Beispiel #1
0
static void test_jwt_creds_success(void) {
    char *json_key_string = test_json_key_str();
    grpc_credentials *jwt_creds =
        grpc_service_account_jwt_access_credentials_create(
            json_key_string, grpc_max_auth_token_lifetime);
    GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));

    /* First request: jwt_encode_and_sign should be called. */
    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
    grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
                                          on_jwt_creds_get_metadata_success,
                                          (void *)test_user_data);

    /* Second request: the cached token should be served directly. */
    grpc_jwt_encode_and_sign_set_override(
        encode_and_sign_jwt_should_not_be_called);
    grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
                                          on_jwt_creds_get_metadata_success,
                                          (void *)test_user_data);

    /* Third request: Different service url so jwt_encode_and_sign should be
       called again (no caching). */
    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
    grpc_credentials_get_request_metadata(jwt_creds, NULL, other_test_service_url,
                                          on_jwt_creds_get_metadata_success,
                                          (void *)test_user_data);

    gpr_free(json_key_string);
    grpc_credentials_unref(jwt_creds);
    grpc_jwt_encode_and_sign_set_override(NULL);
}
Beispiel #2
0
static void test_service_account_creds_success(void) {
    char *json_key_string = test_json_key_str();
    grpc_credentials *service_account_creds =
        grpc_service_account_credentials_create(json_key_string, test_scope,
                grpc_max_auth_token_lifetime);
    GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));

    /* First request: http get should be called. */
    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              service_account_httpcli_post_success);
    grpc_credentials_get_request_metadata(
        service_account_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_success, (void *)test_user_data);

    /* Second request: the cached token should be served directly. */
    grpc_jwt_encode_and_sign_set_override(
        encode_and_sign_jwt_should_not_be_called);
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              httpcli_post_should_not_be_called);
    grpc_credentials_get_request_metadata(
        service_account_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_success, (void *)test_user_data);

    gpr_free(json_key_string);
    grpc_credentials_unref(service_account_creds);
    grpc_jwt_encode_and_sign_set_override(NULL);
    grpc_httpcli_set_override(NULL, NULL);
}
Beispiel #3
0
static void composite_get_request_metadata(grpc_credentials *creds,
                                           grpc_pollset *pollset,
                                           const char *service_url,
                                           grpc_credentials_metadata_cb cb,
                                           void *user_data) {
  grpc_composite_credentials *c = (grpc_composite_credentials *)creds;
  grpc_composite_credentials_metadata_context *ctx;
  if (!grpc_credentials_has_request_metadata(creds)) {
    cb(user_data, NULL, 0, GRPC_CREDENTIALS_OK);
    return;
  }
  ctx = gpr_malloc(sizeof(grpc_composite_credentials_metadata_context));
  memset(ctx, 0, sizeof(grpc_composite_credentials_metadata_context));
  ctx->service_url = gpr_strdup(service_url);
  ctx->user_data = user_data;
  ctx->cb = cb;
  ctx->composite_creds = c;
  ctx->pollset = pollset;
  ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds);
  while (ctx->creds_index < c->inner.num_creds) {
    grpc_credentials *inner_creds = c->inner.creds_array[ctx->creds_index++];
    if (grpc_credentials_has_request_metadata(inner_creds)) {
      grpc_credentials_get_request_metadata(inner_creds, pollset, service_url,
                                            composite_metadata_cb, ctx);
      return;
    }
  }
  GPR_ASSERT(0); /* Should have exited before. */
}
Beispiel #4
0
static void test_ssl_oauth2_iam_composite_creds(void) {
    grpc_credentials *ssl_creds =
        grpc_ssl_credentials_create(test_root_cert, NULL);
    const grpc_credentials_array *creds_array;
    grpc_credentials *oauth2_creds =
        grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0);
    grpc_credentials *aux_creds =
        grpc_composite_credentials_create(ssl_creds, oauth2_creds);
    grpc_credentials *iam_creds = grpc_iam_credentials_create(
                                      test_iam_authorization_token, test_iam_authority_selector);
    grpc_credentials *composite_creds =
        grpc_composite_credentials_create(aux_creds, iam_creds);
    grpc_credentials_unref(ssl_creds);
    grpc_credentials_unref(oauth2_creds);
    grpc_credentials_unref(aux_creds);
    grpc_credentials_unref(iam_creds);
    GPR_ASSERT(strcmp(composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) ==
               0);
    GPR_ASSERT(grpc_credentials_has_request_metadata(composite_creds));
    GPR_ASSERT(!grpc_credentials_has_request_metadata_only(composite_creds));
    creds_array = grpc_composite_credentials_get_credentials(composite_creds);
    GPR_ASSERT(creds_array->num_creds == 3);
    GPR_ASSERT(strcmp(creds_array->creds_array[0]->type,
                      GRPC_CREDENTIALS_TYPE_SSL) == 0);
    GPR_ASSERT(strcmp(creds_array->creds_array[1]->type,
                      GRPC_CREDENTIALS_TYPE_OAUTH2) == 0);
    GPR_ASSERT(strcmp(creds_array->creds_array[2]->type,
                      GRPC_CREDENTIALS_TYPE_IAM) == 0);
    grpc_credentials_get_request_metadata(composite_creds, NULL, test_service_url,
                                          check_ssl_oauth2_iam_composite_metadata,
                                          composite_creds);
}
Beispiel #5
0
static void composite_metadata_cb(void *user_data,
                                  grpc_credentials_md *md_elems, size_t num_md,
                                  grpc_credentials_status status) {
  grpc_composite_credentials_metadata_context *ctx =
      (grpc_composite_credentials_metadata_context *)user_data;
  if (status != GRPC_CREDENTIALS_OK) {
    ctx->cb(ctx->user_data, NULL, 0, status);
    return;
  }

