static void test_service_account_creds_success(void) {
char *json_key_string = test_json_key_str();
grpc_credentials *service_account_creds =
grpc_service_account_credentials_create(json_key_string, test_scope,
grpc_max_auth_token_lifetime);
GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));
/* First request: http get should be called. */
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
service_account_httpcli_post_success);
grpc_credentials_get_request_metadata(
service_account_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_success, (void *)test_user_data);
/* Second request: the cached token should be served directly. */
grpc_jwt_encode_and_sign_set_override(
encode_and_sign_jwt_should_not_be_called);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
httpcli_post_should_not_be_called);
grpc_credentials_get_request_metadata(
service_account_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_success, (void *)test_user_data);
gpr_free(json_key_string);
grpc_credentials_unref(service_account_creds);
grpc_jwt_encode_and_sign_set_override(NULL);
grpc_httpcli_set_override(NULL, NULL);
}
static void test_jwt_creds_success(void) {
char *json_key_string = test_json_key_str();
grpc_credentials *jwt_creds =
grpc_service_account_jwt_access_credentials_create(
json_key_string, grpc_max_auth_token_lifetime);
GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));
/* First request: jwt_encode_and_sign should be called. */
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
on_jwt_creds_get_metadata_success,
(void *)test_user_data);
/* Second request: the cached token should be served directly. */
grpc_jwt_encode_and_sign_set_override(
encode_and_sign_jwt_should_not_be_called);
grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
on_jwt_creds_get_metadata_success,
(void *)test_user_data);
/* Third request: Different service url so jwt_encode_and_sign should be
called again (no caching). */
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
grpc_credentials_get_request_metadata(jwt_creds, NULL, other_test_service_url,
on_jwt_creds_get_metadata_success,
(void *)test_user_data);
gpr_free(json_key_string);
grpc_credentials_unref(jwt_creds);
grpc_jwt_encode_and_sign_set_override(NULL);
}
static void test_parse_json_key_failure_no_client_email(void) {
const char no_client_email_part3[] =
"\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
"\"client_id\": "
"\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
"com\", \"type\": \"service_account\" }";
char *json_string = test_json_key_str(no_client_email_part3);
grpc_auth_json_key json_key =
grpc_auth_json_key_create_from_string(json_string);
GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key));
gpr_free(json_string);
grpc_auth_json_key_destruct(&json_key);
}
static void test_parse_json_key_failure_no_private_key_id(void) {
const char no_private_key_id_part3[] =
"\"client_email\": "
"\"[email protected]."
"com\", \"client_id\": "
"\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
"com\", \"type\": \"service_account\" }";
char *json_string = test_json_key_str(no_private_key_id_part3);
grpc_auth_json_key json_key =
grpc_auth_json_key_create_from_string(json_string);
GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key));
gpr_free(json_string);
grpc_auth_json_key_destruct(&json_key);
}
static void test_jwt_creds_signing_failure(void) {
char *json_key_string = test_json_key_str();
grpc_credentials *jwt_creds =
grpc_service_account_jwt_access_credentials_create(
json_key_string, grpc_max_auth_token_lifetime);
GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure);
grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
on_jwt_creds_get_metadata_failure,
(void *)test_user_data);
gpr_free(json_key_string);
grpc_credentials_unref(jwt_creds);
grpc_jwt_encode_and_sign_set_override(NULL);
}
static void test_google_default_creds_auth_key(void) {
grpc_service_account_jwt_access_credentials *jwt;
grpc_credentials *creds;
char *json_key = test_json_key_str();
grpc_flush_cached_google_default_credentials();
set_google_default_creds_env_var_with_file_contents(
"json_key_google_default_creds", json_key);
gpr_free(json_key);
creds = grpc_google_default_credentials_create();
GPR_ASSERT(creds != NULL);
jwt = (grpc_service_account_jwt_access_credentials *)composite_inner_creds(
creds, GRPC_CREDENTIALS_TYPE_JWT);
GPR_ASSERT(
strcmp(jwt->key.client_id,
"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent.com") ==
0);
grpc_credentials_unref(creds);
gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
}
static void test_service_account_creds_http_failure(void) {
char *json_key_string = test_json_key_str();
grpc_credentials *service_account_creds =
grpc_service_account_credentials_create(json_key_string, test_scope,
grpc_max_auth_token_lifetime);
GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
service_account_httpcli_post_failure);
grpc_credentials_get_request_metadata(
service_account_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
gpr_free(json_key_string);
grpc_credentials_unref(service_account_creds);
grpc_httpcli_set_override(NULL, NULL);
}
static void test_jwt_encode_and_sign(
char *(*jwt_encode_and_sign_func)(const grpc_auth_json_key *),
void (*check_jwt_claim_func)(grpc_json *)) {
char *json_string = test_json_key_str(NULL);
grpc_json *parsed_header = NULL;
grpc_json *parsed_claim = NULL;
char *scratchpad;
grpc_auth_json_key json_key =
grpc_auth_json_key_create_from_string(json_string);
const char *b64_signature;
size_t offset = 0;
char *jwt = jwt_encode_and_sign_func(&json_key);
const char *dot = strchr(jwt, '.');
GPR_ASSERT(dot != NULL);
parsed_header =
parse_json_part_from_jwt(jwt, (size_t)(dot - jwt), &scratchpad);
GPR_ASSERT(parsed_header != NULL);
check_jwt_header(parsed_header);
offset = (size_t)(dot - jwt) + 1;
grpc_json_destroy(parsed_header);
gpr_free(scratchpad);
dot = strchr(jwt + offset, '.');
GPR_ASSERT(dot != NULL);
parsed_claim = parse_json_part_from_jwt(
jwt + offset, (size_t)(dot - (jwt + offset)), &scratchpad);
GPR_ASSERT(parsed_claim != NULL);
check_jwt_claim_func(parsed_claim);
offset = (size_t)(dot - jwt) + 1;
grpc_json_destroy(parsed_claim);
gpr_free(scratchpad);
dot = strchr(jwt + offset, '.');
GPR_ASSERT(dot == NULL); /* no more part. */
b64_signature = jwt + offset;
check_jwt_signature(b64_signature, json_key.private_key, jwt, offset - 1);
gpr_free(json_string);
grpc_auth_json_key_destruct(&json_key);
gpr_free(jwt);
}
static void test_parse_json_key_success(void) {
char *json_string = test_json_key_str(NULL);
grpc_auth_json_key json_key =
grpc_auth_json_key_create_from_string(json_string);
GPR_ASSERT(grpc_auth_json_key_is_valid(&json_key));
GPR_ASSERT(json_key.type != NULL &&
strcmp(json_key.type, "service_account") == 0);
GPR_ASSERT(json_key.private_key_id != NULL &&
strcmp(json_key.private_key_id,
"e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0);
GPR_ASSERT(json_key.client_id != NULL &&
strcmp(json_key.client_id,
"777-abaslkan11hlb6nmim3bpspl31ud.apps."
"googleusercontent.com") == 0);
GPR_ASSERT(json_key.client_email != NULL &&
strcmp(json_key.client_email,
"777-abaslkan11hlb6nmim3bpspl31ud@developer."
"gserviceaccount.com") == 0);
GPR_ASSERT(json_key.private_key != NULL);
gpr_free(json_string);
grpc_auth_json_key_destruct(&json_key);
}
