = NULL; |
| } |
| if (null_terminated_body != NULL) |
| gpr_free (null_terminated_body); |
| if (new_access_token != NULL) |
| gpr_free (new_access_token); |
| if (json != NULL) |
| grpc_json_destroy (json); |
| return status; |
| } |
| |
| static void |
| on_oauth2_token_fetcher_http_response (grpc_exec_ctx * exec_ctx, void *user_data, const grpc_httpcli_response * response) |
| { |
| grpc_credentials_metadata_request *r = (grpc_credentials_metadata_request *) user_data; |
| grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *) r->creds; |
| gpr_timespec token_lifetime; |
| grpc_credentials_status status; |
| |
| gpr_mu_lock (&c->mu); |
| status = grpc_oauth2_token_fetcher_credentials_parse_server_response (response, &c->access_token_md, &token_lifetime); |
| if (status == GRPC_CREDENTIALS_OK) |
| { |
| c->token_expiration = gpr_time_add (gpr_now (GPR_CLOCK_REALTIME), token_lifetime); |
| r->cb (exec_ctx, r->user_data, c->access_token_md->entries, c->access_token_md->num_entries, status); |
| } |
| else |
| { |
| c->token_expiration = gpr_inf_past (GPR_CLOCK_REALTIME); |
| r->cb (exec_ctx, r->user_data, NULL, 0, status); |
| } |
| gpr_mu_unlock (&c->mu); |
| grpc_credentials_metadata_request_destroy (r); |
| } |
| |
| static void |
| oauth2_token_fetcher_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) |
| { |
| grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *) creds; |
| gpr_timespec refresh_threshold = gpr_time_from_seconds (GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN); |
| grpc_credentials_md_store *cached_access_token_md = NULL; |
| { |
| gpr_mu_lock (&c->mu); |
| if (c->access_token_md != NULL && (gpr_time_cmp (gpr_time_sub (c->token_expiration, gpr_now (GPR_CLOCK_REALTIME)), refresh_threshold) > 0)) |
| { |
| cached_access_token_md = grpc_credentials_md_store_ref (c->access_token_md); |
| } |
| gpr_mu_unlock (&c->mu); |
| } |
| if (cached_access_token_md != NULL) |
| { |
| cb (exec_ctx, user_data, cached_access_token_md->entries, cached_access_token_md->num_entries, GRPC_CREDENTIALS_OK); |
| grpc_credentials_md_store_unref (cached_access_token_md); |
| } |
| else |
| { |
| c->fetch_func (grpc_credentials_metadata_request_create (creds, cb, user_data), &c->httpcli_context, pollset, on_oauth2_token_fetcher_http_response, gpr_time_add (gpr_now (exec_ctx, GPR_CLOCK_REALTIME), refresh_threshold)); |
| } |
| } |
| |
| static void |
| init_oauth2_token_fetcher (grpc_oauth2_token_fetcher_credentials * c, grpc_fetch_oauth2_func fetch_func) |
| { |
| memset (c, 0, sizeof (grpc_oauth2_token_fetcher_credentials)); |
| c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; |
| gpr_ref_init (&c->base.refcount, 1); |
| gpr_mu_init (&c->mu); |
| c->token_expiration = gpr_inf_past (GPR_CLOCK_REALTIME); |
| c->fetch_func = fetch_func; |
| grpc_httpcli_context_init (&c->httpcli_context); |
| } |
| |
| /* -- GoogleComputeEngine credentials. -- */ |
| |
| static grpc_credentials_vtable compute_engine_vtable = { |
| oauth2_token_fetcher_destruct, oauth2_token_fetcher_has_request_metadata, |
| oauth2_token_fetcher_has_request_metadata_only, |
| oauth2_token_fetcher_get_request_metadata, NULL |
| }; |
| |
| static void |
| compute_engine_fetch_oauth2 (grpc_exec_ctx * exec_ctx, grpc_credentials_metadata_request * metadata_req, grpc_httpcli_context * httpcli_context, grpc_pollset * pollset, grpc_httpcli_response_cb response_cb, gpr_timespec deadline) |
| { |
| grpc_httpcli_header header = { "Metadata-Flavor", "Google" }; |
| grpc_httpcli_request request; |
| memset (&request, 0, sizeof (grpc_httpcli_request)); |
| request.host = GRPC_COMPUTE_ENGINE_METADATA_HOST; |
| request.path = GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH; |
| request.hdr_count = 1; |
| request.hdrs = &header; |
| grpc_httpcli_get (exec_ctx, httpcli_context, pollset, &request, deadline, response_cb, metadata_req); |
