diff options
Diffstat (limited to 'test/core/security/jwt_verifier_test.c')
-rw-r--r-- | test/core/security/jwt_verifier_test.c | 751 |
1 files changed, 320 insertions, 431 deletions
diff --git a/test/core/security/jwt_verifier_test.c b/test/core/security/jwt_verifier_test.c index f2215e1822..15c19e2533 100644 --- a/test/core/security/jwt_verifier_test.c +++ b/test/core/security/jwt_verifier_test.c @@ -48,540 +48,429 @@ /* This JSON key was generated with the GCE console and revoked immediately. The identifiers have been changed as well. Maximum size for a string literal is 509 chars in C89, yay! */ -static const char json_key_str_part1[] = - "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----" - "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE" - "qg" - "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/" - "rWBQvS4hle4LfijkP3J5BG+" - "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+" - "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/" - "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/" - "8HpCqFYM9V8f34SBWfD4fRFT+n/" - "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+"; -static const char json_key_str_part2[] = - "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+" - "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/" - "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA" - "G" - "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz" - "A" - "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+" - "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/" - "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ" - "Y" - "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", "; -static const char json_key_str_part3_for_google_email_issuer[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." - "com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; +static const char json_key_str_part1[] = "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----" "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE" "qg" "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/" "rWBQvS4hle4LfijkP3J5BG+" "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+" "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/" "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/" "8HpCqFYM9V8f34SBWfD4fRFT+n/" "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+"; +static const char json_key_str_part2[] = "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+" "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/" "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA" "G" "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz" "A" "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+" "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/" "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ" "Y" "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", "; +static const char json_key_str_part3_for_google_email_issuer[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; /* Trick our JWT library into issuing a JWT with iss=accounts.google.com. */ -static const char json_key_str_part3_for_url_issuer[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": \"accounts.google.com\", " - "\"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; -static const char json_key_str_part3_for_custom_email_issuer[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"foo@bar.com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; +static const char json_key_str_part3_for_url_issuer[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": \"accounts.google.com\", " "\"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; +static const char json_key_str_part3_for_custom_email_issuer[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"foo@bar.com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; static grpc_jwt_verifier_email_domain_key_url_mapping custom_mapping = { - "bar.com", "keys.bar.com/jwk"}; + "bar.com", "keys.bar.com/jwk" +}; static const char expected_user_data[] = "user data"; -static const char good_jwk_set[] = - "{" - " \"keys\": [" - " {" - " \"kty\": \"RSA\"," - " \"alg\": \"RS256\"," - " \"use\": \"sig\"," - " \"kid\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\"," - " \"n\": " - "\"4S8myegefIeRdynuYkSqBYaOLDvU19cHKC56RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ6mxP" - "QutZC1nKNJ6D-tYFC9LiGV7gt-KOQ_cnkEb4hcMw_xF_OI1FCx6cBcM0-" - "RjiQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFU=\"," - " \"e\": \"AQAB\"" - " }" - " ]" - "}"; - -static