grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1, grpc_credentials *creds2, void *reserved) { size_t i; size_t creds_array_byte_size; grpc_credentials_array creds1_array; grpc_credentials_array creds2_array; grpc_composite_credentials *c; GRPC_API_TRACE( "grpc_composite_credentials_create(creds1=%p, creds2=%p, " "reserved=%p)", 3, (creds1, creds2, reserved)); GPR_ASSERT(reserved == NULL); GPR_ASSERT(creds1 != NULL); GPR_ASSERT(creds2 != NULL); c = gpr_malloc(sizeof(grpc_composite_credentials)); memset(c, 0, sizeof(grpc_composite_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_COMPOSITE; c->base.vtable = &composite_credentials_vtable; gpr_ref_init(&c->base.refcount, 1); creds1_array = get_creds_array(&creds1); creds2_array = get_creds_array(&creds2); c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds; creds_array_byte_size = c->inner.num_creds * sizeof(grpc_credentials *); c->inner.creds_array = gpr_malloc(creds_array_byte_size); memset(c->inner.creds_array, 0, creds_array_byte_size); for (i = 0; i < creds1_array.num_creds; i++) { grpc_credentials *cur_creds = creds1_array.creds_array[i]; if (!grpc_credentials_has_request_metadata_only(cur_creds)) { if (c->connector_creds == NULL) { c->connector_creds = cur_creds; } else { gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials."); goto fail; } } c->inner.creds_array[i] = grpc_credentials_ref(cur_creds); } for (i = 0; i < creds2_array.num_creds; i++) { grpc_credentials *cur_creds = creds2_array.creds_array[i]; if (!grpc_credentials_has_request_metadata_only(cur_creds)) { if (c->connector_creds == NULL) { c->connector_creds = cur_creds; } else { gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials."); goto fail; } } c->inner.creds_array[i + creds1_array.num_creds] = grpc_credentials_ref(cur_creds); } return &c->base; fail: grpc_credentials_unref(&c->base); return NULL; }
static void test_jwt_creds_success(void) { char *json_key_string = test_json_key_str(); grpc_credentials *jwt_creds = grpc_service_account_jwt_access_credentials_create( json_key_string, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds)); /* First request: jwt_encode_and_sign should be called. */ grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_success, (void *)test_user_data); /* Second request: the cached token should be served directly. */ grpc_jwt_encode_and_sign_set_override( encode_and_sign_jwt_should_not_be_called); grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_success, (void *)test_user_data); /* Third request: Different service url so jwt_encode_and_sign should be called again (no caching). */ grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_credentials_get_request_metadata(jwt_creds, NULL, other_test_service_url, on_jwt_creds_get_metadata_success, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(jwt_creds); grpc_jwt_encode_and_sign_set_override(NULL); }
static void test_service_account_creds_success(void) { char *json_key_string = test_json_key_str(); grpc_credentials *service_account_creds = grpc_service_account_credentials_create(json_key_string, test_scope, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds)); /* First request: http get should be called. */ grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_httpcli_set_override(httpcli_get_should_not_be_called, service_account_httpcli_post_success); grpc_credentials_get_request_metadata( service_account_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *)test_user_data); /* Second request: the cached token should be served directly. */ grpc_jwt_encode_and_sign_set_override( encode_and_sign_jwt_should_not_be_called); grpc_httpcli_set_override(httpcli_get_should_not_be_called, httpcli_post_should_not_be_called); grpc_credentials_get_request_metadata( service_account_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(service_account_creds); grpc_jwt_encode_and_sign_set_override(NULL); grpc_httpcli_set_override(NULL, NULL); }
static void test_ssl_oauth2_iam_composite_creds(void) { grpc_credentials *ssl_creds = grpc_ssl_credentials_create(test_root_cert, NULL); const grpc_credentials_array *creds_array; grpc_credentials *oauth2_creds = grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0); grpc_credentials *aux_creds = grpc_composite_credentials_create(ssl_creds, oauth2_creds); grpc_credentials *iam_creds = grpc_iam_credentials_create( test_iam_authorization_token, test_iam_authority_selector); grpc_credentials *composite_creds = grpc_composite_credentials_create(aux_creds, iam_creds); grpc_credentials_unref(ssl_creds); grpc_credentials_unref(oauth2_creds); grpc_credentials_unref(aux_creds); grpc_credentials_unref(iam_creds); GPR_ASSERT(strcmp(composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); GPR_ASSERT(grpc_credentials_has_request_metadata(composite_creds)); GPR_ASSERT(!grpc_credentials_has_request_metadata_only(composite_creds)); creds_array = grpc_composite_credentials_get_credentials(composite_creds); GPR_ASSERT(creds_array->num_creds == 3); GPR_ASSERT(strcmp(creds_array->creds_array[0]->type, GRPC_CREDENTIALS_TYPE_SSL) == 0); GPR_ASSERT(strcmp(creds_array->creds_array[1]->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); GPR_ASSERT(strcmp(creds_array->creds_array[2]->type, GRPC_CREDENTIALS_TYPE_IAM) == 0); grpc_credentials_get_request_metadata(composite_creds, NULL, test_service_url, check_ssl_oauth2_iam_composite_metadata, composite_creds); }
grpc_channel *grpc_secure_channel_create_with_factories( const grpc_secure_channel_factory *factories, size_t num_factories, grpc_credentials *creds, const char *target, const grpc_channel_args *args) { size_t i; if (creds == NULL) { gpr_log(GPR_ERROR, "No credentials to create a secure channel."); return grpc_lame_client_channel_create(); } if (grpc_credentials_has_request_metadata_only(creds)) { gpr_log(GPR_ERROR, "Credentials is insufficient to create a secure channel."); return grpc_lame_client_channel_create(); } for (i = 0; i < num_factories; i++) { grpc_credentials *composite_creds = NULL; grpc_credentials *transport_security_creds = NULL; transport_security_creds = grpc_credentials_contains_type( creds, factories[i].creds_type, &composite_creds); if (transport_security_creds != NULL) { return factories[i].factory(transport_security_creds, composite_creds, target, args); } } gpr_log(GPR_ERROR, "Unknown credentials type %s for creating a secure channel.", creds->type); return grpc_lame_client_channel_create(); }
