1 //
2 //
3 // Copyright 2015 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #ifndef GRPC_SRC_CPP_CLIENT_SECURE_CREDENTIALS_H
20 #define GRPC_SRC_CPP_CLIENT_SECURE_CREDENTIALS_H
21 
22 #include <stddef.h>
23 
24 #include <memory>
25 #include <string>
26 #include <vector>
27 
28 #include "absl/strings/str_cat.h"
29 
30 #include <grpc/grpc.h>
31 #include <grpc/grpc_security.h>
32 #include <grpc/status.h>
33 #include <grpcpp/channel.h>
34 #include <grpcpp/impl/grpc_library.h>
35 #include <grpcpp/security/credentials.h>
36 #include <grpcpp/support/channel_arguments.h>
37 #include <grpcpp/support/client_interceptor.h>
38 // TODO(yashykt): We shouldn't be including "src/core" headers.
39 #include "src/core/lib/iomgr/exec_ctx.h"
40 #include "src/core/lib/security/credentials/credentials.h"
41 #include "src/cpp/server/thread_pool_interface.h"
42 
43 namespace grpc {
44 
45 class Channel;
46 
47 class SecureChannelCredentials final : public ChannelCredentials {
48  public:
49   explicit SecureChannelCredentials(grpc_channel_credentials* c_creds);
~SecureChannelCredentials()50   ~SecureChannelCredentials() override {
51     grpc_core::ExecCtx exec_ctx;
52     if (c_creds_ != nullptr) c_creds_->Unref();
53   }
GetRawCreds()54   grpc_channel_credentials* GetRawCreds() { return c_creds_; }
55 
56   std::shared_ptr<Channel> CreateChannelImpl(
57       const std::string& target, const ChannelArguments& args) override;
58 
AsSecureCredentials()59   SecureChannelCredentials* AsSecureCredentials() override { return this; }
60 
61  private:
62   std::shared_ptr<Channel> CreateChannelWithInterceptors(
63       const std::string& target, const ChannelArguments& args,
64       std::vector<std::unique_ptr<
65           grpc::experimental::ClientInterceptorFactoryInterface>>
66           interceptor_creators) override;
67   grpc_channel_credentials* const c_creds_;
68 };
69 
70 class SecureCallCredentials final : public CallCredentials {
71  public:
72   explicit SecureCallCredentials(grpc_call_credentials* c_creds);
~SecureCallCredentials()73   ~SecureCallCredentials() override {
74     grpc_core::ExecCtx exec_ctx;
75     if (c_creds_ != nullptr) c_creds_->Unref();
76   }
GetRawCreds()77   grpc_call_credentials* GetRawCreds() { return c_creds_; }
78 
79   bool ApplyToCall(grpc_call* call) override;
AsSecureCredentials()80   SecureCallCredentials* AsSecureCredentials() override { return this; }
DebugString()81   std::string DebugString() override {
82     return absl::StrCat("SecureCallCredentials{",
83                         std::string(c_creds_->debug_string()), "}");
84   }
85 
86  private:
87   grpc_call_credentials* const c_creds_;
88 };
89 
90 namespace internal {
91 
92 std::shared_ptr<ChannelCredentials> WrapChannelCredentials(
93     grpc_channel_credentials* creds);
94 
95 }  // namespace internal
96 
97 namespace experimental {
98 
99 // Transforms C++ STS Credentials options to core options. The pointers of the
100 // resulting core options point to the memory held by the C++ options so C++
101 // options need to be kept alive until after the core credentials creation.
102 grpc_sts_credentials_options StsCredentialsCppToCoreOptions(
103     const StsCredentialsOptions& options);
104 
105 }  // namespace experimental
106 
107 class MetadataCredentialsPluginWrapper final : private internal::GrpcLibrary {
108  public:
109   static void Destroy(void* wrapper);
110   static int GetMetadata(
111       void* wrapper, grpc_auth_metadata_context context,
112       grpc_credentials_plugin_metadata_cb cb, void* user_data,
113       grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
114       size_t* num_creds_md, grpc_status_code* status,
115       const char** error_details);
116   static char* DebugString(void* wrapper);
117 
118   explicit MetadataCredentialsPluginWrapper(
119       std::unique_ptr<MetadataCredentialsPlugin> plugin);
120 
121  private:
122   void InvokePlugin(
123       grpc_auth_metadata_context context,
124       grpc_credentials_plugin_metadata_cb cb, void* user_data,
125       grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
126       size_t* num_creds_md, grpc_status_code* status_code,
127       const char** error_details);
128   std::unique_ptr<ThreadPoolInterface> thread_pool_;
129   std::unique_ptr<MetadataCredentialsPlugin> plugin_;
130 };
131 
132 }  // namespace grpc
133 
134 #endif  // GRPC_SRC_CPP_CLIENT_SECURE_CREDENTIALS_H
135