예제 #1
0
static void test_ssl_oauth2_iam_composite_creds(void) {
    grpc_credentials *ssl_creds =
        grpc_ssl_credentials_create(test_root_cert, NULL);
    const grpc_credentials_array *creds_array;
    grpc_credentials *oauth2_creds =
        grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0);
    grpc_credentials *aux_creds =
        grpc_composite_credentials_create(ssl_creds, oauth2_creds);
    grpc_credentials *iam_creds = grpc_iam_credentials_create(
                                      test_iam_authorization_token, test_iam_authority_selector);
    grpc_credentials *composite_creds =
        grpc_composite_credentials_create(aux_creds, iam_creds);
    grpc_credentials_unref(ssl_creds);
    grpc_credentials_unref(oauth2_creds);
    grpc_credentials_unref(aux_creds);
    grpc_credentials_unref(iam_creds);
    GPR_ASSERT(strcmp(composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) ==
               0);
    GPR_ASSERT(grpc_credentials_has_request_metadata(composite_creds));
    GPR_ASSERT(!grpc_credentials_has_request_metadata_only(composite_creds));
    creds_array = grpc_composite_credentials_get_credentials(composite_creds);
    GPR_ASSERT(creds_array->num_creds == 3);
    GPR_ASSERT(strcmp(creds_array->creds_array[0]->type,
                      GRPC_CREDENTIALS_TYPE_SSL) == 0);
    GPR_ASSERT(strcmp(creds_array->creds_array[1]->type,
                      GRPC_CREDENTIALS_TYPE_OAUTH2) == 0);
    GPR_ASSERT(strcmp(creds_array->creds_array[2]->type,
                      GRPC_CREDENTIALS_TYPE_IAM) == 0);
    grpc_credentials_get_request_metadata(composite_creds, NULL, test_service_url,
                                          check_ssl_oauth2_iam_composite_metadata,
                                          composite_creds);
}
예제 #2
0
void test_ssl_fake_transport_security_composite_creds_failure(void) {
    grpc_credentials *ssl_creds = grpc_ssl_credentials_create(NULL, NULL);
    grpc_credentials *fake_transport_security_creds =
        grpc_fake_transport_security_credentials_create();

    /* 2 connector credentials: should not work. */
    GPR_ASSERT(grpc_composite_credentials_create(
                   ssl_creds, fake_transport_security_creds) == NULL);
    grpc_credentials_unref(ssl_creds);
    grpc_credentials_unref(fake_transport_security_creds);
}
예제 #3
0
static void test_jwt_creds_success(void) {
    char *json_key_string = test_json_key_str();
    grpc_credentials *jwt_creds =
        grpc_service_account_jwt_access_credentials_create(
            json_key_string, grpc_max_auth_token_lifetime);
    GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));

    /* First request: jwt_encode_and_sign should be called. */
    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
    grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
                                          on_jwt_creds_get_metadata_success,
                                          (void *)test_user_data);

    /* Second request: the cached token should be served directly. */
    grpc_jwt_encode_and_sign_set_override(
        encode_and_sign_jwt_should_not_be_called);
    grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
                                          on_jwt_creds_get_metadata_success,
                                          (void *)test_user_data);

    /* Third request: Different service url so jwt_encode_and_sign should be
       called again (no caching). */
    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
    grpc_credentials_get_request_metadata(jwt_creds, NULL, other_test_service_url,
                                          on_jwt_creds_get_metadata_success,
                                          (void *)test_user_data);

    gpr_free(json_key_string);
    grpc_credentials_unref(jwt_creds);
    grpc_jwt_encode_and_sign_set_override(NULL);
}
예제 #4
0
static void test_service_account_creds_success(void) {
    char *json_key_string = test_json_key_str();
    grpc_credentials *service_account_creds =
        grpc_service_account_credentials_create(json_key_string, test_scope,
                grpc_max_auth_token_lifetime);
    GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));

    /* First request: http get should be called. */
    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              service_account_httpcli_post_success);
    grpc_credentials_get_request_metadata(
        service_account_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_success, (void *)test_user_data);

    /* Second request: the cached token should be served directly. */
    grpc_jwt_encode_and_sign_set_override(
        encode_and_sign_jwt_should_not_be_called);
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              httpcli_post_should_not_be_called);
    grpc_credentials_get_request_metadata(
        service_account_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_success, (void *)test_user_data);