| } |
| |
| grpc_credentials * |
| grpc_google_compute_engine_credentials_create (void *reserved) |
| { |
| grpc_oauth2_token_fetcher_credentials *c = gpr_malloc (sizeof (grpc_oauth2_token_fetcher_credentials)); |
| GPR_ASSERT (reserved == NULL); |
| init_oauth2_token_fetcher (c, compute_engine_fetch_oauth2); |
| c->base.vtable = &compute_engine_vtable; |
| return &c->base; |
| } |
| |
| /* -- GoogleRefreshToken credentials. -- */ |
| |
| static void |
| refresh_token_destruct (grpc_credentials * creds) |
| { |
| grpc_google_refresh_token_credentials *c = (grpc_google_refresh_token_credentials *) creds; |
| grpc_auth_refresh_token_destruct (&c->refresh_token); |
| oauth2_token_fetcher_destruct (&c->base.base); |
| } |
| |
| static grpc_credentials_vtable refresh_token_vtable = { |
| refresh_token_destruct, oauth2_token_fetcher_has_request_metadata, |
| oauth2_token_fetcher_has_request_metadata_only, |
| oauth2_token_fetcher_get_request_metadata, NULL |
| }; |
| |
| static void |
| refresh_token_fetch_oauth2 (grpc_exec_ctx * exec_ctx, grpc_credentials_metadata_request * metadata_req, grpc_httpcli_context * httpcli_context, grpc_pollset * pollset, grpc_httpcli_response_cb response_cb, gpr_timespec deadline) |
| { |
| grpc_google_refresh_token_credentials *c = (grpc_google_refresh_token_credentials *) metadata_req->creds; |
| grpc_httpcli_header header = { "Content-Type", |
| "application/x-www-form-urlencoded" |
| }; |
| grpc_httpcli_request request; |
| char *body = NULL; |
| gpr_asprintf (&body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING, c->refresh_token.client_id, c->refresh_token.client_secret, c->refresh_token.refresh_token); |
| memset (&request, 0, sizeof (grpc_httpcli_request)); |
| request.host = GRPC_GOOGLE_OAUTH2_SERVICE_HOST; |
| request.path = GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH; |
| request.hdr_count = 1; |
| request.hdrs = &header; |
| request.handshaker = &grpc_httpcli_ssl; |
| grpc_httpcli_post (httpcli_context, pollset, &request, body, strlen (exec_ctx, body), deadline, response_cb, metadata_req); |
| gpr_free (body); |
| } |
| |
| grpc_credentials * |
| grpc_refresh_token_credentials_create_from_auth_refresh_token (grpc_auth_refresh_token refresh_token) |
| { |
| grpc_google_refresh_token_credentials *c; |
| if (!grpc_auth_refresh_token_is_valid (&refresh_token)) |
| { |
| gpr_log (GPR_ERROR, "Invalid input for refresh token credentials creation"); |
| return NULL; |
| } |
| c = gpr_malloc (sizeof (grpc_google_refresh_token_credentials)); |
| memset (c, 0, sizeof (grpc_google_refresh_token_credentials)); |
| init_oauth2_token_fetcher (&c->base, refresh_token_fetch_oauth2); |
| c->base.base.vtable = &refresh_token_vtable; |
| c->refresh_token = refresh_token; |
| return &c->base.base; |
| } |
| |
| grpc_credentials * |
| grpc_google_refresh_token_credentials_create (const char *json_refresh_token, void *reserved) |
| { |
| GPR_ASSERT (reserved == NULL); |
| return grpc_refresh_token_credentials_create_from_auth_refresh_token (grpc_auth_refresh_token_create_from_string (json_refresh_token)); |
| } |
| |
| /* -- Metadata-only credentials. -- */ |
| |
| static void |
| md_only_test_destruct (grpc_credentials * creds) |
| { |
| grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *) creds; |
| grpc_credentials_md_store_unref (c->md_store); |
| } |
| |
| static int |
| md_only_test_has_request_metadata (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static int |
| md_only_test_has_request_metadata_only (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static void |
| on_simulated_token_fetch_done (void *user_data) |
| { |
| grpc_credentials_metadata_request *r = (grpc_credentials_metadata_request *) user_data; |
| grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *) r->creds; |
| grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; |
