gitee.com/ks-custle/core-gm@v0.0.0-20230922171213-b83bdd97b62c/grpc/credentials/google/xds.go

gitee.com/ks-custle/core-gm@v0.0.0-20230922171213-b83bdd97b62c/grpc/credentials/google/xds.go (about)

     1  /*
     2   *
     3   * Copyright 2021 gRPC authors.
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *     http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   *
    17   */
    18  
    19  package google
    20  
    21  import (
    22  	"context"
    23  	"net"
    24  	"strings"
    25  
    26  	"gitee.com/ks-custle/core-gm/grpc/credentials"
    27  	"gitee.com/ks-custle/core-gm/grpc/internal"
    28  )
    29  
    30  const cfeClusterNamePrefix = "google_cfe_"
    31  
    32  // clusterTransportCreds is a combo of TLS + ALTS.
    33  //
    34  // On the client, ClientHandshake picks TLS or ALTS based on address attributes.
    35  // - if attributes has cluster name
    36  //   - if cluster name has prefix "google_cfe_", use TLS
    37  //   - otherwise, use ALTS
    38  //
    39  // - else, do TLS
    40  //
    41  // On the server, ServerHandshake always does TLS.
    42  type clusterTransportCreds struct {
    43  	tls  credentials.TransportCredentials
    44  	alts credentials.TransportCredentials
    45  }
    46  
    47  func newClusterTransportCreds(tls, alts credentials.TransportCredentials) *clusterTransportCreds {
    48  	return &clusterTransportCreds{
    49  		tls:  tls,
    50  		alts: alts,
    51  	}
    52  }
    53  
    54  func (c *clusterTransportCreds) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
    55  	chi := credentials.ClientHandshakeInfoFromContext(ctx)
    56  	if chi.Attributes == nil {
    57  		return c.tls.ClientHandshake(ctx, authority, rawConn)
    58  	}
    59  	cn, ok := internal.GetXDSHandshakeClusterName(chi.Attributes)
    60  	if !ok || strings.HasPrefix(cn, cfeClusterNamePrefix) {
    61  		return c.tls.ClientHandshake(ctx, authority, rawConn)
    62  	}
    63  	// If attributes have cluster name, and cluster name is not cfe, it's a
    64  	// backend address, use ALTS.
    65  	return c.alts.ClientHandshake(ctx, authority, rawConn)
    66  }
    67  
    68  func (c *clusterTransportCreds) ServerHandshake(conn net.Conn) (net.Conn, credentials.AuthInfo, error) {
    69  	return c.tls.ServerHandshake(conn)
    70  }
    71  
    72  func (c *clusterTransportCreds) Info() credentials.ProtocolInfo {
    73  	// TODO: this always returns tls.Info now, because we don't have a cluster
    74  	// name to check when this method is called. This method doesn't affect
    75  	// anything important now. We may want to revisit this if it becomes more
    76  	// important later.
    77  	return c.tls.Info()
    78  }
    79  
    80  func (c *clusterTransportCreds) Clone() credentials.TransportCredentials {
    81  	return &clusterTransportCreds{
    82  		tls:  c.tls.Clone(),
    83  		alts: c.alts.Clone(),
    84  	}
    85  }
    86  
    87  func (c *clusterTransportCreds) OverrideServerName(s string) error {
    88  	if err := c.tls.OverrideServerName(s); err != nil {
    89  		return err
    90  	}
    91  	return c.alts.OverrideServerName(s)
    92  }