Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 1 | /* |
| 2 | * |
David Garcia Quintas | 8bec6f6 | 2016-05-31 13:59:37 -0700 | [diff] [blame] | 3 | * Copyright 2015-2016, Google Inc. |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions are |
| 8 | * met: |
| 9 | * |
| 10 | * * Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * * Redistributions in binary form must reproduce the above |
| 13 | * copyright notice, this list of conditions and the following disclaimer |
| 14 | * in the documentation and/or other materials provided with the |
| 15 | * distribution. |
| 16 | * * Neither the name of Google Inc. nor the names of its |
| 17 | * contributors may be used to endorse or promote products derived from |
| 18 | * this software without specific prior written permission. |
| 19 | * |
| 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 23 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 24 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 25 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 26 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 27 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 28 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 31 | * |
| 32 | */ |
| 33 | |
| 34 | #include "src/core/lib/security/credentials/composite/composite_credentials.h" |
| 35 | |
| 36 | #include <string.h> |
| 37 | |
David Garcia Quintas | 2a50dfe | 2016-05-31 15:09:12 -0700 | [diff] [blame] | 38 | #include "src/core/lib/iomgr/polling_entity.h" |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 39 | #include "src/core/lib/surface/api_trace.h" |
| 40 | |
| 41 | #include <grpc/support/alloc.h> |
| 42 | #include <grpc/support/log.h> |
| 43 | #include <grpc/support/string_util.h> |
| 44 | |
| 45 | /* -- Composite call credentials. -- */ |
| 46 | |
| 47 | typedef struct { |
| 48 | grpc_composite_call_credentials *composite_creds; |
| 49 | size_t creds_index; |
| 50 | grpc_credentials_md_store *md_elems; |
| 51 | grpc_auth_metadata_context auth_md_context; |
| 52 | void *user_data; |
David Garcia Quintas | 2a50dfe | 2016-05-31 15:09:12 -0700 | [diff] [blame] | 53 | grpc_polling_entity *pollent; |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 54 | grpc_credentials_metadata_cb cb; |
| 55 | } grpc_composite_call_credentials_metadata_context; |
| 56 | |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 57 | static void composite_call_destruct(grpc_exec_ctx *exec_ctx, |
| 58 | grpc_call_credentials *creds) { |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 59 | grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; |
| 60 | size_t i; |
| 61 | for (i = 0; i < c->inner.num_creds; i++) { |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 62 | grpc_call_credentials_unref(exec_ctx, c->inner.creds_array[i]); |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 63 | } |
| 64 | gpr_free(c->inner.creds_array); |
| 65 | } |
| 66 | |
| 67 | static void composite_call_md_context_destroy( |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 68 | grpc_exec_ctx *exec_ctx, |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 69 | grpc_composite_call_credentials_metadata_context *ctx) { |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 70 | grpc_credentials_md_store_unref(exec_ctx, ctx->md_elems); |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 71 | gpr_free(ctx); |
| 72 | } |
| 73 | |
| 74 | static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, |
| 75 | grpc_credentials_md *md_elems, |
| 76 | size_t num_md, |
Julien Boeuf | bfc7ed6 | 2016-06-04 18:03:42 -0700 | [diff] [blame] | 77 | grpc_credentials_status status, |
| 78 | const char *error_details) { |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 79 | grpc_composite_call_credentials_metadata_context *ctx = |
| 80 | (grpc_composite_call_credentials_metadata_context *)user_data; |
| 81 | if (status != GRPC_CREDENTIALS_OK) { |
Julien Boeuf | bfc7ed6 | 2016-06-04 18:03:42 -0700 | [diff] [blame] | 82 | ctx->cb(exec_ctx, ctx->user_data, NULL, 0, status, error_details); |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 83 | return; |
| 84 | } |
| 85 | |
| 86 | /* Copy the metadata in the context. */ |
| 87 | if (num_md > 0) { |
| 88 | size_t i; |
| 89 | for (i = 0; i < num_md; i++) { |
| 90 | grpc_credentials_md_store_add(ctx->md_elems, md_elems[i].key, |
| 91 | md_elems[i].value); |
| 92 | } |
| 93 | } |
| 94 | |
| 95 | /* See if we need to get some more metadata. */ |
| 96 | if (ctx->creds_index < ctx->composite_creds->inner.num_creds) { |
| 97 | grpc_call_credentials *inner_creds = |
| 98 | ctx->composite_creds->inner.creds_array[ctx->creds_index++]; |
David Garcia Quintas | 2a50dfe | 2016-05-31 15:09:12 -0700 | [diff] [blame] | 99 | grpc_call_credentials_get_request_metadata( |
| 100 | exec_ctx, inner_creds, ctx->pollent, ctx->auth_md_context, |
| 101 | composite_call_metadata_cb, ctx); |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 102 | return; |
