diff options
Diffstat (limited to 'src/core/lib/security/credentials/jwt/json_token.cc')
-rw-r--r-- | src/core/lib/security/credentials/jwt/json_token.cc | 88 |
1 files changed, 45 insertions, 43 deletions
diff --git a/src/core/lib/security/credentials/jwt/json_token.cc b/src/core/lib/security/credentials/jwt/json_token.cc index e195ec7509..a152ddcaaf 100644 --- a/src/core/lib/security/credentials/jwt/json_token.cc +++ b/src/core/lib/security/credentials/jwt/json_token.cc @@ -52,30 +52,31 @@ gpr_timespec grpc_max_auth_token_lifetime() { /* --- Override for testing. --- */ -static grpc_jwt_encode_and_sign_override g_jwt_encode_and_sign_override = NULL; +static grpc_jwt_encode_and_sign_override g_jwt_encode_and_sign_override = + nullptr; /* --- grpc_auth_json_key. --- */ int grpc_auth_json_key_is_valid(const grpc_auth_json_key* json_key) { - return (json_key != NULL) && + return (json_key != nullptr) && strcmp(json_key->type, GRPC_AUTH_JSON_TYPE_INVALID); } grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json* json) { grpc_auth_json_key result; - BIO* bio = NULL; + BIO* bio = nullptr; const char* prop_value; int success = 0; memset(&result, 0, sizeof(grpc_auth_json_key)); result.type = GRPC_AUTH_JSON_TYPE_INVALID; - if (json == NULL) { + if (json == nullptr) { gpr_log(GPR_ERROR, "Invalid json."); goto end; } prop_value = grpc_json_get_string_property(json, "type"); - if (prop_value == NULL || + if (prop_value == nullptr || strcmp(prop_value, GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT)) { goto end; } @@ -90,7 +91,7 @@ grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json* json) { } prop_value = grpc_json_get_string_property(json, "private_key"); - if (prop_value == NULL) { + if (prop_value == nullptr) { goto end; } bio = BIO_new(BIO_s_mem()); @@ -99,15 +100,16 @@ grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json* json) { gpr_log(GPR_ERROR, "Could not write into openssl BIO."); goto end; } - result.private_key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, (void*)""); - if (result.private_key == NULL) { + result.private_key = + PEM_read_bio_RSAPrivateKey(bio, nullptr, nullptr, (void*)""); + if (result.private_key == nullptr) { gpr_log(GPR_ERROR, "Could not deserialize private key."); goto end; } success = 1; end: - if (bio != NULL) BIO_free(bio); + if (bio != nullptr) BIO_free(bio); if (!success) grpc_auth_json_key_destruct(&result); return result; } @@ -117,29 +119,29 @@ grpc_auth_json_key grpc_auth_json_key_create_from_string( char* scratchpad = gpr_strdup(json_string); grpc_json* json = grpc_json_parse_string(scratchpad); grpc_auth_json_key result = grpc_auth_json_key_create_from_json(json); - if (json != NULL) grpc_json_destroy(json); + if (json != nullptr) grpc_json_destroy(json); gpr_free(scratchpad); return result; } void grpc_auth_json_key_destruct(grpc_auth_json_key* json_key) { - if (json_key == NULL) return; + if (json_key == nullptr) return; json_key->type = GRPC_AUTH_JSON_TYPE_INVALID; - if (json_key->client_id != NULL) { + if (json_key->client_id != nullptr) { gpr_free(json_key->client_id); - json_key->client_id = NULL; + json_key->client_id = nullptr; } - if (json_key->private_key_id != NULL) { + if (json_key->private_key_id != nullptr) { gpr_free(json_key->private_key_id); - json_key->private_key_id = NULL; + json_key->private_key_id = nullptr; } - if (json_key->client_email != NULL) { + if (json_key->client_email != nullptr) { gpr_free(json_key->client_email); - json_key->client_email = NULL; + json_key->client_email = nullptr; } - if (json_key->private_key != NULL) { + if (json_key->private_key != nullptr) { RSA_free(json_key->private_key); - json_key->private_key = NULL; + json_key->private_key = nullptr; } } @@ -159,11 +161,11 @@ static grpc_json* create_child(grpc_json* brother, grpc_json* parent, static char* encoded_jwt_header(const char* key_id, const char* algorithm) { grpc_json* json = grpc_json_create(GRPC_JSON_OBJECT); - grpc_json* child = NULL; - char* json_str = NULL; - char* result = NULL; + grpc_json* child = nullptr; + char* json_str = nullptr; + char* result = nullptr; - child = create_child(NULL, json, "alg", algorithm, GRPC_JSON_STRING); + child = create_child(nullptr, json, "alg", algorithm, GRPC_JSON_STRING); child = create_child(child, json, "typ", GRPC_JWT_TYPE, GRPC_JSON_STRING); create_child(child, json, "kid", key_id, GRPC_JSON_STRING); @@ -178,9 +180,9 @@ static char* encoded_jwt_claim(const grpc_auth_json_key* json_key, const char* audience, gpr_timespec token_lifetime, const char* scope) { grpc_json* json = grpc_json_create(GRPC_JSON_OBJECT); - grpc_json* child = NULL; - char* json_str = NULL; - char* result = NULL; + grpc_json* child = nullptr; + char* json_str = nullptr; + char* result = nullptr; gpr_timespec now = gpr_now(GPR_CLOCK_REALTIME); gpr_timespec expiration = gpr_time_add(now, token_lifetime); char now_str[GPR_LTOA_MIN_BUFSIZE]; @@ -192,9 +194,9 @@ static char* encoded_jwt_claim(const grpc_auth_json_key* json_key, int64_ttoa(now.tv_sec, now_str); int64_ttoa(expiration.tv_sec, expiration_str); - child = - create_child(NULL, json, "iss", json_key->client_email, GRPC_JSON_STRING); - if (scope != NULL) { + child = create_child(nullptr, json, "iss", json_key->client_email, + GRPC_JSON_STRING); + if (scope != nullptr) { child = create_child(child, json, "scope", scope, GRPC_JSON_STRING); } else { /* Unscoped JWTs need a sub field. */ @@ -237,7 +239,7 @@ const EVP_MD* openssl_digest_from_algorithm(const char* algorithm) { return EVP_sha256(); } else { gpr_log(GPR_ERROR, "Unknown algorithm %s.", algorithm); - return NULL; + return nullptr; } } @@ -245,19 +247,19 @@ char* compute_and_encode_signature(const grpc_auth_json_key* json_key, const char* signature_algorithm, const char* to_sign) { const EVP_MD* md = openssl_digest_from_algorithm(signature_algorithm); - EVP_MD_CTX* md_ctx = NULL; + EVP_MD_CTX* md_ctx = nullptr; EVP_PKEY* key = EVP_PKEY_new(); size_t sig_len = 0; - unsigned char* sig = NULL; - char* result = NULL; - if (md == NULL) return NULL; + unsigned char* sig = nullptr; + char* result = nullptr; + if (md == nullptr) return nullptr; md_ctx = EVP_MD_CTX_create(); - if (md_ctx == NULL) { + if (md_ctx == nullptr) { gpr_log(GPR_ERROR, "Could not create MD_CTX"); goto end; } EVP_PKEY_set1_RSA(key, json_key->private_key); - if (EVP_DigestSignInit(md_ctx, NULL, md, NULL, key) != 1) { + if (EVP_DigestSignInit(md_ctx, nullptr, md, nullptr, key) != 1) { gpr_log(GPR_ERROR, "DigestInit failed."); goto end; } @@ -265,7 +267,7 @@ char* compute_and_encode_signature(const grpc_auth_json_key* json_key, gpr_log(GPR_ERROR, "DigestUpdate failed."); goto end; } - if (EVP_DigestSignFinal(md_ctx, NULL, &sig_len) != 1) { + if (EVP_DigestSignFinal(md_ctx, nullptr, &sig_len) != 1) { gpr_log(GPR_ERROR, "DigestFinal (get signature length) failed."); goto end; } @@ -277,16 +279,16 @@ char* compute_and_encode_signature(const grpc_auth_json_key* json_key, result = grpc_base64_encode(sig, sig_len, 1, 0); end: - if (key != NULL) EVP_PKEY_free(key); - if (md_ctx != NULL) EVP_MD_CTX_destroy(md_ctx); - if (sig != NULL) gpr_free(sig); + if (key != nullptr) EVP_PKEY_free(key); + if (md_ctx != nullptr) EVP_MD_CTX_destroy(md_ctx); + if (sig != nullptr) gpr_free(sig); return result; } char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key, const char* audience, gpr_timespec token_lifetime, const char* scope) { - if (g_jwt_encode_and_sign_override != NULL) { + if (g_jwt_encode_and_sign_override != nullptr) { return g_jwt_encode_and_sign_override(json_key, audience, token_lifetime, scope); } else { @@ -295,9 +297,9 @@ char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key, encoded_jwt_header(json_key->private_key_id, sig_algo), encoded_jwt_claim(json_key, audience, token_lifetime, scope)); char* sig = compute_and_encode_signature(json_key, sig_algo, to_sign); - if (sig == NULL) { + if (sig == nullptr) { gpr_free(to_sign); - return NULL; + return nullptr; } return dot_concat_and_free_strings(to_sign, sig); } |