GRPC Core  0.11.0.0
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
credentials.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015, Google Inc.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are
8  * met:
9  *
10  * * Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * * Redistributions in binary form must reproduce the above
13  * copyright notice, this list of conditions and the following disclaimer
14  * in the documentation and/or other materials provided with the
15  * distribution.
16  * * Neither the name of Google Inc. nor the names of its
17  * contributors may be used to endorse or promote products derived from
18  * this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  *
32  */
33 
34 #ifndef GRPC_INTERNAL_CORE_SECURITY_CREDENTIALS_H
35 #define GRPC_INTERNAL_CORE_SECURITY_CREDENTIALS_H
36 
38 #include <grpc/grpc.h>
39 #include <grpc/grpc_security.h>
40 #include <grpc/support/sync.h>
41 
45 
47 
48 /* --- Constants. --- */
49 
50 typedef enum {
54 
55 #define GRPC_FAKE_TRANSPORT_SECURITY_TYPE "fake"
56 
57 #define GRPC_CREDENTIALS_TYPE_SSL "Ssl"
58 #define GRPC_CREDENTIALS_TYPE_OAUTH2 "Oauth2"
59 #define GRPC_CREDENTIALS_TYPE_JWT "Jwt"
60 #define GRPC_CREDENTIALS_TYPE_IAM "Iam"
61 #define GRPC_CREDENTIALS_TYPE_COMPOSITE "Composite"
62 #define GRPC_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY "FakeTransportSecurity"
63 
64 #define GRPC_AUTHORIZATION_METADATA_KEY "Authorization"
65 #define GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY \
66  "x-goog-iam-authorization-token"
67 #define GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY "x-goog-iam-authority-selector"
68 
69 #define GRPC_GOOGLE_CLOUD_SDK_CONFIG_DIRECTORY "gcloud"
70 #define GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE \
71  "application_default_credentials.json"
72 
73 #define GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS 60
74 
75 #define GRPC_COMPUTE_ENGINE_METADATA_HOST "metadata"
76 #define GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH \
77  "/computeMetadata/v1/instance/service-accounts/default/token"
78 
79 #define GRPC_GOOGLE_OAUTH2_SERVICE_HOST "www.googleapis.com"
80 #define GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH "/oauth2/v3/token"
81 
82 #define GRPC_SERVICE_ACCOUNT_POST_BODY_PREFIX \
83  "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&" \
84  "assertion="
85 
86 #define GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING \
87  "client_id=%s&client_secret=%s&refresh_token=%s&grant_type=refresh_token"
88 
89 /* --- grpc_credentials_md. --- */
90 
91 typedef struct {
95 
96 typedef struct {
98  size_t num_entries;
99  size_t allocated;
102 
104  size_t initial_capacity);
105 
106 /* Will ref key and value. */
110  const char *key, const char *value);
114 
115 /* --- grpc_credentials. --- */
116 
117 /* Creates a fake transport security credentials object for testing. */
119 /* Creates a fake server transport security credentials object for testing. */
121  void);
122 
123 /* It is the caller's responsibility to gpr_free the result if not NULL. */
125 
126 typedef void (*grpc_credentials_metadata_cb)(void *user_data,
127  grpc_credentials_md *md_elems,
128  size_t num_md,
129  grpc_credentials_status status);
130 
131 typedef struct {
132  void (*destruct)(grpc_credentials *c);
133  int (*has_request_metadata)(const grpc_credentials *c);
134  int (*has_request_metadata_only)(const grpc_credentials *c);
135  void (*get_request_metadata)(grpc_credentials *c, grpc_pollset *pollset,
136  const char *service_url,
138  void *user_data);
139  grpc_security_status (*create_security_connector)(
140  grpc_credentials *c, const char *target, const grpc_channel_args *args,
141  grpc_credentials *request_metadata_creds,
144 
147  const char *type;
149 };
150 
156  grpc_pollset *pollset,
157  const char *service_url,
159  void *user_data);
160 
161 /* Creates a security connector for the channel. May also create new channel
162  args for the channel to be used in place of the passed in const args if
163  returned non NULL. In that case the caller is responsible for destroying
164  new_args after channel creation. */
166  grpc_credentials *creds, const char *target, const grpc_channel_args *args,
167  grpc_credentials *request_metadata_creds,
169 
170 typedef struct {
172  size_t num_creds;
174 
176  grpc_credentials *composite_creds);
177 
178 /* Returns creds if creds is of the specified type or the inner creds of the
179  specified type (if found), if the creds is of type COMPOSITE.
180  If composite_creds is not NULL, *composite_creds will point to creds if of
181  type COMPOSITE in case of success. */
183  grpc_credentials *creds, const char *type,
184  grpc_credentials **composite_creds);
185 
186 /* Exposed for testing only. */
189  const struct grpc_httpcli_response *response,
190  grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime);
192 
193 /* Metadata-only credentials with the specified key and value where
194  asynchronicity can be simulated for testing. */
196  const char *md_value,
197  int is_async);
198 
199 /* Private constructor for jwt credentials from an already parsed json key.
