gitee.com/ks-custle/core-gm@v0.0.0-20230922171213-b83bdd97b62c/grpc/credentials/local/local.go (about)

     1  /*
     2   *
     3   * Copyright 2020 gRPC authors.
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *     http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   *
    17   */
    18  
    19  // Package local implements local transport credentials.
    20  // Local credentials reports the security level based on the type
    21  // of connetion. If the connection is local TCP, NoSecurity will be
    22  // reported, and if the connection is UDS, PrivacyAndIntegrity will be
    23  // reported. If local credentials is not used in local connections
    24  // (local TCP or UDS), it will fail.
    25  //
    26  // # Experimental
    27  //
    28  // Notice: This package is EXPERIMENTAL and may be changed or removed in a
    29  // later release.
    30  package local
    31  
    32  import (
    33  	"context"
    34  	"fmt"
    35  	"net"
    36  	"strings"
    37  
    38  	"gitee.com/ks-custle/core-gm/grpc/credentials"
    39  )
    40  
    41  // info contains the auth information for a local connection.
    42  // It implements the AuthInfo interface.
    43  type info struct {
    44  	credentials.CommonAuthInfo
    45  }
    46  
    47  // AuthType returns the type of info as a string.
    48  func (info) AuthType() string {
    49  	return "local"
    50  }
    51  
    52  // localTC is the credentials required to establish a local connection.
    53  type localTC struct {
    54  	info credentials.ProtocolInfo
    55  }
    56  
    57  func (c *localTC) Info() credentials.ProtocolInfo {
    58  	return c.info
    59  }
    60  
    61  // getSecurityLevel returns the security level for a local connection.
    62  // It returns an error if a connection is not local.
    63  func getSecurityLevel(network, addr string) (credentials.SecurityLevel, error) {
    64  	switch {
    65  	// Local TCP connection
    66  	case strings.HasPrefix(addr, "127."), strings.HasPrefix(addr, "[::1]:"):
    67  		return credentials.NoSecurity, nil
    68  	// UDS connection
    69  	case network == "unix":
    70  		return credentials.PrivacyAndIntegrity, nil
    71  	// Not a local connection and should fail
    72  	default:
    73  		return credentials.InvalidSecurityLevel, fmt.Errorf("local credentials rejected connection to non-local address %q", addr)
    74  	}
    75  }
    76  
    77  func (*localTC) ClientHandshake(ctx context.Context, authority string, conn net.Conn) (net.Conn, credentials.AuthInfo, error) {
    78  	secLevel, err := getSecurityLevel(conn.RemoteAddr().Network(), conn.RemoteAddr().String())
    79  	if err != nil {
    80  		return nil, nil, err
    81  	}
    82  	return conn, info{credentials.CommonAuthInfo{SecurityLevel: secLevel}}, nil
    83  }
    84  
    85  func (*localTC) ServerHandshake(conn net.Conn) (net.Conn, credentials.AuthInfo, error) {
    86  	secLevel, err := getSecurityLevel(conn.RemoteAddr().Network(), conn.RemoteAddr().String())
    87  	if err != nil {
    88  		return nil, nil, err
    89  	}
    90  	return conn, info{credentials.CommonAuthInfo{SecurityLevel: secLevel}}, nil
    91  }
    92  
    93  // NewCredentials returns a local credential implementing credentials.TransportCredentials.
    94  func NewCredentials() credentials.TransportCredentials {
    95  	return &localTC{
    96  		info: credentials.ProtocolInfo{
    97  			SecurityProtocol: "local",
    98  		},
    99  	}
   100  }
   101  
   102  // Clone makes a copy of Local credentials.
   103  func (c *localTC) Clone() credentials.TransportCredentials {
   104  	return &localTC{info: c.info}
   105  }
   106  
   107  // OverrideServerName overrides the server name used to verify the hostname on the returned certificates from the server.
   108  // Since this feature is specific to TLS (SNI + hostname verification check), it does not take any effet for local credentials.
   109  func (c *localTC) OverrideServerName(serverNameOverride string) error {
   110  	c.info.ServerName = serverNameOverride
   111  	return nil
   112  }