  /* Copy the metadata in the context. */
  if (num_md > 0) {
    size_t i;
    for (i = 0; i < num_md; i++) {
      grpc_credentials_md_store_add(ctx->md_elems, md_elems[i].key,
                                    md_elems[i].value);
    }
  }

  /* See if we need to get some more metadata. */
  while (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
    grpc_credentials *inner_creds =
        ctx->composite_creds->inner.creds_array[ctx->creds_index++];
    if (grpc_credentials_has_request_metadata(inner_creds)) {
      grpc_credentials_get_request_metadata(inner_creds, ctx->service_url,
                                            composite_metadata_cb, ctx);
      return;
    }
  }

  /* We're done!. */
  ctx->cb(ctx->user_data, ctx->md_elems->entries, ctx->md_elems->num_entries,
          GRPC_CREDENTIALS_OK);
  composite_md_context_destroy(ctx);
}
Beispiel #6
0
static void test_access_token_creds(void) {
    grpc_credentials *creds = grpc_access_token_credentials_create("blah");
    GPR_ASSERT(grpc_credentials_has_request_metadata(creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds));
    GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0);
    grpc_credentials_get_request_metadata(creds, NULL, test_service_url,
                                          check_access_token_metadata, creds);
}
Beispiel #7
0
static void test_iam_creds(void) {
    grpc_credentials *creds = grpc_iam_credentials_create(
                                  test_iam_authorization_token, test_iam_authority_selector);
    GPR_ASSERT(grpc_credentials_has_request_metadata(creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds));
    grpc_credentials_get_request_metadata(creds, NULL, test_service_url,
                                          check_iam_metadata, creds);
}
Beispiel #8
0
static void test_refresh_token_creds_failure(void) {
    grpc_credentials *refresh_token_creds =
        grpc_refresh_token_credentials_create(test_refresh_token_str);
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              refresh_token_httpcli_post_failure);
    GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds));
    grpc_credentials_get_request_metadata(
        refresh_token_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
    grpc_credentials_unref(refresh_token_creds);
    grpc_httpcli_set_override(NULL, NULL);
}
Beispiel #9
0
static void test_compute_engine_creds_failure(void) {
    grpc_credentials *compute_engine_creds =
        grpc_compute_engine_credentials_create();
    grpc_httpcli_set_override(compute_engine_httpcli_get_failure_override,
                              httpcli_post_should_not_be_called);
    GPR_ASSERT(grpc_credentials_has_request_metadata(compute_engine_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(compute_engine_creds));
    grpc_credentials_get_request_metadata(
        compute_engine_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
    grpc_credentials_unref(compute_engine_creds);
    grpc_httpcli_set_override(NULL, NULL);
}
Beispiel #10
0
static void test_refresh_token_creds_success(void) {
    grpc_credentials *refresh_token_creds =
        grpc_refresh_token_credentials_create(test_refresh_token_str);
    GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds));

