static void test_jwt_creds_success(void) {
char *json_key_string = test_json_key_str();
grpc_credentials *jwt_creds =
grpc_service_account_jwt_access_credentials_create(
json_key_string, grpc_max_auth_token_lifetime);
GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));
/* First request: jwt_encode_and_sign should be called. */
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
on_jwt_creds_get_metadata_success,
(void *)test_user_data);
/* Second request: the cached token should be served directly. */
grpc_jwt_encode_and_sign_set_override(
encode_and_sign_jwt_should_not_be_called);
grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
on_jwt_creds_get_metadata_success,
(void *)test_user_data);
/* Third request: Different service url so jwt_encode_and_sign should be
called again (no caching). */
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
grpc_credentials_get_request_metadata(jwt_creds, NULL, other_test_service_url,
on_jwt_creds_get_metadata_success,
(void *)test_user_data);
gpr_free(json_key_string);
grpc_credentials_unref(jwt_creds);
grpc_jwt_encode_and_sign_set_override(NULL);
}
static void test_service_account_creds_success(void) {
char *json_key_string = test_json_key_str();
grpc_credentials *service_account_creds =
grpc_service_account_credentials_create(json_key_string, test_scope,
grpc_max_auth_token_lifetime);
GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));
/* First request: http get should be called. */
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
service_account_httpcli_post_success);
grpc_credentials_get_request_metadata(
service_account_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_success, (void *)test_user_data);
/* Second request: the cached token should be served directly. */
grpc_jwt_encode_and_sign_set_override(
encode_and_sign_jwt_should_not_be_called);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
httpcli_post_should_not_be_called);
grpc_credentials_get_request_metadata(
service_account_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_success, (void *)test_user_data);
gpr_free(json_key_string);
grpc_credentials_unref(service_account_creds);
grpc_jwt_encode_and_sign_set_override(NULL);
grpc_httpcli_set_override(NULL, NULL);
}
static void composite_get_request_metadata(grpc_credentials *creds,
grpc_pollset *pollset,
const char *service_url,
grpc_credentials_metadata_cb cb,
void *user_data) {
grpc_composite_credentials *c = (grpc_composite_credentials *)creds;
grpc_composite_credentials_metadata_context *ctx;
if (!grpc_credentials_has_request_metadata(creds)) {
cb(user_data, NULL, 0, GRPC_CREDENTIALS_OK);
return;
}
ctx = gpr_malloc(sizeof(grpc_composite_credentials_metadata_context));
memset(ctx, 0, sizeof(grpc_composite_credentials_metadata_context));
ctx->service_url = gpr_strdup(service_url);
ctx->user_data = user_data;
ctx->cb = cb;
ctx->composite_creds = c;
ctx->pollset = pollset;
ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds);
while (ctx->creds_index < c->inner.num_creds) {
grpc_credentials *inner_creds = c->inner.creds_array[ctx->creds_index++];
if (grpc_credentials_has_request_metadata(inner_creds)) {
grpc_credentials_get_request_metadata(inner_creds, pollset, service_url,
composite_metadata_cb, ctx);
return;
}
}
GPR_ASSERT(0); /* Should have exited before. */
}
static void test_ssl_oauth2_iam_composite_creds(void) {
grpc_credentials *ssl_creds =
grpc_ssl_credentials_create(test_root_cert, NULL);
const grpc_credentials_array *creds_array;
grpc_credentials *oauth2_creds =
grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0);
grpc_credentials *aux_creds =
grpc_composite_credentials_create(ssl_creds, oauth2_creds);
grpc_credentials *iam_creds = grpc_iam_credentials_create(
test_iam_authorization_token, test_iam_authority_selector);
grpc_credentials *composite_creds =
grpc_composite_credentials_create(aux_creds, iam_creds);
grpc_credentials_unref(ssl_creds);
grpc_credentials_unref(oauth2_creds);
grpc_credentials_unref(aux_creds);
grpc_credentials_unref(iam_creds);
GPR_ASSERT(strcmp(composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) ==
0);
GPR_ASSERT(grpc_credentials_has_request_metadata(composite_creds));
GPR_ASSERT(!grpc_credentials_has_request_metadata_only(composite_creds));
creds_array = grpc_composite_credentials_get_credentials(composite_creds);
GPR_ASSERT(creds_array->num_creds == 3);
GPR_ASSERT(strcmp(creds_array->creds_array[0]->type,
GRPC_CREDENTIALS_TYPE_SSL) == 0);
GPR_ASSERT(strcmp(creds_array->creds_array[1]->type,
GRPC_CREDENTIALS_TYPE_OAUTH2) == 0);
GPR_ASSERT(strcmp(creds_array->creds_array[2]->type,
GRPC_CREDENTIALS_TYPE_IAM) == 0);
grpc_credentials_get_request_metadata(composite_creds, NULL, test_service_url,
