1/* 2 * 3 * Copyright 2018 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19// Package authinfo provide authentication information returned by handshakers. 20package authinfo 21 22import ( 23 "google.golang.org/grpc/credentials" 24 altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp" 25) 26 27var _ credentials.AuthInfo = (*altsAuthInfo)(nil) 28 29// altsAuthInfo exposes security information from the ALTS handshake to the 30// application. altsAuthInfo is immutable and implements credentials.AuthInfo. 31type altsAuthInfo struct { 32 p *altspb.AltsContext 33} 34 35// New returns a new altsAuthInfo object given handshaker results. 36func New(result *altspb.HandshakerResult) credentials.AuthInfo { 37 return newAuthInfo(result) 38} 39 40func newAuthInfo(result *altspb.HandshakerResult) *altsAuthInfo { 41 return &altsAuthInfo{ 42 p: &altspb.AltsContext{ 43 ApplicationProtocol: result.GetApplicationProtocol(), 44 RecordProtocol: result.GetRecordProtocol(), 45 // TODO: assign security level from result. 46 SecurityLevel: altspb.SecurityLevel_INTEGRITY_AND_PRIVACY, 47 PeerServiceAccount: result.GetPeerIdentity().GetServiceAccount(), 48 LocalServiceAccount: result.GetLocalIdentity().GetServiceAccount(), 49 PeerRpcVersions: result.GetPeerRpcVersions(), 50 }, 51 } 52} 53 54// AuthType identifies the context as providing ALTS authentication information. 55func (s *altsAuthInfo) AuthType() string { 56 return "alts" 57} 58 59// ApplicationProtocol returns the context's application protocol. 60func (s *altsAuthInfo) ApplicationProtocol() string { 61 return s.p.GetApplicationProtocol() 62} 63 64// RecordProtocol returns the context's record protocol. 65func (s *altsAuthInfo) RecordProtocol() string { 66 return s.p.GetRecordProtocol() 67} 68 69// SecurityLevel returns the context's security level. 70func (s *altsAuthInfo) SecurityLevel() altspb.SecurityLevel { 71 return s.p.GetSecurityLevel() 72} 73 74// PeerServiceAccount returns the context's peer service account. 75func (s *altsAuthInfo) PeerServiceAccount() string { 76 return s.p.GetPeerServiceAccount() 77} 78 79// LocalServiceAccount returns the context's local service account. 80func (s *altsAuthInfo) LocalServiceAccount() string { 81 return s.p.GetLocalServiceAccount() 82} 83 84// PeerRPCVersions returns the context's peer RPC versions. 85func (s *altsAuthInfo) PeerRPCVersions() *altspb.RpcProtocolVersions { 86 return s.p.GetPeerRpcVersions() 87} 88