diff options
author | 2016-11-09 13:13:13 -0800 | |
---|---|---|
committer | 2016-11-09 13:13:13 -0800 | |
commit | 502eb90b0977736bfdbbb6b528db93ba3e5d44f5 (patch) | |
tree | 8647031fb0e8ac867d382ce71fea38c18f739688 /src/core/lib/security/credentials/jwt | |
parent | 3b51f0b49296513c384e189b1d26648f5c608c92 (diff) |
redact json key
Diffstat (limited to 'src/core/lib/security/credentials/jwt')
-rw-r--r-- | src/core/lib/security/credentials/jwt/jwt_credentials.c | 51 |
1 files changed, 42 insertions, 9 deletions
diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.c b/src/core/lib/security/credentials/jwt/jwt_credentials.c index f87ba0ce8d..01c349cd75 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.c +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.c @@ -144,17 +144,50 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( return &c->base; } +static char *redact_private_key(const char *json_key) { + const char *json_key_end = json_key + strlen(json_key); + const char *begin_cue = "BEGIN PRIVATE KEY"; + const char *end_cue = "END PRIVATE KEY"; + const char *redacted = " <redacted> "; + const char *begin_redact = strstr(json_key, begin_cue); + const char *end_redact = strstr(json_key, end_cue); + if (!begin_redact) { + begin_redact = json_key; + } else { + begin_redact += strlen(begin_cue); + } + if (!end_redact) { + end_redact = json_key_end; + } + GPR_ASSERT(end_redact - begin_redact >= 0); + size_t result_length = + strlen(json_key) - (size_t)(end_redact - begin_redact) + strlen(redacted); + char *clean_json = (char *)gpr_malloc(result_length + 1); + clean_json[result_length] = 0; + char *current = clean_json; + memcpy(current, json_key, (size_t)(begin_redact - json_key)); + current += (begin_redact - json_key); + memcpy(current, redacted, strlen(redacted)); + current += strlen(redacted); + memcpy(current, end_redact, (size_t)(json_key_end - end_redact)); + return clean_json; +} + grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( const char *json_key, gpr_timespec token_lifetime, void *reserved) { - GRPC_API_TRACE( - "grpc_service_account_jwt_access_credentials_create(" - "json_key=%s, " - "token_lifetime=" - "gpr_timespec { tv_sec: %" PRId64 - ", tv_nsec: %d, clock_type: %d }, " - "reserved=%p)", - 5, (json_key, token_lifetime.tv_sec, token_lifetime.tv_nsec, - (int)token_lifetime.clock_type, reserved)); + if (grpc_api_trace) { + char *clean_json = redact_private_key(json_key); + gpr_log(GPR_INFO, + "grpc_service_account_jwt_access_credentials_create(" + "json_key=%s, " + "token_lifetime=" + "gpr_timespec { tv_sec: %" PRId64 + ", tv_nsec: %d, clock_type: %d }, " + "reserved=%p)", + clean_json, token_lifetime.tv_sec, token_lifetime.tv_nsec, + (int)token_lifetime.clock_type, reserved); + gpr_free(clean_json); + } GPR_ASSERT(reserved == NULL); return grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_auth_json_key_create_from_string(json_key), token_lifetime); |