コード例 #1
0
ファイル: credentials_test.c プロジェクト: rootusr/grpc 
static void test_ssl_oauth2_iam_composite_creds(void) {
    grpc_credentials *ssl_creds =
        grpc_ssl_credentials_create(test_root_cert, NULL);
    const grpc_credentials_array *creds_array;
    grpc_credentials *oauth2_creds =
        grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0);
    grpc_credentials *aux_creds =
        grpc_composite_credentials_create(ssl_creds, oauth2_creds);
    grpc_credentials *iam_creds = grpc_iam_credentials_create(
                                      test_iam_authorization_token, test_iam_authority_selector);
    grpc_credentials *composite_creds =
        grpc_composite_credentials_create(aux_creds, iam_creds);
    grpc_credentials_unref(ssl_creds);
    grpc_credentials_unref(oauth2_creds);
    grpc_credentials_unref(aux_creds);
    grpc_credentials_unref(iam_creds);
    GPR_ASSERT(strcmp(composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) ==
               0);
    GPR_ASSERT(grpc_credentials_has_request_metadata(composite_creds));
    GPR_ASSERT(!grpc_credentials_has_request_metadata_only(composite_creds));
    creds_array = grpc_composite_credentials_get_credentials(composite_creds);
    GPR_ASSERT(creds_array->num_creds == 3);
    GPR_ASSERT(strcmp(creds_array->creds_array[0]->type,
                      GRPC_CREDENTIALS_TYPE_SSL) == 0);
    GPR_ASSERT(strcmp(creds_array->creds_array[1]->type,
                      GRPC_CREDENTIALS_TYPE_OAUTH2) == 0);
    GPR_ASSERT(strcmp(creds_array->creds_array[2]->type,
                      GRPC_CREDENTIALS_TYPE_IAM) == 0);
    grpc_credentials_get_request_metadata(composite_creds, NULL, test_service_url,
                                          check_ssl_oauth2_iam_composite_metadata,
                                          composite_creds);
}
コード例 #2
0
ファイル: credentials_test.c プロジェクト: rootusr/grpc 
void test_ssl_fake_transport_security_composite_creds_failure(void) {
    grpc_credentials *ssl_creds = grpc_ssl_credentials_create(NULL, NULL);
    grpc_credentials *fake_transport_security_creds =
        grpc_fake_transport_security_credentials_create();

    /* 2 connector credentials: should not work. */
    GPR_ASSERT(grpc_composite_credentials_create(
                   ssl_creds, fake_transport_security_creds) == NULL);
    grpc_credentials_unref(ssl_creds);
    grpc_credentials_unref(fake_transport_security_creds);
}
コード例 #3
0
grpc_credentials *grpc_google_default_credentials_create(void) {
  grpc_credentials *result = NULL;
  int serving_cached_credentials = 0;
  gpr_once_init(&g_once, init_default_credentials);

  gpr_mu_lock(&g_mu);

  if (default_credentials != NULL) {
    result = grpc_credentials_ref(default_credentials);
    serving_cached_credentials = 1;
    goto end;
  }

  /* First, try the environment variable. */
  result =
      create_jwt_creds_from_path(gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR));
  if (result != NULL) goto end;

  /* Then the well-known file. */
  result = create_refresh_token_creds_from_path(
      grpc_get_well_known_google_credentials_file_path());
  if (result != NULL) goto end;

  /* At last try to see if we're on compute engine (do the detection only once
     since it requires a network test). */
  if (!compute_engine_detection_done) {
    int need_compute_engine_creds = is_stack_running_on_compute_engine();
    compute_engine_detection_done = 1;
    if (need_compute_engine_creds) {
      result = grpc_compute_engine_credentials_create();
    }
  }