| r->cb (r->user_data, c->md_store->entries, c->md_store->num_entries, GRPC_CREDENTIALS_OK, &closure_list); |
| grpc_credentials_metadata_request_destroy (r); |
| grpc_closure_list_run (&closure_list); |
| } |
| |
| static void |
| md_only_test_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) |
| { |
| grpc_md_only_test_credentials *c = (grpc_md_only_test_credentials *) creds; |
| |
| if (c->is_async) |
| { |
| gpr_thd_id thd_id; |
| grpc_credentials_metadata_request *cb_arg = grpc_credentials_metadata_request_create (creds, cb, user_data); |
| gpr_thd_new (&thd_id, on_simulated_token_fetch_done, cb_arg, NULL); |
| } |
| else |
| { |
| cb (exec_ctx, user_data, c->md_store->entries, 1, GRPC_CREDENTIALS_OK); |
| } |
| } |
| |
| static grpc_credentials_vtable md_only_test_vtable = { |
| md_only_test_destruct, md_only_test_has_request_metadata, |
| md_only_test_has_request_metadata_only, md_only_test_get_request_metadata, |
| NULL |
| }; |
| |
| grpc_credentials * |
| grpc_md_only_test_credentials_create (const char *md_key, const char *md_value, int is_async) |
| { |
| grpc_md_only_test_credentials *c = gpr_malloc (sizeof (grpc_md_only_test_credentials)); |
| memset (c, 0, sizeof (grpc_md_only_test_credentials)); |
| c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; |
| c->base.vtable = &md_only_test_vtable; |
| gpr_ref_init (&c->base.refcount, 1); |
| c->md_store = grpc_credentials_md_store_create (1); |
| grpc_credentials_md_store_add_cstrings (c->md_store, md_key, md_value); |
| c->is_async = is_async; |
| return &c->base; |
| } |
| |
| /* -- Oauth2 Access Token credentials. -- */ |
| |
| static void |
| access_token_destruct (grpc_credentials * creds) |
| { |
| grpc_access_token_credentials *c = (grpc_access_token_credentials *) creds; |
| grpc_credentials_md_store_unref (c->access_token_md); |
| } |
| |
| static int |
| access_token_has_request_metadata (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static int |
| access_token_has_request_metadata_only (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static void |
| access_token_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) |
| { |
| grpc_access_token_credentials *c = (grpc_access_token_credentials *) creds; |
| cb (exec_ctx, user_data, c->access_token_md->entries, 1, GRPC_CREDENTIALS_OK); |
| } |
| |
| static grpc_credentials_vtable access_token_vtable = { |
| access_token_destruct, access_token_has_request_metadata, |
| access_token_has_request_metadata_only, access_token_get_request_metadata, |
| NULL |
| }; |
| |
| grpc_credentials * |
| grpc_access_token_credentials_create (const char *access_token, void *reserved) |
| { |
| grpc_access_token_credentials *c = gpr_malloc (sizeof (grpc_access_token_credentials)); |
| char *token_md_value; |
| GPR_ASSERT (reserved == NULL); |
| memset (c, 0, sizeof (grpc_access_token_credentials)); |
| c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; |
| c->base.vtable = &access_token_vtable; |
| gpr_ref_init (&c->base.refcount, 1); |
| c->access_token_md = grpc_credentials_md_store_create (1); |
| gpr_asprintf (&token_md_value, "Bearer %s", access_token); |
| grpc_credentials_md_store_add_cstrings (c->access_token_md, GRPC_AUTHORIZATION_METADATA_KEY, token_md_value); |
| gpr_free (token_md_value); |
| return &c->base; |
| } |
| |
| /* -- Fake transport security credentials. -- */ |
| |
| static void |
| fake_transport_security_credentials_destruct (grpc_credentials * creds) |
| { |
| /* Nothing to do here. */ |
| } |
| |
| static void |
| fake_transport_security_server_credentials_destruct (grpc_server_credentials * creds) |
| { |
| /* Nothing to do here. */ |
| } |
| |
| static int |
| fake_transport_security_has_request_metadata (const grpc_credentials * creds) |
| { |
| return 0; |
| } |
| |
| static int |
| fake_transport_security_has_request_metadata_only (const grpc_credentials * creds) |
| { |
