File: google-auth.hpp

package info (click to toggle)
syslog-ng 4.8.1-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 20,456 kB
  • sloc: ansic: 177,631; python: 13,035; cpp: 11,611; makefile: 7,012; sh: 5,147; java: 3,651; xml: 3,344; yacc: 1,377; lex: 599; perl: 193; awk: 190; objc: 162
file content (85 lines) | stat: -rw-r--r-- 2,556 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
/*
 * Copyright (c) 2023 Attila Szakacs
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 as published
 * by the Free Software Foundation, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 * As an additional exemption you are allowed to compile & link against the
 * OpenSSL libraries as published by the OpenSSL project. See the file
 * COPYING for details.
 *
 */

#ifndef GOOGLE_AUTH_HPP
#define GOOGLE_AUTH_HPP

#include "google-auth.h"
#include "cloud-auth.hpp"

#include <mutex>
#include <string>
#include <jwt-cpp/jwt.h>
#include <picojson/picojson.h>

#include "compat/curl.h"

namespace syslogng {
namespace cloud_auth {
namespace google {

class ServiceAccountAuthenticator: public syslogng::cloud_auth::Authenticator
{
public:
  ServiceAccountAuthenticator(const char *key_path, const char *audience, uint64_t token_validity_duration);
  ~ServiceAccountAuthenticator() {};

  void handle_http_header_request(HttpHeaderRequestSignalData *data);

private:
  std::string audience;
  std::string email;
  std::string private_key;
  std::string private_key_id;

  uint64_t token_validity_duration;
};

class UserManagedServiceAccountAuthenticator: public syslogng::cloud_auth::Authenticator
{
public:
  UserManagedServiceAccountAuthenticator(const char *name, const char *metadata_url);
  ~UserManagedServiceAccountAuthenticator();

  void handle_http_header_request(HttpHeaderRequestSignalData *data);

private:
  static void add_token_to_headers(HttpHeaderRequestSignalData *data, const std::string &token);
  static size_t curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp);
  bool send_token_get_request(std::string &response_payload_buffer);
  bool parse_token_and_expiry_from_response(const std::string &response_payload, std::string &token, long *expiry);

private:
  std::string name;
  std::string auth_url;

  struct curl_slist *curl_headers;

  std::mutex lock;
  std::string cached_token;
  std::chrono::system_clock::time_point refresh_token_after;
};
}
}
}

#endif