diff options
Diffstat (limited to 'src/core/security')
-rw-r--r-- | src/core/security/credentials.c | 15 | ||||
-rw-r--r-- | src/core/security/google_default_credentials.c | 4 | ||||
-rw-r--r-- | src/core/security/json_token.c | 2 | ||||
-rw-r--r-- | src/core/security/jwt_verifier.c | 27 |
4 files changed, 26 insertions, 22 deletions
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c index 230f0dfb85..5d03b7c063 100644 --- a/src/core/security/credentials.c +++ b/src/core/security/credentials.c @@ -324,7 +324,7 @@ static void jwt_reset_cache(grpc_jwt_credentials *c) { gpr_free(c->cached.service_url); c->cached.service_url = NULL; } - c->cached.jwt_expiration = gpr_inf_past; + c->cached.jwt_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); } static void jwt_destroy(grpc_credentials *creds) { @@ -347,8 +347,8 @@ static void jwt_get_request_metadata(grpc_credentials *creds, grpc_credentials_metadata_cb cb, void *user_data) { grpc_jwt_credentials *c = (grpc_jwt_credentials *)creds; - gpr_timespec refresh_threshold = {GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, - 0}; + gpr_timespec refresh_threshold = + gpr_time_from_seconds(GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS); /* See if we can return a cached jwt. */ grpc_credentials_md_store *jwt_md = NULL; @@ -516,6 +516,7 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response( access_token->value); token_lifetime->tv_sec = strtol(expires_in->value, NULL, 10); token_lifetime->tv_nsec = 0; + token_lifetime->clock_type = GPR_TIMESPAN; if (*token_md != NULL) grpc_credentials_md_store_unref(*token_md); *token_md = grpc_credentials_md_store_create(1); grpc_credentials_md_store_add_cstrings( @@ -552,7 +553,7 @@ static void on_oauth2_token_fetcher_http_response( r->cb(r->user_data, c->access_token_md->entries, c->access_token_md->num_entries, status); } else { - c->token_expiration = gpr_inf_past; + c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); r->cb(r->user_data, NULL, 0, status); } gpr_mu_unlock(&c->mu); @@ -564,8 +565,8 @@ static void oauth2_token_fetcher_get_request_metadata( grpc_credentials_metadata_cb cb, void *user_data) { grpc_oauth2_token_fetcher_credentials *c = (grpc_oauth2_token_fetcher_credentials *)creds; - gpr_timespec refresh_threshold = {GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, - 0}; + gpr_timespec refresh_threshold = + gpr_time_from_seconds(GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS); grpc_credentials_md_store *cached_access_token_md = NULL; { gpr_mu_lock(&c->mu); @@ -596,7 +597,7 @@ static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials *c, c->base.type = GRPC_CREDENTIALS_TYPE_OAUTH2; gpr_ref_init(&c->base.refcount, 1); gpr_mu_init(&c->mu); - c->token_expiration = gpr_inf_past; + c->token_expiration = gpr_inf_past(GPR_CLOCK_REALTIME); c->fetch_func = fetch_func; grpc_httpcli_context_init(&c->httpcli_context); } diff --git a/src/core/security/google_default_credentials.c b/src/core/security/google_default_credentials.c index f622deff42..43f9f62198 100644 --- a/src/core/security/google_default_credentials.c +++ b/src/core/security/google_default_credentials.c @@ -91,7 +91,7 @@ static int is_stack_running_on_compute_engine(void) { /* The http call is local. If it takes more than one sec, it is for sure not on compute engine. */ - gpr_timespec max_detection_delay = {1, 0}; + gpr_timespec max_detection_delay = gpr_time_from_seconds(1); grpc_pollset_init(&detector.pollset); detector.is_done = 0; @@ -112,7 +112,7 @@ static int is_stack_running_on_compute_engine(void) { called once for the lifetime of the process by the default credentials. */ gpr_mu_lock(GRPC_POLLSET_MU(&detector.pollset)); while (!detector.is_done) { - grpc_pollset_work(&detector.pollset, gpr_inf_future); + grpc_pollset_work(&detector.pollset, gpr_inf_future(GPR_CLOCK_REALTIME)); } gpr_mu_unlock(GRPC_POLLSET_MU(&detector.pollset)); diff --git a/src/core/security/json_token.c b/src/core/security/json_token.c index 9b1ea255ae..021912f333 100644 --- a/src/core/security/json_token.c +++ b/src/core/security/json_token.c @@ -49,7 +49,7 @@ /* --- Constants. --- */ /* 1 hour max. */ -const gpr_timespec grpc_max_auth_token_lifetime = {3600, 0}; +const gpr_timespec grpc_max_auth_token_lifetime = {3600, 0, GPR_TIMESPAN}; #define GRPC_JWT_RSA_SHA256_ALGORITHM "RS256" #define GRPC_JWT_TYPE "JWT" diff --git a/src/core/security/jwt_verifier.c b/src/core/security/jwt_verifier.c index 9140eb2ef7..1276693da7 100644 --- a/src/core/security/jwt_verifier.c +++ b/src/core/security/jwt_verifier.c @@ -109,7 +109,7 @@ static const char *validate_string_field(const grpc_json *json, static gpr_timespec validate_time_field(const grpc_json *json, const char *key) { - gpr_timespec result = gpr_time_0; + gpr_timespec result = gpr_time_0(GPR_CLOCK_REALTIME); if (json->type != GRPC_JSON_NUMBER) { gpr_log(GPR_ERROR, "Invalid %s field [%s]", key, json->value); return result; @@ -221,17 +221,17 @@ const char *grpc_jwt_claims_audience(const grpc_jwt_claims *claims) { } gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims *claims) { - if (claims == NULL) return gpr_inf_past; + if (claims == NULL) return gpr_inf_past(GPR_CLOCK_REALTIME); return claims->iat; } gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims *claims) { - if (claims == NULL) return gpr_inf_future; + if (claims == NULL) return gpr_inf_future(GPR_CLOCK_REALTIME); return claims->exp; } gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims *claims) { - if (claims == NULL) return gpr_inf_past; + if (claims == NULL) return gpr_inf_past(GPR_CLOCK_REALTIME); return claims->nbf; } @@ -242,9 +242,9 @@ grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, gpr_slice buffer) { memset(claims, 0, sizeof(grpc_jwt_claims)); claims->json = json; claims->buffer = buffer; - claims->iat = gpr_inf_past; - claims->nbf = gpr_inf_past; - claims->exp = gpr_inf_future; + claims->iat = gpr_inf_past(GPR_CLOCK_REALTIME); + claims->nbf = gpr_inf_past(GPR_CLOCK_REALTIME); + claims->exp = gpr_inf_future(GPR_CLOCK_REALTIME); /* Per the spec, all fields are optional. */ for (cur = json->child; cur != NULL; cur = cur->next) { @@ -262,13 +262,16 @@ grpc_jwt_claims *grpc_jwt_claims_from_json(grpc_json *json, gpr_slice buffer) { if (claims->jti == NULL) goto error; } else if (strcmp(cur->key, "iat") == 0) { claims->iat = validate_time_field(cur, "iat"); - if (gpr_time_cmp(claims->iat, gpr_time_0) == 0) goto error; + if (gpr_time_cmp(claims->iat, gpr_time_0(GPR_CLOCK_REALTIME)) == 0) + goto error; } else if (strcmp(cur->key, "exp") == 0) { claims->exp = validate_time_field(cur, "exp"); - if (gpr_time_cmp(claims->exp, gpr_time_0) == 0) goto error; + if (gpr_time_cmp(claims->exp, gpr_time_0(GPR_CLOCK_REALTIME)) == 0) + goto error; } else if (strcmp(cur->key, "nbf") == 0) { claims->nbf = validate_time_field(cur, "nbf"); - if (gpr_time_cmp(claims->nbf, gpr_time_0) == 0) goto error; + if (gpr_time_cmp(claims->nbf, gpr_time_0(GPR_CLOCK_REALTIME)) == 0) + goto error; } } return claims; @@ -359,10 +362,10 @@ void verifier_cb_ctx_destroy(verifier_cb_ctx *ctx) { /* --- grpc_jwt_verifier object. --- */ /* Clock skew defaults to one minute. */ -gpr_timespec grpc_jwt_verifier_clock_skew = {60, 0}; +gpr_timespec grpc_jwt_verifier_clock_skew = {60, 0, GPR_TIMESPAN}; /* Max delay defaults to one minute. */ -gpr_timespec grpc_jwt_verifier_max_delay = {60, 0}; +gpr_timespec grpc_jwt_verifier_max_delay = {60, 0, GPR_TIMESPAN}; typedef struct { char *email_domain; |