gitee.com/ks-custle/core-gm@v0.0.0-20230922171213-b83bdd97b62c/grpc/credentials/local/local.go (about) 1 /* 2 * 3 * Copyright 2020 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 // Package local implements local transport credentials. 20 // Local credentials reports the security level based on the type 21 // of connetion. If the connection is local TCP, NoSecurity will be 22 // reported, and if the connection is UDS, PrivacyAndIntegrity will be 23 // reported. If local credentials is not used in local connections 24 // (local TCP or UDS), it will fail. 25 // 26 // # Experimental 27 // 28 // Notice: This package is EXPERIMENTAL and may be changed or removed in a 29 // later release. 30 package local 31 32 import ( 33 "context" 34 "fmt" 35 "net" 36 "strings" 37 38 "gitee.com/ks-custle/core-gm/grpc/credentials" 39 ) 40 41 // info contains the auth information for a local connection. 42 // It implements the AuthInfo interface. 43 type info struct { 44 credentials.CommonAuthInfo 45 } 46 47 // AuthType returns the type of info as a string. 48 func (info) AuthType() string { 49 return "local" 50 } 51 52 // localTC is the credentials required to establish a local connection. 53 type localTC struct { 54 info credentials.ProtocolInfo 55 } 56 57 func (c *localTC) Info() credentials.ProtocolInfo { 58 return c.info 59 } 60 61 // getSecurityLevel returns the security level for a local connection. 62 // It returns an error if a connection is not local. 63 func getSecurityLevel(network, addr string) (credentials.SecurityLevel, error) { 64 switch { 65 // Local TCP connection 66 case strings.HasPrefix(addr, "127."), strings.HasPrefix(addr, "[::1]:"): 67 return credentials.NoSecurity, nil 68 // UDS connection 69 case network == "unix": 70 return credentials.PrivacyAndIntegrity, nil 71 // Not a local connection and should fail 72 default: 73 return credentials.InvalidSecurityLevel, fmt.Errorf("local credentials rejected connection to non-local address %q", addr) 74 } 75 } 76 77 func (*localTC) ClientHandshake(ctx context.Context, authority string, conn net.Conn) (net.Conn, credentials.AuthInfo, error) { 78 secLevel, err := getSecurityLevel(conn.RemoteAddr().Network(), conn.RemoteAddr().String()) 79 if err != nil { 80 return nil, nil, err 81 } 82 return conn, info{credentials.CommonAuthInfo{SecurityLevel: secLevel}}, nil 83 } 84 85 func (*localTC) ServerHandshake(conn net.Conn) (net.Conn, credentials.AuthInfo, error) { 86 secLevel, err := getSecurityLevel(conn.RemoteAddr().Network(), conn.RemoteAddr().String()) 87 if err != nil { 88 return nil, nil, err 89 } 90 return conn, info{credentials.CommonAuthInfo{SecurityLevel: secLevel}}, nil 91 } 92 93 // NewCredentials returns a local credential implementing credentials.TransportCredentials. 94 func NewCredentials() credentials.TransportCredentials { 95 return &localTC{ 96 info: credentials.ProtocolInfo{ 97 SecurityProtocol: "local", 98 }, 99 } 100 } 101 102 // Clone makes a copy of Local credentials. 103 func (c *localTC) Clone() credentials.TransportCredentials { 104 return &localTC{info: c.info} 105 } 106 107 // OverrideServerName overrides the server name used to verify the hostname on the returned certificates from the server. 108 // Since this feature is specific to TLS (SNI + hostname verification check), it does not take any effet for local credentials. 109 func (c *localTC) OverrideServerName(serverNameOverride string) error { 110 c.info.ServerName = serverNameOverride 111 return nil 112 }