| 103 | } |
| 104 | |
| 105 | /* We're done!. */ |
| 106 | ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries, |
Julien Boeuf | bfc7ed6 | 2016-06-04 18:03:42 -0700 | [diff] [blame] | 107 | ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK, NULL); |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 108 | composite_call_md_context_destroy(exec_ctx, ctx); |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 109 | } |
| 110 | |
| 111 | static void composite_call_get_request_metadata( |
David Garcia Quintas | 2a50dfe | 2016-05-31 15:09:12 -0700 | [diff] [blame] | 112 | grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, |
| 113 | grpc_polling_entity *pollent, grpc_auth_metadata_context auth_md_context, |
| 114 | grpc_credentials_metadata_cb cb, void *user_data) { |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 115 | grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; |
| 116 | grpc_composite_call_credentials_metadata_context *ctx; |
| 117 | |
| 118 | ctx = gpr_malloc(sizeof(grpc_composite_call_credentials_metadata_context)); |
| 119 | memset(ctx, 0, sizeof(grpc_composite_call_credentials_metadata_context)); |
| 120 | ctx->auth_md_context = auth_md_context; |
| 121 | ctx->user_data = user_data; |
| 122 | ctx->cb = cb; |
| 123 | ctx->composite_creds = c; |
David Garcia Quintas | 2a50dfe | 2016-05-31 15:09:12 -0700 | [diff] [blame] | 124 | ctx->pollent = pollent; |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 125 | ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds); |
| 126 | grpc_call_credentials_get_request_metadata( |
David Garcia Quintas | 2a50dfe | 2016-05-31 15:09:12 -0700 | [diff] [blame] | 127 | exec_ctx, c->inner.creds_array[ctx->creds_index++], ctx->pollent, |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 128 | auth_md_context, composite_call_metadata_cb, ctx); |
| 129 | } |
| 130 | |
| 131 | static grpc_call_credentials_vtable composite_call_credentials_vtable = { |
| 132 | composite_call_destruct, composite_call_get_request_metadata}; |
| 133 | |
| 134 | static grpc_call_credentials_array get_creds_array( |
| 135 | grpc_call_credentials **creds_addr) { |
| 136 | grpc_call_credentials_array result; |
| 137 | grpc_call_credentials *creds = *creds_addr; |
| 138 | result.creds_array = creds_addr; |
| 139 | result.num_creds = 1; |
| 140 | if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { |
| 141 | result = *grpc_composite_call_credentials_get_credentials(creds); |
| 142 | } |
| 143 | return result; |
| 144 | } |
| 145 | |
| 146 | grpc_call_credentials *grpc_composite_call_credentials_create( |
| 147 | grpc_call_credentials *creds1, grpc_call_credentials *creds2, |
| 148 | void *reserved) { |
| 149 | size_t i; |
| 150 | size_t creds_array_byte_size; |
| 151 | grpc_call_credentials_array creds1_array; |
| 152 | grpc_call_credentials_array creds2_array; |
| 153 | grpc_composite_call_credentials *c; |
| 154 | GRPC_API_TRACE( |
| 155 | "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, " |
| 156 | "reserved=%p)", |
| 157 | 3, (creds1, creds2, reserved)); |
| 158 | GPR_ASSERT(reserved == NULL); |
| 159 | GPR_ASSERT(creds1 != NULL); |
| 160 | GPR_ASSERT(creds2 != NULL); |
| 161 | c = gpr_malloc(sizeof(grpc_composite_call_credentials)); |
| 162 | memset(c, 0, sizeof(grpc_composite_call_credentials)); |
| 163 | c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE; |
| 164 | c->base.vtable = &composite_call_credentials_vtable; |
| 165 | gpr_ref_init(&c->base.refcount, 1); |
| 166 | creds1_array = get_creds_array(&creds1); |
| 167 | creds2_array = get_creds_array(&creds2); |
| 168 | c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds; |
| 169 | creds_array_byte_size = c->inner.num_creds * sizeof(grpc_call_credentials *); |
| 170 | c->inner.creds_array = gpr_malloc(creds_array_byte_size); |
| 171 | memset(c->inner.creds_array, 0, creds_array_byte_size); |
| 172 | for (i = 0; i < creds1_array.num_creds; i++) { |
| 173 | grpc_call_credentials *cur_creds = creds1_array.creds_array[i]; |
| 174 | c->inner.creds_array[i] = grpc_call_credentials_ref(cur_creds); |
| 175 | } |
| 176 | for (i = 0; i < creds2_array.num_creds; i++) { |
| 177 | grpc_call_credentials *cur_creds = creds2_array.creds_array[i]; |
| 178 | c->inner.creds_array[i + creds1_array.num_creds] = |
| 179 | grpc_call_credentials_ref(cur_creds); |
| 180 | } |
| 181 | return &c->base; |
| 182 | } |
| 183 | |
| 184 | const grpc_call_credentials_array * |
| 185 | grpc_composite_call_credentials_get_credentials(grpc_call_credentials *creds) { |
| 186 | const grpc_composite_call_credentials *c = |
| 187 | (const grpc_composite_call_credentials *)creds; |
| 188 | GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0); |
| 189 | return &c->inner; |
| 190 | } |
| 191 | |
| 192 | grpc_call_credentials *grpc_credentials_contains_type( |
