Include instance id token in Cloud host session authz requests
Bug: 388885661 Change-Id: Ia9e20758d309a8f496bcc67c04178b5d2c37f44b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6302313 Reviewed-by: Gary Kacmarcik <garykac@chromium.org> Commit-Queue: Joe Downing <joedow@chromium.org> Cr-Commit-Position: refs/heads/main@{#1424645}
This commit is contained in:
Joe Downing
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
ecb88ae109
commit
a251ef1b76
@ -391,12 +391,16 @@ void CloudServiceClient::UpdateRemoteAccessHost(
|
||||
std::move(callback));
|
||||
}
|
||||
|
||||
void CloudServiceClient::GenerateHostToken(GenerateHostTokenCallback callback) {
|
||||
void CloudServiceClient::GenerateHostToken(
|
||||
std::string_view instance_identity_token,
|
||||
GenerateHostTokenCallback callback) {
|
||||
constexpr char path[] = "/v1alpha/sessionAuthz:generateHostToken";
|
||||
|
||||
auto request = std::make_unique<GenerateHostTokenRequest>();
|
||||
request->set_instance_identity_token(instance_identity_token);
|
||||
|
||||
ExecuteRequest(kGenerateHostTokenTrafficAnnotation, path, /*api_key=*/"",
|
||||
net::HttpRequestHeaders::kPostMethod,
|
||||
std::make_unique<GenerateHostTokenRequest>(),
|
||||
net::HttpRequestHeaders::kPostMethod, std::move(request),
|
||||
std::move(callback));
|
||||
}
|
||||
|
||||
@ -411,11 +415,13 @@ void CloudServiceClient::GenerateIceConfig(GenerateIceConfigCallback callback) {
|
||||
|
||||
void CloudServiceClient::VerifySessionToken(
|
||||
const std::string& session_token,
|
||||
std::string_view instance_identity_token,
|
||||
VerifySessionTokenCallback callback) {
|
||||
constexpr char path[] = "/v1alpha/sessionAuthz:verifySessionToken";
|
||||
|
||||
auto request = std::make_unique<VerifySessionTokenRequest>();
|
||||
request->set_session_token(session_token);
|
||||
request->set_instance_identity_token(instance_identity_token);
|
||||
|
||||
ExecuteRequest(kVerifySessionTokenTrafficAnnotation, path, /*api_key=*/"",
|
||||
net::HttpRequestHeaders::kPostMethod, std::move(request),
|
||||
@ -425,12 +431,14 @@ void CloudServiceClient::VerifySessionToken(
|
||||
void CloudServiceClient::ReauthorizeHost(
|
||||
const std::string& session_reauth_token,
|
||||
const std::string& session_id,
|
||||
std::string_view instance_identity_token,
|
||||
ReauthorizeHostCallback callback) {
|
||||
constexpr char path[] = "/v1alpha/sessionAuthz:reauthorizeHost";
|
||||
|
||||
auto request = std::make_unique<ReauthorizeHostRequest>();
|
||||
request->set_session_reauth_token(session_reauth_token);
|
||||
request->set_session_id(session_id);
|
||||
request->set_instance_identity_token(instance_identity_token);
|
||||
|
||||
ExecuteRequest(kReauthorizeHostTrafficAnnotation, path, /*api_key=*/"",
|
||||
net::HttpRequestHeaders::kPostMethod, std::move(request),
|
||||
|
||||
@ -114,13 +114,16 @@ class CloudServiceClient {
|
||||
|
||||
void GenerateIceConfig(GenerateIceConfigCallback callback);
|
||||
|
||||
void GenerateHostToken(GenerateHostTokenCallback callback);
|
||||
void GenerateHostToken(std::string_view instance_identity_token,
|
||||
GenerateHostTokenCallback callback);
|
||||
|
||||
void VerifySessionToken(const std::string& session_token,
|
||||
std::string_view instance_identity_token,
|
||||
VerifySessionTokenCallback callback);
|
||||
|
||||
void ReauthorizeHost(const std::string& session_reauth_token,
|
||||
const std::string& session_id,
|
||||
std::string_view instance_identity_token,
|
||||
ReauthorizeHostCallback callback);
|
||||
|
||||
void CancelPendingRequests();
|
||||
|
||||
@ -60,6 +60,17 @@ class CloudSessionAuthzServiceClient : public SessionAuthzServiceClient {
|
||||
ReauthorizeHostCallback callback) override;
|
||||
|
||||
private:
|
||||
// Overloads used to create callbacks for |instance_identity_token_getter_|.