static void test_access_token_creds(void) { grpc_credentials *creds = grpc_access_token_credentials_create("blah"); GPR_ASSERT(grpc_credentials_has_request_metadata(creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds)); GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); grpc_credentials_get_request_metadata(creds, NULL, test_service_url, check_access_token_metadata, creds); }
static void test_iam_creds(void) { grpc_credentials *creds = grpc_iam_credentials_create( test_iam_authorization_token, test_iam_authority_selector); GPR_ASSERT(grpc_credentials_has_request_metadata(creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds)); grpc_credentials_get_request_metadata(creds, NULL, test_service_url, check_iam_metadata, creds); }
static int composite_has_request_metadata_only(const grpc_credentials *creds) { const grpc_composite_credentials *c = (const grpc_composite_credentials *)creds; size_t i; for (i = 0; i < c->inner.num_creds; i++) { if (!grpc_credentials_has_request_metadata_only(c->inner.creds_array[i])) { return 0; } } return 1; }
static void test_refresh_token_creds_failure(void) { grpc_credentials *refresh_token_creds = grpc_refresh_token_credentials_create(test_refresh_token_str); grpc_httpcli_set_override(httpcli_get_should_not_be_called, refresh_token_httpcli_post_failure); GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds)); grpc_credentials_get_request_metadata( refresh_token_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_failure, (void *)test_user_data); grpc_credentials_unref(refresh_token_creds); grpc_httpcli_set_override(NULL, NULL); }
static void test_compute_engine_creds_failure(void) { grpc_credentials *compute_engine_creds = grpc_compute_engine_credentials_create(); grpc_httpcli_set_override(compute_engine_httpcli_get_failure_override, httpcli_post_should_not_be_called); GPR_ASSERT(grpc_credentials_has_request_metadata(compute_engine_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(compute_engine_creds)); grpc_credentials_get_request_metadata( compute_engine_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_failure, (void *)test_user_data); grpc_credentials_unref(compute_engine_creds); grpc_httpcli_set_override(NULL, NULL); }
grpc_security_status grpc_credentials_create_security_connector( grpc_credentials *creds, const char *target, const grpc_channel_args *args, grpc_credentials *request_metadata_creds, grpc_channel_security_connector **sc, grpc_channel_args **new_args) { *new_args = NULL; if (creds == NULL || creds->vtable->create_security_connector == NULL || grpc_credentials_has_request_metadata_only(creds)) { gpr_log(GPR_ERROR, "Invalid credentials for creating a security connector."); return GRPC_SECURITY_ERROR; } return creds->vtable->create_security_connector( creds, target, args, request_metadata_creds, sc, new_args); }
static void test_jwt_creds_signing_failure(void) { char *json_key_string = test_json_key_str(); grpc_credentials *jwt_creds = grpc_service_account_jwt_access_credentials_create( json_key_string, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds)); grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure); grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_failure, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(jwt_creds); grpc_jwt_encode_and_sign_set_override(NULL); }
static void test_service_account_creds_http_failure(void) { char *json_key_string = test_json_key_str(); grpc_credentials *service_account_creds = grpc_service_account_credentials_create(json_key_string, test_scope, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds)); grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_httpcli_set_override(httpcli_get_should_not_be_called, service_account_httpcli_post_failure); grpc_credentials_get_request_metadata( service_account_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_failure, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(service_account_creds); grpc_httpcli_set_override(NULL, NULL); }
static void test_refresh_token_creds_success(void) { grpc_credentials *refresh_token_creds = grpc_refresh_token_credentials_create(test_refresh_token_str); GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds)); /* First request: http get should be called. */ grpc_httpcli_set_override(httpcli_get_should_not_be_called, refresh_token_httpcli_post_success); grpc_credentials_get_request_metadata( refresh_token_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *)test_user_data); /* Second request: the cached token should be served directly. */ grpc_httpcli_set_override(httpcli_get_should_not_be_called, httpcli_post_should_not_be_called); grpc_credentials_get_request_metadata( refresh_token_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *)test_user_data); grpc_credentials_unref(refresh_token_creds); grpc_httpcli_set_override(NULL, NULL); }
grpc_call_error grpc_call_set_credentials(grpc_call *call, grpc_credentials *creds) { grpc_client_security_context *ctx = NULL; if (!grpc_call_is_client(call)) { gpr_log(GPR_ERROR, "Method is client-side only."); return GRPC_CALL_ERROR_NOT_ON_SERVER; } if (creds != NULL && !grpc_credentials_has_request_metadata_only(creds)) { gpr_log(GPR_ERROR, "Incompatible credentials to set on a call."); return GRPC_CALL_ERROR; } ctx = (grpc_client_security_context *)grpc_call_context_get( call, GRPC_CONTEXT_SECURITY); if (ctx == NULL) { ctx = grpc_client_security_context_create(); ctx->creds = grpc_credentials_ref(creds); grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx, grpc_client_security_context_destroy); } else { grpc_credentials_unref(ctx->creds); ctx->creds = grpc_credentials_ref(creds); } return GRPC_CALL_OK; }