1 /*
2 *
3 * Copyright 2015 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H
20 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H
21
22 #include <grpc/support/port_platform.h>
23
24 #include <string.h>
25
26 #include <string>
27
28 #include <grpc/grpc.h>
29 #include <grpc/grpc_security.h>
30 #include <grpc/support/sync.h>
31
32 #include "src/core/lib/gprpp/ref_counted.h"
33 #include "src/core/lib/http/httpcli.h"
34 #include "src/core/lib/http/parser.h"
35 #include "src/core/lib/iomgr/polling_entity.h"
36 #include "src/core/lib/security/security_connector/security_connector.h"
37 #include "src/core/lib/transport/metadata_batch.h"
38
39 struct grpc_http_response;
40
41 /* --- Constants. --- */
42
43 typedef enum {
44 GRPC_CREDENTIALS_OK = 0,
45 GRPC_CREDENTIALS_ERROR
46 } grpc_credentials_status;
47
48 #define GRPC_FAKE_TRANSPORT_SECURITY_TYPE "fake"
49
50 #define GRPC_CHANNEL_CREDENTIALS_TYPE_SSL "Ssl"
51 #define GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY \
52 "FakeTransportSecurity"
53 #define GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT "GoogleDefault"
54
55 #define GRPC_CALL_CREDENTIALS_TYPE_OAUTH2 "Oauth2"
56 #define GRPC_CALL_CREDENTIALS_TYPE_JWT "Jwt"
57 #define GRPC_CALL_CREDENTIALS_TYPE_IAM "Iam"
58 #define GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE "Composite"
59
60 #define GRPC_AUTHORIZATION_METADATA_KEY "authorization"
61 #define GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY \
62 "x-goog-iam-authorization-token"
63 #define GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY "x-goog-iam-authority-selector"
64
65 #define GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS 60
66
67 #define GRPC_COMPUTE_ENGINE_METADATA_HOST "metadata.google.internal."
68 #define GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH \
69 "/computeMetadata/v1/instance/service-accounts/default/token"
70
71 #define GRPC_GOOGLE_OAUTH2_SERVICE_HOST "oauth2.googleapis.com"
72 #define GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH "/token"
73
74 #define GRPC_SERVICE_ACCOUNT_POST_BODY_PREFIX \
75 "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&" \
76 "assertion="
77
78 #define GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING \
79 "client_id=%s&client_secret=%s&refresh_token=%s&grant_type=refresh_token"
80
81 /* --- Google utils --- */
82
83 /* It is the caller's responsibility to gpr_free the result if not NULL. */
84 std::string grpc_get_well_known_google_credentials_file_path(void);
85
86 /* Implementation function for the different platforms. */
87 std::string grpc_get_well_known_google_credentials_file_path_impl(void);
88
89 /* Override for testing only. Not thread-safe */
90 typedef std::string (*grpc_well_known_credentials_path_getter)(void);
91 void grpc_override_well_known_credentials_path_getter(
92 grpc_well_known_credentials_path_getter getter);
93
94 /* --- grpc_channel_credentials. --- */
95
96 #define GRPC_ARG_CHANNEL_CREDENTIALS "grpc.internal.channel_credentials"
97
98 // This type is forward declared as a C struct and we cannot define it as a
99 // class. Otherwise, compiler will complain about type mismatch due to
100 // -Wmismatched-tags.
101 struct grpc_channel_credentials
102 : grpc_core::RefCounted<grpc_channel_credentials> {
103 public:
grpc_channel_credentialsgrpc_channel_credentials104 explicit grpc_channel_credentials(const char* type) : type_(type) {}
105 ~grpc_channel_credentials() override = default;
106
107 // Creates a security connector for the channel. May also create new channel
108 // args for the channel to be used in place of the passed in const args if
109 // returned non NULL. In that case the caller is responsible for destroying
110 // new_args after channel creation.
