diff options
Diffstat (limited to 'src/core/lib/security/credentials/jwt')
| -rw-r--r-- | src/core/lib/security/credentials/jwt/json_token.cc (renamed from src/core/lib/security/credentials/jwt/json_token.c) | 9 | ||||
| -rw-r--r-- | src/core/lib/security/credentials/jwt/json_token.h | 8 | ||||
| -rw-r--r-- | src/core/lib/security/credentials/jwt/jwt_credentials.cc (renamed from src/core/lib/security/credentials/jwt/jwt_credentials.c) | 6 | ||||
| -rw-r--r-- | src/core/lib/security/credentials/jwt/jwt_credentials.h | 10 | ||||
| -rw-r--r-- | src/core/lib/security/credentials/jwt/jwt_verifier.cc (renamed from src/core/lib/security/credentials/jwt/jwt_verifier.c) | 31 | ||||
| -rw-r--r-- | src/core/lib/security/credentials/jwt/jwt_verifier.h | 8 |
6 files changed, 55 insertions, 17 deletions
diff --git a/src/core/lib/security/credentials/jwt/json_token.c b/src/core/lib/security/credentials/jwt/json_token.cc index fff71255a5..8c30353470 100644 --- a/src/core/lib/security/credentials/jwt/json_token.c +++ b/src/core/lib/security/credentials/jwt/json_token.cc @@ -20,6 +20,7 @@ #include <string.h> +#include <grpc/grpc_security.h> #include <grpc/support/alloc.h> #include <grpc/support/log.h> #include <grpc/support/string_util.h> @@ -29,9 +30,11 @@ #include "src/core/lib/slice/b64.h" #include "src/core/lib/support/string.h" +extern "C" { #include <openssl/bio.h> #include <openssl/evp.h> #include <openssl/pem.h> +} /* --- Constants. --- */ @@ -96,7 +99,7 @@ grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json *json) { gpr_log(GPR_ERROR, "Could not write into openssl BIO."); goto end; } - result.private_key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, ""); + result.private_key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, (void *)""); if (result.private_key == NULL) { gpr_log(GPR_ERROR, "Could not deserialize private key."); goto end; @@ -214,7 +217,7 @@ static char *dot_concat_and_free_strings(char *str1, char *str2) { size_t str1_len = strlen(str1); size_t str2_len = strlen(str2); size_t result_len = str1_len + 1 /* dot */ + str2_len; - char *result = gpr_malloc(result_len + 1 /* NULL terminated */); + char *result = (char *)gpr_malloc(result_len + 1 /* NULL terminated */); char *current = result; memcpy(current, str1, str1_len); current += str1_len; @@ -266,7 +269,7 @@ char *compute_and_encode_signature(const grpc_auth_json_key *json_key, gpr_log(GPR_ERROR, "DigestFinal (get signature length) failed."); goto end; } - sig = gpr_malloc(sig_len); + sig = (unsigned char *)gpr_malloc(sig_len); if (EVP_DigestSignFinal(md_ctx, sig, &sig_len) != 1) { gpr_log(GPR_ERROR, "DigestFinal (signature compute) failed."); goto end; diff --git a/src/core/lib/security/credentials/jwt/json_token.h b/src/core/lib/security/credentials/jwt/json_token.h index e50790ef2e..b923b02df6 100644 --- a/src/core/lib/security/credentials/jwt/json_token.h +++ b/src/core/lib/security/credentials/jwt/json_token.h @@ -19,6 +19,10 @@ #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H +#ifdef __cplusplus +extern "C" { +#endif + #include <grpc/slice.h> #include <openssl/rsa.h> @@ -70,4 +74,8 @@ typedef char *(*grpc_jwt_encode_and_sign_override)( void grpc_jwt_encode_and_sign_set_override( grpc_jwt_encode_and_sign_override func); +#ifdef __cplusplus +} +#endif + #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H */ diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.c b/src/core/lib/security/credentials/jwt/jwt_credentials.cc index 02c82e99ba..835dd677ed 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.c +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.cc @@ -16,8 +16,11 @@ * */ +#include <grpc/support/port_platform.h> + #include "src/core/lib/security/credentials/jwt/jwt_credentials.h" +#include <inttypes.h> #include <string.h> #include "src/core/lib/surface/api_trace.h" @@ -125,7 +128,8 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation"); return NULL; } - c = gpr_zalloc(sizeof(grpc_service_account_jwt_access_credentials)); + c = (grpc_service_account_jwt_access_credentials *)gpr_zalloc( + sizeof(grpc_service_account_jwt_access_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_JWT; gpr_ref_init(&c->base.refcount, 1); c->base.vtable = &jwt_vtable; diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.h b/src/core/lib/security/credentials/jwt/jwt_credentials.h index 07f4022669..c09485fd55 100644 --- a/src/core/lib/security/credentials/jwt/jwt_credentials.h +++ b/src/core/lib/security/credentials/jwt/jwt_credentials.h @@ -22,6 +22,10 @@ #include "src/core/lib/security/credentials/credentials.h" #include "src/core/lib/security/credentials/jwt/json_token.h" +#ifdef __cplusplus +extern "C" { +#endif + typedef struct { grpc_call_credentials base; @@ -45,4 +49,8 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( grpc_exec_ctx *exec_ctx, grpc_auth_json_key key, gpr_timespec token_lifetime); -#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H */ +#ifdef __cplusplus +} +#endif + +#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_CREDENTIALS_H */
\ No newline at end of file diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.c b/src/core/lib/security/credentials/jwt/jwt_verifier.cc index a27284bc50..aea16dee92 100644 --- a/src/core/lib/security/credentials/jwt/jwt_verifier.c +++ b/src/core/lib/security/credentials/jwt/jwt_verifier.cc @@ -26,7 +26,10 @@ #include <grpc/support/string_util.h> #include <grpc/support/sync.h> #include <grpc/support/useful.h> + +extern "C" { #include <openssl/pem.h> +} #include "src/core/lib/http/httpcli.h" #include "src/core/lib/iomgr/polling_entity.h" @@ -129,7 +132,7 @@ static void jose_header_destroy(grpc_exec_ctx *exec_ctx, jose_header *h) { static jose_header *jose_header_from_json(grpc_exec_ctx *exec_ctx, grpc_json *json, grpc_slice buffer) { grpc_json *cur; - jose_header *h = gpr_zalloc(sizeof(jose_header)); + jose_header *h = (jose_header *)gpr_zalloc(sizeof(jose_header)); h->buffer = buffer; for (cur = json->child; cur != NULL; cur = cur->next) { if (strcmp(cur->key, "alg") == 0) { @@ -231,7 +234,8 @@ gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims *claims) { grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_exec_ctx *exec_ctx, grpc_json *json, grpc_slice buffer) { grpc_json *cur; - grpc_jwt_claims *claims = gpr_malloc(sizeof(grpc_jwt_claims)); + grpc_jwt_claims *claims = + (grpc_jwt_claims *)gpr_malloc(sizeof(grpc_jwt_claims)); memset(claims, 0, sizeof(grpc_jwt_claims)); claims->json = json; claims->buffer = buffer; @@ -347,7 +351,7 @@ static verifier_cb_ctx *verifier_cb_ctx_create( const char *signed_jwt, size_t signed_jwt_len, void *user_data, grpc_jwt_verification_done_cb cb) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; - verifier_cb_ctx *ctx = gpr_zalloc(sizeof(verifier_cb_ctx)); + verifier_cb_ctx *ctx = (verifier_cb_ctx *)gpr_zalloc(sizeof(verifier_cb_ctx)); ctx->verifier = verifier; ctx->pollent = grpc_polling_entity_create_from_pollset(pollset); ctx->header = header; @@ -676,6 +680,7 @@ static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, grpc_json *json = json_from_http(response); grpc_httpcli_request req; const char *jwks_uri; + grpc_resource_quota *resource_quota = NULL; /* TODO(jboeuf): Cache the jwks_uri in order to avoid this hop next time. */ if (json == NULL) goto error; @@ -693,9 +698,9 @@ static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, jwks_uri += 8; req.handshaker = &grpc_httpcli_ssl; req.host = gpr_strdup(jwks_uri); - req.http.path = strchr(jwks_uri, '/'); + req.http.path = (char *)strchr(jwks_uri, '/'); if (req.http.path == NULL) { - req.http.path = ""; + req.http.path = (char *)""; } else { *(req.host + (req.http.path - jwks_uri)) = '\0'; } @@ -703,8 +708,7 @@ static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, /* TODO(ctiller): Carry the resource_quota in ctx and share it with the host channel. This would allow us to cancel an authentication query when under extreme memory pressure. */ - grpc_resource_quota *resource_quota = - grpc_resource_quota_create("jwt_verifier"); + resource_quota = grpc_resource_quota_create("jwt_verifier"); grpc_httpcli_get( exec_ctx, &ctx->verifier->http_ctx, &ctx->pollent, resource_quota, &req, gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay), @@ -760,7 +764,8 @@ const char *grpc_jwt_issuer_email_domain(const char *issuer) { if (dot == NULL || dot == email_domain) return email_domain; GPR_ASSERT(dot > email_domain); /* There may be a subdomain, we just want the domain. */ - dot = gpr_memrchr(email_domain, '.', (size_t)(dot - email_domain)); + dot = (const char *)gpr_memrchr((void *)email_domain, '.', + (size_t)(dot - email_domain)); if (dot == NULL) return email_domain; return dot + 1; } @@ -773,6 +778,7 @@ static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx, char *path_prefix = NULL; const char *iss; grpc_httpcli_request req; + grpc_resource_quota *resource_quota = NULL; memset(&req, 0, sizeof(grpc_httpcli_request)); req.handshaker = &grpc_httpcli_ssl; http_response_index rsp_idx; @@ -831,8 +837,7 @@ static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx, /* TODO(ctiller): Carry the resource_quota in ctx and share it with the host channel. This would allow us to cancel an authentication query when under extreme memory pressure. */ - grpc_resource_quota *resource_quota = - grpc_resource_quota_create("jwt_verifier"); + resource_quota = grpc_resource_quota_create("jwt_verifier"); grpc_httpcli_get( exec_ctx, &ctx->verifier->http_ctx, &ctx->pollent, resource_quota, &req, gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay), @@ -901,12 +906,14 @@ error: grpc_jwt_verifier *grpc_jwt_verifier_create( const grpc_jwt_verifier_email_domain_key_url_mapping *mappings, size_t num_mappings) { - grpc_jwt_verifier *v = gpr_zalloc(sizeof(grpc_jwt_verifier)); + grpc_jwt_verifier *v = + (grpc_jwt_verifier *)gpr_zalloc(sizeof(grpc_jwt_verifier)); grpc_httpcli_context_init(&v->http_ctx); /* We know at least of one mapping. */ v->allocated_mappings = 1 + num_mappings; - v->mappings = gpr_malloc(v->allocated_mappings * sizeof(email_key_mapping)); + v->mappings = (email_key_mapping *)gpr_malloc(v->allocated_mappings * + sizeof(email_key_mapping)); verifier_put_mapping(v, GRPC_GOOGLE_SERVICE_ACCOUNTS_EMAIL_DOMAIN, GRPC_GOOGLE_SERVICE_ACCOUNTS_KEY_URL_PREFIX); /* User-Provided mappings. */ diff --git a/src/core/lib/security/credentials/jwt/jwt_verifier.h b/src/core/lib/security/credentials/jwt/jwt_verifier.h index 8fac452d4e..0603811627 100644 --- a/src/core/lib/security/credentials/jwt/jwt_verifier.h +++ b/src/core/lib/security/credentials/jwt/jwt_verifier.h @@ -32,6 +32,10 @@ #define GRPC_GOOGLE_SERVICE_ACCOUNTS_KEY_URL_PREFIX \ "www.googleapis.com/robot/v1/metadata/x509" +#ifdef __cplusplus +extern "C" { +#endif + /* --- grpc_jwt_verifier_status. --- */ typedef enum { @@ -122,4 +126,8 @@ grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims *claims, const char *audience); const char *grpc_jwt_issuer_email_domain(const char *issuer); +#ifdef __cplusplus +} +#endif + #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H */ |