static void test_ssl_oauth2_iam_composite_creds(void) { grpc_credentials *ssl_creds = grpc_ssl_credentials_create(test_root_cert, NULL); const grpc_credentials_array *creds_array; grpc_credentials *oauth2_creds = grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0); grpc_credentials *aux_creds = grpc_composite_credentials_create(ssl_creds, oauth2_creds); grpc_credentials *iam_creds = grpc_iam_credentials_create( test_iam_authorization_token, test_iam_authority_selector); grpc_credentials *composite_creds = grpc_composite_credentials_create(aux_creds, iam_creds); grpc_credentials_unref(ssl_creds); grpc_credentials_unref(oauth2_creds); grpc_credentials_unref(aux_creds); grpc_credentials_unref(iam_creds); GPR_ASSERT(strcmp(composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); GPR_ASSERT(grpc_credentials_has_request_metadata(composite_creds)); GPR_ASSERT(!grpc_credentials_has_request_metadata_only(composite_creds)); creds_array = grpc_composite_credentials_get_credentials(composite_creds); GPR_ASSERT(creds_array->num_creds == 3); GPR_ASSERT(strcmp(creds_array->creds_array[0]->type, GRPC_CREDENTIALS_TYPE_SSL) == 0); GPR_ASSERT(strcmp(creds_array->creds_array[1]->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); GPR_ASSERT(strcmp(creds_array->creds_array[2]->type, GRPC_CREDENTIALS_TYPE_IAM) == 0); grpc_credentials_get_request_metadata(composite_creds, NULL, test_service_url, check_ssl_oauth2_iam_composite_metadata, composite_creds); }
void test_ssl_fake_transport_security_composite_creds_failure(void) { grpc_credentials *ssl_creds = grpc_ssl_credentials_create(NULL, NULL); grpc_credentials *fake_transport_security_creds = grpc_fake_transport_security_credentials_create(); /* 2 connector credentials: should not work. */ GPR_ASSERT(grpc_composite_credentials_create( ssl_creds, fake_transport_security_creds) == NULL); grpc_credentials_unref(ssl_creds); grpc_credentials_unref(fake_transport_security_creds); }
grpc_credentials *grpc_google_default_credentials_create(void) { grpc_credentials *result = NULL; int serving_cached_credentials = 0; gpr_once_init(&g_once, init_default_credentials); gpr_mu_lock(&g_mu); if (default_credentials != NULL) { result = grpc_credentials_ref(default_credentials); serving_cached_credentials = 1; goto end; } /* First, try the environment variable. */ result = create_jwt_creds_from_path(gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR)); if (result != NULL) goto end; /* Then the well-known file. */ result = create_refresh_token_creds_from_path( grpc_get_well_known_google_credentials_file_path()); if (result != NULL) goto end; /* At last try to see if we're on compute engine (do the detection only once since it requires a network test). */ if (!compute_engine_detection_done) { int need_compute_engine_creds = is_stack_running_on_compute_engine(); compute_engine_detection_done = 1; if (need_compute_engine_creds) { result = grpc_compute_engine_credentials_create(); } } end: if (!serving_cached_credentials && result != NULL) { /* Blend with default ssl credentials and add a global reference so that it can be cached and re-served. */ result = grpc_composite_credentials_create( grpc_ssl_credentials_create(NULL, NULL), result); GPR_ASSERT(result != NULL); default_credentials = grpc_credentials_ref(result); } gpr_mu_unlock(&g_mu); return result; }
static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *client_args) { grpc_credentials *ssl_creds = grpc_ssl_credentials_create(test_root_cert, NULL); grpc_credentials *oauth2_creds = grpc_fake_oauth2_credentials_create("Bearer aaslkfjs424535asdf", 1); grpc_credentials *ssl_oauth2_creds = grpc_composite_credentials_create(ssl_creds, oauth2_creds); grpc_arg ssl_name_override = {GRPC_ARG_STRING, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, {"foo.test.google.fr"}}; grpc_channel_args *new_client_args = grpc_channel_args_copy_and_add(client_args, &ssl_name_override); chttp2_init_client_secure_fullstack(f, new_client_args, ssl_oauth2_creds); grpc_channel_args_destroy(new_client_args); grpc_credentials_release(ssl_creds); grpc_credentials_release(oauth2_creds); }
/* call-seq: creds1 = ... creds2 = ... creds3 = creds1.add(creds2) Creates the default credential instances. */ static VALUE grpc_rb_composite_credentials_create(VALUE self, VALUE other) { grpc_rb_credentials *self_wrapper = NULL; grpc_rb_credentials *other_wrapper = NULL; grpc_rb_credentials *wrapper = NULL; Data_Get_Struct(self, grpc_rb_credentials, self_wrapper); Data_Get_Struct(other, grpc_rb_credentials, other_wrapper); wrapper = ALLOC(grpc_rb_credentials); wrapper->wrapped = grpc_composite_credentials_create(self_wrapper->wrapped, other_wrapper->wrapped); if (wrapper->wrapped == NULL) { rb_raise(rb_eRuntimeError, "could not create composite credentials, not sure why"); return Qnil; } wrapper->mark = Qnil; return Data_Wrap_Struct(rb_cCredentials, grpc_rb_credentials_mark, grpc_rb_credentials_free, wrapper); }
static void send_security_metadata(grpc_exec_ctx *exec_ctx, grpc_call_element *elem, grpc_transport_stream_op *op) { call_data *calld = elem->call_data; channel_data *chand = elem->channel_data; grpc_client_security_context *ctx = (grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY].value; grpc_credentials *channel_creds = chand->security_connector->request_metadata_creds; int channel_creds_has_md = (channel_creds != NULL) && grpc_credentials_has_request_metadata(channel_creds); int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) && grpc_credentials_has_request_metadata(ctx->creds); if (!channel_creds_has_md && !call_creds_has_md) { /* Skip sending metadata altogether. */ grpc_call_next_op(exec_ctx, elem, op); return; } if (channel_creds_has_md && call_creds_has_md) { calld->creds = grpc_composite_credentials_create(channel_creds, ctx->creds, NULL); if (calld->creds == NULL) { bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT, "Incompatible credentials set on channel and call."); return; } } else { calld->creds = grpc_credentials_ref(call_creds_has_md ? ctx->creds : channel_creds); } build_service_url(chand->security_connector->base.url_scheme, calld); calld->op = *op; /* Copy op (originates from the caller's stack). */ GPR_ASSERT(calld->pollset); grpc_credentials_get_request_metadata(exec_ctx, calld->creds, calld->pollset, calld->service_url, on_credentials_metadata, elem); }