    gpr_free(json_key_string);
    grpc_credentials_unref(service_account_creds);
    grpc_jwt_encode_and_sign_set_override(NULL);
    grpc_httpcli_set_override(NULL, NULL);
}
예제 #5
0
파일: credentials.c 프로젝트: bjori/grpc
static void composite_destruct(grpc_credentials *creds) {
  grpc_composite_credentials *c = (grpc_composite_credentials *)creds;
  size_t i;
  for (i = 0; i < c->inner.num_creds; i++) {
    grpc_credentials_unref(c->inner.creds_array[i]);
  }
  gpr_free(c->inner.creds_array);
}
예제 #6
0
파일: credentials.c 프로젝트: bjori/grpc
grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1,
                                                    grpc_credentials *creds2,
                                                    void *reserved) {
  size_t i;
  size_t creds_array_byte_size;
  grpc_credentials_array creds1_array;
  grpc_credentials_array creds2_array;
  grpc_composite_credentials *c;
  GRPC_API_TRACE(
      "grpc_composite_credentials_create(creds1=%p, creds2=%p, "
      "reserved=%p)",
      3, (creds1, creds2, reserved));
  GPR_ASSERT(reserved == NULL);
  GPR_ASSERT(creds1 != NULL);
  GPR_ASSERT(creds2 != NULL);
  c = gpr_malloc(sizeof(grpc_composite_credentials));
  memset(c, 0, sizeof(grpc_composite_credentials));
  c->base.type = GRPC_CREDENTIALS_TYPE_COMPOSITE;
  c->base.vtable = &composite_credentials_vtable;
  gpr_ref_init(&c->base.refcount, 1);
  creds1_array = get_creds_array(&creds1);
  creds2_array = get_creds_array(&creds2);
  c->inner.num_creds = creds1_array.num_creds + creds2_array.num_creds;
  creds_array_byte_size = c->inner.num_creds * sizeof(grpc_credentials *);
  c->inner.creds_array = gpr_malloc(creds_array_byte_size);
  memset(c->inner.creds_array, 0, creds_array_byte_size);
  for (i = 0; i < creds1_array.num_creds; i++) {
    grpc_credentials *cur_creds = creds1_array.creds_array[i];
    if (!grpc_credentials_has_request_metadata_only(cur_creds)) {
      if (c->connector_creds == NULL) {
        c->connector_creds = cur_creds;
      } else {
        gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials.");
        goto fail;
      }
    }
    c->inner.creds_array[i] = grpc_credentials_ref(cur_creds);
  }
  for (i = 0; i < creds2_array.num_creds; i++) {
    grpc_credentials *cur_creds = creds2_array.creds_array[i];
    if (!grpc_credentials_has_request_metadata_only(cur_creds)) {
      if (c->connector_creds == NULL) {
        c->connector_creds = cur_creds;
      } else {
        gpr_log(GPR_ERROR, "Cannot compose multiple connector credentials.");
        goto fail;
      }
    }
    c->inner.creds_array[i + creds1_array.num_creds] =
        grpc_credentials_ref(cur_creds);
  }
  return &c->base;

