static void on_keys_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, const grpc_httpcli_response *response) { grpc_json *json = json_from_http(response); verifier_cb_ctx *ctx = (verifier_cb_ctx *)user_data; EVP_PKEY *verification_key = NULL; grpc_jwt_verifier_status status = GRPC_JWT_VERIFIER_GENERIC_ERROR; grpc_jwt_claims *claims = NULL; if (json == NULL) { status = GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR; goto end; } verification_key = find_verification_key(json, ctx->header->alg, ctx->header->kid); if (verification_key == NULL) { gpr_log(GPR_ERROR, "Could not find verification key with kid %s.", ctx->header->kid); status = GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR; goto end; } if (!verify_jwt_signature(verification_key, ctx->header->alg, ctx->signature, ctx->signed_data)) { status = GRPC_JWT_VERIFIER_BAD_SIGNATURE; goto end; } status = grpc_jwt_claims_check(ctx->claims, ctx->audience); if (status == GRPC_JWT_VERIFIER_OK) { /* Pass ownership. */ claims = ctx->claims; ctx->claims = NULL; } end: if (json != NULL) grpc_json_destroy(json); if (verification_key != NULL) EVP_PKEY_free(verification_key); ctx->user_cb(ctx->user_data, status, claims); verifier_cb_ctx_destroy(ctx); }
static void test_expired_claims_failure(void) { grpc_jwt_claims *claims; gpr_slice s = gpr_slice_from_copied_string(expired_claims); grpc_json *json = grpc_json_parse_string_with_len( (char *)GPR_SLICE_START_PTR(s), GPR_SLICE_LENGTH(s)); gpr_timespec exp_iat = {100, 0, GPR_CLOCK_REALTIME}; gpr_timespec exp_exp = {120, 0, GPR_CLOCK_REALTIME}; gpr_timespec exp_nbf = {60, 0, GPR_CLOCK_REALTIME}; GPR_ASSERT(json != NULL); claims = grpc_jwt_claims_from_json(json, s); GPR_ASSERT(claims != NULL); GPR_ASSERT(grpc_jwt_claims_json(claims) == json); GPR_ASSERT(strcmp(grpc_jwt_claims_audience(claims), "https://foo.com") == 0); GPR_ASSERT(strcmp(grpc_jwt_claims_issuer(claims), "blah.foo.com") == 0); GPR_ASSERT(strcmp(grpc_jwt_claims_subject(claims), "*****@*****.**") == 0); GPR_ASSERT(strcmp(grpc_jwt_claims_id(claims), "jwtuniqueid") == 0); GPR_ASSERT(gpr_time_cmp(grpc_jwt_claims_issued_at(claims), exp_iat) == 0); GPR_ASSERT(gpr_time_cmp(grpc_jwt_claims_expires_at(claims), exp_exp) == 0); GPR_ASSERT(gpr_time_cmp(grpc_jwt_claims_not_before(claims), exp_nbf) == 0); GPR_ASSERT(grpc_jwt_claims_check(claims, "https://foo.com") == GRPC_JWT_VERIFIER_TIME_CONSTRAINT_FAILURE); grpc_jwt_claims_destroy(claims); }