void create_jwt(const char *json_key_file_path, const char *service_url, const char *scope) { grpc_auth_json_key key; char *jwt; grpc_slice json_key_data; GPR_ASSERT(GRPC_LOG_IF_ERROR( "load_file", grpc_load_file(json_key_file_path, 1, &json_key_data))); key = grpc_auth_json_key_create_from_string( (const char *)GRPC_SLICE_START_PTR(json_key_data)); grpc_slice_unref(json_key_data); if (!grpc_auth_json_key_is_valid(&key)) { fprintf(stderr, "Could not parse json key.\n"); exit(1); } jwt = grpc_jwt_encode_and_sign( &key, service_url == NULL ? GRPC_JWT_OAUTH2_AUDIENCE : service_url, grpc_max_auth_token_lifetime(), scope); grpc_auth_json_key_destruct(&key); if (jwt == NULL) { fprintf(stderr, "Could not create JWT.\n"); exit(1); } fprintf(stdout, "%s\n", jwt); gpr_free(jwt); }
static void test_parse_json_key_failure_no_private_key(void) { const char no_private_key_json_string[] = "{ \"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"[email protected]." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string(no_private_key_json_string); GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); grpc_auth_json_key_destruct(&json_key); }
grpc_credentials *grpc_service_account_jwt_access_credentials_create( const char *json_key, gpr_timespec token_lifetime, void *reserved) { GRPC_API_TRACE( "grpc_service_account_jwt_access_credentials_create(" "json_key=%s, " "token_lifetime=" "gpr_timespec { tv_sec: %ld, tv_nsec: %d, clock_type: %d }, " "reserved=%p)", 5, (json_key, (long)token_lifetime.tv_sec, token_lifetime.tv_nsec, (int)token_lifetime.clock_type, reserved)); GPR_ASSERT(reserved == NULL); return grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_auth_json_key_create_from_string(json_key), token_lifetime); }
static void test_parse_json_key_failure_no_private_key_id(void) { const char no_private_key_id_part3[] = "\"client_email\": " "\"[email protected]." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; char *json_string = test_json_key_str(no_private_key_id_part3); grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string(json_string); GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); gpr_free(json_string); grpc_auth_json_key_destruct(&json_key); }
grpc_credentials *grpc_jwt_credentials_create(const char *json_key, gpr_timespec token_lifetime) { grpc_jwt_credentials *c; grpc_auth_json_key key = grpc_auth_json_key_create_from_string(json_key); if (!grpc_auth_json_key_is_valid(&key)) { gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation"); return NULL; } c = gpr_malloc(sizeof(grpc_jwt_credentials)); memset(c, 0, sizeof(grpc_jwt_credentials)); c->base.type = GRPC_CREDENTIALS_TYPE_JWT; gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &jwt_vtable; c->key = key; c->jwt_lifetime = token_lifetime; gpr_mu_init(&c->cache_mu); jwt_reset_cache(c); return &c->base; }
static void test_jwt_verifier_url_issuer_success(void) { grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); char *jwt = NULL; char *key_str = json_key_str(json_key_str_part3_for_url_issuer); grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); gpr_free(key_str); GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); grpc_httpcli_set_override(httpcli_get_openid_config, httpcli_post_should_not_be_called); jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, NULL); grpc_auth_json_key_destruct(&key); GPR_ASSERT(jwt != NULL); grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, on_verification_success, (void *)expected_user_data); gpr_free(jwt); grpc_jwt_verifier_destroy(verifier); grpc_httpcli_set_override(NULL, NULL); }
grpc_credentials *grpc_service_account_credentials_create( const char *json_key, const char *scope, gpr_timespec token_lifetime) { grpc_service_account_credentials *c; grpc_auth_json_key key = grpc_auth_json_key_create_from_string(json_key); if (scope == NULL || (strlen(scope) == 0) || !grpc_auth_json_key_is_valid(&key)) { gpr_log(GPR_ERROR, "Invalid input for service account credentials creation"); return NULL; } c = gpr_malloc(sizeof(grpc_service_account_credentials)); memset(c, 0, sizeof(grpc_service_account_credentials)); init_oauth2_token_fetcher(&c->base, service_account_fetch_oauth2); c->base.base.vtable = &service_account_vtable; c->scope = gpr_strdup(scope); c->key = key; c->token_lifetime = token_lifetime; return &c->base.base; }
