123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289 |
- package credentials
- import (
- "context"
- "errors"
- "fmt"
- "net"
- "github.com/golang/protobuf/proto"
- "google.golang.org/grpc/attributes"
- "google.golang.org/grpc/internal"
- )
- type PerRPCCredentials interface {
-
-
-
-
-
-
-
-
-
-
- GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)
-
-
- RequireTransportSecurity() bool
- }
- type SecurityLevel int
- const (
-
-
- Invalid SecurityLevel = iota
-
- NoSecurity
-
- IntegrityOnly
-
- PrivacyAndIntegrity
- )
- func (s SecurityLevel) String() string {
- switch s {
- case NoSecurity:
- return "NoSecurity"
- case IntegrityOnly:
- return "IntegrityOnly"
- case PrivacyAndIntegrity:
- return "PrivacyAndIntegrity"
- }
- return fmt.Sprintf("invalid SecurityLevel: %v", int(s))
- }
- type CommonAuthInfo struct {
- SecurityLevel SecurityLevel
- }
- func (c *CommonAuthInfo) GetCommonAuthInfo() *CommonAuthInfo {
- return c
- }
- type ProtocolInfo struct {
-
- ProtocolVersion string
-
- SecurityProtocol string
-
-
-
-
-
- SecurityVersion string
-
- ServerName string
- }
- type AuthInfo interface {
- AuthType() string
- }
- var ErrConnDispatched = errors.New("credentials: rawConn is dispatched out of gRPC")
- type TransportCredentials interface {
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error)
-
-
-
-
-
-
- ServerHandshake(net.Conn) (net.Conn, AuthInfo, error)
-
- Info() ProtocolInfo
-
- Clone() TransportCredentials
-
-
-
- OverrideServerName(string) error
- }
- type Bundle interface {
- TransportCredentials() TransportCredentials
- PerRPCCredentials() PerRPCCredentials
-
-
-
-
- NewWithMode(mode string) (Bundle, error)
- }
- type RequestInfo struct {
-
- Method string
-
- AuthInfo AuthInfo
- }
- type requestInfoKey struct{}
- func RequestInfoFromContext(ctx context.Context) (ri RequestInfo, ok bool) {
- ri, ok = ctx.Value(requestInfoKey{}).(RequestInfo)
- return
- }
- type ClientHandshakeInfo struct {
-
-
- Attributes *attributes.Attributes
- }
- type clientHandshakeInfoKey struct{}
- func ClientHandshakeInfoFromContext(ctx context.Context) ClientHandshakeInfo {
- chi, _ := ctx.Value(clientHandshakeInfoKey{}).(ClientHandshakeInfo)
- return chi
- }
- func CheckSecurityLevel(ctx context.Context, level SecurityLevel) error {
- type internalInfo interface {
- GetCommonAuthInfo() *CommonAuthInfo
- }
- ri, _ := RequestInfoFromContext(ctx)
- if ri.AuthInfo == nil {
- return errors.New("unable to obtain SecurityLevel from context")
- }
- if ci, ok := ri.AuthInfo.(internalInfo); ok {
-
- if ci.GetCommonAuthInfo().SecurityLevel == Invalid {
- return nil
- }
- if ci.GetCommonAuthInfo().SecurityLevel < level {
- return fmt.Errorf("requires SecurityLevel %v; connection has %v", level, ci.GetCommonAuthInfo().SecurityLevel)
- }
- }
-
- return nil
- }
- func init() {
- internal.NewRequestInfoContext = func(ctx context.Context, ri RequestInfo) context.Context {
- return context.WithValue(ctx, requestInfoKey{}, ri)
- }
- internal.NewClientHandshakeInfoContext = func(ctx context.Context, chi ClientHandshakeInfo) context.Context {
- return context.WithValue(ctx, clientHandshakeInfoKey{}, chi)
- }
- }
- type ChannelzSecurityInfo interface {
- GetSecurityValue() ChannelzSecurityValue
- }
- type ChannelzSecurityValue interface {
- isChannelzSecurityValue()
- }
- type OtherChannelzSecurityValue struct {
- ChannelzSecurityValue
- Name string
- Value proto.Message
- }
|