gpr_timespec expected_lifetime = {3600, 0, GPR_TIMESPAN}; - -static const char good_google_email_keys_part1[] = - "{\"e6b5137873db8d2ef81e06a47289e6434ec8a165\": \"-----BEGIN " - "CERTIFICATE-----" - "\\nMIICATCCAWoCCQDEywLhxvHjnDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB\\nVTET" - "MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\\ncyBQdHkgTHR" - "kMB4XDTE1MDYyOTA4Mzk1MFoXDTI1MDYyNjA4Mzk1MFowRTELMAkG\\nA1UEBhMCQVUxEzARBg" - "NVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\\nIFdpZGdpdHMgUHR5IEx0ZDCBn" - "zANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4S8m\\nyegefIeRdynuYkSqBYaOLDvU19cHKC56" - "RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ\\n6mxPQutZC1nKNJ6D+tYFC9LiGV7gt+KOQ/"; - -static const char good_google_email_keys_part2[] = - "cnkEb4hcMw/xF/OI1FCx6cBcM0+" - "Rji\\nQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFUCAwEAATANBgkqhkiG9w0BAQsF\\nA" - "AOBgQBfu69FkPmBknbKNFgurPz78kbs3VNN+k/" - "PUgO5DHKskJmgK2TbtvX2VMpx\\nkftmHGzgzMzUlOtigCaGMgHWjfqjpP9uuDbahXrZBJzB8c" - "Oq7MrQF8r17qVvo3Ue\\nPjTKQMAsU8uxTEMmeuz9L6yExs0rfd6bPOrQkAoVfFfiYB3/" - "pA==\\n-----END CERTIFICATE-----\\n\"}"; +static const char good_jwk_set[] = "{" " \"keys\": [" " {" " \"kty\": \"RSA\"," " \"alg\": \"RS256\"," " \"use\": \"sig\"," " \"kid\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\"," " \"n\": " "\"4S8myegefIeRdynuYkSqBYaOLDvU19cHKC56RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ6mxP" "QutZC1nKNJ6D-tYFC9LiGV7gt-KOQ_cnkEb4hcMw_xF_OI1FCx6cBcM0-" "RjiQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFU=\"," " \"e\": \"AQAB\"" " }" " ]" "}"; + +static gpr_timespec expected_lifetime = { 3600, 0, GPR_TIMESPAN }; + +static const char good_google_email_keys_part1[] = "{\"e6b5137873db8d2ef81e06a47289e6434ec8a165\": \"-----BEGIN " "CERTIFICATE-----" "\\nMIICATCCAWoCCQDEywLhxvHjnDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB\\nVTET" "MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\\ncyBQdHkgTHR" "kMB4XDTE1MDYyOTA4Mzk1MFoXDTI1MDYyNjA4Mzk1MFowRTELMAkG\\nA1UEBhMCQVUxEzARBg" "NVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\\nIFdpZGdpdHMgUHR5IEx0ZDCBn" "zANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4S8m\\nyegefIeRdynuYkSqBYaOLDvU19cHKC56" "RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ\\n6mxPQutZC1nKNJ6D+tYFC9LiGV7gt+KOQ/"; + +static const char good_google_email_keys_part2[] = "cnkEb4hcMw/xF/OI1FCx6cBcM0+" "Rji\\nQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFUCAwEAATANBgkqhkiG9w0BAQsF\\nA" "AOBgQBfu69FkPmBknbKNFgurPz78kbs3VNN+k/" "PUgO5DHKskJmgK2TbtvX2VMpx\\nkftmHGzgzMzUlOtigCaGMgHWjfqjpP9uuDbahXrZBJzB8c" "Oq7MrQF8r17qVvo3Ue\\nPjTKQMAsU8uxTEMmeuz9L6yExs0rfd6bPOrQkAoVfFfiYB3/" "pA==\\n-----END CERTIFICATE-----\\n\"}"; static const char expected_audience[] = "https://foo.com"; -static const char good_openid_config[] = - "{" - " \"issuer\": \"https://accounts.google.com\"," - " \"authorization_endpoint\": " - "\"https://accounts.google.com/o/oauth2/v2/auth\"," - " \"token_endpoint\": \"https://www.googleapis.com/oauth2/v4/token\"," - " \"userinfo_endpoint\": \"https://www.googleapis.com/oauth2/v3/userinfo\"," - " \"revocation_endpoint\": \"https://accounts.google.com/o/oauth2/revoke\"," - " \"jwks_uri\": \"https://www.googleapis.com/oauth2/v3/certs\"" - "}"; - -static const char expired_claims[] = - "{ \"aud\": \"https://foo.com\"," - " \"iss\": \"blah.foo.com\"," - " \"sub\": \"juju@blah.foo.com\"," - " \"jti\": \"jwtuniqueid\"," - " \"iat\": 100," /* Way back in the past... */ - " \"exp\": 120," - " \"nbf\": 60," - " \"foo\": \"bar\"}"; - -static const char claims_without_time_constraint[] = - "{ \"aud\": \"https://foo.com\"," - " \"iss\": \"blah.foo.com\"," - " \"sub\": \"juju@blah.foo.com\"," - " \"jti\": \"jwtuniqueid\"," - " \"foo\": \"bar\"}"; - -static const char invalid_claims[] = - "{ \"aud\": \"https://foo.com\"," - " \"iss\": 46," /* Issuer cannot be a number. */ - " \"sub\": \"juju@blah.foo.com\"," - " \"jti\": \"jwtuniqueid\"," - " \"foo\": \"bar\"}"; - -typedef struct { +static const char good_openid_config[] = "{" " \"issuer\": \"https://accounts.google.com\"," " \"authorization_endpoint\": " "\"https://accounts.google.com/o/oauth2/v2/auth\"," " \"token_endpoint\": \"https://www.googleapis.com/oauth2/v4/token\"," " \"userinfo_endpoint\": \"https://www.googleapis.com/oauth2/v3/userinfo\"," " \"revocation_endpoint\": \"https://accounts.google.com/o/oauth2/revoke\"," " \"jwks_uri\": \"https://www.googleapis.com/oauth2/v3/certs\"" "}"; + +static