    /* First request: http get should be called. */
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              refresh_token_httpcli_post_success);
    grpc_credentials_get_request_metadata(
        refresh_token_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_success, (void *)test_user_data);

    /* Second request: the cached token should be served directly. */
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              httpcli_post_should_not_be_called);
    grpc_credentials_get_request_metadata(
        refresh_token_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_success, (void *)test_user_data);

    grpc_credentials_unref(refresh_token_creds);
    grpc_httpcli_set_override(NULL, NULL);
}
Beispiel #11
0
char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds) {
  oauth2_request request;
  grpc_pollset_init(&request.pollset);
  request.is_done = 0;

  grpc_credentials_get_request_metadata(creds, &request.pollset, "",
                                        on_oauth2_response, &request);

  gpr_mu_lock(GRPC_POLLSET_MU(&request.pollset));
  while (!request.is_done)
    grpc_pollset_work(&request.pollset, gpr_inf_future(GPR_CLOCK_REALTIME));
  gpr_mu_unlock(GRPC_POLLSET_MU(&request.pollset));

  grpc_pollset_shutdown(&request.pollset, do_nothing, NULL);
  grpc_pollset_destroy(&request.pollset);
  return request.token;
}
Beispiel #12
0
static void test_jwt_creds_signing_failure(void) {
    char *json_key_string = test_json_key_str();
    grpc_credentials *jwt_creds =
        grpc_service_account_jwt_access_credentials_create(
            json_key_string, grpc_max_auth_token_lifetime);
    GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));

    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure);
    grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
                                          on_jwt_creds_get_metadata_failure,
                                          (void *)test_user_data);

    gpr_free(json_key_string);
    grpc_credentials_unref(jwt_creds);
    grpc_jwt_encode_and_sign_set_override(NULL);
}
int main(int argc, char **argv) {
  int result = 0;
  grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
  synchronizer sync;
  grpc_credentials *creds = NULL;
  char *service_url = "https://test.foo.google.com/Foo";
  gpr_cmdline *cl = gpr_cmdline_create("print_google_default_creds_token");
  gpr_cmdline_add_string(cl, "service_url",
                         "Service URL for the token request.", &service_url);
  gpr_cmdline_parse(cl, argc, argv);

  grpc_init();

  creds = grpc_google_default_credentials_create();
  if (creds == NULL) {
    fprintf(stderr, "\nCould not find default credentials.\n\n");
    result = 1;
    goto end;
  }

  grpc_pollset_init(&sync.pollset);
  sync.is_done = 0;

  grpc_credentials_get_request_metadata(&exec_ctx, creds, &sync.pollset,
                                        service_url, on_metadata_response,
                                        &sync);

  gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset));
  while (!sync.is_done) {
    grpc_pollset_worker worker;
    grpc_pollset_work(&exec_ctx, &sync.pollset, &worker,
                      gpr_now(GPR_CLOCK_MONOTONIC),
                      gpr_inf_future(GPR_CLOCK_MONOTONIC));
    gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset));
    grpc_exec_ctx_finish(&exec_ctx);
    gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset));
  }
  gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset));

  grpc_credentials_release(creds);

end:
  gpr_cmdline_destroy(cl);
  grpc_shutdown();
  return result;
}
Beispiel #14
0
static void test_service_account_creds_http_failure(void) {
    char *json_key_string = test_json_key_str();
    grpc_credentials *service_account_creds =
        grpc_service_account_credentials_create(json_key_string, test_scope,
                grpc_max_auth_token_lifetime);
    GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));