end:
  if (!serving_cached_credentials && result != NULL) {
    /* Blend with default ssl credentials and add a global reference so that it
       can be cached and re-served. */
    result = grpc_composite_credentials_create(
        grpc_ssl_credentials_create(NULL, NULL), result);
    GPR_ASSERT(result != NULL);
    default_credentials = grpc_credentials_ref(result);
  }
  gpr_mu_unlock(&g_mu);
  return result;
}
コード例 #4
0
static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack(
    grpc_end2end_test_fixture *f, grpc_channel_args *client_args) {
  grpc_credentials *ssl_creds =
      grpc_ssl_credentials_create(test_root_cert, NULL);
  grpc_credentials *oauth2_creds =
      grpc_fake_oauth2_credentials_create("Bearer aaslkfjs424535asdf", 1);
  grpc_credentials *ssl_oauth2_creds =
      grpc_composite_credentials_create(ssl_creds, oauth2_creds);
  grpc_arg ssl_name_override = {GRPC_ARG_STRING,
                                GRPC_SSL_TARGET_NAME_OVERRIDE_ARG,
                                {"foo.test.google.fr"}};
  grpc_channel_args *new_client_args =
      grpc_channel_args_copy_and_add(client_args, &ssl_name_override);
  chttp2_init_client_secure_fullstack(f, new_client_args, ssl_oauth2_creds);
  grpc_channel_args_destroy(new_client_args);
  grpc_credentials_release(ssl_creds);
  grpc_credentials_release(oauth2_creds);
}
コード例 #5
0
ファイル: rb_credentials.c プロジェクト: Abioy/kythe 
/*
  call-seq:
    creds1 = ...
    creds2 = ...
    creds3 = creds1.add(creds2)
    Creates the default credential instances. */
static VALUE grpc_rb_composite_credentials_create(VALUE self, VALUE other) {
  grpc_rb_credentials *self_wrapper = NULL;
  grpc_rb_credentials *other_wrapper = NULL;
  grpc_rb_credentials *wrapper = NULL;

  Data_Get_Struct(self, grpc_rb_credentials, self_wrapper);
  Data_Get_Struct(other, grpc_rb_credentials, other_wrapper);
  wrapper = ALLOC(grpc_rb_credentials);
  wrapper->wrapped = grpc_composite_credentials_create(self_wrapper->wrapped,
                                                       other_wrapper->wrapped);
  if (wrapper->wrapped == NULL) {
    rb_raise(rb_eRuntimeError,
             "could not create composite credentials, not sure why");
    return Qnil;
  }

  wrapper->mark = Qnil;
  return Data_Wrap_Struct(rb_cCredentials, grpc_rb_credentials_mark,
                          grpc_rb_credentials_free, wrapper);
}
コード例 #6
0
ファイル: client_auth_filter.c プロジェクト: wangyikai/grpc 
static void send_security_metadata(grpc_exec_ctx *exec_ctx,
                                   grpc_call_element *elem,
                                   grpc_transport_stream_op *op) {
  call_data *calld = elem->call_data;
  channel_data *chand = elem->channel_data;
  grpc_client_security_context *ctx =
      (grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY].value;
  grpc_credentials *channel_creds =
      chand->security_connector->request_metadata_creds;
  int channel_creds_has_md =
      (channel_creds != NULL) &&
      grpc_credentials_has_request_metadata(channel_creds);
  int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) &&
                          grpc_credentials_has_request_metadata(ctx->creds);

  if (!channel_creds_has_md && !call_creds_has_md) {
    /* Skip sending metadata altogether. */
    grpc_call_next_op(exec_ctx, elem, op);
    return;
  }

  if (channel_creds_has_md && call_creds_has_md) {
    calld->creds =
        grpc_composite_credentials_create(channel_creds, ctx->creds, NULL);
    if (calld->creds == NULL) {
      bubble_up_error(exec_ctx, elem, GRPC_STATUS_INVALID_ARGUMENT,
                      "Incompatible credentials set on channel and call.");
      return;
    }
  } else {
    calld->creds =
        grpc_credentials_ref(call_creds_has_md ? ctx->creds : channel_creds);
  }

  build_service_url(chand->security_connector->base.url_scheme, calld);
  calld->op = *op; /* Copy op (originates from the caller's stack). */
  GPR_ASSERT(calld->pollset);
  grpc_credentials_get_request_metadata(exec_ctx, calld->creds, calld->pollset,
                                        calld->service_url,
                                        on_credentials_metadata, elem);
}