static void test_service_account_creds_success(void) { char *json_key_string = test_json_key_str(); grpc_credentials *service_account_creds = grpc_service_account_credentials_create(json_key_string, test_scope, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds)); /* First request: http get should be called. */ grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_httpcli_set_override(httpcli_get_should_not_be_called, service_account_httpcli_post_success); grpc_credentials_get_request_metadata( service_account_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *)test_user_data); /* Second request: the cached token should be served directly. */ grpc_jwt_encode_and_sign_set_override( encode_and_sign_jwt_should_not_be_called); grpc_httpcli_set_override(httpcli_get_should_not_be_called, httpcli_post_should_not_be_called); grpc_credentials_get_request_metadata( service_account_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(service_account_creds); grpc_jwt_encode_and_sign_set_override(NULL); grpc_httpcli_set_override(NULL, NULL); }
static void test_jwt_creds_success(void) { char *json_key_string = test_json_key_str(); grpc_credentials *jwt_creds = grpc_service_account_jwt_access_credentials_create( json_key_string, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds)); /* First request: jwt_encode_and_sign should be called. */ grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_success, (void *)test_user_data); /* Second request: the cached token should be served directly. */ grpc_jwt_encode_and_sign_set_override( encode_and_sign_jwt_should_not_be_called); grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_success, (void *)test_user_data); /* Third request: Different service url so jwt_encode_and_sign should be called again (no caching). */ grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_credentials_get_request_metadata(jwt_creds, NULL, other_test_service_url, on_jwt_creds_get_metadata_success, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(jwt_creds); grpc_jwt_encode_and_sign_set_override(NULL); }
static void test_parse_json_key_failure_no_client_email(void) { const char no_client_email_part3[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; char *json_string = test_json_key_str(no_client_email_part3); grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string(json_string); GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); gpr_free(json_string); grpc_auth_json_key_destruct(&json_key); }
static void test_parse_json_key_failure_no_private_key_id(void) { const char no_private_key_id_part3[] = "\"client_email\": " "\"[email protected]." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; char *json_string = test_json_key_str(no_private_key_id_part3); grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string(json_string); GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); gpr_free(json_string); grpc_auth_json_key_destruct(&json_key); }
static void test_jwt_creds_signing_failure(void) { char *json_key_string = test_json_key_str(); grpc_credentials *jwt_creds = grpc_service_account_jwt_access_credentials_create( json_key_string, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds)); grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure); grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_failure, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(jwt_creds); grpc_jwt_encode_and_sign_set_override(NULL); }
static void test_google_default_creds_auth_key(void) { grpc_service_account_jwt_access_credentials *jwt; grpc_credentials *creds; char *json_key = test_json_key_str(); grpc_flush_cached_google_default_credentials(); set_google_default_creds_env_var_with_file_contents( "json_key_google_default_creds", json_key); gpr_free(json_key); creds = grpc_google_default_credentials_create(); GPR_ASSERT(creds != NULL); jwt = (grpc_service_account_jwt_access_credentials *)composite_inner_creds( creds, GRPC_CREDENTIALS_TYPE_JWT); GPR_ASSERT( strcmp(jwt->key.client_id, "777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent.com") == 0); grpc_credentials_unref(creds); gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */ }
static void test_service_account_creds_http_failure(void) { char *json_key_string = test_json_key_str(); grpc_credentials *service_account_creds = grpc_service_account_credentials_create(json_key_string, test_scope, grpc_max_auth_token_lifetime); GPR_ASSERT(grpc_credentials_has_request_metadata(service_account_creds)); GPR_ASSERT(grpc_credentials_has_request_metadata_only(service_account_creds)); grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); grpc_httpcli_set_override(httpcli_get_should_not_be_called, service_account_httpcli_post_failure); grpc_credentials_get_request_metadata( service_account_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_failure, (void *)test_user_data); gpr_free(json_key_string); grpc_credentials_unref(service_account_creds); grpc_httpcli_set_override(NULL, NULL); }
static void test_jwt_encode_and_sign( char *(*jwt_encode_and_sign_func)(const grpc_auth_json_key *), void (*check_jwt_claim_func)(grpc_json *)) { char *json_string = test_json_key_str(NULL); grpc_json *parsed_header = NULL; grpc_json *parsed_claim = NULL; char *scratchpad; grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string(json_string); const char *b64_signature; size_t offset = 0; char *jwt = jwt_encode_and_sign_func(&json_key); const char *dot = strchr(jwt, '.'); GPR_ASSERT(dot != NULL); parsed_header = parse_json_part_from_jwt(jwt, (size_t)(dot - jwt), &scratchpad); GPR_ASSERT(parsed_header != NULL); check_jwt_header(parsed_header); offset = (size_t)(dot - jwt) + 1; grpc_json_destroy(parsed_header); gpr_free(scratchpad); dot = strchr(jwt + offset, '.'); GPR_ASSERT(dot != NULL); parsed_claim = parse_json_part_from_jwt( jwt + offset, (size_t)(dot - (jwt + offset)), &scratchpad); GPR_ASSERT(parsed_claim != NULL); check_jwt_claim_func(parsed_claim); offset = (size_t)(dot - jwt) + 1; grpc_json_destroy(parsed_claim); gpr_free(scratchpad); dot = strchr(jwt + offset, '.'); GPR_ASSERT(dot == NULL); /* no more part. */ b64_signature = jwt + offset; check_jwt_signature(b64_signature, json_key.private_key, jwt, offset - 1); gpr_free(json_string); grpc_auth_json_key_destruct(&json_key); gpr_free(jwt); }
static void test_parse_json_key_success(void) { char *json_string = test_json_key_str(NULL); grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string(json_string); GPR_ASSERT(grpc_auth_json_key_is_valid(&json_key)); GPR_ASSERT(json_key.type != NULL && strcmp(json_key.type, "service_account") == 0); GPR_ASSERT(json_key.private_key_id != NULL && strcmp(json_key.private_key_id, "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0); GPR_ASSERT(json_key.client_id != NULL && strcmp(json_key.client_id, "777-abaslkan11hlb6nmim3bpspl31ud.apps." "googleusercontent.com") == 0); GPR_ASSERT(json_key.client_email != NULL && strcmp(json_key.client_email, "777-abaslkan11hlb6nmim3bpspl31ud@developer." "gserviceaccount.com") == 0); GPR_ASSERT(json_key.private_key != NULL); gpr_free(json_string); grpc_auth_json_key_destruct(&json_key); }