    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              service_account_httpcli_post_failure);
    grpc_credentials_get_request_metadata(
        service_account_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_failure, (void *)test_user_data);

    gpr_free(json_key_string);
    grpc_credentials_unref(service_account_creds);
    grpc_httpcli_set_override(NULL, NULL);
}
Beispiel #15
0
static void send_security_metadata(grpc_exec_ctx *exec_ctx,
                                   grpc_call_element *elem,
                                   grpc_transport_stream_op *op) {
  call_data *calld = elem->call_data;
  channel_data *chand = elem->channel_data;
  grpc_client_security_context *ctx =
      (grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY].value;
  grpc_credentials *channel_creds =
      chand->security_connector->request_metadata_creds;
  int channel_creds_has_md =
      (channel_creds != NULL) &&
      grpc_credentials_has_request_metadata(channel_creds);
  int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) &&
                          grpc_credentials_has_request_metadata(ctx->creds);

  if (!channel_creds_has_md && !call_creds_has_md) {
    /* Skip sending metadata altogether. */
    grpc_call_next_op(exec_ctx, elem, op);
    return;
  }

  if (channel_creds_has_md && call_creds_has_md) {
    calld->creds =
        grpc_composite_credentials_create(channel_creds, ctx->creds, NULL);
    if (calld->creds == NULL) {
      bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT,
                      "Incompatible credentials set on channel and call.");
      return;
    }
  } else {
    calld->creds =
        grpc_credentials_ref(call_creds_has_md ? ctx->creds : channel_creds);
  }

  build_service_url(chand->security_connector->base.url_scheme, calld);
  calld->op = *op; /* Copy op (originates from the caller's stack). */
  GPR_ASSERT(calld->pollset);
  grpc_credentials_get_request_metadata(exec_ctx, calld->creds, calld->pollset,
                                        calld->service_url,
                                        on_credentials_metadata, elem);
}
Beispiel #16
0
static void composite_metadata_cb(void *user_data, grpc_mdelem **md_elems,
                                  size_t num_md,
                                  grpc_credentials_status status) {
  grpc_composite_credentials_metadata_context *ctx =
      (grpc_composite_credentials_metadata_context *)user_data;
  size_t i;
  if (status != GRPC_CREDENTIALS_OK) {
    ctx->cb(ctx->user_data, NULL, 0, status);
    return;
  }

  /* Copy the metadata in the context. */
  if (num_md > 0) {
    ctx->md_elems = gpr_realloc(ctx->md_elems,
                                (ctx->num_md + num_md) * sizeof(grpc_mdelem *));
    for (i = 0; i < num_md; i++) {
      ctx->md_elems[i + ctx->num_md] = grpc_mdelem_ref(md_elems[i]);
    }
    ctx->num_md += num_md;
  }

  /* See if we need to get some more metadata. */
  while (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
    grpc_credentials *inner_creds =
        ctx->composite_creds->inner.creds_array[ctx->creds_index++];
    if (grpc_credentials_has_request_metadata(inner_creds)) {
      grpc_credentials_get_request_metadata(inner_creds, ctx->service_url,
                                            composite_metadata_cb, ctx);
      return;
    }
  }

  /* We're done!. */
  ctx->cb(ctx->user_data, ctx->md_elems, ctx->num_md, GRPC_CREDENTIALS_OK);
  composite_md_context_destroy(ctx);
}