| return 0; |
| } |
| |
| static grpc_security_status |
| fake_transport_security_create_security_connector (grpc_credentials * c, const char *target, const grpc_channel_args * args, grpc_credentials * request_metadata_creds, grpc_channel_security_connector ** sc, grpc_channel_args ** new_args) |
| { |
| *sc = grpc_fake_channel_security_connector_create (request_metadata_creds, 1); |
| return GRPC_SECURITY_OK; |
| } |
| |
| static grpc_security_status |
| fake_transport_security_server_create_security_connector (grpc_server_credentials * c, grpc_security_connector ** sc) |
| { |
| *sc = grpc_fake_server_security_connector_create (); |
| return GRPC_SECURITY_OK; |
| } |
| |
| static grpc_credentials_vtable fake_transport_security_credentials_vtable = { |
| fake_transport_security_credentials_destruct, |
| fake_transport_security_has_request_metadata, |
| fake_transport_security_has_request_metadata_only, NULL, |
| fake_transport_security_create_security_connector |
| }; |
| |
| static grpc_server_credentials_vtable fake_transport_security_server_credentials_vtable = { |
| fake_transport_security_server_credentials_destruct, |
| fake_transport_security_server_create_security_connector |
| }; |
| |
| grpc_credentials * |
| grpc_fake_transport_security_credentials_create (void) |
| { |
| grpc_credentials *c = gpr_malloc (sizeof (grpc_credentials)); |
| memset (c, 0, sizeof (grpc_credentials)); |
| c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; |
| c->vtable = &fake_transport_security_credentials_vtable; |
| gpr_ref_init (&c->refcount, 1); |
| return c; |
| } |
| |
| grpc_server_credentials * |
| grpc_fake_transport_security_server_credentials_create (void) |
| { |
| grpc_server_credentials *c = gpr_malloc (sizeof (grpc_server_credentials)); |
| memset (c, 0, sizeof (grpc_server_credentials)); |
| c->type = GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY; |
| gpr_ref_init (&c->refcount, 1); |
| c->vtable = &fake_transport_security_server_credentials_vtable; |
| return c; |
| } |
| |
| /* -- Composite credentials. -- */ |
| |
| typedef struct |
| { |
| grpc_composite_credentials *composite_creds; |
| size_t creds_index; |
| grpc_credentials_md_store *md_elems; |
| char *service_url; |
| void *user_data; |
| grpc_pollset *pollset; |
| grpc_credentials_metadata_cb cb; |
| } grpc_composite_credentials_metadata_context; |
| |
| static void |
| composite_destruct (grpc_credentials * creds) |
| { |
| grpc_composite_credentials *c = (grpc_composite_credentials *) creds; |
| size_t i; |
| for (i = 0; i < c->inner.num_creds; i++) |
| { |
| grpc_credentials_unref (c->inner.creds_array[i]); |
| } |
| gpr_free (c->inner.creds_array); |
| } |
| |
| static int |
| composite_has_request_metadata (const grpc_credentials * creds) |
| { |
| const grpc_composite_credentials *c = (const grpc_composite_credentials *) creds; |
| size_t i; |
| for (i = 0; i < c->inner.num_creds; i++) |
| { |
| if (grpc_credentials_has_request_metadata (c->inner.creds_array[i])) |
| { |
| return 1; |
| } |
| } |
| return 0; |
| } |
| |
| static int |
| composite_has_request_metadata_only (const grpc_credentials * creds) |
| { |
| const grpc_composite_credentials *c = (const grpc_composite_credentials *) creds; |
| size_t i; |
| for (i = 0; i < c->inner.num_creds; i++) |
| { |
| if (!grpc_credentials_has_request_metadata_only (c->inner.creds_array[i])) |
| { |
| return 0; |
| } |
| } |
| return 1; |
| } |
| |
| static void |
| composite_md_context_destroy (grpc_composite_credentials_metadata_context * ctx) |
| { |
| grpc_credentials_md_store_unref (ctx->md_elems); |
| if (ctx->service_url != NULL) |
| gpr_free (ctx->service_url); |
| gpr_free (ctx); |
| } |
| |
| static void |
| composite_metadata_cb (grpc_exec_ctx * exec_ctx, void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status) |
| { |