200  Takes ownership of the key. */
203  grpc_auth_json_key key, gpr_timespec token_lifetime);
204 
205 /* Private constructor for refresh token credentials from an already parsed
206  refresh token. Takes ownership of the refresh token. */
209 
210 /* --- grpc_server_credentials. --- */
211 
212 typedef struct {
213  void (*destruct)(grpc_server_credentials *c);
214  grpc_security_status (*create_security_connector)(
217 
218 
219 /* TODO(jboeuf): Add a refcount. */
222  const char *type;
225 };
226 
229 
231  grpc_server_credentials *creds);
232 
234 
235 /* -- Ssl credentials. -- */
236 
237 typedef struct {
241 
242 typedef struct {
246 
247 /* -- Jwt credentials -- */
248 
249 typedef struct {
251 
252  /* Have a simple cache for now with just 1 entry. We could have a map based on
253  the service_url for a more sophisticated one. */
255  struct {
257  char *service_url;
259  } cached;
260 
264 
265 /* -- Oauth2TokenFetcher credentials --
266 
267  This object is a base for credentials that need to acquire an oauth2 token
268  from an http service. */
269 
272 
274  grpc_httpcli_context *http_context,
275  grpc_pollset *pollset,
276  grpc_httpcli_response_cb response_cb,
277  gpr_timespec deadline);
278 
279 typedef struct {
287 
288 /* -- GoogleRefreshToken credentials. -- */
289 
290 typedef struct {
294 
295 /* -- Oauth2 Access Token credentials. -- */
296 
297 typedef struct {
301 
302 /* -- Metadata-only Test credentials. -- */
303 
304 typedef struct {
307  int is_async;
309 
310 /* -- GoogleIAM credentials. -- */
311 
312 typedef struct {
316 
317 /* -- Composite credentials. -- */
318 
319 typedef struct {
324 
325 #endif /* GRPC_INTERNAL_CORE_SECURITY_CREDENTIALS_H */
grpc_credentials_status
Definition: credentials.h:50
const char * value
Definition: hpack_table.c:44
grpc_credentials_md_store * jwt_md
Definition: credentials.h:256
Definition: credentials.h:131
int is_async
Definition: credentials.h:307
Definition: credentials.h:290
grpc_credentials_md * entries
Definition: credentials.h:97
Definition: credentials.h:212
int grpc_credentials_has_request_metadata_only(grpc_credentials *creds)
Definition: credentials.c:105
gpr_timespec jwt_lifetime
Definition: credentials.h:262
gpr_refcount refcount
Definition: credentials.h:100
Definition: sync_generic.h:47
void(* grpc_credentials_metadata_cb)(void *user_data, grpc_credentials_md *md_elems, size_t num_md, grpc_credentials_status status)
Definition: credentials.h:126
Definition: credentials.h:91
grpc_credentials_md_store * grpc_credentials_md_store_create(size_t initial_capacity)
Definition: credentials_metadata.c:48
An array of arguments that can be passed around.
Definition: grpc.h:111
Definition: credentials.h:279
grpc_auth_metadata_processor processor
Definition: credentials.h:224
grpc_credentials_md_store * iam_md
Definition: credentials.h:314
grpc_credentials base
Definition: credentials.h:313
grpc_oauth2_token_fetcher_credentials base
Definition: credentials.h:291
const char * type
Definition: credentials.h:222
grpc_ssl_config config
Definition: credentials.h:239
grpc_credentials_status grpc_oauth2_token_fetcher_credentials_parse_server_response(const struct grpc_httpcli_response *response, grpc_credentials_md_store **token_md, gpr_timespec *token_lifetime)
char * service_url
Definition: credentials.h:257
grpc_credentials_md_store * grpc_credentials_md_store_ref(grpc_credentials_md_store *store)
Definition: credentials_metadata.c:81
grpc_credentials_md_store * md_store
Definition: credentials.h:306
Definition: credentials.h:319
const grpc_credentials_vtable * vtable
Definition: credentials.h:146
grpc_credentials * grpc_service_account_jwt_access_credentials_create_from_auth_json_key(grpc_auth_json_key key, gpr_timespec token_lifetime)
Definition: credentials.c:437
grpc_credentials base
Definition: credentials.h:305
grpc_security_status grpc_credentials_create_security_connector(grpc_credentials *creds, const char *target, const grpc_channel_args *args, grpc_credentials *request_metadata_creds, grpc_channel_security_connector **sc, grpc_channel_args **new_args)
Definition: credentials.c:126
grpc_credentials * grpc_refresh_token_credentials_create_from_auth_refresh_token(grpc_auth_refresh_token token)
Definition: credentials.c:711
grpc_credentials * grpc_credentials_contains_type(grpc_credentials *creds, const char *type, grpc_credentials **composite_creds)
Definition: credentials.c:1123
void(* grpc_fetch_oauth2_func)(grpc_credentials_metadata_request *req, grpc_httpcli_context *http_context, grpc_pollset *pollset, grpc_httpcli_response_cb response_cb, gpr_timespec deadline)