fail:
  grpc_credentials_unref(&c->base);
  return NULL;
}
예제 #7
0
/* Destructor for call_data */
static void destroy_call_elem(grpc_call_element *elem) {
  call_data *calld = elem->call_data;
  grpc_credentials_unref(calld->creds);
  if (calld->host != NULL) {
    GRPC_MDSTR_UNREF(calld->host);
  }
  if (calld->method != NULL) {
    GRPC_MDSTR_UNREF(calld->method);
  }
}
예제 #8
0
static void check_access_token_metadata(void *user_data,
                                        grpc_credentials_md *md_elems,
                                        size_t num_md,
                                        grpc_credentials_status status) {
    grpc_credentials *c = (grpc_credentials *)user_data;
    expected_md emd[] = {{GRPC_AUTHORIZATION_METADATA_KEY, "Bearer blah"}};
    GPR_ASSERT(status == GRPC_CREDENTIALS_OK);
    GPR_ASSERT(num_md == 1);
    check_metadata(emd, md_elems, num_md);
    grpc_credentials_unref(c);
}
예제 #9
0
static void check_iam_metadata(void *user_data, grpc_credentials_md *md_elems,
                               size_t num_md, grpc_credentials_status status) {
    grpc_credentials *c = (grpc_credentials *)user_data;
    expected_md emd[] = {
        {GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, test_iam_authorization_token},
        {GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, test_iam_authority_selector}
    };
    GPR_ASSERT(status == GRPC_CREDENTIALS_OK);
    GPR_ASSERT(num_md == 2);
    check_metadata(emd, md_elems, num_md);
    grpc_credentials_unref(c);
}
예제 #10
0
static void ssl_channel_destroy(grpc_security_context *ctx) {
  grpc_ssl_channel_security_context *c =
      (grpc_ssl_channel_security_context *)ctx;
  grpc_credentials_unref(c->base.request_metadata_creds);
  if (c->handshaker_factory != NULL) {
    tsi_ssl_handshaker_factory_destroy(c->handshaker_factory);
  }
  if (c->target_name != NULL) gpr_free(c->target_name);
  if (c->overridden_target_name != NULL) gpr_free(c->overridden_target_name);
  tsi_peer_destruct(&c->peer);
  gpr_free(ctx);
}
예제 #11
0
/* Destructor for call_data */
static void destroy_call_elem(grpc_exec_ctx *exec_ctx,
                              grpc_call_element *elem) {
  call_data *calld = elem->call_data;
  grpc_credentials_unref(calld->creds);
  if (calld->host != NULL) {
    GRPC_MDSTR_UNREF(calld->host);
  }
  if (calld->method != NULL) {
    GRPC_MDSTR_UNREF(calld->method);
  }
  reset_service_url(calld);
}
예제 #12
0
static void check_ssl_oauth2_composite_metadata(
    void *user_data, grpc_credentials_md *md_elems, size_t num_md,
    grpc_credentials_status status) {
    grpc_credentials *c = (grpc_credentials *)user_data;
    expected_md emd[] = {
        {GRPC_AUTHORIZATION_METADATA_KEY, test_oauth2_bearer_token}
    };
    GPR_ASSERT(status == GRPC_CREDENTIALS_OK);
    GPR_ASSERT(num_md == 1);
    check_metadata(emd, md_elems, num_md);
    grpc_credentials_unref(c);
}
예제 #13
0
static void ssl_channel_destroy(grpc_security_connector *sc) {
  grpc_ssl_channel_security_connector *c =
      (grpc_ssl_channel_security_connector *)sc;
  grpc_credentials_unref(c->base.request_metadata_creds);
  if (c->handshaker_factory != NULL) {
    tsi_ssl_handshaker_factory_destroy(c->handshaker_factory);
  }
  if (c->target_name != NULL) gpr_free(c->target_name);
  if (c->overridden_target_name != NULL) gpr_free(c->overridden_target_name);
  tsi_peer_destruct(&c->peer);
  GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector");
  gpr_free(sc);
}
예제 #14
0
static void test_refresh_token_creds_failure(void) {
    grpc_credentials *refresh_token_creds =
        grpc_refresh_token_credentials_create(test_refresh_token_str);
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              refresh_token_httpcli_post_failure);
    GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds));
    grpc_credentials_get_request_metadata(
        refresh_token_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
    grpc_credentials_unref(refresh_token_creds);
    grpc_httpcli_set_override(NULL, NULL);
}
예제 #15
0
static void test_compute_engine_creds_failure(void) {
    grpc_credentials *compute_engine_creds =
        grpc_compute_engine_credentials_create();
    grpc_httpcli_set_override(compute_engine_httpcli_get_failure_override,
                              httpcli_post_should_not_be_called);
    GPR_ASSERT(grpc_credentials_has_request_metadata(compute_engine_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(compute_engine_creds));
    grpc_credentials_get_request_metadata(
        compute_engine_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_failure, (void *)test_user_data);
    grpc_credentials_unref(compute_engine_creds);
    grpc_httpcli_set_override(NULL, NULL);
}
예제 #16
0
static void test_google_default_creds_access_token(void) {
    grpc_refresh_token_credentials *refresh;
    grpc_credentials *creds;
    grpc_flush_cached_google_default_credentials();
    set_google_default_creds_env_var_with_file_contents(
        "refresh_token_google_default_creds", test_refresh_token_str);
    creds = grpc_google_default_credentials_create();
    GPR_ASSERT(creds != NULL);
    refresh = (grpc_refresh_token_credentials *)composite_inner_creds(
                  creds, GRPC_CREDENTIALS_TYPE_OAUTH2);
    GPR_ASSERT(strcmp(refresh->refresh_token.client_id,
                      "32555999999.apps.googleusercontent.com") == 0);
    grpc_credentials_unref(creds);
    gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
}
예제 #17
0
static void test_jwt_creds_signing_failure(void) {
    char *json_key_string = test_json_key_str();
    grpc_credentials *jwt_creds =
        grpc_service_account_jwt_access_credentials_create(
            json_key_string, grpc_max_auth_token_lifetime);
    GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));

    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure);
    grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url,
                                          on_jwt_creds_get_metadata_failure,
                                          (void *)test_user_data);

    gpr_free(json_key_string);
    grpc_credentials_unref(jwt_creds);
    grpc_jwt_encode_and_sign_set_override(NULL);
}
예제 #18
0
static void test_service_account_creds_http_failure(void) {
    char *json_key_string = test_json_key_str();
    grpc_credentials *service_account_creds =
        grpc_service_account_credentials_create(json_key_string, test_scope,
                grpc_max_auth_token_lifetime);
    GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds));

    grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success);
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              service_account_httpcli_post_failure);
    grpc_credentials_get_request_metadata(
        service_account_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_failure, (void *)test_user_data);