| grpc_composite_credentials_metadata_context *ctx = (grpc_composite_credentials_metadata_context *) user_data; |
| if (status != GRPC_CREDENTIALS_OK) |
| { |
| ctx->cb (exec_ctx, ctx->user_data, NULL, 0, status); |
| return; |
| } |
| |
| /* Copy the metadata in the context. */ |
| if (num_md > 0) |
| { |
| size_t i; |
| for (i = 0; i < num_md; i++) |
| { |
| grpc_credentials_md_store_add (ctx->md_elems, md_elems[i].key, md_elems[i].value); |
| } |
| } |
| |
| /* See if we need to get some more metadata. */ |
| while (ctx->creds_index < ctx->composite_creds->inner.num_creds) |
| { |
| grpc_credentials *inner_creds = ctx->composite_creds->inner.creds_array[ctx->creds_index++]; |
| if (grpc_credentials_has_request_metadata (inner_creds)) |
| { |
| grpc_credentials_get_request_metadata (exec_ctx, inner_creds, ctx->pollset, ctx->service_url, composite_metadata_cb, ctx); |
| return; |
| } |
| } |
| |
| /* We're done!. */ |
| ctx->cb (exec_ctx, ctx->user_data, ctx->md_elems->entries, ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK); |
| composite_md_context_destroy (ctx); |
| grpc_closure_list_run (closure_list); |
| } |
| |
| static void |
| composite_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) |
| { |
| grpc_composite_credentials *c = (grpc_composite_credentials *) creds; |
| grpc_composite_credentials_metadata_context *ctx; |
| if (!grpc_credentials_has_request_metadata (creds)) |
| { |
| cb (exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); |
| return; |
| } |
| ctx = gpr_malloc (sizeof (grpc_composite_credentials_metadata_context)); |
| memset (ctx, 0, sizeof (grpc_composite_credentials_metadata_context)); |
| ctx->service_url = gpr_strdup (service_url); |
| ctx->user_data = user_data; |
| ctx->cb = cb; |
| ctx->composite_creds = c; |
| ctx->pollset = pollset; |
| ctx->md_elems = grpc_credentials_md_store_create (c->inner.num_creds); |
| while (ctx->creds_index < c->inner.num_creds) |
| { |
| grpc_credentials *inner_creds = c->inner.creds_array[ctx->creds_index++]; |
| if (grpc_credentials_has_request_metadata (inner_creds)) |
| { |
| grpc_credentials_get_request_metadata (exec_ctx, inner_creds, pollset, service_url, composite_metadata_cb, ctx); |
| return; |
| } |
| } |
| GPR_ASSERT (0); /* Should have exited before. */ |
| } |
| |
| static grpc_security_status |
| composite_create_security_connector (grpc_credentials * creds, const char *target, const grpc_channel_args * args, grpc_credentials * request_metadata_creds, grpc_channel_security_connector ** sc, grpc_channel_args ** new_args) |
| { |
| grpc_composite_credentials *c = (grpc_composite_credentials *) creds; |
| if (c->connector_creds == NULL) |
| { |
| gpr_log (GPR_ERROR, "Cannot create security connector, missing connector credentials."); |
| return GRPC_SECURITY_ERROR; |
| } |
| return grpc_credentials_create_security_connector (c->connector_creds, target, args, creds, sc, new_args); |
| } |
| |
| static grpc_credentials_vtable composite_credentials_vtable = { |
| composite_destruct, composite_has_request_metadata, |
| composite_has_request_metadata_only, composite_get_request_metadata, |
| composite_create_security_connector |
| }; |
| |
| static grpc_credentials_array |
| get_creds_array (grpc_credentials ** creds_addr) |
| { |
| grpc_credentials_array result; |
| grpc_credentials *creds = *creds_addr; |
| result.creds_array = creds_addr; |
| result.num_creds = 1; |
| if (strcmp (creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) |
| { |
| result = *grpc_composite_credentials_get_credentials (creds); |
| } |
| return result; |
| } |
| |
| grpc_credentials * |
| grpc_composite_credentials_create (grpc_credentials * creds1, grpc_credentials * creds2, void *reserved) |
| { |
| size_t i; |
| size_t creds_array_byte_size; |
| grpc_credentials_array creds1_array; |
| grpc_credentials_array creds2_array; |
| grpc_composite_credentials *c; |
| GPR_ASSERT (reserved == NULL); |
