diff --git a/alts/src/main/java/io/grpc/alts/AuthorizationUtil.java b/alts/src/main/java/io/grpc/alts/AuthorizationUtil.java new file mode 100644 index 00000000000..ac7e2f03320 --- /dev/null +++ b/alts/src/main/java/io/grpc/alts/AuthorizationUtil.java @@ -0,0 +1,48 @@ +/* + * Copyright 2019 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.alts; + +import io.grpc.ServerCall; +import io.grpc.Status; +import io.grpc.alts.internal.AltsAuthContext; +import io.grpc.alts.internal.AltsProtocolNegotiator; +import java.util.Collection; + +/** Utility class for ALTS client authorization. */ +public final class AuthorizationUtil { + + private AuthorizationUtil() {} + + /** + * Given a server call, performs client authorization check, i.e., checks if the client service + * account matches one of the expected service accounts. It returns OK if client is authorized and + * an error otherwise. + */ + public static Status clientAuthorizationCheck( + ServerCall call, Collection expectedServiceAccounts) { + AltsAuthContext altsContext = + (AltsAuthContext) call.getAttributes().get(AltsProtocolNegotiator.AUTH_CONTEXT_KEY); + if (altsContext == null) { + return Status.NOT_FOUND.withDescription("Peer ALTS AuthContext not found"); + } + if (expectedServiceAccounts.contains(altsContext.getPeerServiceAccount())) { + return Status.OK; + } + return Status.PERMISSION_DENIED.withDescription( + "Client " + altsContext.getPeerServiceAccount() + " is not authorized"); + } +} diff --git a/alts/src/test/java/io/grpc/alts/AuthorizationUtilTest.java b/alts/src/test/java/io/grpc/alts/AuthorizationUtilTest.java new file mode 100644 index 00000000000..a045675defe --- /dev/null +++ b/alts/src/test/java/io/grpc/alts/AuthorizationUtilTest.java @@ -0,0 +1,114 @@ +/* + * Copyright 2019 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.alts; + +import static com.google.common.truth.Truth.assertThat; + +import com.google.common.collect.Lists; +import io.grpc.Attributes; +import io.grpc.Metadata; +import io.grpc.MethodDescriptor; +import io.grpc.ServerCall; +import io.grpc.Status; +import io.grpc.alts.internal.AltsAuthContext; +import io.grpc.alts.internal.AltsProtocolNegotiator; +import io.grpc.alts.internal.HandshakerResult; +import io.grpc.alts.internal.Identity; +import javax.annotation.Nullable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@link AuthorizationUtil}. */ +@RunWith(JUnit4.class) +public final class AuthorizationUtilTest { + + @Test + public void altsAuthorizationCheck() throws Exception { + Status status = + AuthorizationUtil.clientAuthorizationCheck( + new FakeServerCall(null), Lists.newArrayList("Alice")); + assertThat(status.getCode()).isEqualTo(Status.Code.NOT_FOUND); + assertThat(status.getDescription()).startsWith("Peer ALTS AuthContext not found"); + status = + AuthorizationUtil.clientAuthorizationCheck( + new FakeServerCall("Alice"), Lists.newArrayList("Alice", "Bob")); + assertThat(status.getCode()).isEqualTo(Status.Code.OK); + status = + AuthorizationUtil.clientAuthorizationCheck( + new FakeServerCall("Alice"), Lists.newArrayList("Bob", "Joe")); + assertThat(status.getCode()).isEqualTo(Status.Code.PERMISSION_DENIED); + assertThat(status.getDescription()).endsWith("not authorized"); + } + + private static class FakeServerCall extends ServerCall { + final Attributes attrs; + + FakeServerCall(@Nullable String peerServiceAccount) { + Attributes.Builder attrsBuilder = Attributes.newBuilder(); + if (peerServiceAccount != null) { + HandshakerResult handshakerResult = + HandshakerResult.newBuilder() + .setPeerIdentity(Identity.newBuilder().setServiceAccount(peerServiceAccount)) + .build(); + AltsAuthContext altsAuthContext = new AltsAuthContext(handshakerResult); + attrsBuilder.set(AltsProtocolNegotiator.AUTH_CONTEXT_KEY, altsAuthContext); + } + attrs = attrsBuilder.build(); + } + + @Override + public void request(int numMessages) { + throw new AssertionError("Should not be called"); + } + + @Override + public void sendHeaders(Metadata headers) { + throw new AssertionError("Should not be called"); + } + + @Override + public void sendMessage(String message) { + throw new AssertionError("Should not be called"); + } + + @Override + public void close(Status status, Metadata trailers) { + throw new AssertionError("Should not be called"); + } + + @Override + public boolean isCancelled() { + throw new AssertionError("Should not be called"); + } + + @Override + public Attributes getAttributes() { + return attrs; + } + + @Override + public String getAuthority() { + throw new AssertionError("Should not be called"); + } + + @Override + public MethodDescriptor getMethodDescriptor() { + throw new AssertionError("Should not be called"); + } + } +}