const char expired_claims[] = "{ \"aud\": \"https://foo.com\"," " \"iss\": \"blah.foo.com\"," " \"sub\": \"juju@blah.foo.com\"," " \"jti\": \"jwtuniqueid\"," " \"iat\": 100," /* Way back in the past... */ + " \"exp\": 120," " \"nbf\": 60," " \"foo\": \"bar\"}"; + +static const char claims_without_time_constraint[] = "{ \"aud\": \"https://foo.com\"," " \"iss\": \"blah.foo.com\"," " \"sub\": \"juju@blah.foo.com\"," " \"jti\": \"jwtuniqueid\"," " \"foo\": \"bar\"}"; + +static const char invalid_claims[] = "{ \"aud\": \"https://foo.com\"," " \"iss\": 46," /* Issuer cannot be a number. */ + " \"sub\": \"juju@blah.foo.com\"," " \"jti\": \"jwtuniqueid\"," " \"foo\": \"bar\"}"; + +typedef struct +{ grpc_jwt_verifier_status expected_status; const char *expected_issuer; const char *expected_subject; } verifier_test_config; -static void test_claims_success(void) { +static void +test_claims_success (void) +{ grpc_jwt_claims *claims; - gpr_slice s = gpr_slice_from_copied_string(claims_without_time_constraint); - grpc_json *json = grpc_json_parse_string_with_len( - (char *)GPR_SLICE_START_PTR(s), GPR_SLICE_LENGTH(s)); - GPR_ASSERT(json != NULL); - claims = grpc_jwt_claims_from_json(json, s); - GPR_ASSERT(claims != NULL); - GPR_ASSERT(grpc_jwt_claims_json(claims) == json); - GPR_ASSERT(strcmp(grpc_jwt_claims_audience(claims), "https://foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_issuer(claims), "blah.foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_subject(claims), "juju@blah.foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_id(claims), "jwtuniqueid") == 0); - GPR_ASSERT(grpc_jwt_claims_check(claims, "https://foo.com") == - GRPC_JWT_VERIFIER_OK); - grpc_jwt_claims_destroy(claims); + gpr_slice s = gpr_slice_from_copied_string (claims_without_time_constraint); + grpc_json *json = grpc_json_parse_string_with_len ((char *) GPR_SLICE_START_PTR (s), GPR_SLICE_LENGTH (s)); + GPR_ASSERT (json != NULL); + claims = grpc_jwt_claims_from_json (json, s); + GPR_ASSERT (claims != NULL); + GPR_ASSERT (grpc_jwt_claims_json (claims) == json); + GPR_ASSERT (strcmp (grpc_jwt_claims_audience (claims), "https://foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_issuer (claims), "blah.foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_subject (claims), "juju@blah.foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_id (claims), "jwtuniqueid") == 0); + GPR_ASSERT (grpc_jwt_claims_check (claims, "https://foo.com") == GRPC_JWT_VERIFIER_OK); + grpc_jwt_claims_destroy (claims); } -static void test_expired_claims_failure(void) { +static void +test_expired_claims_failure (void) +{ grpc_jwt_claims *claims; - gpr_slice s = gpr_slice_from_copied_string(expired_claims); - grpc_json *json = grpc_json_parse_string_with_len( - (char *)GPR_SLICE_START_PTR(s), GPR_SLICE_LENGTH(s)); - gpr_timespec exp_iat = {100, 0, GPR_CLOCK_REALTIME}; - gpr_timespec exp_exp = {120, 0, GPR_CLOCK_REALTIME}; - gpr_timespec exp_nbf = {60, 0, GPR_CLOCK_REALTIME}; - GPR_ASSERT(json != NULL); - claims = grpc_jwt_claims_from_json(json, s); - GPR_ASSERT(claims != NULL); - GPR_ASSERT(grpc_jwt_claims_json(claims) == json); - GPR_ASSERT(strcmp(grpc_jwt_claims_audience(claims), "https://foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_issuer(claims), "blah.foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_subject(claims), "juju@blah.foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_id(claims), "jwtuniqueid") == 0); - GPR_ASSERT(gpr_time_cmp(grpc_jwt_claims_issued_at(claims), exp_iat) == 0); - GPR_ASSERT(gpr_time_cmp(grpc_jwt_claims_expires_at(claims), exp_exp) == 0); - GPR_ASSERT(gpr_time_cmp(grpc_jwt_claims_not_before(claims), exp_nbf) == 0); - - GPR_ASSERT(grpc_jwt_claims_check(claims, "https://foo.com") == - GRPC_JWT_VERIFIER_TIME_CONSTRAINT_FAILURE); - grpc_jwt_claims_destroy(claims); + gpr_slice s = gpr_slice_from_copied_string (expired_claims); + grpc_json *json = grpc_json_parse_string_with_len ((char *) GPR_SLICE_START_PTR (s), GPR_SLICE_LENGTH (s)); + gpr_timespec exp_iat = { 100, 0, GPR_CLOCK_REALTIME }; + gpr_timespec exp_exp = { 120, 0, GPR_CLOCK_REALTIME }; + gpr_timespec exp_nbf = { 60, 0, GPR_CLOCK_REALTIME }; + GPR_ASSERT (json != NULL); + claims = grpc_jwt_claims_from_json (json, s); + GPR_ASSERT (claims != NULL); + GPR_ASSERT (grpc_jwt_claims_json (claims) == json); + GPR_ASSERT (strcmp (grpc_jwt_claims_audience (claims), "https://foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_issuer (claims), "blah.foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_subject (claims), "juju@blah.foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_id (claims), "jwtuniqueid") == 0); + GPR_ASSERT (gpr_time_cmp (grpc_jwt_claims_issued_at (claims), exp_iat) == 0); + GPR_ASSERT (gpr_time_cmp (grpc_jwt_claims_expires_at (claims), exp_exp) == 0); + GPR_ASSERT (gpr_time_cmp (grpc_jwt_claims_not_before (claims), exp_nbf) == 0); + + GPR_ASSERT (grpc_jwt_claims_check (claims, "https://foo.com") == GRPC_JWT_VERIFIER_TIME_CONSTRAINT_FAILURE); + grpc_jwt_claims_destroy (claims); } -static void test_invalid_claims_failure(void) { - gpr_slice s = gpr_slice_from_copied_string(invalid_claims); - grpc_json *json = grpc_json_parse_string_with_len( - (char *)GPR_SLICE_START_PTR(s), GPR_SLICE_LENGTH(s)); - GPR_ASSERT(grpc_jwt_claims_from_json(json, s) == NULL); +static void +test_invalid_claims_failure (void) +{ + gpr_slice s = gpr_slice_from_copied_string (invalid_claims); + grpc_json *json = grpc_json_parse_string_with_len ((char *) GPR_SLICE_START_PTR (s), GPR_SLICE_LENGTH (s)); + GPR_ASSERT (grpc_jwt_claims_from_json (json, s) == NULL); } -static void test_bad_audience_claims_failure(void) { +static void +test_bad_audience_claims_failure (void) +{ grpc_jwt_claims *claims; - gpr_slice s = gpr_slice_from_copied_string(claims_without_time_constraint); - grpc_json *json = grpc_json_parse_string_with_len( - (char *)GPR_SLICE_START_PTR(s), GPR_SLICE_LENGTH(s)); - GPR_ASSERT(json != NULL); - claims = grpc_jwt_claims_from_json(json, s); - GPR_ASSERT(claims != NULL); - GPR_ASSERT(grpc_jwt_claims_check(claims, "https://bar.com") == - GRPC_JWT_VERIFIER_BAD_AUDIENCE); - grpc_jwt_claims_destroy(claims); + gpr_slice s = gpr_slice_from_copied_string (claims_without_time_constraint); + grpc_json *json = grpc_json_parse_string_with_len ((char *) GPR_SLICE_START_PTR (s), GPR_SLICE_LENGTH (s)); + GPR_ASSERT (json != NULL); + claims = grpc_jwt_claims_from_json (json, s); + GPR_ASSERT (claims != NULL); + GPR_ASSERT (grpc_jwt_claims_check (claims, "https://bar.com") == GRPC_JWT_VERIFIER_BAD_AUDIENCE); + grpc_jwt_claims_destroy (claims); } -static char *json_key_str(const char *last_part) { - size_t result_len = strlen(json_key_str_part1) + strlen(json_key_str_part2) + - strlen(last_part); - char *result = gpr_malloc(result_len + 1); +static char * +json_key_str (const char *last_part) +{ + size_t result_len = strlen (json_key_str_part1) + strlen (json_key_str_part2) + strlen (last_part); + char *result = gpr_malloc (result_len + 1); char *current = result; - strcpy(result, json_key_str_part1); - current += strlen(json_key_str_part1); - strcpy(current, json_key_str_part2); - current += strlen(json_key_str_part2); - strcpy(current, last_part); + strcpy (result, json_key_str_part1); + current += strlen (json_key_str_part1); + strcpy (current, json_key_str_part2); + current += strlen (json_key_str_part2); + strcpy (current, last_part); return result; } -static char *good_google_email_keys(void) { - size_t result_len = strlen(good_google_email_keys_part1) + - strlen(good_google_email_keys_part2); - char *result = gpr_malloc(result_len + 1); +static char * +good_google_email_keys (void) +{ + size_t result_len = strlen (good_google_email_keys_part1) + strlen (good_google_email_keys_part2); + char *result = gpr_malloc (result_len + 1); char *current = result; - strcpy(result, good_google_email_keys_part1); - current += strlen(good_google_email_keys_part1); - strcpy(current, good_google_email_keys_part2); + strcpy (result, good_google_email_keys_part1); + current += strlen (good_google_email_keys_part1); + strcpy (current, good_google_email_keys_part2); return result; } -static grpc_httpcli_response http_response(int status, char *body) { +static grpc_httpcli_response +http_response (int status, char *body) +{ grpc_httpcli_response response; - memset(&response, 0, sizeof(grpc_httpcli_response)); + memset (&response, 0, sizeof (grpc_httpcli_response)); response.status = status; response.body = body; - response.body_length = strlen(body); + response.body_length = strlen (body); return response; } -static int httpcli_post_should_not_be_called( - const grpc_httpcli_request *request, const char *body_bytes, - size_t body_size, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - GPR_ASSERT("HTTP POST should not be called" == NULL); +static