| GPR_ASSERT (creds1 != NULL); |
| GPR_ASSERT (creds2 != NULL); |
| c = gpr_malloc (sizeof (grpc_composite_credentials)); |
| memset (c, 0, sizeof (grpc_composite_credentials)); |
| c->base.type = GRPC_CREDENTIALS_TYPE_COMPOSITE; |
| c->base.vtable = &composite_credentials_vtable; |
| gpr_ref_init (&c->base.refcount, 1); |
| creds1_array = get_creds_array (&creds1); |
| creds2_array = get_creds_array (&creds2); |
| c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds; |
| creds_array_byte_size = c->inner.num_creds * sizeof (grpc_credentials *); |
| c->inner.creds_array = gpr_malloc (creds_array_byte_size); |
| memset (c->inner.creds_array, 0, creds_array_byte_size); |
| for (i = 0; i < creds1_array.num_creds; i++) |
| { |
| grpc_credentials *cur_creds = creds1_array.creds_array[i]; |
| if (!grpc_credentials_has_request_metadata_only (cur_creds)) |
| { |
| if (c->connector_creds == NULL) |
| { |
| c->connector_creds = cur_creds; |
| } |
| else |
| { |
| gpr_log (GPR_ERROR, "Cannot compose multiple connector credentials."); |
| goto fail; |
| } |
| } |
| c->inner.creds_array[i] = grpc_credentials_ref (cur_creds); |
| } |
| for (i = 0; i < creds2_array.num_creds; i++) |
| { |
| grpc_credentials *cur_creds = creds2_array.creds_array[i]; |
| if (!grpc_credentials_has_request_metadata_only (cur_creds)) |
| { |
| if (c->connector_creds == NULL) |
| { |
| c->connector_creds = cur_creds; |
| } |
| else |
| { |
| gpr_log (GPR_ERROR, "Cannot compose multiple connector credentials."); |
| goto fail; |
| } |
| } |
| c->inner.creds_array[i + creds1_array.num_creds] = grpc_credentials_ref (cur_creds); |
| } |
| return &c->base; |
| |
| fail: |
| grpc_credentials_unref (&c->base); |
| return NULL; |
| } |
| |
| const grpc_credentials_array * |
| grpc_composite_credentials_get_credentials (grpc_credentials * creds) |
| { |
| const grpc_composite_credentials *c = (const grpc_composite_credentials *) creds; |
| GPR_ASSERT (strcmp (creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); |
| return &c->inner; |
| } |
| |
| grpc_credentials * |
| grpc_credentials_contains_type (grpc_credentials * creds, const char *type, grpc_credentials ** composite_creds) |
| { |
| size_t i; |
| if (strcmp (creds->type, type) == 0) |
| { |
| if (composite_creds != NULL) |
| *composite_creds = NULL; |
| return creds; |
| } |
| else if (strcmp (creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0) |
| { |
| const grpc_credentials_array *inner_creds_array = grpc_composite_credentials_get_credentials (creds); |
| for (i = 0; i < inner_creds_array->num_creds; i++) |
| { |
| if (strcmp (type, inner_creds_array->creds_array[i]->type) == 0) |
| { |
| if (composite_creds != NULL) |
| *composite_creds = creds; |
| return inner_creds_array->creds_array[i]; |
| } |
| } |
| } |
| return NULL; |
| } |
| |
| /* -- IAM credentials. -- */ |
| |
| static void |
| iam_destruct (grpc_credentials * creds) |
| { |
| grpc_google_iam_credentials *c = (grpc_google_iam_credentials *) creds; |
| grpc_credentials_md_store_unref (c->iam_md); |
| } |
| |
| static int |
| iam_has_request_metadata (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static int |
| iam_has_request_metadata_only (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static void |
| iam_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) |
| { |
| grpc_google_iam_credentials *c = (grpc_google_iam_credentials *) creds; |
| cb (exec_ctx, user_data, c->iam_md->entries, c->iam_md->num_entries, GRPC_CREDENTIALS_OK); |
| } |
| |
| static grpc_credentials_vtable iam_vtable = { |
| iam_destruct, iam_has_request_metadata, iam_has_request_metadata_only, |
| iam_get_request_metadata, NULL |
| }; |
| |
| grpc_credentials * |
| grpc_google_iam_credentials_create (const char *token, const char *authority_selector, void *reserved) |
| { |
| grpc_google_iam_credentials *c; |
| GPR_ASSERT (reserved == NULL); |