    gpr_free(json_key_string);
    grpc_credentials_unref(service_account_creds);
    grpc_httpcli_set_override(NULL, NULL);
}
예제 #19
0
static void test_google_default_creds_auth_key(void) {
    grpc_service_account_jwt_access_credentials *jwt;
    grpc_credentials *creds;
    char *json_key = test_json_key_str();
    grpc_flush_cached_google_default_credentials();
    set_google_default_creds_env_var_with_file_contents(
        "json_key_google_default_creds", json_key);
    gpr_free(json_key);
    creds = grpc_google_default_credentials_create();
    GPR_ASSERT(creds != NULL);
    jwt = (grpc_service_account_jwt_access_credentials *)composite_inner_creds(
              creds, GRPC_CREDENTIALS_TYPE_JWT);
    GPR_ASSERT(
        strcmp(jwt->key.client_id,
               "777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent.com") ==
        0);
    grpc_credentials_unref(creds);
    gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */
}
예제 #20
0
static void test_refresh_token_creds_success(void) {
    grpc_credentials *refresh_token_creds =
        grpc_refresh_token_credentials_create(test_refresh_token_str);
    GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds));
    GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds));

    /* First request: http get should be called. */
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              refresh_token_httpcli_post_success);
    grpc_credentials_get_request_metadata(
        refresh_token_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_success, (void *)test_user_data);

    /* Second request: the cached token should be served directly. */
    grpc_httpcli_set_override(httpcli_get_should_not_be_called,
                              httpcli_post_should_not_be_called);
    grpc_credentials_get_request_metadata(
        refresh_token_creds, NULL, test_service_url,
        on_oauth2_creds_get_metadata_success, (void *)test_user_data);

    grpc_credentials_unref(refresh_token_creds);
    grpc_httpcli_set_override(NULL, NULL);
}
grpc_call_error grpc_call_set_credentials(grpc_call *call,
                                          grpc_credentials *creds) {
  grpc_client_security_context *ctx = NULL;
  if (!grpc_call_is_client(call)) {
    gpr_log(GPR_ERROR, "Method is client-side only.");
    return GRPC_CALL_ERROR_NOT_ON_SERVER;
  }
  if (creds != NULL && !grpc_credentials_has_request_metadata_only(creds)) {
    gpr_log(GPR_ERROR, "Incompatible credentials to set on a call.");
    return GRPC_CALL_ERROR;
  }
  ctx = (grpc_client_security_context *)grpc_call_context_get(
      call, GRPC_CONTEXT_SECURITY);
  if (ctx == NULL) {
    ctx = grpc_client_security_context_create();
    ctx->creds = grpc_credentials_ref(creds);
    grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx,
                          grpc_client_security_context_destroy);
  } else {
    grpc_credentials_unref(ctx->creds);
    ctx->creds = grpc_credentials_ref(creds);
  }
  return GRPC_CALL_OK;
}
void grpc_client_security_context_destroy(void *ctx) {
  grpc_client_security_context *c = (grpc_client_security_context *)ctx;
  grpc_credentials_unref(c->creds);
  GRPC_AUTH_CONTEXT_UNREF(c->auth_context, "client_security_context");
  gpr_free(ctx);
}
예제 #23
0
static void fake_channel_destroy(grpc_security_connector *sc) {
  grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc;
  grpc_credentials_unref(c->request_metadata_creds);
  GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector");
  gpr_free(sc);
}
예제 #24
0
static void fake_channel_destroy(grpc_security_context *ctx) {
  grpc_channel_security_context *c = (grpc_channel_security_context *)ctx;
  grpc_credentials_unref(c->request_metadata_creds);
  gpr_free(ctx);
}
예제 #25
0
파일: credentials.c 프로젝트: bjori/grpc
static void grpc_credentials_metadata_request_destroy(
    grpc_credentials_metadata_request *r) {
  grpc_credentials_unref(r->creds);
  gpr_free(r);
}
예제 #26
0
파일: credentials.c 프로젝트: bjori/grpc
void grpc_credentials_release(grpc_credentials *creds) {
  GRPC_API_TRACE("grpc_credentials_release(creds=%p)", 1, (creds));
  grpc_credentials_unref(creds);
}
예제 #27
0
파일: credentials.c 프로젝트: KyoheiG3/grpc
static void grpc_credentials_metadata_request_destroy(
    grpc_credentials_metadata_request *r) {
  grpc_credentials_unref(r->creds);
  gpr_free(r->on_simulated_token_fetch_done_closure);
  gpr_free(r);
}
예제 #28
0
파일: credentials.c 프로젝트: KyoheiG3/grpc
void grpc_credentials_release(grpc_credentials *creds) {
  grpc_credentials_unref(creds);
}
예제 #29
0
static void fake_channel_destroy(grpc_security_connector *sc) {
  grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc;
  grpc_credentials_unref(c->request_metadata_creds);
  grpc_auth_context_unref(sc->auth_context);
  gpr_free(sc);
}