111 virtual grpc_core::RefCountedPtr<grpc_channel_security_connector>
112 create_security_connector(
113 grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
114 const char* target, const grpc_channel_args* args,
115 grpc_channel_args** new_args) = 0;
116
117 // Creates a version of the channel credentials without any attached call
118 // credentials. This can be used in order to open a channel to a non-trusted
119 // gRPC load balancer.
120 virtual grpc_core::RefCountedPtr<grpc_channel_credentials>
duplicate_without_call_credentialsgrpc_channel_credentials121 duplicate_without_call_credentials() {
122 // By default we just increment the refcount.
123 return Ref();
124 }
125
126 // Allows credentials to optionally modify a parent channel's args.
127 // By default, leave channel args as is. The callee takes ownership
128 // of the passed-in channel args, and the caller takes ownership
129 // of the returned channel args.
update_argumentsgrpc_channel_credentials130 virtual grpc_channel_args* update_arguments(grpc_channel_args* args) {
131 return args;
132 }
133
typegrpc_channel_credentials134 const char* type() const { return type_; }
135
136 private:
137 const char* type_;
138 };
139
140 // TODO(roth): Once we eliminate insecure builds, find a better way to
141 // plumb credentials so that it doesn't need to flow through channel
142 // args. For example, we'll want to expose it to LB policies by adding
143 // methods on the helper API.
144
145 /* Util to encapsulate the channel credentials in a channel arg. */
146 grpc_arg grpc_channel_credentials_to_arg(grpc_channel_credentials* credentials);
147
148 /* Util to get the channel credentials from a channel arg. */
149 grpc_channel_credentials* grpc_channel_credentials_from_arg(
150 const grpc_arg* arg);
151
152 /* Util to find the channel credentials from channel args. */
153 grpc_channel_credentials* grpc_channel_credentials_find_in_args(
154 const grpc_channel_args* args);
155
156 /* --- grpc_credentials_mdelem_array. --- */
157
158 struct grpc_credentials_mdelem_array {
159 grpc_mdelem* md = nullptr;
160 size_t size = 0;
161 };
162 /// Takes a new ref to \a md.
163 void grpc_credentials_mdelem_array_add(grpc_credentials_mdelem_array* list,
164 grpc_mdelem md);
165
166 /// Appends all elements from \a src to \a dst, taking a new ref to each one.
167 void grpc_credentials_mdelem_array_append(grpc_credentials_mdelem_array* dst,
168 grpc_credentials_mdelem_array* src);
169
170 void grpc_credentials_mdelem_array_destroy(grpc_credentials_mdelem_array* list);
171
172 /* --- grpc_call_credentials. --- */
173
174 // This type is forward declared as a C struct and we cannot define it as a
175 // class. Otherwise, compiler will complain about type mismatch due to
176 // -Wmismatched-tags.
177 struct grpc_call_credentials
178 : public grpc_core::RefCounted<grpc_call_credentials> {
179 public:
180 explicit grpc_call_credentials(
181 const char* type,
182 grpc_security_level min_security_level = GRPC_PRIVACY_AND_INTEGRITY)
type_grpc_call_credentials183 : type_(type), min_security_level_(min_security_level) {}
184
185 ~grpc_call_credentials() override = default;
186
187 // Returns true if completed synchronously, in which case \a error will
188 // be set to indicate the result. Otherwise, \a on_request_metadata will
189 // be invoked asynchronously when complete. \a md_array will be populated
190 // with the resulting metadata once complete.
191 virtual bool get_request_metadata(grpc_polling_entity* pollent,
192 grpc_auth_metadata_context context,
193 grpc_credentials_mdelem_array* md_array,
194 grpc_closure* on_request_metadata,
195 grpc_error_handle* error) = 0;
196
197 // Cancels a pending asynchronous operation started by
198 // grpc_call_credentials_get_request_metadata() with the corresponding
199 // value of \a md_array.
