aws_common: service_credentials_provider.h Source File

Go to the documentation of this file.
 /*
  * Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License").
  * You may not use this file except in compliance with the License.
  * A copy of the License is located at
  *
  *  http://aws.amazon.com/apache2.0
  *
  * or in the "license" file accompanying this file. This file is distributed
  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
  * express or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 
 #pragma once
 
 #include <aws/core/Aws.h>
 #include <aws/core/auth/AWSAuthSigner.h>
 #include <aws/core/auth/AWSCredentialsProvider.h>
 #include <aws/core/auth/AWSCredentialsProviderChain.h>
 #include <aws/core/utils/json/JsonSerializer.h>
 #include <aws_common/sdk_utils/parameter_reader.h>
 
 #include <mutex>
 
 namespace Aws {
 namespace Auth {
 
 static const long DEFAULT_AUTH_CONNECT_TIMEOUT_MS = 5000; // NOLINT(google-runtime-int)
 static const long DEFAULT_AUTH_TOTAL_TIMEOUT_MS = 10000;  // NOLINT(google-runtime-int)
 
 static const char CFG_CAFILE[] = "cafile";
 static const char CFG_CERTFILE[] = "certfile";
 static const char CFG_KEYFILE[] = "keyfile";
 static const char CFG_ENDPOINT[] = "endpoint";
 static const char CFG_ROLE[] = "role";
 static const char CFG_THING_NAME[] = "thing_name";
 static const char CFG_CONNECT_TIMEOUT_MS[] = "connect_timeout_ms";
 static const char CFG_TOTAL_TIMEOUT_MS[] = "total_timeout_ms";
 
 struct IotRoleConfig
 {
   IotRoleConfig() = default;
 
   IotRoleConfig(const char * _cafile,
                 const char * _certfile,
                 const char * _keyfile,
                 const char * _host,
                 const char * _role,
                 const char * _name,
                 const int _connect_timeout_ms,
                 const int _total_timeout_ms)
     : cafile(_cafile),
       certfile(_certfile),
       keyfile(_keyfile),
       host(_host),
       role(_role),
       name(_name),
       connect_timeout_ms(_connect_timeout_ms),
       total_timeout_ms(_total_timeout_ms) {}
 
   Aws::String cafile;
   Aws::String certfile;
   Aws::String keyfile;
   Aws::String host;
   Aws::String role;
   Aws::String name;
   long connect_timeout_ms = 0;  // NOLINT(google-runtime-int)
   long total_timeout_ms = 0;    // NOLINT(google-runtime-int)
 };
 
 struct ServiceAuthConfig
 {
   IotRoleConfig iot;
 };
 
 bool GetServiceAuthConfig(ServiceAuthConfig & config,
                           const std::shared_ptr<Aws::Client::ParameterReaderInterface> & parameters);
 
 class IotRoleCredentialsProvider : public Aws::Auth::AWSCredentialsProvider
 {
 public:
   // NOLINTNEXTLINE(google-explicit-constructor, hicpp-explicit-conversions)
   IotRoleCredentialsProvider(const IotRoleConfig & config);
   IotRoleCredentialsProvider(const IotRoleCredentialsProvider & other) = delete;
   IotRoleCredentialsProvider & operator=(const IotRoleCredentialsProvider & other) = delete;
 
   ~IotRoleCredentialsProvider() override;
 
   AWSCredentials GetAWSCredentials() override;
 
 protected:
   // Visible for testing
 
   void Refresh();
   void SetCredentials(AWSCredentials & creds_obj);
   bool ValidateResponse(Aws::Utils::Json::JsonValue & value);
   bool IsTimeExpired();
   Aws::Auth::AWSCredentials cached_;
 
 private:
   IotRoleConfig config_;
   std::mutex creds_mutex_;
   std::atomic<double> expiry_;
 };
 
 class ServiceCredentialsProviderChain : public DefaultAWSCredentialsProviderChain
 {
 public:
   ServiceCredentialsProviderChain();
   // NOLINTNEXTLINE(google-explicit-constructor, hicpp-explicit-conversions)
   ServiceCredentialsProviderChain(const ServiceAuthConfig & config);
   ~ServiceCredentialsProviderChain() override = default;
 };
 
 } /* namespace Auth */
 } /* namespace Aws */