Definition: credentials.h:273
int grpc_credentials_has_request_metadata(grpc_credentials *creds)
Definition: credentials.c:100
Definition: credentials.h:242
void grpc_credentials_md_store_add(grpc_credentials_md_store *store, gpr_slice key, gpr_slice value)
Definition: credentials_metadata.c:61
char * grpc_get_well_known_google_credentials_file_path(void)
Definition: pollset_posix.h:55
gpr_mu mu
Definition: credentials.h:281
size_t num_creds
Definition: credentials.h:172
grpc_auth_json_key key
Definition: credentials.h:261
Definition: credentials.h:220
Definition: credentials.h:145
Definition: credentials.h:170
Definition: credentials.h:297
Definition: credentials.h:96
grpc_credentials * grpc_md_only_test_credentials_create(const char *md_key, const char *md_value, int is_async)
Definition: credentials.c:782
gpr_slice value
Definition: credentials.h:93
void grpc_credentials_unref(grpc_credentials *creds)
Definition: credentials.c:88
const grpc_server_credentials_vtable * vtable
Definition: credentials.h:221
void grpc_flush_cached_google_default_credentials(void)
Definition: google_default_credentials.c:217
grpc_credentials base
Definition: credentials.h:320
grpc_credentials * connector_creds
Definition: credentials.h:322
Definition: json_token.h:94
grpc_server_credentials * grpc_fake_transport_security_server_credentials_create(void)
Definition: credentials.c:902
size_t allocated
Definition: credentials.h:99
Definition: credentials.h:52
void grpc_credentials_get_request_metadata(grpc_credentials *creds, grpc_pollset *pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data)
Definition: credentials.c:110
size_t num_entries
Definition: credentials.h:98
gpr_refcount refcount
Definition: credentials.h:148
grpc_credentials_md_store * access_token_md
Definition: credentials.h:299
Definition: sync_win32.h:39
Definition: credentials.h:304
void grpc_credentials_md_store_unref(grpc_credentials_md_store *store)
Definition: credentials_metadata.c:88
Definition: security_connector.h:196
gpr_timespec jwt_expiration
Definition: credentials.h:258
Definition: grpc_security.h:275
Definition: security_connector.h:75
Definition: credentials.h:249
Definition: security_connector.h:135
Definition: json_token.h:52
Definition: credentials.h:237
grpc_credentials base
Definition: credentials.h:298
grpc_httpcli_context httpcli_context
Definition: credentials.h:284
Definition: credentials.h:312
grpc_credentials_array inner
Definition: credentials.h:321
const char * type
Definition: credentials.h:147
grpc_credentials * grpc_fake_transport_security_credentials_create(void)
Definition: credentials.c:893
gpr_mu cache_mu
Definition: credentials.h:254
gpr_timespec token_expiration
Definition: credentials.h:283
Definition: security_connector.h:165
void grpc_server_credentials_unref(grpc_server_credentials *creds)
Definition: credentials.c:148
Definition: credentials.h:51
gpr_slice key
Definition: credentials.h:92
Definition: time.h:63
const grpc_credentials_array * grpc_composite_credentials_get_credentials(grpc_credentials *composite_creds)
Definition: credentials.c:1115
void grpc_credentials_md_store_add_cstrings(grpc_credentials_md_store *store, const char *key, const char *value)
Definition: credentials_metadata.c:70
void(* grpc_httpcli_response_cb)(void *user_data, const grpc_httpcli_response *response)
Definition: httpcli.h:99
grpc_server_credentials * grpc_server_credentials_ref(grpc_server_credentials *creds)
Definition: credentials.c:141
grpc_credentials * grpc_credentials_ref(grpc_credentials *creds)
Definition: credentials.c:82
Definition: httpcli.h:58
grpc_credentials base
Definition: credentials.h:238
grpc_server_credentials base
Definition: credentials.h:243
Definition: credentials.c:54
Definition: httpcli.h:87
grpc_credentials_md_store * access_token_md
Definition: credentials.h:282
grpc_security_status
Definition: security_connector.h:43
const char * key
Definition: hpack_table.c:43
Definition: slice.h:79
grpc_fetch_oauth2_func fetch_func
Definition: credentials.h:285
grpc_auth_refresh_token refresh_token
Definition: credentials.h:292
grpc_security_status grpc_server_credentials_create_security_connector(grpc_server_credentials *creds, grpc_security_connector **sc)
Definition: credentials.c:163
grpc_credentials base
Definition: credentials.h:250
grpc_credentials ** creds_array
Definition: credentials.h:171
grpc_ssl_server_config config
Definition: credentials.h:244
gpr_refcount refcount
Definition: credentials.h:223
grpc_credentials base
Definition: credentials.h:280