1/* 2 * 3 * Copyright 2018 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19// Package authinfo provide authentication information returned by handshakers. 20package authinfo 21 22import ( 23 "google.golang.org/grpc/credentials" 24 altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp" 25) 26 27var _ credentials.AuthInfo = (*altsAuthInfo)(nil) 28 29// altsAuthInfo exposes security information from the ALTS handshake to the 30// application. altsAuthInfo is immutable and implements credentials.AuthInfo. 31type altsAuthInfo struct { 32 p *altspb.AltsContext 33 credentials.CommonAuthInfo 34} 35 36// New returns a new altsAuthInfo object given handshaker results. 37func New(result *altspb.HandshakerResult) credentials.AuthInfo { 38 return newAuthInfo(result) 39} 40 41func newAuthInfo(result *altspb.HandshakerResult) *altsAuthInfo { 42 return &altsAuthInfo{ 43 p: &altspb.AltsContext{ 44 ApplicationProtocol: result.GetApplicationProtocol(), 45 RecordProtocol: result.GetRecordProtocol(), 46 // TODO: assign security level from result. 47 SecurityLevel: altspb.SecurityLevel_INTEGRITY_AND_PRIVACY, 48 PeerServiceAccount: result.GetPeerIdentity().GetServiceAccount(), 49 LocalServiceAccount: result.GetLocalIdentity().GetServiceAccount(), 50 PeerRpcVersions: result.GetPeerRpcVersions(), 51 }, 52 CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity}, 53 } 54} 55 56// AuthType identifies the context as providing ALTS authentication information. 57func (s *altsAuthInfo) AuthType() string { 58 return "alts" 59} 60 61// ApplicationProtocol returns the context's application protocol. 62func (s *altsAuthInfo) ApplicationProtocol() string { 63 return s.p.GetApplicationProtocol() 64} 65 66// RecordProtocol returns the context's record protocol. 67func (s *altsAuthInfo) RecordProtocol() string { 68 return s.p.GetRecordProtocol() 69} 70 71// SecurityLevel returns the context's security level. 72func (s *altsAuthInfo) SecurityLevel() altspb.SecurityLevel { 73 return s.p.GetSecurityLevel() 74} 75 76// PeerServiceAccount returns the context's peer service account. 77func (s *altsAuthInfo) PeerServiceAccount() string { 78 return s.p.GetPeerServiceAccount() 79} 80 81// LocalServiceAccount returns the context's local service account. 82func (s *altsAuthInfo) LocalServiceAccount() string { 83 return s.p.GetLocalServiceAccount() 84} 85 86// PeerRPCVersions returns the context's peer RPC versions. 87func (s *altsAuthInfo) PeerRPCVersions() *altspb.RpcProtocolVersions { 88 return s.p.GetPeerRpcVersions() 89} 90