int +httpcli_post_should_not_be_called (const grpc_httpcli_request * request, const char *body_bytes, size_t body_size, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + GPR_ASSERT ("HTTP POST should not be called" == NULL); return 1; } -static int httpcli_get_google_keys_for_email( - const grpc_httpcli_request *request, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = http_response(200, good_google_email_keys()); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, "www.googleapis.com") == 0); - GPR_ASSERT(strcmp(request->path, - "/robot/v1/metadata/x509/" - "777-abaslkan11hlb6nmim3bpspl31ud@developer." - "gserviceaccount.com") == 0); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_google_keys_for_email (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, good_google_email_keys ()); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, "www.googleapis.com") == 0); + GPR_ASSERT (strcmp (request->path, "/robot/v1/metadata/x509/" "777-abaslkan11hlb6nmim3bpspl31ud@developer." "gserviceaccount.com") == 0); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static void on_verification_success(void *user_data, - grpc_jwt_verifier_status status, - grpc_jwt_claims *claims) { - GPR_ASSERT(status == GRPC_JWT_VERIFIER_OK); - GPR_ASSERT(claims != NULL); - GPR_ASSERT(user_data == (void *)expected_user_data); - GPR_ASSERT(strcmp(grpc_jwt_claims_audience(claims), expected_audience) == 0); - grpc_jwt_claims_destroy(claims); +static void +on_verification_success (void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims * claims) +{ + GPR_ASSERT (status == GRPC_JWT_VERIFIER_OK); + GPR_ASSERT (claims != NULL); + GPR_ASSERT (user_data == (void *) expected_user_data); + GPR_ASSERT (strcmp (grpc_jwt_claims_audience (claims), expected_audience) == 0); + grpc_jwt_claims_destroy (claims); } -static void test_jwt_verifier_google_email_issuer_success(void) { +static void +test_jwt_verifier_google_email_issuer_success (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_google_email_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_google_keys_for_email, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_success, (void *)expected_user_data, - &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_google_email_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_google_keys_for_email, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_success, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static int httpcli_get_custom_keys_for_email( - const grpc_httpcli_request *request, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = http_response(200, gpr_strdup(good_jwk_set)); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, "keys.bar.com") == 0); - GPR_ASSERT(strcmp(request->path, "/jwk/foo@bar.com") == 0); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_custom_keys_for_email (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, gpr_strdup (good_jwk_set)); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, "keys.bar.com") == 0); + GPR_ASSERT (strcmp (request->path, "/jwk/foo@bar.com") == 0); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static void test_jwt_verifier_custom_email_issuer_success(void) { +static void +test_jwt_verifier_custom_email_issuer_success (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(&custom_mapping, 1); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (&custom_mapping, 1); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_custom_email_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_custom_keys_for_email, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_success, (void *)expected_user_data, - &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_custom_email_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_custom_keys_for_email, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_success, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static int httpcli_get_jwk_set(const grpc_httpcli_request *request, - gpr_timespec deadline, - grpc_httpcli_response_cb on_response, - void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = http_response(200, gpr_strdup(good_jwk_set)); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, "www.googleapis.com") == 0); - GPR_ASSERT(strcmp(request->path, "/oauth2/v3/certs") == 0); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_jwk_set (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, gpr_strdup (good_jwk_set)); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, "www.googleapis.com") == 