Include instance id token in Cloud host session authz requests
Bug: 388885661 Change-Id: Ia9e20758d309a8f496bcc67c04178b5d2c37f44b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6302313 Reviewed-by: Gary Kacmarcik <garykac@chromium.org> Commit-Queue: Joe Downing <joedow@chromium.org> Cr-Commit-Position: refs/heads/main@{#1424645}
This commit is contained in:
Joe Downing
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
ecb88ae109
commit
a251ef1b76
@@ -391,12 +391,16 @@ void CloudServiceClient::UpdateRemoteAccessHost(
|
|||||||
std::move(callback));
|
std::move(callback));
|
||||||
}
|
}
|
||||||
|
|
||||||
void CloudServiceClient::GenerateHostToken(GenerateHostTokenCallback callback) {
|
void CloudServiceClient::GenerateHostToken(
|
||||||
|
std::string_view instance_identity_token,
|
||||||
|
GenerateHostTokenCallback callback) {
|
||||||
constexpr char path[] = "/v1alpha/sessionAuthz:generateHostToken";
|
constexpr char path[] = "/v1alpha/sessionAuthz:generateHostToken";
|
||||||
|
|
||||||
|
auto request = std::make_unique<GenerateHostTokenRequest>();
|
||||||
|
request->set_instance_identity_token(instance_identity_token);
|
||||||
|
|
||||||
ExecuteRequest(kGenerateHostTokenTrafficAnnotation, path, /*api_key=*/"",
|
ExecuteRequest(kGenerateHostTokenTrafficAnnotation, path, /*api_key=*/"",
|
||||||
net::HttpRequestHeaders::kPostMethod,
|
net::HttpRequestHeaders::kPostMethod, std::move(request),
|
||||||
std::make_unique<GenerateHostTokenRequest>(),
|
|
||||||
std::move(callback));
|
std::move(callback));
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -411,11 +415,13 @@ void CloudServiceClient::GenerateIceConfig(GenerateIceConfigCallback callback) {
|
|||||||
|
|
||||||
void CloudServiceClient::VerifySessionToken(
|
void CloudServiceClient::VerifySessionToken(
|
||||||
const std::string& session_token,
|
const std::string& session_token,
|
||||||
|
std::string_view instance_identity_token,
|
||||||
VerifySessionTokenCallback callback) {
|
VerifySessionTokenCallback callback) {
|
||||||
constexpr char path[] = "/v1alpha/sessionAuthz:verifySessionToken";
|
constexpr char path[] = "/v1alpha/sessionAuthz:verifySessionToken";
|
||||||
|
|
||||||
auto request = std::make_unique<VerifySessionTokenRequest>();
|
auto request = std::make_unique<VerifySessionTokenRequest>();
|
||||||
request->set_session_token(session_token);
|
request->set_session_token(session_token);
|
||||||
|
request->set_instance_identity_token(instance_identity_token);
|
||||||
|
|
||||||
ExecuteRequest(kVerifySessionTokenTrafficAnnotation, path, /*api_key=*/"",
|
ExecuteRequest(kVerifySessionTokenTrafficAnnotation, path, /*api_key=*/"",
|
||||||
net::HttpRequestHeaders::kPostMethod, std::move(request),
|
net::HttpRequestHeaders::kPostMethod, std::move(request),
|
||||||
@@ -425,12 +431,14 @@ void CloudServiceClient::VerifySessionToken(
|
|||||||
void CloudServiceClient::ReauthorizeHost(
|
void CloudServiceClient::ReauthorizeHost(
|
||||||
const std::string& session_reauth_token,
|
const std::string& session_reauth_token,
|
||||||
const std::string& session_id,
|
const std::string& session_id,
|
||||||
|
std::string_view instance_identity_token,
|
||||||
ReauthorizeHostCallback callback) {
|
ReauthorizeHostCallback callback) {
|
||||||
constexpr char path[] = "/v1alpha/sessionAuthz:reauthorizeHost";
|
constexpr char path[] = "/v1alpha/sessionAuthz:reauthorizeHost";