check_ssl_oauth2_iam_composite_metadata,
composite_creds);
}
static void composite_metadata_cb(void *user_data,
grpc_credentials_md *md_elems, size_t num_md,
grpc_credentials_status status) {
grpc_composite_credentials_metadata_context *ctx =
(grpc_composite_credentials_metadata_context *)user_data;
if (status != GRPC_CREDENTIALS_OK) {
ctx->cb(ctx->user_data, NULL, 0, status);
return;
}
/* Copy the metadata in the context. */
if (num_md > 0) {
size_t i;
for (i = 0; i < num_md; i++) {
grpc_credentials_md_store_add(ctx->md_elems, md_elems[i].key,
md_elems[i].value);
}
}
/* See if we need to get some more metadata. */
while (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
grpc_credentials *inner_creds =
ctx->composite_creds->inner.creds_array[ctx->creds_index++];
if (grpc_credentials_has_request_metadata(inner_creds)) {
grpc_credentials_get_request_metadata(inner_creds, ctx->service_url,
composite_metadata_cb, ctx);
return;
}
}
/* We're done!. */
ctx->cb(ctx->user_data, ctx->md_elems->entries, ctx->md_elems->num_entries,
GRPC_CREDENTIALS_OK);
composite_md_context_destroy(ctx);
}
static void test_access_token_creds(void) {
grpc_credentials *creds = grpc_access_token_credentials_create("blah");
GPR_ASSERT(grpc_credentials_has_request_metadata(creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds));
GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0);
grpc_credentials_get_request_metadata(creds, NULL, test_service_url,
check_access_token_metadata, creds);
}
static void test_iam_creds(void) {
grpc_credentials *creds = grpc_iam_credentials_create(
test_iam_authorization_token, test_iam_authority_selector);
GPR_ASSERT(grpc_credentials_has_request_metadata(creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds));
grpc_credentials_get_request_metadata(creds, NULL, test_service_url,
check_iam_metadata, creds);
}
static void test_refresh_token_creds_failure(void) {
grpc_credentials *refresh_token_creds =
grpc_refresh_token_credentials_create(test_refresh_token_str);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
refresh_token_httpcli_post_failure);
GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds));
grpc_credentials_get_request_metadata(
refresh_token_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
grpc_credentials_unref(refresh_token_creds);
grpc_httpcli_set_override(NULL, NULL);
}
static void test_compute_engine_creds_failure(void) {
grpc_credentials *compute_engine_creds =
grpc_compute_engine_credentials_create();
grpc_httpcli_set_override(compute_engine_httpcli_get_failure_override,
httpcli_post_should_not_be_called);
GPR_ASSERT(grpc_credentials_has_request_metadata(compute_engine_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(compute_engine_creds));
grpc_credentials_get_request_metadata(
compute_engine_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
grpc_credentials_unref(compute_engine_creds);
grpc_httpcli_set_override(NULL, NULL);
}
static void test_refresh_token_creds_success(void) {
grpc_credentials *refresh_token_creds =
grpc_refresh_token_credentials_create(test_refresh_token_str);
GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds));
/* First request: http get should be called. */
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
refresh_token_httpcli_post_success);
grpc_credentials_get_request_metadata(
refresh_token_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_success, (void *)test_user_data);
/* Second request: the cached token should be served directly. */
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
httpcli_post_should_not_be_called);
grpc_credentials_get_request_metadata(
refresh_token_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_success, (void *)test_user_data);
grpc_credentials_unref(refresh_token_creds);
grpc_httpcli_set_override(NULL, NULL);
}
char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds) {
oauth2_request request;
grpc_pollset_init(&request.pollset);
request.is_done = 0;
grpc_credentials_get_request_metadata(creds, &request.pollset, "",
on_oauth2_response, &request);
gpr_mu_lock(GRPC_POLLSET_MU(&request.pollset));
while (!request.is_done)
grpc_pollset_work(&request.pollset, gpr_inf_future(GPR_CLOCK_REALTIME));
gpr_mu_unlock(GRPC_POLLSET_MU(&request.pollset));
grpc_pollset_shutdown(&request.pollset, do_nothing, NULL);
grpc_pollset_destroy(&request.pollset);
return request.token;
}
static void test_jwt_creds_signing_failure(void) {
char *json_key_string = test_json_key_str();
grpc_credentials *jwt_creds =
grpc_service_account_jwt_access_credentials_create(
json_key_string, grpc_max_auth_token_lifetime);
GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure);
grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