0); + GPR_ASSERT (strcmp (request->path, "/oauth2/v3/certs") == 0); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static int httpcli_get_openid_config(const grpc_httpcli_request *request, - gpr_timespec deadline, - grpc_httpcli_response_cb on_response, - void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = - http_response(200, gpr_strdup(good_openid_config)); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, "accounts.google.com") == 0); - GPR_ASSERT(strcmp(request->path, GRPC_OPENID_CONFIG_URL_SUFFIX) == 0); - grpc_httpcli_set_override(httpcli_get_jwk_set, - httpcli_post_should_not_be_called); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_openid_config (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, gpr_strdup (good_openid_config)); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, "accounts.google.com") == 0); + GPR_ASSERT (strcmp (request->path, GRPC_OPENID_CONFIG_URL_SUFFIX) == 0); + grpc_httpcli_set_override (httpcli_get_jwk_set, httpcli_post_should_not_be_called); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static void test_jwt_verifier_url_issuer_success(void) { +static void +test_jwt_verifier_url_issuer_success (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_url_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_openid_config, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_success, (void *)expected_user_data, - &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_url_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_openid_config, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_success, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static void on_verification_key_retrieval_error(void *user_data, - grpc_jwt_verifier_status status, - grpc_jwt_claims *claims) { - GPR_ASSERT(status == GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR); - GPR_ASSERT(claims == NULL); - GPR_ASSERT(user_data == (void *)expected_user_data); +static void +on_verification_key_retrieval_error (void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims * claims) +{ + GPR_ASSERT (status == GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR); + GPR_ASSERT (claims == NULL); + GPR_ASSERT (user_data == (void *) expected_user_data); } -static int httpcli_get_bad_json(const grpc_httpcli_request *request, - gpr_timespec deadline, - grpc_httpcli_response_cb on_response, - void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = - http_response(200, gpr_strdup("{\"bad\": \"stuff\"}")); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_bad_json (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, gpr_strdup ("{\"bad\": \"stuff\"}")); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static void test_jwt_verifier_url_issuer_bad_config(void) { +static void +test_jwt_verifier_url_issuer_bad_config (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_url_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_bad_json, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_key_retrieval_error, - (void *)expected_user_data, &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_url_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_bad_json, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_key_retrieval_error, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static void test_jwt_verifier_bad_json_key(void) { +static void +test_jwt_verifier_bad_json_key (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_google_email_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_bad_json, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_key_retrieval_error, - (void *)expected_user_data, &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_google_email_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_bad_json, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_key_retrieval_error, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static void corrupt_jwt_sig(char *jwt) { +static void +corrupt_jwt_sig (char *jwt) +{ gpr_slice sig; char *bad_b64_sig; gpr_uint8 *sig_bytes; - char *last_dot = strrchr(jwt, '.'); - GPR_ASSERT(last_dot != NULL); - sig = grpc_base64_decode(last_dot + 1, 1); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(sig)); - sig_bytes = GPR_SLICE_START_PTR(sig); - (*sig_bytes)++; /* Corrupt first byte. */ - bad_b64_sig = - grpc_base64_encode(GPR_SLICE_START_PTR(sig), GPR_SLICE_LENGTH(sig), 1, 0); - memcpy(last_dot + 