| GPR_ASSERT (token != NULL); |
| GPR_ASSERT (authority_selector != NULL); |
| c = gpr_malloc (sizeof (grpc_google_iam_credentials)); |
| memset (c, 0, sizeof (grpc_google_iam_credentials)); |
| c->base.type = GRPC_CREDENTIALS_TYPE_IAM; |
| c->base.vtable = &iam_vtable; |
| gpr_ref_init (&c->base.refcount, 1); |
| c->iam_md = grpc_credentials_md_store_create (2); |
| grpc_credentials_md_store_add_cstrings (c->iam_md, GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, token); |
| grpc_credentials_md_store_add_cstrings (c->iam_md, GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, authority_selector); |
| return &c->base; |
| } |
| |
| /* -- Plugin credentials. -- */ |
| |
| typedef struct |
| { |
| void *user_data; |
| grpc_credentials_metadata_cb cb; |
| } grpc_metadata_plugin_request; |
| |
| static void |
| plugin_destruct (grpc_credentials * creds) |
| { |
| grpc_plugin_credentials *c = (grpc_plugin_credentials *) creds; |
| if (c->plugin.state != NULL && c->plugin.destroy != NULL) |
| { |
| c->plugin.destroy (c->plugin.state); |
| } |
| } |
| |
| static int |
| plugin_has_request_metadata (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static int |
| plugin_has_request_metadata_only (const grpc_credentials * creds) |
| { |
| return 1; |
| } |
| |
| static void |
| plugin_md_request_metadata_ready (void *request, const grpc_metadata * md, size_t num_md, grpc_status_code status, const char *error_details) |
| { |
| /* called from application code */ |
| grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; |
| grpc_metadata_plugin_request *r = (grpc_metadata_plugin_request *) request; |
| if (status != GRPC_STATUS_OK) |
| { |
| if (error_details != NULL) |
| { |
| gpr_log (GPR_ERROR, "Getting metadata from plugin failed with error: %s", error_details); |
| } |
| r->cb (r->user_data, NULL, 0, GRPC_CREDENTIALS_ERROR, &closure_list); |
| } |
| else |
| { |
| size_t i; |
| grpc_credentials_md *md_array = NULL; |
| if (num_md > 0) |
| { |
| md_array = gpr_malloc (num_md * sizeof (grpc_credentials_md)); |
| for (i = 0; i < num_md; i++) |
| { |
| md_array[i].key = gpr_slice_from_copied_string (md[i].key); |
| md_array[i].value = gpr_slice_from_copied_buffer (md[i].value, md[i].value_length); |
| } |
| } |
| r->cb (r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK, &closure_list); |
| if (md_array != NULL) |
| { |
| for (i = 0; i < num_md; i++) |
| { |
| gpr_slice_unref (md_array[i].key); |
| gpr_slice_unref (md_array[i].value); |
| } |
| gpr_free (md_array); |
| } |
| } |
| gpr_free (r); |
| } |
| |
| static void |
| plugin_get_request_metadata (grpc_exec_ctx * exec_ctx, grpc_credentials * creds, grpc_pollset * pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) |
| { |
| grpc_plugin_credentials *c = (grpc_plugin_credentials *) creds; |
| if (c->plugin.get_metadata != NULL) |
| { |
| grpc_metadata_plugin_request *request = gpr_malloc (sizeof (*request)); |
| memset (request, 0, sizeof (*request)); |
| request->user_data = user_data; |
| request->cb = cb; |
| c->plugin.get_metadata (c->plugin.state, service_url, plugin_md_request_metadata_ready, request); |
| } |
| else |
| { |
| cb (exec_ctx, user_data, NULL, 0, GRPC_CREDENTIALS_OK); |
| } |
| } |
| |
| static grpc_credentials_vtable plugin_vtable = { |
| plugin_destruct, plugin_has_request_metadata, |
| plugin_has_request_metadata_only, plugin_get_request_metadata, NULL |
| }; |
| |
| grpc_credentials * |
| grpc_metadata_credentials_create_from_plugin (grpc_metadata_credentials_plugin plugin, void *reserved) |
| { |
| grpc_plugin_credentials *c = gpr_malloc (sizeof (*c)); |
| GPR_ASSERT (reserved == NULL); |
| memset (c, 0, sizeof (*c)); |
| c->base.type = GRPC_CREDENTIALS_TYPE_METADATA_PLUGIN; |
| c->base.vtable = &plugin_vtable; |
| gpr_ref_init (&c->base.refcount, 1); |
| c->plugin = plugin; |
| return &c->base; |
| } |