|
||||||
|
|
||||||
auto request = std::make_unique<ReauthorizeHostRequest>();
|
auto request = std::make_unique<ReauthorizeHostRequest>();
|
||||||
request->set_session_reauth_token(session_reauth_token);
|
request->set_session_reauth_token(session_reauth_token);
|
||||||
request->set_session_id(session_id);
|
request->set_session_id(session_id);
|
||||||
|
request->set_instance_identity_token(instance_identity_token);
|
||||||
|
|
||||||
ExecuteRequest(kReauthorizeHostTrafficAnnotation, path, /*api_key=*/"",
|
ExecuteRequest(kReauthorizeHostTrafficAnnotation, path, /*api_key=*/"",
|
||||||
net::HttpRequestHeaders::kPostMethod, std::move(request),
|
net::HttpRequestHeaders::kPostMethod, std::move(request),
|
||||||
|
|||||||
@@ -114,13 +114,16 @@ class CloudServiceClient {
|
|||||||
|
|
||||||
void GenerateIceConfig(GenerateIceConfigCallback callback);
|
void GenerateIceConfig(GenerateIceConfigCallback callback);
|
||||||
|
|
||||||
void GenerateHostToken(GenerateHostTokenCallback callback);
|
void GenerateHostToken(std::string_view instance_identity_token,
|
||||||
|
GenerateHostTokenCallback callback);
|
||||||
|
|
||||||
void VerifySessionToken(const std::string& session_token,
|
void VerifySessionToken(const std::string& session_token,
|
||||||
|
std::string_view instance_identity_token,
|
||||||
VerifySessionTokenCallback callback);
|
VerifySessionTokenCallback callback);
|
||||||
|
|
||||||
void ReauthorizeHost(const std::string& session_reauth_token,
|
void ReauthorizeHost(const std::string& session_reauth_token,
|
||||||
const std::string& session_id,
|
const std::string& session_id,
|
||||||
|
std::string_view instance_identity_token,
|
||||||
ReauthorizeHostCallback callback);
|
ReauthorizeHostCallback callback);
|
||||||
|
|
||||||
void CancelPendingRequests();
|
void CancelPendingRequests();
|
||||||
|
|||||||
@@ -60,6 +60,17 @@ class CloudSessionAuthzServiceClient : public SessionAuthzServiceClient {
|
|||||||
ReauthorizeHostCallback callback) override;
|
ReauthorizeHostCallback callback) override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
// Overloads used to create callbacks for |instance_identity_token_getter_|.
|
||||||
|
void GenerateHostTokenWithIdToken(GenerateHostTokenCallback callback,
|
||||||
|
std::string_view instance_identity_token);
|
||||||
|
void VerifySessionTokenWithIdToken(std::string session_token,
|
||||||
|
VerifySessionTokenCallback callback,
|
||||||
|
std::string_view instance_identity_token);
|
||||||
|
void ReauthorizeHostWithIdToken(std::string session_reauth_token,
|
||||||
|
std::string session_id,
|
||||||
|
ReauthorizeHostCallback callback,
|
||||||
|
std::string_view instance_identity_token);
|
||||||
|
|
||||||
void OnGenerateHostTokenResponse(
|
void OnGenerateHostTokenResponse(
|
||||||
GenerateHostTokenCallback callback,
|
GenerateHostTokenCallback callback,
|
||||||
const HttpStatus& status,
|
const HttpStatus& status,
|
||||||
@@ -92,16 +103,36 @@ CloudSessionAuthzServiceClient::~CloudSessionAuthzServiceClient() = default;
|
|||||||
|
|
||||||
void CloudSessionAuthzServiceClient::GenerateHostToken(
|
void CloudSessionAuthzServiceClient::GenerateHostToken(
|
||||||
GenerateHostTokenCallback callback) {
|
GenerateHostTokenCallback callback) {
|
||||||
client_->GenerateHostToken(base::BindOnce(
|
instance_identity_token_getter_->RetrieveToken(base::BindOnce(
