File: authinfo.go

package info (click to toggle)
golang-github-google-s2a-go 0.1.8-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,800 kB
  • sloc: sh: 144; makefile: 9
file content (119 lines) | stat: -rw-r--r-- 4,056 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
/*
 *
 * Copyright 2021 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

// Package authinfo provides authentication and authorization information that
// results from the TLS handshake.
package authinfo

import (
	"errors"

	commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
	contextpb "github.com/google/s2a-go/internal/proto/s2a_context_go_proto"
	grpcpb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
	"google.golang.org/grpc/credentials"
)

var _ credentials.AuthInfo = (*S2AAuthInfo)(nil)

const s2aAuthType = "s2a"

// S2AAuthInfo exposes authentication and authorization information from the
// S2A session result to the gRPC stack.
type S2AAuthInfo struct {
	s2aContext     *contextpb.S2AContext
	commonAuthInfo credentials.CommonAuthInfo
}

// NewS2AAuthInfo returns a new S2AAuthInfo object from the S2A session result.
func NewS2AAuthInfo(result *grpcpb.SessionResult) (credentials.AuthInfo, error) {
	return newS2AAuthInfo(result)
}

func newS2AAuthInfo(result *grpcpb.SessionResult) (*S2AAuthInfo, error) {
	if result == nil {
		return nil, errors.New("NewS2aAuthInfo given nil session result")
	}
	return &S2AAuthInfo{
		s2aContext: &contextpb.S2AContext{
			ApplicationProtocol:  result.GetApplicationProtocol(),
			TlsVersion:           result.GetState().GetTlsVersion(),
			Ciphersuite:          result.GetState().GetTlsCiphersuite(),
			PeerIdentity:         result.GetPeerIdentity(),
			LocalIdentity:        result.GetLocalIdentity(),
			PeerCertFingerprint:  result.GetPeerCertFingerprint(),
			LocalCertFingerprint: result.GetLocalCertFingerprint(),
			IsHandshakeResumed:   result.GetState().GetIsHandshakeResumed(),
		},
		commonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity},
	}, nil
}

// AuthType returns the authentication type.
func (s *S2AAuthInfo) AuthType() string {
	return s2aAuthType
}

// ApplicationProtocol returns the application protocol, e.g. "grpc".
func (s *S2AAuthInfo) ApplicationProtocol() string {
	return s.s2aContext.GetApplicationProtocol()
}

// TLSVersion returns the TLS version negotiated during the handshake.
func (s *S2AAuthInfo) TLSVersion() commonpb.TLSVersion {
	return s.s2aContext.GetTlsVersion()
}

// Ciphersuite returns the ciphersuite negotiated during the handshake.
func (s *S2AAuthInfo) Ciphersuite() commonpb.Ciphersuite {
	return s.s2aContext.GetCiphersuite()
}

// PeerIdentity returns the authenticated identity of the peer.
func (s *S2AAuthInfo) PeerIdentity() *commonpb.Identity {
	return s.s2aContext.GetPeerIdentity()
}

// LocalIdentity returns the local identity of the application used during
// session setup.
func (s *S2AAuthInfo) LocalIdentity() *commonpb.Identity {
	return s.s2aContext.GetLocalIdentity()
}

// PeerCertFingerprint returns the SHA256 hash of the peer certificate used in
// the S2A handshake.
func (s *S2AAuthInfo) PeerCertFingerprint() []byte {
	return s.s2aContext.GetPeerCertFingerprint()
}

// LocalCertFingerprint returns the SHA256 hash of the local certificate used
// in the S2A handshake.
func (s *S2AAuthInfo) LocalCertFingerprint() []byte {
	return s.s2aContext.GetLocalCertFingerprint()
}

// IsHandshakeResumed returns true if a cached session was used to resume
// the handshake.
func (s *S2AAuthInfo) IsHandshakeResumed() bool {
	return s.s2aContext.GetIsHandshakeResumed()
}

// SecurityLevel returns the security level of the connection.
func (s *S2AAuthInfo) SecurityLevel() credentials.SecurityLevel {
	return s.commonAuthInfo.SecurityLevel
}