1*cc02d7e2SAndroid Build Coastguard Worker // 2*cc02d7e2SAndroid Build Coastguard Worker // 3*cc02d7e2SAndroid Build Coastguard Worker // Copyright 2019 gRPC authors. 4*cc02d7e2SAndroid Build Coastguard Worker // 5*cc02d7e2SAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License"); 6*cc02d7e2SAndroid Build Coastguard Worker // you may not use this file except in compliance with the License. 7*cc02d7e2SAndroid Build Coastguard Worker // You may obtain a copy of the License at 8*cc02d7e2SAndroid Build Coastguard Worker // 9*cc02d7e2SAndroid Build Coastguard Worker // http://www.apache.org/licenses/LICENSE-2.0 10*cc02d7e2SAndroid Build Coastguard Worker // 11*cc02d7e2SAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software 12*cc02d7e2SAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS, 13*cc02d7e2SAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*cc02d7e2SAndroid Build Coastguard Worker // See the License for the specific language governing permissions and 15*cc02d7e2SAndroid Build Coastguard Worker // limitations under the License. 16*cc02d7e2SAndroid Build Coastguard Worker // 17*cc02d7e2SAndroid Build Coastguard Worker // 18*cc02d7e2SAndroid Build Coastguard Worker 19*cc02d7e2SAndroid Build Coastguard Worker #ifndef GRPCPP_SECURITY_ALTS_UTIL_H 20*cc02d7e2SAndroid Build Coastguard Worker #define GRPCPP_SECURITY_ALTS_UTIL_H 21*cc02d7e2SAndroid Build Coastguard Worker 22*cc02d7e2SAndroid Build Coastguard Worker #include <memory> 23*cc02d7e2SAndroid Build Coastguard Worker 24*cc02d7e2SAndroid Build Coastguard Worker #include <grpc/grpc_security_constants.h> 25*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/security/alts_context.h> 26*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/security/auth_context.h> 27*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/support/status.h> 28*cc02d7e2SAndroid Build Coastguard Worker 29*cc02d7e2SAndroid Build Coastguard Worker struct grpc_gcp_AltsContext; 30*cc02d7e2SAndroid Build Coastguard Worker 31*cc02d7e2SAndroid Build Coastguard Worker namespace grpc { 32*cc02d7e2SAndroid Build Coastguard Worker namespace experimental { 33*cc02d7e2SAndroid Build Coastguard Worker 34*cc02d7e2SAndroid Build Coastguard Worker // GetAltsContextFromAuthContext helps to get the AltsContext from AuthContext. 35*cc02d7e2SAndroid Build Coastguard Worker // If ALTS is not the transport security protocol used to establish the 36*cc02d7e2SAndroid Build Coastguard Worker // connection, this function will return nullptr. 37*cc02d7e2SAndroid Build Coastguard Worker std::unique_ptr<AltsContext> GetAltsContextFromAuthContext( 38*cc02d7e2SAndroid Build Coastguard Worker const std::shared_ptr<const AuthContext>& auth_context); 39*cc02d7e2SAndroid Build Coastguard Worker 40*cc02d7e2SAndroid Build Coastguard Worker // This utility function performs ALTS client authorization check on server 41*cc02d7e2SAndroid Build Coastguard Worker // side, i.e., checks if the client identity matches one of the expected service 42*cc02d7e2SAndroid Build Coastguard Worker // accounts. It returns OK if client is authorized and an error otherwise. 43*cc02d7e2SAndroid Build Coastguard Worker grpc::Status AltsClientAuthzCheck( 44*cc02d7e2SAndroid Build Coastguard Worker const std::shared_ptr<const AuthContext>& auth_context, 45*cc02d7e2SAndroid Build Coastguard Worker const std::vector<std::string>& expected_service_accounts); 46*cc02d7e2SAndroid Build Coastguard Worker 47*cc02d7e2SAndroid Build Coastguard Worker } // namespace experimental 48*cc02d7e2SAndroid Build Coastguard Worker } // namespace grpc 49*cc02d7e2SAndroid Build Coastguard Worker 50*cc02d7e2SAndroid Build Coastguard Worker #endif // GRPCPP_SECURITY_ALTS_UTIL_H 51