|
||||
void GenerateHostTokenWithIdToken(GenerateHostTokenCallback callback,
|
||||
std::string_view instance_identity_token);
|
||||
void VerifySessionTokenWithIdToken(std::string session_token,
|
||||
VerifySessionTokenCallback callback,
|
||||
std::string_view instance_identity_token);
|
||||
void ReauthorizeHostWithIdToken(std::string session_reauth_token,
|
||||
std::string session_id,
|
||||
ReauthorizeHostCallback callback,
|
||||
std::string_view instance_identity_token);
|
||||
|
||||
void OnGenerateHostTokenResponse(
|
||||
GenerateHostTokenCallback callback,
|
||||
const HttpStatus& status,
|
||||
@ -92,16 +103,36 @@ CloudSessionAuthzServiceClient::~CloudSessionAuthzServiceClient() = default;
|
||||
|
||||
void CloudSessionAuthzServiceClient::GenerateHostToken(
|
||||
GenerateHostTokenCallback callback) {
|
||||
client_->GenerateHostToken(base::BindOnce(
|
||||
&CloudSessionAuthzServiceClient::OnGenerateHostTokenResponse,
|
||||
instance_identity_token_getter_->RetrieveToken(base::BindOnce(
|
||||
&CloudSessionAuthzServiceClient::GenerateHostTokenWithIdToken,
|
||||
weak_factory_.GetWeakPtr(), std::move(callback)));
|
||||
}
|
||||
|
||||
void CloudSessionAuthzServiceClient::GenerateHostTokenWithIdToken(
|
||||
GenerateHostTokenCallback callback,
|
||||
std::string_view instance_identity_token) {
|
||||
client_->GenerateHostToken(
|
||||
instance_identity_token,
|
||||
base::BindOnce(
|
||||
&CloudSessionAuthzServiceClient::OnGenerateHostTokenResponse,
|
||||
weak_factory_.GetWeakPtr(), std::move(callback)));
|
||||
}
|
||||
|
||||
void CloudSessionAuthzServiceClient::VerifySessionToken(
|
||||
std::string_view session_token,
|
||||
VerifySessionTokenCallback callback) {
|
||||
instance_identity_token_getter_->RetrieveToken(base::BindOnce(
|
||||
&CloudSessionAuthzServiceClient::VerifySessionTokenWithIdToken,
|
||||
weak_factory_.GetWeakPtr(), std::string(session_token),
|
||||
std::move(callback)));
|
||||
}
|
||||
|
||||
void CloudSessionAuthzServiceClient::VerifySessionTokenWithIdToken(
|
||||
std::string session_token,
|
||||
VerifySessionTokenCallback callback,
|
||||
std::string_view instance_identity_token) {
|
||||
client_->VerifySessionToken(
|
||||
std::string(session_token),
|
||||
session_token, instance_identity_token,
|
||||
base::BindOnce(
|
||||
&CloudSessionAuthzServiceClient::OnVerifySessionTokenResponse,
|
||||
weak_factory_.GetWeakPtr(), std::move(callback)));
|
||||
@ -111,8 +142,19 @@ void CloudSessionAuthzServiceClient::ReauthorizeHost(
|
||||
std::string_view session_reauth_token,
|
||||
std::string_view session_id,
|
||||
ReauthorizeHostCallback callback) {
|
||||
instance_identity_token_getter_->RetrieveToken(base::BindOnce(
|
||||
&CloudSessionAuthzServiceClient::ReauthorizeHostWithIdToken,
|
||||
weak_factory_.GetWeakPtr(), std::string(session_reauth_token),
|
||||
std::string(session_id), std::move(callback)));
|
||||
}
|
||||
|
||||
void CloudSessionAuthzServiceClient::ReauthorizeHostWithIdToken(
|
||||
std::string session_reauth_token,
|
||||
std::string session_id,
|
||||
ReauthorizeHostCallback callback,
|
||||
std::string_view instance_identity_token) {
|
||||
client_->ReauthorizeHost(
|
||||
std::string(session_reauth_token), std::string(session_id),
|
||||
session_reauth_token, session_id, instance_identity_token,
|
||||
base::BindOnce(&CloudSessionAuthzServiceClient::OnReauthorizeHostResponse,
|
||||
weak_factory_.GetWeakPtr(), std::move(callback)));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user