|
||||||
&CloudSessionAuthzServiceClient::OnGenerateHostTokenResponse,
|
&CloudSessionAuthzServiceClient::GenerateHostTokenWithIdToken,
|
||||||
weak_factory_.GetWeakPtr(), std::move(callback)));
|
weak_factory_.GetWeakPtr(), std::move(callback)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void CloudSessionAuthzServiceClient::GenerateHostTokenWithIdToken(
|
||||||
|
GenerateHostTokenCallback callback,
|
||||||
|
std::string_view instance_identity_token) {
|
||||||
|
client_->GenerateHostToken(
|
||||||
|
instance_identity_token,
|
||||||
|
base::BindOnce(
|
||||||
|
&CloudSessionAuthzServiceClient::OnGenerateHostTokenResponse,
|
||||||
|
weak_factory_.GetWeakPtr(), std::move(callback)));
|
||||||
|
}
|
||||||
|
|
||||||
void CloudSessionAuthzServiceClient::VerifySessionToken(
|
void CloudSessionAuthzServiceClient::VerifySessionToken(
|
||||||
std::string_view session_token,
|
std::string_view session_token,
|
||||||
VerifySessionTokenCallback callback) {
|
VerifySessionTokenCallback callback) {
|
||||||
|
instance_identity_token_getter_->RetrieveToken(base::BindOnce(
|
||||||
|
&CloudSessionAuthzServiceClient::VerifySessionTokenWithIdToken,
|
||||||
|
weak_factory_.GetWeakPtr(), std::string(session_token),
|
||||||
|
std::move(callback)));
|
||||||
|
}
|
||||||
|
|
||||||
|
void CloudSessionAuthzServiceClient::VerifySessionTokenWithIdToken(
|
||||||
|
std::string session_token,
|
||||||
|
VerifySessionTokenCallback callback,
|
||||||
|
std::string_view instance_identity_token) {
|
||||||
client_->VerifySessionToken(
|
client_->VerifySessionToken(
|
||||||
std::string(session_token),
|
session_token, instance_identity_token,
|
||||||
base::BindOnce(
|
base::BindOnce(
|
||||||
&CloudSessionAuthzServiceClient::OnVerifySessionTokenResponse,
|
&CloudSessionAuthzServiceClient::OnVerifySessionTokenResponse,
|
||||||
weak_factory_.GetWeakPtr(), std::move(callback)));
|
weak_factory_.GetWeakPtr(), std::move(callback)));
|
||||||
@@ -111,8 +142,19 @@ void CloudSessionAuthzServiceClient::ReauthorizeHost(
|
|||||||
std::string_view session_reauth_token,
|
std::string_view session_reauth_token,
|
||||||
std::string_view session_id,
|
std::string_view session_id,
|
||||||
ReauthorizeHostCallback callback) {
|
ReauthorizeHostCallback callback) {
|
||||||
|
instance_identity_token_getter_->RetrieveToken(base::BindOnce(
|
||||||
|
&CloudSessionAuthzServiceClient::ReauthorizeHostWithIdToken,
|
||||||
|
weak_factory_.GetWeakPtr(), std::string(session_reauth_token),
|
||||||
|
std::string(session_id), std::move(callback)));
|
||||||
|
}
|
||||||
|
|
||||||
|
void CloudSessionAuthzServiceClient::ReauthorizeHostWithIdToken(
|
||||||
|
std::string session_reauth_token,
|
||||||
|
std::string session_id,
|
||||||
|
ReauthorizeHostCallback callback,
|
||||||
|
std::string_view instance_identity_token) {
|
||||||
client_->ReauthorizeHost(
|
client_->ReauthorizeHost(
|
||||||
std::string(session_reauth_token), std::string(session_id),
|
session_reauth_token, session_id, instance_identity_token,
|
||||||
base::BindOnce(&CloudSessionAuthzServiceClient::OnReauthorizeHostResponse,
|
base::BindOnce(&CloudSessionAuthzServiceClient::OnReauthorizeHostResponse,
|
||||||
weak_factory_.GetWeakPtr(), std::move(callback)));
|
weak_factory_.GetWeakPtr(), std::move(callback)));
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user