| 193 | grpc_call_credentials *creds, const char *type, |
| 194 | grpc_call_credentials **composite_creds) { |
| 195 | size_t i; |
| 196 | if (strcmp(creds->type, type) == 0) { |
| 197 | if (composite_creds != NULL) *composite_creds = NULL; |
| 198 | return creds; |
| 199 | } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { |
| 200 | const grpc_call_credentials_array *inner_creds_array = |
| 201 | grpc_composite_call_credentials_get_credentials(creds); |
| 202 | for (i = 0; i < inner_creds_array->num_creds; i++) { |
| 203 | if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) { |
| 204 | if (composite_creds != NULL) *composite_creds = creds; |
| 205 | return inner_creds_array->creds_array[i]; |
| 206 | } |
| 207 | } |
| 208 | } |
| 209 | return NULL; |
| 210 | } |
| 211 | |
| 212 | /* -- Composite channel credentials. -- */ |
| 213 | |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 214 | static void composite_channel_destruct(grpc_exec_ctx *exec_ctx, |
| 215 | grpc_channel_credentials *creds) { |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 216 | grpc_composite_channel_credentials *c = |
| 217 | (grpc_composite_channel_credentials *)creds; |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 218 | grpc_channel_credentials_unref(exec_ctx, c->inner_creds); |
| 219 | grpc_call_credentials_unref(exec_ctx, c->call_creds); |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 220 | } |
| 221 | |
| 222 | static grpc_security_status composite_channel_create_security_connector( |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 223 | grpc_exec_ctx *exec_ctx, grpc_channel_credentials *creds, |
| 224 | grpc_call_credentials *call_creds, const char *target, |
| 225 | const grpc_channel_args *args, grpc_channel_security_connector **sc, |
| 226 | grpc_channel_args **new_args) { |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 227 | grpc_composite_channel_credentials *c = |
| 228 | (grpc_composite_channel_credentials *)creds; |
| 229 | grpc_security_status status = GRPC_SECURITY_ERROR; |
| 230 | |
| 231 | GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL && |
| 232 | c->inner_creds->vtable != NULL && |
| 233 | c->inner_creds->vtable->create_security_connector != NULL); |
| 234 | /* If we are passed a call_creds, create a call composite to pass it |
| 235 | downstream. */ |
| 236 | if (call_creds != NULL) { |
| 237 | grpc_call_credentials *composite_call_creds = |
| 238 | grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL); |
| 239 | status = c->inner_creds->vtable->create_security_connector( |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 240 | exec_ctx, c->inner_creds, composite_call_creds, target, args, sc, |
| 241 | new_args); |
| 242 | grpc_call_credentials_unref(exec_ctx, composite_call_creds); |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 243 | } else { |
| 244 | status = c->inner_creds->vtable->create_security_connector( |
Craig Tiller | bd1795c | 2016-10-31 15:30:00 -0700 | [diff] [blame] | 245 | exec_ctx, c->inner_creds, c->call_creds, target, args, sc, new_args); |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 246 | } |
| 247 | return status; |
| 248 | } |
| 249 | |
Julien Boeuf | e26ab6c | 2016-09-22 15:13:07 -0700 | [diff] [blame] | 250 | static grpc_channel_credentials * |
| 251 | composite_channel_duplicate_without_call_credentials( |
| 252 | grpc_channel_credentials *creds) { |
| 253 | grpc_composite_channel_credentials *c = |
| 254 | (grpc_composite_channel_credentials *)creds; |
| 255 | return grpc_channel_credentials_ref(c->inner_creds); |
| 256 | } |
| 257 | |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 258 | static grpc_channel_credentials_vtable composite_channel_credentials_vtable = { |
Julien Boeuf | e26ab6c | 2016-09-22 15:13:07 -0700 | [diff] [blame] | 259 | composite_channel_destruct, composite_channel_create_security_connector, |
| 260 | composite_channel_duplicate_without_call_credentials}; |
Julien Boeuf | 8ca294e | 2016-05-02 14:56:30 -0700 | [diff] [blame] | 261 | |
| 262 | grpc_channel_credentials *grpc_composite_channel_credentials_create( |
| 263 | grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, |
| 264 | void *reserved) { |
| 265 | grpc_composite_channel_credentials *c = gpr_malloc(sizeof(*c)); |
| 266 | memset(c, 0, sizeof(*c)); |
| 267 | GPR_ASSERT(channel_creds != NULL && call_creds != NULL && reserved == NULL); |
| 268 | GRPC_API_TRACE( |
| 269 | "grpc_composite_channel_credentials_create(channel_creds=%p, " |
| 270 | "call_creds=%p, reserved=%p)", |
| 271 | 3, (channel_creds, call_creds, reserved)); |
| 272 | c->base.type = channel_creds->type; |
| 273 | c->base.vtable = &composite_channel_credentials_vtable; |
| 274 | gpr_ref_init(&c->base.refcount, 1); |
| 275 | c->inner_creds = grpc_channel_credentials_ref(channel_creds); |
| 276 | c->call_creds = grpc_call_credentials_ref(call_creds); |
| 277 | return &c->base; |
| 278 | } |