diff options
| author |  Julien Boeuf <jboeuf@google.com> | 2015-03-07 15:10:30 -0800 |
|---|---|---|
| committer | Julien Boeuf <jboeuf@google.com> | 2015-03-09 10:20:40 -0700 |
| commit | 75516068fab61c199701d9ddb7b56c2d11142b1a (patch) | |
| tree | 97de67c0cab14186cd617e354953312b15945515 /src/core | |
| parent | 75c60c1a43a2b2a7b21967d7ea6d2dda5a351348 (diff) | |
Adding refresh token parsing
This is the first step for refresh token credentials.
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/security/json_token.c | 79 | ||||
| -rw-r--r-- | src/core/security/json_token.h | 23 |
2 files changed, 94 insertions, 8 deletions
diff --git a/src/core/security/json_token.c b/src/core/security/json_token.c index 40b612b206..eadae33609 100644 --- a/src/core/security/json_token.c +++ b/src/core/security/json_token.c @@ -52,8 +52,9 @@ /* 1 hour max. */ const gpr_timespec grpc_max_auth_token_lifetime = {3600, 0}; -#define GRPC_AUTH_JSON_KEY_TYPE_INVALID "invalid" -#define GRPC_AUTH_JSON_KEY_TYPE_SERVICE_ACCOUNT "service_account" +#define GRPC_AUTH_JSON_TYPE_INVALID "invalid" +#define GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT "service_account" +#define GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER "authorized_user" #define GRPC_JWT_RSA_SHA256_ALGORITHM "RS256" #define GRPC_JWT_TYPE "JWT" @@ -87,7 +88,7 @@ static int set_json_key_string_property(grpc_json *json, const char *prop_name, int grpc_auth_json_key_is_valid(const grpc_auth_json_key *json_key) { return (json_key != NULL) && - strcmp(json_key->type, GRPC_AUTH_JSON_KEY_TYPE_INVALID); + strcmp(json_key->type, GRPC_AUTH_JSON_TYPE_INVALID); } grpc_auth_json_key grpc_auth_json_key_create_from_string( @@ -100,7 +101,7 @@ grpc_auth_json_key grpc_auth_json_key_create_from_string( int success = 0; memset(&result, 0, sizeof(grpc_auth_json_key)); - result.type = GRPC_AUTH_JSON_KEY_TYPE_INVALID; + result.type = GRPC_AUTH_JSON_TYPE_INVALID; if (json == NULL) { gpr_log(GPR_ERROR, "Invalid json string %s", json_string); goto end; @@ -108,10 +109,10 @@ grpc_auth_json_key grpc_auth_json_key_create_from_string( prop_value = json_get_string_property(json, "type"); if (prop_value == NULL || - strcmp(prop_value, GRPC_AUTH_JSON_KEY_TYPE_SERVICE_ACCOUNT)) { + strcmp(prop_value, GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT)) { goto end; } - result.type = GRPC_AUTH_JSON_KEY_TYPE_SERVICE_ACCOUNT; + result.type = GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT; if (!set_json_key_string_property(json, "private_key_id", &result.private_key_id) || @@ -148,7 +149,7 @@ end: void grpc_auth_json_key_destruct(grpc_auth_json_key *json_key) { if (json_key == NULL) return; - json_key->type = GRPC_AUTH_JSON_KEY_TYPE_INVALID; + json_key->type = GRPC_AUTH_JSON_TYPE_INVALID; if (json_key->client_id != NULL) { gpr_free(json_key->client_id); json_key->client_id = NULL; @@ -331,3 +332,67 @@ void grpc_jwt_encode_and_sign_set_override( grpc_jwt_encode_and_sign_override func) { g_jwt_encode_and_sign_override = func; } + +/* --- grpc_auth_refresh_token --- */ + +int grpc_auth_refresh_token_is_valid( + const grpc_auth_refresh_token *refresh_token) { + return (refresh_token != NULL) && + strcmp(refresh_token->type, GRPC_AUTH_JSON_TYPE_INVALID); +} + +grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string( + const char *json_string) { + grpc_auth_refresh_token result; + char *scratchpad = gpr_strdup(json_string); + grpc_json *json = grpc_json_parse_string(scratchpad); + const char *prop_value; + int success = 0; + + memset(&result, 0, sizeof(grpc_auth_refresh_token)); + result.type = GRPC_AUTH_JSON_TYPE_INVALID; + if (json == NULL) { + gpr_log(GPR_ERROR, "Invalid json string %s", json_string); + goto end; + } + + prop_value = json_get_string_property(json, "type"); + if (prop_value == NULL || + strcmp(prop_value, GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER)) { + goto end; + } + result.type = GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER; + + if (!set_json_key_string_property(json, "client_secret", + &result.client_secret) || + !set_json_key_string_property(json, "client_id", &result.client_id) || + !set_json_key_string_property(json, "refresh_token", + &result.refresh_token)) { + goto end; + } + success = 1; + +end: + if (json != NULL) grpc_json_destroy(json); + if (!success) grpc_auth_refresh_token_destruct(&result); + gpr_free(scratchpad); + return result; +} + +void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) { + if (refresh_token == NULL) return; + refresh_token->type = GRPC_AUTH_JSON_TYPE_INVALID; + if (refresh_token->client_id != NULL) { + gpr_free(refresh_token->client_id); + refresh_token->client_id = NULL; + } + if (refresh_token->client_secret != NULL) { + gpr_free(refresh_token->client_secret); + refresh_token->client_secret = NULL; + } + if (refresh_token->refresh_token != NULL) { + gpr_free(refresh_token->refresh_token); + refresh_token->refresh_token = NULL; + } +} + diff --git a/src/core/security/json_token.h b/src/core/security/json_token.h index 029ede3955..197796ab4c 100644 --- a/src/core/security/json_token.h +++ b/src/core/security/json_token.h @@ -44,7 +44,7 @@ /* --- auth_json_key parsing. --- */ typedef struct { - char *type; + const char *type; char *private_key_id; char *client_id; char *client_email; @@ -79,4 +79,25 @@ typedef char *(*grpc_jwt_encode_and_sign_override)( void grpc_jwt_encode_and_sign_set_override( grpc_jwt_encode_and_sign_override func); +/* --- auth_refresh_token parsing. --- */ + +typedef struct { + const char *type; + char *client_id; + char *client_secret; + char *refresh_token; +} grpc_auth_refresh_token; + +/* Returns 1 if the object is valid, 0 otherwise. */ +int grpc_auth_refresh_token_is_valid( + const grpc_auth_refresh_token *refresh_token); + +/* Creates a refresh token object from string. Returns an invalid object if a + parsing error has been encountered. */ +grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string( + const char *json_string); + +/* Destructs the object. */ +void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token); + #endif /* GRPC_INTERNAL_CORE_SECURITY_JSON_TOKEN_H */ |