static void test_jwt_encode_and_sign( char *(*jwt_encode_and_sign_func)(const grpc_auth_json_key *), void (*check_jwt_claim_func)(grpc_json *)) { char *json_string = test_json_key_str(NULL); grpc_json *parsed_header = NULL; grpc_json *parsed_claim = NULL; char *scratchpad; grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string(json_string); const char *b64_signature; size_t offset = 0; char *jwt = jwt_encode_and_sign_func(&json_key); const char *dot = strchr(jwt, '.'); GPR_ASSERT(dot != NULL); parsed_header = parse_json_part_from_jwt(jwt, (size_t)(dot - jwt), &scratchpad); GPR_ASSERT(parsed_header != NULL); check_jwt_header(parsed_header); offset = (size_t)(dot - jwt) + 1; grpc_json_destroy(parsed_header); gpr_free(scratchpad); dot = strchr(jwt + offset, '.'); GPR_ASSERT(dot != NULL); parsed_claim = parse_json_part_from_jwt( jwt + offset, (size_t)(dot - (jwt + offset)), &scratchpad); GPR_ASSERT(parsed_claim != NULL); check_jwt_claim_func(parsed_claim); offset = (size_t)(dot - jwt) + 1; grpc_json_destroy(parsed_claim); gpr_free(scratchpad); dot = strchr(jwt + offset, '.'); GPR_ASSERT(dot == NULL); /* no more part. */ b64_signature = jwt + offset; check_jwt_signature(b64_signature, json_key.private_key, jwt, offset - 1); gpr_free(json_string); grpc_auth_json_key_destruct(&json_key); gpr_free(jwt); }
static void test_jwt_verifier_custom_email_issuer_success(void) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(&custom_mapping, 1); char *jwt = NULL; char *key_str = json_key_str(json_key_str_part3_for_custom_email_issuer); grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); gpr_free(key_str); GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); grpc_httpcli_set_override(httpcli_get_custom_keys_for_email, httpcli_post_should_not_be_called); jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, NULL); grpc_auth_json_key_destruct(&key); GPR_ASSERT(jwt != NULL); grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience, on_verification_success, (void *)expected_user_data); gpr_free(jwt); grpc_jwt_verifier_destroy(verifier); grpc_httpcli_set_override(NULL, NULL); grpc_exec_ctx_finish(&exec_ctx); }
static void test_parse_json_key_success(void) { char *json_string = test_json_key_str(NULL); grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string(json_string); GPR_ASSERT(grpc_auth_json_key_is_valid(&json_key)); GPR_ASSERT(json_key.type != NULL && strcmp(json_key.type, "service_account") == 0); GPR_ASSERT(json_key.private_key_id != NULL && strcmp(json_key.private_key_id, "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0); GPR_ASSERT(json_key.client_id != NULL && strcmp(json_key.client_id, "777-abaslkan11hlb6nmim3bpspl31ud.apps." "googleusercontent.com") == 0); GPR_ASSERT(json_key.client_email != NULL && strcmp(json_key.client_email, "777-abaslkan11hlb6nmim3bpspl31ud@developer." "gserviceaccount.com") == 0); GPR_ASSERT(json_key.private_key != NULL); gpr_free(json_string); grpc_auth_json_key_destruct(&json_key); }
grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( const char *json_key, gpr_timespec token_lifetime, void *reserved) { if (grpc_api_trace) { char *clean_json = redact_private_key(json_key); gpr_log(GPR_INFO, "grpc_service_account_jwt_access_credentials_create(" "json_key=%s, " "token_lifetime=" "gpr_timespec { tv_sec: %" PRId64 ", tv_nsec: %d, clock_type: %d }, " "reserved=%p)", clean_json, token_lifetime.tv_sec, token_lifetime.tv_nsec, (int)token_lifetime.clock_type, reserved); gpr_free(clean_json); } GPR_ASSERT(reserved == NULL); grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; grpc_call_credentials *creds = grpc_service_account_jwt_access_credentials_create_from_auth_json_key( &exec_ctx, grpc_auth_json_key_create_from_string(json_key), token_lifetime); grpc_exec_ctx_finish(&exec_ctx); return creds; }
grpc_credentials *grpc_jwt_credentials_create(const char *json_key, gpr_timespec token_lifetime) { return grpc_jwt_credentials_create_from_auth_json_key( grpc_auth_json_key_create_from_string(json_key), token_lifetime); }
grpc_credentials *grpc_service_account_jwt_access_credentials_create( const char *json_key, gpr_timespec token_lifetime, void *reserved) { GPR_ASSERT(reserved == NULL); return grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_auth_json_key_create_from_string(json_key), token_lifetime); }