200 virtual void cancel_get_request_metadata(
201 grpc_credentials_mdelem_array* md_array, grpc_error_handle error) = 0;
202
min_security_levelgrpc_call_credentials203 virtual grpc_security_level min_security_level() const {
204 return min_security_level_;
205 }
206
debug_stringgrpc_call_credentials207 virtual std::string debug_string() {
208 return "grpc_call_credentials did not provide debug string";
209 }
210
typegrpc_call_credentials211 const char* type() const { return type_; }
212
213 private:
214 const char* type_;
215 const grpc_security_level min_security_level_;
216 };
217
218 /* Metadata-only credentials with the specified key and value where
219 asynchronicity can be simulated for testing. */
220 grpc_call_credentials* grpc_md_only_test_credentials_create(
221 const char* md_key, const char* md_value, bool is_async);
222
223 /* --- grpc_server_credentials. --- */
224
225 // This type is forward declared as a C struct and we cannot define it as a
226 // class. Otherwise, compiler will complain about type mismatch due to
227 // -Wmismatched-tags.
228 struct grpc_server_credentials
229 : public grpc_core::RefCounted<grpc_server_credentials> {
230 public:
grpc_server_credentialsgrpc_server_credentials231 explicit grpc_server_credentials(const char* type) : type_(type) {}
232
~grpc_server_credentialsgrpc_server_credentials233 ~grpc_server_credentials() override { DestroyProcessor(); }
234
235 // Ownership of \a args is not passed.
236 virtual grpc_core::RefCountedPtr<grpc_server_security_connector>
237 create_security_connector(const grpc_channel_args* args) = 0;
238
typegrpc_server_credentials239 const char* type() const { return type_; }
240
auth_metadata_processorgrpc_server_credentials241 const grpc_auth_metadata_processor& auth_metadata_processor() const {
242 return processor_;
243 }
244 void set_auth_metadata_processor(
245 const grpc_auth_metadata_processor& processor);
246
247 private:
DestroyProcessorgrpc_server_credentials248 void DestroyProcessor() {
249 if (processor_.destroy != nullptr && processor_.state != nullptr) {
250 processor_.destroy(processor_.state);
251 }
252 }
253
254 const char* type_;
255 grpc_auth_metadata_processor processor_ =
256 grpc_auth_metadata_processor(); // Zero-initialize the C struct.
257 };
258
259 #define GRPC_SERVER_CREDENTIALS_ARG "grpc.server_credentials"
260
261 grpc_arg grpc_server_credentials_to_arg(grpc_server_credentials* c);
262 grpc_server_credentials* grpc_server_credentials_from_arg(const grpc_arg* arg);
263 grpc_server_credentials* grpc_find_server_credentials_in_args(
264 const grpc_channel_args* args);
265
266 /* -- Credentials Metadata Request. -- */
267
268 struct grpc_credentials_metadata_request {
grpc_credentials_metadata_requestgrpc_credentials_metadata_request269 explicit grpc_credentials_metadata_request(
270 grpc_core::RefCountedPtr<grpc_call_credentials> creds)
271 : creds(std::move(creds)) {}
~grpc_credentials_metadata_requestgrpc_credentials_metadata_request272 ~grpc_credentials_metadata_request() {
273 grpc_http_response_destroy(&response);
274 }
275
276 grpc_core::RefCountedPtr<grpc_call_credentials> creds;
277 grpc_http_response response;
278 };
279
280 inline grpc_credentials_metadata_request*
grpc_credentials_metadata_request_create(grpc_core::RefCountedPtr<grpc_call_credentials> creds)281 grpc_credentials_metadata_request_create(
282 grpc_core::RefCountedPtr<grpc_call_credentials> creds) {
283 return new grpc_credentials_metadata_request(std::move(creds));
284 }
285
grpc_credentials_metadata_request_destroy(grpc_credentials_metadata_request * r)286 inline void grpc_credentials_metadata_request_destroy(
287 grpc_credentials_metadata_request* r) {
288 delete r;
289 }
290
291 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_CREDENTIALS_H */
292