on_jwt_creds_get_metadata_failure,
(void *)test_user_data);
gpr_free(json_key_string);
grpc_credentials_unref(jwt_creds);
grpc_jwt_encode_and_sign_set_override(NULL);
}
int main(int argc, char **argv) {
int result = 0;
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
synchronizer sync;
grpc_credentials *creds = NULL;
char *service_url = "https://test.foo.google.com/Foo";
gpr_cmdline *cl = gpr_cmdline_create("print_google_default_creds_token");
gpr_cmdline_add_string(cl, "service_url",
"Service URL for the token request.", &service_url);
gpr_cmdline_parse(cl, argc, argv);
grpc_init();
creds = grpc_google_default_credentials_create();
if (creds == NULL) {
fprintf(stderr, "\nCould not find default credentials.\n\n");
result = 1;
goto end;
}
grpc_pollset_init(&sync.pollset);
sync.is_done = 0;
grpc_credentials_get_request_metadata(&exec_ctx, creds, &sync.pollset,
service_url, on_metadata_response,
&sync);
gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset));
while (!sync.is_done) {
grpc_pollset_worker worker;
grpc_pollset_work(&exec_ctx, &sync.pollset, &worker,
gpr_now(GPR_CLOCK_MONOTONIC),
gpr_inf_future(GPR_CLOCK_MONOTONIC));
gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset));
grpc_exec_ctx_finish(&exec_ctx);
gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset));
}
gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset));
grpc_credentials_release(creds);
end:
gpr_cmdline_destroy(cl);
grpc_shutdown();
return result;
}
static void test_service_account_creds_http_failure(void) {
char *json_key_string = test_json_key_str();
grpc_credentials *service_account_creds =
grpc_service_account_credentials_create(json_key_string, test_scope,
grpc_max_auth_token_lifetime);
GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));
grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
grpc_httpcli_set_override(httpcli_get_should_not_be_called,
service_account_httpcli_post_failure);
grpc_credentials_get_request_metadata(
service_account_creds, NULL, test_service_url,
on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
gpr_free(json_key_string);
grpc_credentials_unref(service_account_creds);
grpc_httpcli_set_override(NULL, NULL);
}
static void send_security_metadata(grpc_exec_ctx *exec_ctx,
grpc_call_element *elem,
grpc_transport_stream_op *op) {
call_data *calld = elem->call_data;
channel_data *chand = elem->channel_data;
grpc_client_security_context *ctx =
(grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY].value;
grpc_credentials *channel_creds =
chand->security_connector->request_metadata_creds;
int channel_creds_has_md =
(channel_creds != NULL) &&
grpc_credentials_has_request_metadata(channel_creds);
int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) &&
grpc_credentials_has_request_metadata(ctx->creds);
if (!channel_creds_has_md && !call_creds_has_md) {
/* Skip sending metadata altogether. */
grpc_call_next_op(exec_ctx, elem, op);
return;
}
if (channel_creds_has_md && call_creds_has_md) {
calld->creds =
grpc_composite_credentials_create(channel_creds, ctx->creds, NULL);
if (calld->creds == NULL) {
bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT,
"Incompatible credentials set on channel and call.");
return;
}
} else {
calld->creds =
grpc_credentials_ref(call_creds_has_md ? ctx->creds : channel_creds);
}
build_service_url(chand->security_connector->base.url_scheme, calld);
calld->op = *op; /* Copy op (originates from the caller's stack). */
GPR_ASSERT(calld->pollset);
grpc_credentials_get_request_metadata(exec_ctx, calld->creds, calld->pollset,
calld->service_url,
on_credentials_metadata, elem);
}
static void composite_metadata_cb(void *user_data, grpc_mdelem **md_elems,
size_t num_md,
grpc_credentials_status status) {
grpc_composite_credentials_metadata_context *ctx =
(grpc_composite_credentials_metadata_context *)user_data;
size_t i;
if (status != GRPC_CREDENTIALS_OK) {
ctx->cb(ctx->user_data, NULL, 0, status);
return;
}
/* Copy the metadata in the context. */
if (num_md > 0) {
ctx->md_elems = gpr_realloc(ctx->md_elems,
(ctx->num_md + num_md) * sizeof(grpc_mdelem *));
for (i = 0; i < num_md; i++) {
ctx->md_elems[i + ctx->num_md] = grpc_mdelem_ref(md_elems[i]);
}
ctx->num_md += num_md;
}
/* See if we need to get some more metadata. */
while (ctx->creds_index < ctx->composite_creds->inner.num_creds) {
grpc_credentials *inner_creds =
ctx->composite_creds->inner.creds_array[ctx->creds_index++];
if (grpc_credentials_has_request_metadata(inner_creds)) {
grpc_credentials_get_request_metadata(inner_creds, ctx->service_url,
composite_metadata_cb, ctx);
return;
}
}
/* We're done!. */
ctx->cb(ctx->user_data, ctx->md_elems, ctx->num_md, GRPC_CREDENTIALS_OK);
composite_md_context_destroy(ctx);
}