1, bad_b64_sig, strlen(bad_b64_sig)); - gpr_free(bad_b64_sig); - gpr_slice_unref(sig); + char *last_dot = strrchr (jwt, '.'); + GPR_ASSERT (last_dot != NULL); + sig = grpc_base64_decode (last_dot + 1, 1); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (sig)); + sig_bytes = GPR_SLICE_START_PTR (sig); + (*sig_bytes)++; /* Corrupt first byte. */ + bad_b64_sig = grpc_base64_encode (GPR_SLICE_START_PTR (sig), GPR_SLICE_LENGTH (sig), 1, 0); + memcpy (last_dot + 1, bad_b64_sig, strlen (bad_b64_sig)); + gpr_free (bad_b64_sig); + gpr_slice_unref (sig); } -static void on_verification_bad_signature(void *user_data, - grpc_jwt_verifier_status status, - grpc_jwt_claims *claims) { - GPR_ASSERT(status == GRPC_JWT_VERIFIER_BAD_SIGNATURE); - GPR_ASSERT(claims == NULL); - GPR_ASSERT(user_data == (void *)expected_user_data); +static void +on_verification_bad_signature (void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims * claims) +{ + GPR_ASSERT (status == GRPC_JWT_VERIFIER_BAD_SIGNATURE); + GPR_ASSERT (claims == NULL); + GPR_ASSERT (user_data == (void *) expected_user_data); } -static void test_jwt_verifier_bad_signature(void) { +static void +test_jwt_verifier_bad_signature (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_url_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_openid_config, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - corrupt_jwt_sig(jwt); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_bad_signature, - (void *)expected_user_data, &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_url_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_openid_config, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + corrupt_jwt_sig (jwt); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_bad_signature, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static int httpcli_get_should_not_be_called( - const grpc_httpcli_request *request, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - GPR_ASSERT(0); +static int +httpcli_get_should_not_be_called (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + GPR_ASSERT (0); return 1; } -static void on_verification_bad_format(void *user_data, - grpc_jwt_verifier_status status, - grpc_jwt_claims *claims) { - GPR_ASSERT(status == GRPC_JWT_VERIFIER_BAD_FORMAT); - GPR_ASSERT(claims == NULL); - GPR_ASSERT(user_data == (void *)expected_user_data); +static void +on_verification_bad_format (void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims * claims) +{ + GPR_ASSERT (status == GRPC_JWT_VERIFIER_BAD_FORMAT); + GPR_ASSERT (claims == NULL); + GPR_ASSERT (user_data == (void *) expected_user_data); } -static void test_jwt_verifier_bad_format(void) { +static void +test_jwt_verifier_bad_format (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); - grpc_httpcli_set_override(httpcli_get_should_not_be_called, - httpcli_post_should_not_be_called); - grpc_jwt_verifier_verify(verifier, NULL, "bad jwt", expected_audience, - on_verification_bad_format, - (void *)expected_user_data, &closure_list); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); + grpc_httpcli_set_override (httpcli_get_should_not_be_called, httpcli_post_should_not_be_called); + grpc_jwt_verifier_verify (verifier, NULL, "bad jwt", expected_audience, on_verification_bad_format, (void *) expected_user_data, &closure_list); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } /* find verification key: bad jks, cannot find key in jks */ /* bad signature custom provided email*/ /* bad key */ -int main(int argc, char **argv) { - grpc_test_init(argc, argv); - test_claims_success(); - test_expired_claims_failure(); - test_invalid_claims_failure(); - test_bad_audience_claims_failure(); - test_jwt_verifier_google_email_issuer_success(); - test_jwt_verifier_custom_email_issuer_success(); - test_jwt_verifier_url_issuer_success(); - test_jwt_verifier_url_issuer_bad_config(); - test_jwt_verifier_bad_json_key(); - test_jwt_verifier_bad_signature(); - test_jwt_verifier_bad_format(); +int +main (int argc, char **argv) +{ + grpc_test_init (argc, argv); + test_claims_success (); + test_expired_claims_failure (); + test_invalid_claims_failure (); + test_bad_audience_claims_failure (); + test_jwt_verifier_google_email_issuer_success (); + test_jwt_verifier_custom_email_issuer_success (); + test_jwt_verifier_url_issuer_success (); + test_jwt_verifier_url_issuer_bad_config (); + test_jwt_verifier_bad_json_key (); + test_jwt_verifier_bad_signature (); + test_jwt_verifier_bad_format (); return 0; } |